| LEG-0001 | Data protection | EU | GDPR (Regulation 2016/679) | General Data Protection Regulation — personal data processing rules | DP WAT is typically processor; DPAs signed with customers | Administrator | Annual | 2026-02-01 | Also UK GDPR for UK customers |
| LEG-0002 | Data protection | Romania | Law 190/2018 | Romanian GDPR implementation law | Supplements GDPR for Romanian context | Administrator | Annual | 2026-02-01 | |
| LEG-0003 | Fiscal | Romania | Codul Fiscal (Law 227/2015) | Romanian Fiscal Code — tax obligations | Standard business compliance | Administrator | Ongoing | 2026-02-01 | High change frequency; monitored via Monitorul Oficial |
| LEG-0004 | Labor | Romania | Codul Muncii (Law 53/2003) | Romanian Labor Code — employment law | Applies to Romanian employees | Administrator | Annual | 2026-02-01 | |
| LEG-0005 | Commercial | Romania | Law 31/1990 | Romanian Companies Law | SRL corporate governance | Administrator | Annual | 2026-02-01 | |
| LEG-0006 | Cybersecurity | Romania | NIS2 Directive transposition | Network and Information Security — critical infrastructure | May apply depending on customer sectors | CISO | Annual | 2026-02-01 | Monitor DNSC guidance |
| LEG-0007 | Accounting | Romania | Law 82/1991 | Romanian Accounting Law | Financial reporting requirements | Administrator | Annual | 2026-02-01 | Handled by external accountant |
| LEG-0008 | Contractual | Various | Customer contracts and NDAs | Security requirements per customer agreement | Project-specific; tracked in customer register | CISO | Per project | 2026-02-01 | See customer-project-register.csv |