Navigating the regulatory compliance landscape can be overwhelming and challenging. Ensure compliance within the laws, guidelines and agreements governing your organization with the right regulatory compliance software.
Regulatory compliance is more challenging than ever. Industry-specific laws like Sarbanes-Oxley, and regulators such as the FDA and OSHA keep businesses in check – but keeping up with constant changes is a significant risk.
Compliance now touches more business processes than ever before, with many designed to meet regulations and improve workplace safety. Disconnected regulatory solutions create duplicate efforts, inefficiencies and higher costs while blurring your view of organizational risk.
NAVEX simplifies compliance. With software to help you stay ahead of evolving regulations, you can focus on confidently running your business.
The table below highlights key global GRC regulations our customers seek guidance on, and our experts find most critical. While this list isn’t exhaustive, it is a valuable resource for understanding major compliance requirements.
Most regulations require a mix of training, whistleblowing systems, policies and other measures to ensure full compliance. With NAVEX One GRC software, you can access everything you need in one comprehensive platform.
This information is for educational purposes only and does not constitute legal advice. For details specific to your organization, consult legal representation.
At NAVEX, we understand the complexities of regulatory compliance and are here to help. Here you’ll find regulatory compliance requirements and recommendations for some of the most impactful legislation worldwide.
| Regulation | Description | Jurisdiction | Company Size | Industry | Focus | Regulation | ||
|---|---|---|---|---|---|---|---|---|
| CCPA - California Consumer Privacy Act | Enhances privacy rights and consumer protection for residents of the state of California. It gives consumers more control over the personal information that businesses collect about them. | California | - | All | Data Privacy & Cybersecurity | |||
| CPRA | Data privacy law that creates mechanisms to allow California residents to exercise rights. | California | All | Data Privacy & Cybersecurity | ||||
| California SB 553 | Violence protection requirements for any company headquartered in California – or with a location in California employing 10 or more people. | California | All | Harassment, discrimination & retaliation | ||||
| Crimes Legislation Amendment (Combatting Foreign Bribery) Act 2024 | Legal framework penalizing bribery of foreign officials. "Adequate procedures" defense. | Australia | All | Fraud, bribery & corruption | ||||
| DOJ Corporate Guidance | Addresses DOJ Guidance on corporate compliance programs. It is about how to assess the strength and quality of a company's corporate compliance program. | United States | All | Employee Compliance | ||||
| DORA | Universal framework for managing and mitigating information and communications technology (ICT) risk in the financial sector. | Global | Financial Services | Data Privacy & Cybersecurity | ||||
| EU AI Act | First-ever AI legal framework. AI inventory and repository, classify/scope AI use cases, AI strategy and governance programme, audits and controls. | European Union | All | Data Privacy & Cybersecurity | ||||
| EU Whistleblower Directive | Ensures anonymous, secure, responsive, whistleblowing systems and processes for employees. It also provide robust protection from retaliation for individuals who report breaches of EU law. | European Union | All | Whistleblowing & Incident Management | ||||
| FCPA | Identify, track and manage risks and liabilities associated with Foreign Corrupt Practices Act (FCPA). | United States | All | Fraud, bribery & corruption | ||||
| Fair Employment and Housing Act (FEHA) | Provides protection from harassment or discrimination in employment because of: age (40 and over), ancestry, color, creed, denial of family and medical care. | United States | All | Harassment, discrimination & retaliation | ||||
| Fair Work Act 2009 | "All reasonable steps" liability mitigation doctrine against workplace sexual harassment. | Australia | All | Harassment, discrimination & retaliation | ||||
| French Labor Code | Labor law that governs work and labor relations in France. It ensures that full-time employees working a 35-hour week are entitled to a minimum of five weeks of paid leave annually. | France | All | Labor Laws & Regulations | ||||
| GDPR | Sets guidelines for the collection and processing of personal information from individuals who live in and out of the European Union (EU). | European Union | All | Data Privacy & Cybersecurity | ||||
| German Supply Chain Act (LkSG) | Address complex requirements across supply chains to ensure a unified protection of human rights. | Germany | All | Supply Chain | ||||
| HIPAA | Stringent privacy and security requirements around healthcare insurance portability and accountability. | United States | Healthcare | Data Privacy & Cybersecurity | ||||
| ISO 27001 | An international standard to manage information security. Companies must install an effective organization ISO 27001 program to continuously monitor and evolve ISMS. | Global | All | Data Privacy & Cybersecurity | ||||
| NERC CIP | Requirements to control cyber assets and infrastructure, such as electronic security perimeters, as well as physical assets. | United States | All | Data Privacy & Cybersecurity | ||||
| NIS2 | Staying secure, resilient and aligned with cybersecurity regulations. It establishes a unified legal framework to uphold cybersecurity in 18 critical sectors across the EU. | European Union | - | All | Data Privacy & Cybersecurity | |||
| NIST CSF | Risk-based cybersecurity framework used to internationally to provide a foundation for managing cybersecurity risk. | Global | All | Data Privacy & Cybersecurity | ||||
| NYDFS | New York financial services firms must comply with 23 NYCRR 500, a regulation from the New York Department of Financial Services (NYDFS) that places cybersecurity requirements on all covered NY financial institutions | New York | Financial Services | Data Privacy & Cybersecurity | ||||
| New York Retail Worker Safety Act | All employee workplace violence prevention policy and prevention training program for companies in New York retail. | New York | Retail | Harassment, discrimination & retaliation | ||||
| OSHA | The Occupational Health and Safety Administration (OSHA) offers a set of regulations to ensure private sector and federal employers maintain a safe working environment. | United States | All | Labor Laws & Regulations | ||||
| PCI-DSS | PCI DSS is a set of security standards that protect credit card data. It requires businesses to follow strict rules to keep cardholder information safe. | United States | Financial Services | Data Privacy & Cybersecurity | ||||
| Sapin II | Sapin II mandates French companies and global corporations in France to prevent and detect corruption and influence peddling, both domestically and internationally. | France | All | Fraud, bribery & corruption | ||||
| Sarbanes-Oxley (SOX) | Sarbanes Oxley requires all publicly traded companies to report their internal accounting controls to the Securities and Exchange Commission (SEC), calling on the CEO and CFO to personally attest to the completion and accuracy of their records. | United States | All | Fraud, bribery & corruption | ||||
| Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2017 | Consolidates and broadens existing protections and remedies for corporate and financial sector whistleblowers. | Australia | All | Whistleblowing & Incident Management | ||||
| UK Bribery Act | Requirements and rules around anti-bribery in the UK. It covers transactions that take place in the UK or abroad, and both in the public or private sectors. | United Kingdom | All | Fraud, bribery & corruption | ||||
| UK Modern Slavery Act | Stringent transparency requirements of anti-slavery, worker safety and to enhance protection for victims. | United Kingdom | All | Labor Laws & Regulations | ||||
| UK Worker Protection Act | Mandates stringent and proactive measures to safeguard employees from sexual harassment in the workplace | United Kingdom | All | Harassment, discrimination & retaliation | ||||
| US State-level Anti-harassment Laws | Evolving anti-harassment and worker protection laws in California, Connecticut, Delaware, Illinois and the city of Chicago, Maine, New York and New York City, Washington and Washington D.C., and more. | United States | - | All | Harassment, discrimination & retaliation |
Our regulatory compliance software can help you stay compliant with the most impactful legislation worldwide
With ever-changing guidelines and new regulations being introduced, getting compliance right can feel like hitting a moving target. Here’s what you need in your regulatory compliance management toolkit.
Regulatory compliance strategy
An understanding of what regulations, policies and obligations are applicable to your company, and a strategy for ongoing auditing, recording and reporting of exception events and corrective actions.
Integrated regulatory compliance software
Keeping track of frequently changing regulations is challenging. Manage compliance in a single platform that consolidates policy management, whistleblowing and incident management, employee training and more.
Automated regulatory compliance management
Automated regulatory compliance management streamlines processes by proactively notifying users of changing requirements and connecting insights across the platform. This reduces manual effort, minimizes errors and ensures compliance with evolving regulations.
22 May 2025 Jaclyn Jaeger
Read more
Datasheets
See the full range of full-length and short-form compliance training courses NAVEX offers in our comprehensive NAVEXEngage catalog.
Get the datasheet
Playbooks
This playbook covers the main compliance requirements of the U.K. Economic Crimes and Corporate Transparency Act (ECCTA), challenges with compliance and how NAVEX solutions can help your organization …
Get your playbook
Courses
Sexual harassment can happen at any organization, and it should never be tolerated. Bystander intervention training empowers employees to respond effectively to harassment, preventing escalation.
Learn more about this course
Courses
While managers may not typically have access to specific employee medical information, situations can arise where an employee shares this information, like when requesting leave or an accommodation. …
Learn more about this course
Courses
HIPAA Training for Business Associates helps organizations meet the training requirements found in HIPAA's Privacy and Security rules.
Learn more about this course
29 Apr 2025 Jaclyn Jaeger
Read more
Event
Join us in London for a day dedicated to understanding the new demands the ECCTA places on UK businesses, compliance strategies, and how technology can help reduce risk.
Save your seat!
Event
Join us for an exclusive roundtable dinner on 5 June to explore the far-reaching impact of the Economic Crime and Corporate Transparency Act on UK businesses.
Save your seat!
Courses
HIPAA Training for Covered Entities addresses the training requirements found in HIPAA's Privacy and Security Rules.
Learn more about this course
24 Apr 2025 Press release
The global leader in integrated risk and compliance management solutions, offers healthcare organizations the tools they need to meet rigorous data privacy and security requirements. As the regulatory …
Read the news
Webinars
Discover key 2025 whistleblowing trends across four global regions. Benchmark your program and build a resilient, speak-up culture.
Save your seat!
Regulatory compliance software is a specialized tool designed to help organizations manage and adhere to industry-specific regulations. It differs from general compliance solutions by offering features tailored to the specific regulatory requirements of a given industry.
The software often includes features like near real-time regulatory updates, alerts and automated monitoring, helping organizations stay informed about changes in regulations that may impact their operations.
Many regulatory compliance solutions are configurable to meet the unique requirements of various industries. This allows organizations to tailor the software to their specific regulatory landscape.
Automation features help streamline compliance processes, such as document management, reporting and audit preparation. This reduces manual efforts, minimizes errors and ensures consistent adherence to regulations.
Regulatory compliance software provides tools for organizing and presenting relevant compliance data during audits. It helps ensure all necessary documentation is readily available, facilitating a smoother audit process.
Yes, many regulatory compliance solutions are designed to concurrently handle compliance with multiple regulations. They often provide a centralized platform for managing various regulatory requirements - like NAVEX One.
Security features typically include access controls, encryption and secure storage. Role-based access ensures only authorized personnel can view or modify sensitive compliance information.
The software may include risk assessment tools and dashboards that help organizations identify and evaluate compliance risks. It facilitates the development and implementation of strategies to mitigate these risks.
Yes, most solutions offer reporting functionalities that allow organizations to generate detailed compliance reports. These reports communicate compliance status to internal stakeholders, regulators and other relevant parties.
Some regulatory compliance solutions – like NAVEX One – include training modules and tracking features to ensure employees receive appropriate training on relevant regulations. This helps maintain a compliant and well-informed workforce.
With NAVEX One regulatory compliance software, you’ll comply with the laws, guidelines and agreements governing your organization.