Accessibility

Font size

Filters

Highlight

Colour

Zoom

GUIDANCE

In accordance with section 54 of the Civil Contingencies Act 2007, and its role as the Competent Authority, the GRA has published guidance to promote the following of good practice for operators of essential services and digital service providers so they may comply with their regulatory obligations.

This guide explains the role of the Gibraltar Regulatory Authority as the designated Competent Authority under Part 7 of the Civil Contingencies Act 2007.

This guidance is for Operators of Essential Services (“OESs”), as designated by the GRA under section 35(2) of the Civil Contingencies Act 2007 (the “Act”), and for Digital Service Providers (“DSPs”) under section 43 of the Act.

This guidance sets out an overview of the requirements OESs and DSPs need to consider to comply with their obligations under sections 41, 42 and 43 of the Act respectively.

This guidance is for Operators of Essential Services (“OESs”), as designated by the GRA under section 35(2) of the Civil Contingencies Act 2007 (the “Act”).

The guidance sets out a series of activities that OESs are expected to complete which includes:

  • Preliminary self-assessment;
  • Scoping of self-assessment;
  • CAF Self-assessment; and
  • Identifying and implementing improvement plans.

Under the provisions of section 42(1) of the Civil Contingencies Act 2007 (the “Act”), operators of essential services (“OES”) must notify the GRA of any incident having a significant impact on the continuity of the essential service which that OES provides within 72 hours of becoming aware of an incident.  Any such incident will be described as a “NIS incident”.

A NIS incident must be reported to the GRA, without delay, by submitting an Incident Notification Form below.