1) Introduction & Definition

This illustration describes an integrated, cross-brand supply chain of the LEGIER Group (incl. SCANDIC Group by LEGIER) - from input (sources, suppliers, partners) to production/services to global delivery and monetization - with governance, KPIs and a digital image ("Digital Twin").

Supply chain management (SCM) strategically and operationally coordinates activities along the supply chain and integrates procurement/sourcing, conversion/production and logistics/distribution. The aim is to achieve a system-wide increase in effectiveness (customer benefit) and efficiency across company boundaries.

2) Overview: LEGIER & SCANDIC Group by LEGIER

  • LEGIER MEDIENGRUPPE: global media conglomerate with its own daily newspapers and high-performance infrastructure (data center in Manama, Bahrain).
  • SCANDIC Group by LEGIER: affiliated brands in Payments/Crowdfunding, Real Estate, Trading/Finance, Private Aviation, Yachting, Data Center, Trust/Asset Protection, Security and Health.

The ecosystem enables cross-brand value streams (e.g. capital → deal flow → processing → operations → service → monetization) and shared platforms (identity, compliance, data, security, operations).

3) Digital Twin + Control Tower

  • Digital twin: semantically linked image of all assets, nodes, flows and SLAs - across brands and regions.
  • Supply chain control tower: real-time visibility and control (demand/traffic, order/content throughput, capacity, risks, compliance, revenue) including suggested countermeasures (COA).
  • Forecasts & scenarios: Forecasts (load, demand, sales, subscription/yield), what-if simulations (outages, peaks, policy changes) and automated COAs.

4) End-to-end value stream per brand (short profile & supply chain role)

  • National - examples: DE ZAG & GwG; AT ZaDiG 2018 & FM-GwG; FR Code monétaire et financier & LCB-FT; IT d.lgs. PSD2/AML; ES RDL 19/2018 & Ley 10/2010; NL Wft & Wwft; PL Ustawa o usługach płatniczych & AML; RO Legea 209/2019 & 129/2019.
  • EU: PSD2; E-Money Directive; MiCA & Transfer of Funds Reg.; DORA; AML Directives (5th/6th); GDPR; eIDAS; Data Act; DSA/DMA.

Rlegal framework (EU / national - Selection):

4.1 SCANDIC PAY (crowdfunding, finance, digital assets)

  • eIDAS: Trust services/signatures (article per use case).
  • DORA: Art. 5 ff. (ICT risk), Art. 17 ff. (incident reporting).
  • MiCA/TFR: central application articles incl. travel data obligations.
  • PSD2: Art. 66/67 (access to third-party services), Art. 97 (SCA).
  • GDPR: Art. 5 (Principles), Art. 6 (Legal bases), Art. 28 (Processors), Art. 32 (Security), Art. 33/34 (Notification), Art. 44 ff. (Transfers).

Article notes EU (Extract):

  • Input/Source: Project initiators, investors/backers, payment networks, card program (debit).
  • Make/Convert: Due diligence, project listing, payment orchestration, token/asset mapping, reporting.
  • Deliver/Operate: Platform operation, investor communication, payouts, statistics, compliance/DSGVO.
  • Value: Capital mobilization, deal sourcing for estate/trade, brand reach.
  • National - examples: DE GEG & GwG; AT EAVG/EEffG & FM-GwG; FR Code de la construction & LCB-FT; IT Testo Unico Edilizia & d.lgs. 231/2007; ES LOE & Ley 10/2010.
  • EU: CSDD/CSRD; AML directives; EPBD (energy performance of buildings); Consumer Rights Directive; GDPR.

Legal framework (EU / national - Selection):

4.2 SCANDIC ESTATE (real estate development & brokerage)

  • GDPR: Art. 6, 28, 32 (legal basis/AVV/security).
  • EPBD: Energy efficiency/EP certificates (article per national implementation).
  • CSDDD: Core article on risk analysis/remediation/stakeholder involvement.
  • CSRD: Art. 19a/29a (sustainability reports).

Article notes EU (Extract):

  • Input/Source: Land/properties, developers, authorities, construction/service providers, capital partners.
  • Make/Convert: project development, valuation, marketing, transaction processing, ESG/compliance.
  • Deliver/Operate: handover/after-sales, operation/asset management, logistics and communication infrastructure.
  • Value: Asset pipeline for investors/trust, space/locations for operations (e.g. logistics/communication).
  • National - Examples: DE WpHG/WpDVerOV; FR Code monétaire et financier; IT TUF; ES Ley del Mercado de Valores; NL Wft; PL Ustawa o obrocie instrumentami finansowymi.
  • EU: MiFID II/MiFIR; MAR; Prospectus Regulation; EMIR; BMR; SFDR/Taxonomy; AML; GDPR.

Legal framework (EU / national - Selection):

4.3 SCANDIC TRADE (markets: equities, foreign exchange, crypto, commodities, emission rights)

  • SFDR: Art. 3, 4, 6/8/9 (Disclosure/PAI/Products).
  • Prospectus Regulation: Art. 3 et seq. (obligations/thresholds).
  • MAR: Art. 7, 14, 18 (insiders/prohibitions/lists).
  • MiFIR: Transparency/reporting obligations (core title).
  • MiFID II: Art. 16, 24, 25 (organization/information/suitability).

Article notes EU:

  • Input/Source: Market data/exchanges, liquidity partners, regulatory/KYC/AML.
  • Make/Convert: order management, risk/margin systems, portfolio/treasury functions.
  • Deliver/Operate: reporting/billing, APIs/platform, 24/7 monitoring, incident response.
  • Value: liquidity/hedging component for the Group (e.g. aviation fuel hedges, real estate FX hedging)
  • National - Examples: DE LuftVG/LuftBO; AT Luftfahrtgesetz; FR Code de l'aviation civile; IT Regolamenti ENAC; ES Ley de Navegación Aérea.
  • EU: EASA Basic Regulation 2018/1139; Air OPS 965/2012; Occurrence Reporting 376/2014; Air Passenger Rights Regulation 261/2004; DSA (customer pages).

Legal framework (EU / national - Selection)

4.4 SCANDIC FLY (private jet charter & special flights)

  • Regulation 376/2014: Art. 4 et seq. (incident reporting).
  • Regulation 261/2004: Art. 5-9 (compensation/support/reimbursement).
  • Air OPS 965/2012: Parts OPS/ORO/ARO (operational requirements).
  • EASA Basic Regulation 2018/1139: central approval/supervisory articles.

Article notes EU (Extract):

  • Input/source: Fleet/operator network, slots/handling, crews, safety/compliance partners.
  • Make/Convert: Brokerage, flight/route planning, handling/ground, security, special cases (evacuation/freight).
  • Deliver/Operate: charter execution, 24/7 customer service, billing, DSA/compliance pages, arbitration.
  • Value: Premium mobility for customers/management, synergies with yachts, security and trust.
  • National - examples: DE Recreational craft/sea regulations; FR Code des transports (nautique); IT Codice della nautica da diporto; ES norma náutica recreativa; NL Binnenvaartwet.
  • EU: Recreational Craft Directive 2013/53/EU; Passenger Rights at Sea Regulation 1177/2010; Port/Safety Regulation 725/2004.

Legal framework (EU / national - Selection):

4.5 SCANDIC YACHTS (Yacht-Brokerage)

  • Regulation 725/2004: Safety of ships/port facilities (ISPS connection).
  • Regulation 1177/2010: Art. 16 et seq. (passenger rights by sea).
  • Directive 2013/53/EU: essential safety/environmental requirements (Annexes).

Article notes EU (Extract):

  • Input/Source: Shipyards/owners, listings, classification societies, insurers.
  • Make/Convert: Valuation, mandate, marketing, due diligence, escrow, transfer processes.
  • Deliver/Operate: Refit/service partner, charter management, crew, port/logistics partner.
  • Value: Complements luxury mobility (Fly), cross-selling with trust/wealth, events/branding.
  • National - Examples: DE BDSG/TTDSG/BSIG(NIS2); FR LIL & Décrets ANSSI; IT Codice Privacy; ES LOPDGDD; NL UAVG; PL Ustawa o ochronie danych; RO Legea 190/2018.
  • EU: GDPR; ePrivacy Directive; NIS-2; Data Act/DGA; Cyber Resilience Act; eIDAS; DORA (for financial IT services).

Legal framework (EU / national - Selection):

4.6 SCANDIC DATA (Data Centers & Platforms)

  • CRA: Product cyber security/CE conformity.
  • Data Act/DGA: Data access/altruism - duties per role.
  • NIS-2: Art. 20-23 (risk management), Art. 30 (reporting).
  • GDPR: Art. 5, 6, 28, 32-36, 44 ff (core obligations).

Article notes EU (Extract):

  • Input/source: editorial/brand data, customer data (GDPR), telemetry/logs, partner feeds.
  • Make/Convert: Compute/Storage (IBM mainframes, AI/HPC), data integration, ontology, security.
  • Deliver/Operate: Hosting/Edge/CDN connection, observability, SLO/SLA management, backup/BCP/DR.
  • Value: Backbone for operations, analytics/forecasting, identity/compliance backbone.
  • National - Examples: Register of beneficial owners (DE Transparency Register, FR Registre des bénéficiaires effectifs, IT Registro titolari effettivi, ES Registro de titularidades reales, NL UBO-register, PL CRBR, RO Registrul beneficiarilor reali).
  • EU: AML Directives; DAC6 (reporting obligation for cross-border tax arrangements); GDPR; SFDR/Taxonomy (depending on the product).

Legal framework (EU / national - Selection):

4.7 SCANDIC GROUP (asset protection & succession)

  • GDPR: Art. 6/28/32 (legal basis/AVV/security).
  • DAC6: Indicators/deadlines of cross-border arrangements.
  • AMLD: UBO/KYC/Care - Key messages from the 5th/6th AMLD.

Article notes EU (Extract):

  • Input/Source: Clients/Family Offices, wealth/asset data, legal/tax frameworks.
  • Make/convert: structuring (trust/FO), due diligence, risk/legal review, foundation/ESG objectives.
  • Deliver/Operate: Trust administration, reporting/audit, interaction with Pay/Trade/Estate/Yachts/Fly.
  • Value: Securing/scaling assets, synergies in investment/real assets/luxury services.
  • National - examples: DE GewO §34a/BewachV; FR Code de la sécurité intérieure; IT TULPS (sicurezza privata); ES Ley 5/2014 Seguridad Privada; NL Wet particuliere beveiligingsorganisaties; PL Ustawa o ochronie osób i mienia; RO Legea 333/2003.
  • EU: NIS-2; CER Directive; Cyber Resilience Act; GDPR.

Legal framework (EU / national - Selection):

4.8 SCANDIC SEC (Security: physical & digital)

  • GDPR: Art. 32, 35 (Security/DPIA).
  • CER DIRECTIVE: Risk/resilience obligations (item-specific per sector).
  • NIS-2: Art. 20-23 (risk management), Art. 30 (notification), Art. 32 (enforcement).

Article notes EU (Extract):

  • Input/Source: Hazard/threat analyses, locations/objects, VIPs/persons.
  • Make/Convert: Security concepts, protective measures (object/person/RC), cyber detection/response.
  • Deliver/Operate: 24/7 operations, event/travel security (fly/yachts), crisis/evacuation planning.
  • Value: Resilience of the entire supply chain, protection of people, data, assets, brand.
  • National - examples: DE SGB V/BDSG/BfArM regulations; FR Code de la santé publique; IT norme SSN & privacy sanità; ES Ley 41/2002 & LOPDGDD; NL WGBO/AVG; PL Ustawa o systemie informacji w ochronie zdrowia; RO Legea 95/2006.
  • EU: GDPR; EHDS Regulation; MDR 2017/745; IVDR 2017/746; Patients' Rights Directive 2011/24/EU.

Legal framework (EU / national - Selection):

4.9 SCANDIC HEALTH (ENT Northwest / Medical Services)

  • MDR/IVDR: Conformity/monitoring - articles/appendices per product.
  • EHDS-VO: Interoperability/access rules (article-dependent).
  • GDPR: Art. 9, 15-22, 32-36 (health data/rights/security/DPIA).

Article notes EU (Extract):

  • Input/source: clinics/practices, medical devices/pharmaceuticals, patient flows, referring physicians.
  • Make/Convert: diagnostics/therapy (ENT), surgery services, appointment/case management, quality and hygiene processes.
  • Deliver/Operate: care/outcome tracking, telemedicine, billing, data protection/patient rights.
  • Value: Health services in the network; medical care for customers/employees.

5) Process map (SCOR-adapted, Group-wide)

  • Plan: S&OP via brands (capacity, demand, campaigns, liquidity).
  • Source: Supplier/partner management, onboarding, contracts, KYC/AML, rights.
  • Make: service/content/project production, quality/compliance, approvals.
  • Deliver: Multi-Channel/Operations, SLA, Logistics/Flight/Sea, Edge/CDN, Customer Service.
  • Return/Respond: Complaints/Corrections/Takedowns, Medical Post-Op/Follow-ups, Incident Lessons Learned.
  • Enable: Data Center, Identity/IAM, Security, Ontology/MDM, FinOps, Legal/Regulatory.

6) Integration & data architecture (high-level)

  • Integration layer: events/streaming + batch; zero-copy/virtualization for single pane of glass.
  • Semantic layer/ontology: entities (project, asset, flight, yacht, object, campaign, customer, contract, right, incident, mandate, payment, order) with lineage/SLA/PII.
  • Control Tower apps: dashboards, root cause, playbooks (COA), approvals, simulations.
  • Security/Privacy: Zero-Trust, Threat-Detection, Secrets-Management, Encryption at Rest/In Transit.

7) Governance & Compliance

  • EU-DSGVO/BDSG, DSA transparency reports, Modern Slavery Act, KYC/AML in Finance/Trade.
  • CSDDD/LkSG due diligence obligations in supply chains (risk analysis, prevention, complaints mechanism, report).
  • Industry regulations: Aviation (Fly), Maritime/Yachting, Real Estate and Financial Regulation, Medical Law (Health).
  • Energy Performance of Buildings Directive (EPBD) - Directive (EU) 2024/1275 (recast)
  • Real estate, construction & energy efficiency:
  • General Product Safety Regulation - Regulation (EU) 2023/988
  • Consumer Rights Directive - Directive 2011/83/EU
  • Consumer & E-Commerce:
  • Ban on products from forced labor - Regulation (EU) 2024/3015
  • Conflict minerals - Regulation (EU) 2017/821
  • EUDR - Regulation (EU) 2023/1115 (Deforestation-free supply chains)
  • CSDDD - Directive (EU) 2024/1760 (Corporate Sustainability Due Diligence)
  • CSRD - Directive (EU) 2022/2464 (Corporate Sustainability Reporting)
  • Sustainability & supply chain diligence:
  • Recreational craft - Directive 2013/53/EU (Recreational Craft)
  • Ship and port facility safety - Regulation (EC) No. 725/2004
  • Air passenger rights - Regulation (EC) No. 261/2004
  • Air OPS - Regulation (EU) No. 965/2012 (Air Operations)
  • EASA Basic Regulation - Regulation (EU) 2018/1139
  • Aviation & Sea:
  • Dual-use Regulation - Regulation (EU) 2021/821 (control of dual-use items)
  • Union Customs Code (UCC) - Regulation (EU) No. 952/2013
  • Trade, customs & export controls:
  • Anti-money laundering: 5th AMLD - Directive (EU) 2018/843; 6th AMLD - Directive (EU) 2018/1673
  • Sustainability reporting/financial market: SFDR - Regulation (EU) 2019/2088; Taxonomy - Regulation (EU) 2020/852
  • Market Abuse Regulation (MAR) - Regulation (EU) No. 596/2014; Prospectus Regulation - Regulation (EU) 2017/1129
  • MiFID II - Directive 2014/65/EU & MiFIR - Regulation (EU) No. 600/2014
  • MiCA - Regulation (EU) 2023/1114 & Transfer of Funds Regulation - Regulation (EU) 2023/1113
  • E-Money Directive - Directive 2009/110/EC
  • PSD2 - Directive (EU) 2015/2366
  • Financial servicesngen, payments & crypto:
  • DORA - Regulation (EU) 2022/2554 (with accompanying Directive (EU) 2022/2556)
  • Directive on the resilience of critical facilities (CER) - Directive (EU) 2022/2557
  • NIS-2 - Directive (EU) 2022/2555
  • Cybersecurity & critical Infrastructures:
  • Cyber Resilience Act (CRA) - Regulation (EU) 2024/2847
  • eIDAS & European Digital Identity - Regulations (EU) No. 910/2014 and (EU) 2024/1183
  • Digital Markets Act (DMA) - Regulation (EU) 2022/1925
  • Digital Services Act (DSA) - Regulation (EU) 2022/2065
  • Digital platforms & markets:
  • European Health Data Space - Regulation (EU) 2025/327
  • AI Regulation (Artificial Intelligence Act) - Regulation (EU) 2024/1689
  • Data Act - Regulation (EU) 2023/2854
  • Data Governance Act - Regulation (EU) 2022/868
  • ePrivacy Directive - Directive 2002/58/EC
  • General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
  • Data protection, data & AI:
  • Relevant legal frameworks that typically have to be taken into account depending on the LEGIER Group's business area (incl. SCANDIC):

7.1 Relevant European legislation (extract)

8) Risks & resilience (with COA examples)

  • Cyber/availability: CDN/edge/cloud/data center failures → automatic failover, rate limits, graceful degradation, prewarming.
  • Regulatory/compliance: policy changes (DSA/ESG/KYC) → rule watch, feature flags, training, audit trails.
  • Supplier/partner failure: alternative networks (operators/yards/exchanges), contract SLAs, emergency ramps.
  • Peaks in demand: Autoscaling, prioritization of critical pipelines (e.g. evacuation flights), capacity rebalancing.
  • Security situation: travel/event security, evacuation playbooks, emergency communication.

9) Metrics & target KPIs (excerpt)

  • Pay/Trade: authorization rate, settlement TTR, reversal rate, VaR/margin utilization.
  • Estate: Time-to-close, notarization turnaround time, ESG score per project, vacancy rate.
  • Fly/Yachts: On-time performance, safety events, NPS, charter utilization, fuel/CO2 per hour.
  • Data/Media: Availability, 95p/99p latency, Core Web Vitals, Data Freshness, Incident MTTR.
  • Trust: reporting fidelity, audit findings, client satisfaction, SLA adherence.
  • Security/Health: Incident rate, response time, compliance rate, patient satisfaction.

10) Operating model & roles (RACI, outlined)

  • Global: Control Tower (24/7), Data/Ontology, Security/CERT, Compliance, Vendor Management, FinOps.
  • Brand: Responsible owners (Pay/Estate/Trade/Fly/Yachts/Data/Trust/Sec/Health) with clear SLAs.
  • Together: Change Advisory Board, Incident Commander, Data Governance Board, Legal/Regulatory Council.

11) Implementation roadmap (12 months)

0-90 days (Foundational):

  • Data inventory & minimal digital twin (brands/assets/flows/SLAs).
  • Control tower: first dashboards/alerts; COA playbooks for critical scenarios (CDN/DSA/payment).
  • Standardize supplier/KYC/AML due diligence, mandate/contract registry.

3-6 months (scaling):

  • Extension to rights/compliance workflows (media/trust/state), group-wide IdM/IAM.
  • Forecasting (demand/capacity/revenue), SLA reports, workflow automation (case management).
  • Scenario simulator (What-if), alternative networks for operator/yard/exchange.

6-12 months (Advanced):

  • Autonomous COAs (e.g. capacity rebalancing, payment rerouting, route/slot optimization).
  • Integrated Revenue & Ops S&OP (Pay/Trade/Estate/Fly/Yachts/Trust).
  • Continuous CSDDD/LkSG reporting, third-party audits, red teaming (security).

12) Data model "starter set" (extended)

  • Project/Deal (Estate/Pay/Trade) ⇄ Asset/Contract ⇄ Party (customer, partner, operator, yard, medical team)
  • Flight ⇄ Operator ⇄ Handling ⇄ Crew ⇄ Airport/Slot ⇄ Security Plan
  • Yacht ⇄ Owner ⇄ Yard ⇄ Class ⇄ Insurance ⇄ Crew ⇄ Port
  • Trust Mandate ⇄ Portfolio ⇄ Policy/Clause ⇄ Beneficiary ⇄ Report
  • Order/Trade ⇄ Market/Exchange ⇄ Position ⇄ Risk ⇄ Settlement
  • Content/Media ⇄ Channel ⇄ Campaign ⇄ Placement ⇄ RevenueRecord
  • Incident ⇄ Type/Severity ⇄ COA ⇄ Status ⇄ TimelineAnnex A - National transpositions (selection per Member State)

Notice from the LEGIER Group and its affiliated brands and companies: Legal frameworks are dynamic. This overview lists typical primary standards/authorities per country for central EU areas (data protection, payments/AML, financial markets, cyber/NIS, consumers).

  • Germany (DE)
  • Data protection: BDSG, TTDSG; Supervision: BfDI/LfDI.
  • Payments/AML: ZAG, GwG; Supervision: BaFin, FIU.
  • Financial markets: WpHG/MiFID II implementation; supervision: BaFin.
  • Cyber/NIS: BSIG; NIS-2 implementation (ongoing/current).
  • Consumers: BGB (inter alia §§ 312 ff.), UWG.
  • Austria (AT)
  • Data protection: DSG; TKG 2021; Supervision: DPO.
  • Payments/AML: ZaDiG 2018; FM-GwG; Supervision: FMA.
  • Financial markets: WAG 2018; Supervision: FMA.
  • Cyber/NIS: NIS-G; Supervision: BMI/BKA.
  • Consumers: KSchG, FAGG.
  • France (FR)
  • Data protection: Loi Informatique et Libertés; Supervision: CNIL.
  • Payments/AML: Code monétaire et financier (LCB-FT); Supervision: ACPR/AMF.
  • Financial markets: AMF regulations (MiFID II implementation).
  • Cyber/NIS: Code de la défense (ANSSI).
  • Consumers: Code de la consommation.
  • Italy (IT)
  • Data protection: d.lgs. 196/2003 (Codice Privacy); Supervision: Garante.
  • Payments/AML: d.lgs. PSD2; d.lgs. 231/2007 (AML).
  • Financial markets: TUF (Testo Unico della Finanza); supervision: CONSOB.
  • Cyber/NIS: d.lgs. NIS; ACN (Agenzia per la Cybersicurezza).
  • Consumer: Codice del Consumo.
  • Spain (ES)
  • Data protection: LOPDGDD; Supervision: AEPD.
  • Payments/AML: RDL 19/2018 (PSD2), Ley 10/2010 (AML).
  • Financial markets: LMV; Supervision: CNMV.
  • Cyber/NIS: Esquema Nacional de Seguridad/NIS.
  • Consumer: TRLGDCU.
  • Netherlands (NL)
  • Data protection: UAVG; Supervision: AP.
  • Payments/AML: Wft; Wwft; Supervision: DNB/AFM.
  • Financial markets: Wft/MiFID II implementation; AFM.
  • Cyber/NIS: Wet beveiliging netwerk- en informatiesystemen.
  • Consumer: BW (German Civil Code).
  • Belgium (BE)
  • Data protection: Loi vie privée/AVG-Wet; Supervision: APD/GBA.
  • Payments/AML: Loi anti-blanchiment (AMLD implementation).
  • Financial markets: FSMA regulations (MiFID II implementation).
  • Cyber/NIS: Loi NIS.
  • Consumers: Code de droit économique.
  • Poland (PL)
  • Data protection: Ustawa o ochronie danych osobowych; Supervision: UODO.
  • Payments/AML: Ustawa o usługach płatniczych; Ustawa AML 2018.
  • Financial markets: Ustawa o obrocie; Supervision: KNF.
  • Cyber/NIS: Ustawa o KSC (NIS).
  • Consumers: Kodeks cywilny & ustawy konsumenckie.
  • Romania (RO)
  • Data protection: Legea 190/2018; Supervision: ANSPDCP.
  • Payments/AML: Legea 209/2019 (PSD2); Legea 129/2019 (AML).
  • Financial markets: Capital Markets Act; Supervision: ASF.
  • Cyber/NIS: lege NIS; CERT-RO/Directoratul Național de Securitate Cibernetică.
  • Consumer: OUG 34/2014.
  • Sweden (SE)
  • Data protection: Dataskyddslagen; Supervision: IMY.
  • Payments/AML: Betaltjänstlagen; Penningtvättslagen.
  • Financial markets: Värdepappersmarknadslagen; Supervision: FI.
  • Cyber/NIS: Lag om informationssäkerhet för samhällsviktiga tjänster.
  • Consumers: Consumers' plagues m.fl.
  • Denmark (DK)
  • Data protection: Databeskyttelsesloven; Supervision: Datatilsynet.
  • Payments/AML: Betalingsloven; Hvidvaskloven.
  • Financial markets: Værdipapirhandelsloven; Supervision: Finanstilsynet.
  • Cyber/NIS: Lov om net- og informationssikkerhed.
  • Consumers: Forbrugeraftaleloven.
  • Ireland (IE)
  • Data protection: Data Protection Act 2018; Supervision: DPC.
  • Payments/AML: European Union (Payment Services) Regulations; AML Acts.
  • Financial markets: Central Bank Acts/MiFID rules; Supervision: CBI.
  • Cyber/NIS: European Union (NIS) Regulations.
  • Consumers: Consumer Rights Act 2022.
  • Portugal (PT)
  • Data protection: Lei 58/2019; Supervision: CNPD.
  • Payments/AML: Regime Jurídico dos Serviços de Pagamento; Lei 83/2017 (AML).
  • Financial markets: CMVM rules (MiFID II implementation).
  • Cyber/NIS: Lei do Ciberespaço/NIS.
  • Consumer: Lei de Defesa do Consumidor.
  • Czech Republic (CZ)
  • Data protection: Zákon o zpracování osobních údajů; Supervision: ÚOOÚ.
  • Payments/AML: Zákon o platebním styku; AML zákon.
  • Financial markets: ZPKT; Supervision: ČNB.
  • Cyber/NIS: Zákon o kybernetické bezpečnosti.
  • Consumers: Občanský zákoník & consumer laws.
  • Greece (GR)
  • Data protection: Law 4624/2019; Supervision: HDPA.
  • Payments/AML: PSD2 implementation; AML laws.
  • Financial markets: HCMC rules (MiFID-II).
  • Cyber/NIS: Law on the implementation of NIS.
  • Consumers: Law 2251/1994 (updated).
  • Hungary (HU)
  • Data protection: Info Act; Supervision: NAIH.
  • Payments/AML: PSD2 implementation; AML law.
  • Financial markets: Capital Market Act; Supervision: MNB.
  • Cyber/NIS: Act L of one year (NIS implementation).
  • Consumers: Civil Code & Consumer Protection Laws.
  • Finland (FI)
  • Data protection: Tietosuojalaki; Supervision: Data Protection Ombudsman.
  • Payments/AML: Maksupalvelulaki; Rahanpesulaki.
  • Financial markets: Arvopaperimarkkinalaki; Supervision: FIN-FSA.
  • Cyber/NIS: Laki tietoturvasta (NIS).
  • Consumer: Kuluttajansuojalaki.