Cybersecurity regulation refers to legal measures and guidelines designed to protect networks, devices, programs, and data from digital attacks, theft, damage, or unauthorized access. These regulations impose standards, procedures, and responsibilities on individuals, organizations, and governments to ensure the confidentiality, integrity, and availability of digital information and systems.
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access (stealing intellectual property or confidential information) and control system attacks. - Cyber-security Regulation, Wikipedia
Note: This is an area of active current development.
Intersection With Open Source
Arguably, the controls for contribution should not be any different for ingestion. However, it's important to point out that firms need to be vigilant even when consuming their own open source software and apply the same level of care as they do for third party code.
DORA: In the EU, Digital Operational Resilience Act (DORA) includes measures to ensure that financial entities have secure and resilient software supply chains. This includes requirements for risk management, testing, incident reporting, and ICT third-party risk.
The Cyber Resilience Act (CRA) is a regulation proposed by the European Commission which outlines common cybersecurity standards for hardware and software products in the EU.
Various laws at state and federal level.
The Cybersecurity Maturity Model Certification (CMMC): This is a set of standards that all Department of Defense (DoD) contractors must meet to protect sensitive data.
The Federal Information Security Modernization Act (FISMA): Updated in 2014, this law governs the security of federal agencies' information systems.