ECC are regulatory practices and frameworks, established by national or global regulators (NCA), that contain the measures and countermeasures that organizations must implement to detect, prevent, or address security risks, and to manage threats to information and technology assets.