Industries · UK & Europe
Critical Infrastructure
CNI obligations under the NIS Regulations. ORCA Opti brings your risks, controls and AI governance into one living system of record, inside your Safe Zone.
Regulation
Aligned to UK regulation
ORCA Opti maps to the frameworks UK organisations are measured against, and keeps your evidence current.
UK GDPR & Data Protection Act 2018
UK GDPR & Data Protection Act 2018
Personal data obligations and ICO expectations, mapped and evidenced.
Cyber Essentials & Cyber Essentials Plus
Cyber Essentials & Cyber Essentials Plus
The NCSC baseline controls many contracts now require, kept audit-ready.
NIS Regulations
NIS Regulations
Network and information systems duties for operators of essential services and digital providers.
ISO 27001
ISO 27001
Information security management, pre-mapped to your controls.
AI governance
AI governance
A practical path to safe, accountable AI aligned with the UK's pro-innovation approach.
UK & EU data residency
UK & EU data residency
Keep data in your Safe Zone, hosted in the UK or the EU under the EU Data Boundary, with residency you can demonstrate.
For Critical Infrastructure across the UK and Europe
See ORCA Opti for UK & European Critical Infrastructure
NIS Regulations in the UK and NIS2 plus the CER Directive in the EU have together created the most coordinated cyber and resilience regime in the world. Operators of essential and important entities, digital service providers and their suppliers all need evidence-grade controls. ORCA Opti brings NIS2, CER, sector frameworks and OT controls into one Pan-European programme.
NIS, NIS2 and CER demonstrable
NIS, NIS2 and CER demonstrable
UK NIS Regulations, EU NIS2 essential and important-entity controls and the CER Directive mapped to evidence, ready for sector supervisors.
National-interest data in the Safe Zone
National-interest data in the Safe Zone
Identity, payments, network and energy data inside the Safe Zone with UK and EEA residency, plus AI Guardian for every assistant interaction.
Incident reporting on the clock
Incident reporting on the clock
NIS2 24-hour early warning and 72-hour notification, NCSC reporting and ICO breach reporting workflows pre-built and rehearsed.
OT, IT and IoT in one programme
OT, IT and IoT in one programme
Operational technology, information technology and connected IoT estates mapped to IEC 62443 and ISO 27001 in a single control set.
The pressure
What CI operators are seeing
State-aligned activity, NIS2 supervisors stepping up and OT ransomware have moved CI resilience from policy paragraph to continuous practice.
State-aligned threat activity
State-aligned threat activity
Critical infrastructure is the most-targeted sector by state-aligned actors. Detection, segmentation and incident readiness must be evidence-backed.
Sector regulators stacking up
Sector regulators stacking up
Ofgem, Ofwat, ONR, Ofcom, FCA, PRA, MHRA, DfT and EU national supervisors all expect NIS2-aligned evidence in their own framework.
Supply chain compromise risk
Supply chain compromise risk
Third-party software, OT vendors and managed services are the most common breach origin. Vendor risk must be continuous, not annual.
OT ransomware in the wild
OT ransomware in the wild
Ransomware on OT is no longer theoretical. Energy, water, transport and manufacturing across the UK and EU have all been hit.
Frameworks built in
NIS2, sector regulator and international baseline
ORCA Opti ships with the obligations Pan-European CI runs on. Controls pre-mapped, evidence structured and reporting current.
NIS, NIS2 & CER Directive
UK NIS Regulations, EU NIS2 essential and important-entity controls and the Critical Entities Resilience Directive mapped.
ICO, NCSC & EU CSIRTs
ICO breach notification, NCSC reporting and EU national CSIRT coordination handled by one incident workflow.
IEC 62443 & ISA 99
Operational technology and industrial control system cyber security controls applied across OT estates.
ISO 27001 & ISO 27019
Information security plus the energy-utility extension, applied across IT and OT in one programme.
UK GDPR & EU GDPR
Personal data protection mapped to CI controls and citizen-facing services across UK and EEA.
NIST CSF, CRA & sector frameworks
NIST Cybersecurity Framework, EU Cyber Resilience Act and sector frameworks (financial, energy, water, transport, health) mapped to one control set.
See ORCA Opti for Critical Infrastructure in UK & Europe.
Work through a guided check with Opti Assist and get an immediate view of where you stand.
Join our mailing list
News and updates from ORCA Opti.