Encrypting data at rest is a common requirement for many data protection regulations, but not all regulations mandate encryption. Some regulations may allow for other forms of protecting data at rest, such as strict access controls or physical security measures. It's essential to understand the specific requirements of each regulation to ensure compliance.