eu-regulations

[ { "control_id": "GV.OC-01", "control_name": "Organizational context", "regulation": "DATA_ACT", "articles": ["1", "2", "3"], "coverage": "full", "notes": "Art 1-3 define scope for data holders, users, and data sharing services" }, { "control_id": "GV.PO-01", "control_name": "Cybersecurity policy", "regulation": "DATA_ACT", "articles": ["5", "8"], "coverage": "partial", "notes": "Art 5 data sharing conditions, Art 8 trade secret protection policies" }, { "control_id": "ID.AM-01", "control_name": "Inventories of assets", "regulation": "DATA_ACT", "articles": ["3", "4"], "coverage": "partial", "notes": "Art 3-4 require knowledge of data generated by connected products" }, { "control_id": "PR.AA-05", "control_name": "Access permissions and authorizations are managed", "regulation": "DATA_ACT", "articles": ["4", "5", "6"], "coverage": "full", "notes": "Art 4-6 define access rights to product data for users and third parties" }, { "control_id": "PR.DS-01", "control_name": "Data-at-rest is protected", "regulation": "DATA_ACT", "articles": ["8"], "coverage": "partial", "notes": "Art 8 technical measures to protect trade secrets" }, { "control_id": "PR.DS-10", "control_name": "Data is disposed of properly", "regulation": "DATA_ACT", "articles": ["23"], "coverage": "full", "notes": "Art 23 cloud switching requires proper data retrieval and deletion" } ]