The legal and regulatory risk associated with business conducted over the Internet is driven by the laws and regulations of each individual country. Legal and regulatory risk is the risk of non-compliance or violation of the applicable laws and regulations that govern the business activities, operations, or transactions. Business conducted over the Internet involves the use of the global network of interconnected computers and devices to exchange information, goods, or services across the geographic boundaries. Business conducted over the Internet may expose the enterprise to various legal and regulatory risks, such as data protection, privacy, security, intellectual property, consumer protection, taxation, or jurisdiction issues. The legal and regulatory risk associated with business conducted over the Internet is driven by the laws and regulations of each individual country, as each country may have different or conflicting laws and regulations that apply to the business conducted over the Internet, and that may change or vary over time. The laws and regulations of each individual country may also impose different or additional obligations, requirements, or restrictions on the enterprise, and may subject the enterprise to different or multiple enforcement actions, penalties, or disputes. The jurisdiction inwhich an organization has its principal headquarters, international law and a uniform set of regulations, and international standard-setting bodies are not the drivers of the legal and regulatory risk associated with business conducted over the Internet, as they do not reflect the diversity and complexity of the legal and regulatory landscape that the enterprise may face when conducting business over the Internet. References = CRISC Review Manual, 6th Edition, ISACA, 2015, page 217.