@Caute_cautim, it was pretty much the same where I'm based (KSA) with a number of organizations providing Cyber-security compliance requirements. (Needless to say, following them all was a nuisance.)

That recently changed, with all entities having to comply with the requirements of a 'National Cybersecurity Authority' that provides the necessary policies, frameworks, standards and guidelines for this.

However, regulatory authorities here often seem content with continually assessing compliance, rather than strictly enforcing it.