About ECGF

What is ECGF?

The European Cyber Governance Framework (ECGF) is a comprehensive, unified control catalogue designed specifically for European organisations navigating the complex landscape of cybersecurity and data protection regulations.

Our Mission

To provide European organisations with a single, defensible framework that enables them to:

  • Implement security and privacy controls once
  • Demonstrate compliance across multiple European regulatory requirements
  • Maintain European sovereignty without dependency on non-European frameworks
  • Access a freely available, well-governed control catalogue

The Challenge We're Solving

European organisations face an increasingly complex regulatory landscape:

  • NIS2 Directive — Network and information security requirements
  • DORA — Digital operational resilience for financial entities
  • GDPR — Data protection and privacy security obligations
  • Cyber Resilience Act — Product security requirements
  • UK NCSC CAF — Cyber assessment framework
  • And many more...

Each framework has overlapping but not identical requirements. Most organisations implement controls multiple times to satisfy different auditors and regulators — wasting time, money, and resources.

Our Approach

ECGF unifies these requirements into a single control catalogue where:

  • Every control is traceable to authoritative European sources
  • Mappings show exactly which regulations each control satisfies
  • Implementation guidance is clear and actionable
  • Evidence requirements are explicitly defined
  • The governance model ensures quality and defensibility

Status

ECGF is currently in early development. We're establishing the governance model, deriving controls from authoritative sources, and building the mapping infrastructure.

Development is happening in the open on GitHub. All decisions are documented, all changes are tracked, and community participation is welcomed.

Who's Behind ECGF?

ECGF is maintained by Compliance Genie, with support from the wider European cybersecurity community.

We're committed to keeping ECGF freely available, transparent, and community-driven.

Get Involved

We welcome contributions, feedback, and collaboration:

  • View the repository on GitHub
  • Submit issues, suggestions, or pull requests
  • Join the discussion on framework design and control derivation
  • Help us map new frameworks and regulations

Contact Us

For inquiries, partnerships, or support: