Industries
DecisionOS in regulated industries
How DecisionOS applies in regulated industries: banks and financial services (DORA, MaRisk, BAIT), insurers (DORA, Solvency II, VAIT), public sector (NIS2, BSI baseline protection, C5), healthcare (KRITIS, B3S) and energy utilities (IT-SiG 2.0, KRITIS).
NIS2 · Cyber Resilience Act · TISAX/ISA catalogue
Manufacturing & Industrial
Manufacturing is a NIS2 important entity. OT security and supply-chain diligence are mandatory. The decision memo is the audit standard.
EU GMP Annex 11 · 21 CFR Part 11 (FDA) · ICH Q9/Q10
Pharma & Life Sciences
Pharma IT is regulated IT. Validation (CSV/CSA) and audit trail are not optional. The decision memo is the mandatory front-end documentation.
TISAX/ISA 6.x · UNECE R155 (CSMS) · UNECE R156 (SUMS)
Automotive & Suppliers
Automotive = TISAX + UNECE R155/R156 + ISO 21434 + NIS2. The decision memo is the only format that maps all four in parallel.
NIS2 · Seveso III Directive (12. BImSchV) · IEC 62443
Chemicals & Process Industry
Chemicals is a NIS2 important entity with physical major-accident risk. IT-OT convergence is the core strategic question.
PCI DSS 4.0 · GDPR · PSD2
Retail & Commerce
Retail IT = payment + customer data + logistics. PCI DSS 4.0 and GDPR are the two hard axes.
DORA · MaRisk / KaMaRisk · KAGB
Asset Management & Wealth
Asset managers are direct DORA addressees. Tool selection must satisfy Art. 28-30.