Font size






On 10th May 2018, the GRA was designated as the Competent Authority for the security of network and information systems in respect of designated operators of essential services, and of designated digital services.

Under Part 7 of the Civil Contingency Act 2007 (the “Act”), the Cyber Security Compliance Division of the GRA is responsible for the following:

i.       Regulating, supervising and enforcing compliance;

ii.      Establishing a list of operators of essential services;

iii.     Establishing a list of digital service providers;

iv.     Investigating breaches;

v.      Issuing guidance to operators of essential services or digital

   service providers;

vi.     Drawing up Codes of Practice;

vii.    Recording and reporting incident notifications; and

viii.   Conducting or organising inspections.

Additionally, the GRA has been designated as the single point of contact for the security of network and information systems for Gibraltar.

The Cyber Security Compliance Division will also work closely with the HMGoG’s Information Technology and Logistics Department (ITLD) who have been designated as the national computer security incident response team for Gibraltar (the “Gibraltar CSIRT”).

For further information please email the Cyber Security Compliance Division on