Vai al contenuto principale
Tutti gli scenari

API / Developer Platform

APIs are invisible to users — but not to regulators.

APIs that process, transmit, or store personal data are fully in scope of GDPR and NIS2. Machine-to-machine communication doesn't reduce your obligations — it increases them.

Verifica della realtà

Do your API consumers know exactly what data you process on their behalf, and do you have DPAs in place?

GDPR (General Data Protection Regulation)

mandatory Art. 28, Art. 32, Art. 33

I tuoi obblighi

  • API-level access control and authentication
  • Data Processing Agreements for API consumers
  • Rate limiting to prevent data scraping
  • Logging of data access for audit trail
  • Data minimisation in API responses

SiteGuardian monitora questo

  • TLS/HTTPS encryption monitoring
  • Automated cookie consent detection
  • Security headers analysis
  • Email transport encryption checks
  • Breach notification SLA tracking (72h)
  • Digital DPA/AVV signing

Rischio se ignorato

API data leaks are reportable breaches. No DPA = both parties liable. Scraping incidents = security violation.

NIS2 Directive (Cybersecurity)

conditional Art. 21, Art. 23

I tuoi obblighi

  • API security monitoring and anomaly detection
  • Vulnerability management for API endpoints
  • Incident response plan for API compromise
  • Supply chain documentation for API dependencies

SiteGuardian monitora questo

  • 24h/72h/1m incident reporting SLA
  • DNSSEC and DNS security monitoring
  • Security headers and TLS enforcement
  • Uptime and availability monitoring
  • Supply chain risk scoring
  • Incident auto-classification (NIS2 Art. 23)

Rischio se ignorato

API providers are in NIS2 scope if they serve essential or important entities. Shared responsibility model.

Digital Services Act (DSA)

conditional Art. 14, Art. 16, Art. 27

I tuoi obblighi

  • Transparency reporting on content moderation
  • Notice-and-action mechanism for illegal content
  • Terms of service clarity requirements
  • Algorithmic transparency for recommender systems

Rischio se ignorato

Fines up to 6% of global turnover. Service restrictions in the EU.

Questo ti riguarda?

Se rispondi sì a 2 o più, queste normative molto probabilmente si applicano alla tua azienda.

Scopri a che punto sei

Il nostro scanner gratuito verifica la postura di sicurezza del tuo sito, SSL, header, autenticazione e-mail e altro. Nessun account necessario.

Scan your API endpoint's security
Visualizza tutti gli scenari · Directory normativa dell'UE · Piano Compliance

Questa pagina fornisce informazioni generali sui quadri normativi dell'UE. Non costituisce consulenza legale. Consulta un professionista legale qualificato per una consulenza specifica alla tua situazione. SiteGuardian documenta il tuo monitoraggio in modo continuo — la conformità è responsabilità della tua organizzazione.