**Scope definitions:** Each framework defines its scope differently (CDE for PCI, ePHI for HIPAA, critical functions for DORA) - **Enforcement mechanisms:** Some are enforced through fines (GDPR), others through contractual consequences (PCI DSS), others through market consequences (SOC 2) - **Speci