API / Developer Platform

APIs are invisible to users — but not to regulators.

APIs that process, transmit, or store personal data are fully in scope of GDPR and NIS2. Machine-to-machine communication doesn't reduce your obligations — it increases them.

Mostrar leyes nacionales para:

Comprobación de la realidad

Do your API consumers know exactly what data you process on their behalf, and do you have DPAs in place?

GDPR (General Data Protection Regulation)

mandatory Art. 28, Art. 32, Art. 33

Sus obligaciones

API-level access control and authentication
Data Processing Agreements for API consumers
Rate limiting to prevent data scraping
Logging of data access for audit trail
Data minimisation in API responses

SiteGuardian monitoriza esto

TLS/HTTPS encryption monitoring
Automated cookie consent detection
Security headers analysis
Email transport encryption checks
Breach notification SLA tracking (72h)
Digital DPA/AVV signing

Riesgo si se ignora

API data leaks are reportable breaches. No DPA = both parties liable. Scraping incidents = security violation.

NIS2 Directive (Cybersecurity)

conditional Art. 21, Art. 23

Sus obligaciones

API security monitoring and anomaly detection
Vulnerability management for API endpoints
Incident response plan for API compromise
Supply chain documentation for API dependencies

SiteGuardian monitoriza esto

24h/72h/1m incident reporting SLA
DNSSEC and DNS security monitoring
Security headers and TLS enforcement
Uptime and availability monitoring
Supply chain risk scoring
Incident auto-classification (NIS2 Art. 23)

Riesgo si se ignora

API providers are in NIS2 scope if they serve essential or important entities. Shared responsibility model.

Digital Services Act (DSA)

conditional Art. 14, Art. 16, Art. 27

Sus obligaciones

Transparency reporting on content moderation
Notice-and-action mechanism for illegal content
Terms of service clarity requirements
Algorithmic transparency for recommender systems

Riesgo si se ignora

Fines up to 6% of global turnover. Service restrictions in the EU.

¿Le afecta esto?

Si responde sí a 2 o más, es muy probable que estas normativas se apliquen a su empresa.

I provide APIs that third parties integrate with My API processes or transmits personal data API consumers rely on my service for their operations I have more than 100 API consumers My API handles authentication or payment data

Vea dónde se encuentra

Nuestro escáner gratuito verifica la postura de seguridad de su sitio, SSL, encabezados, autenticación de correo y más. Sin necesidad de cuenta.

Scan your API endpoint's security

Ver todos los escenarios · Directorio regulatorio de la UE · Plan Compliance

Esta página proporciona información general sobre los marcos regulatorios de la UE. No constituye asesoramiento jurídico. Consulte a un profesional jurídico cualificado para obtener asesoramiento específico a su situación. SiteGuardian documenta su monitorización de forma continua — el cumplimiento es responsabilidad de su organización.

API / Developer Platform

GDPR (General Data Protection Regulation)

Sus obligaciones

NIS2 Directive (Cybersecurity)

Sus obligaciones

Digital Services Act (DSA)

Sus obligaciones

¿Le afecta esto?

Vea dónde se encuentra

¿Esta seguro?