Purpose of this report is the identification and analysis of the regulatory and ethical framework relevant to the SPHINX project. Its findings need therefore to be taken into account by all project partners while executing their tasks. SPHINX aims to introduce a universal cyber security toolkit that will enhance the cyber protection of Health IT Ecosystems and ensure patients’ data privacy and integrity. The SPHINX toolkit will be adapted or embedded on existing medical, clinical or health available infrastructures. In the context of the project, SPHINX’s cyber-security ecosystem shall be validated and evaluated against performance, effectiveness and usability indicators at three different countries (Romania, Portugal and Greece). Hospitals, healthcare providers and IT solution providers participating in the project’s pilots will deploy and evaluate the solution at business-as-usual and emergency situations across various use case scenarios. This report takes into account the SPHINX project characteristics and particularises them onto legal and ethical findings. Its first three parts elaborate upon the applicable legal and ethical framework for SPHINX project purposes. In this context, the ethical principles applicable are discussed in Chapter 1, while EU personal data protection law and EU cybersecurity law are analysed in Chapters 2 and 3 respectively. The analysis takes into account primary and secondary legislation, as well as, guidance issued by the European Commission and other EU bodies and agencies. Its aim is to formulate a comprehensive text of reference for all ethical and legal issues that are of relevance to the project. Findings of the first three Chapters of this report are made concrete onto actual SPHINX circumstances in Chapter 4. While structurally the already applied pattern is followed in this Chapter as well (subchapters 4.3, 4.4 and 4.5 focusing on ethical, personal data protection, and cybersecurity issues respectively), attention has been given to drafting concrete and specific guidance to project partners in order to warrant compliance with the highest possible ethical and legal standards during project execution.