The digital transformation of critical activities such as the delivery of water, energy, healthcare, telecommunications, and banking services increasingly exposes them to cybersecurity threats, which can affect the health, safety, and security of citizens, the functioning of essential services, or economic and social prosperity more broadly. This Going Digital Toolkit note introduces key concepts, such as critical activities, critical information infrastructure (CII), cybersecurity and digital security risk management, and helps policymakers identify what needs to be protected and what types of measures operators of critical activities should take. It further discusses the institutional framework to develop and supervise policies to enhance the digital security of critical activities, including trust-based partnerships, and provides a selection of policy approaches from a range of jurisdictions in the Annex.