Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday


Further to the policy of HM Government of Gibraltar to increase social distancing and slow the spread of COVID-19, attendance at our offices and public counters is possible by prior appointment only. Although we aim to carry out all our regulatory duties electronically, we do understand that this may not be possible for everyone. In such cases, an appointment will be arranged. Please note that a face mask is compulsory when attending our public counter.

Please contact our offices by e-mailing or call us on 200 74636. If you are unable to speak to our front desk staff, please leave a voicemail message. These are checked very regularly, and a member of our team will get back to you as soon as possible.

We accept requests for licence applications and renewals by e-mail, together with any necessary licence variations, if applicable. Payment for these may be effected, preferably, by bank transfer. If this is not possible, card payment via the telephone will also be accepted. Please contact our offices on and a member of our team will direct you to the correct application form on our website. If a paper copy is required, this may also be arranged by calling us on 200 74636. Licences will be scanned and sent by e-mail together with a copy of the receipt. The originals can either be posted or can be held for collection at a prearranged date and time.

Please note that a face mask is compulsory when attending our public counter.

Welcome to the Gibraltar Regulatory Authority website

Cyber Assessment Framework (CAF)

In order to comply with the requirements of the Civil Contingency Act 2007 and the EU Network and Information Systems (“NIS”) Directive, the designated Operators of Essential Services (“OES”) must take appropriate and proportionate technical and organisational measures to manage the risks to the security of network and information systems which support the delivery of essential services.

The Cyber Assessment Framework (“CAF”) was developed to provide guidance to OES and Digital Service Providers (“DSP”), and specifically to provide the GRA with the capability to assess the extent to which OES are achieving the required levels of cyber security. The CAF is based on the UK’s framework and as such is quite general. The GRA is liaising with the OES to tailor the CAF to each sector profile. The OES are required to work towards a set of fourteen cyber security principles written in terms of outcomes.

The general CAF is based on the following four main objectives:

A: Managing security risk

B: Protecting against cyber attack

C: Detecting cyber security incidents

D: Minimising the impact of cyber security incidents

The CAF is further broken down into the specific principles that are based on sets of indicators of good practice. It can be reviewed and downloaded from the link below.