The Cyber Security Rules and Guidance, 2021

15th February 2021

The Commission is today publishing Cyber Security Rules and Guidance under The Protection of Investors (Bailiwick of Guernsey) Law, 1987; The Banking Supervision (Bailiwick of Guernsey) Law, 1994; The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc (Bailiwick of Guernsey) Law, 2000; The Insurance Business (Bailiwick of Guernsey) Law, 2002 and The Insurance Managers and Insurance Intermediaries (Bailiwick of Guernsey) Law, 2002 which will ensure that the Bailiwick’s regulatory regime continues to be compliant with international standards and appropriate for the Guernsey market.

The new Cyber Security Rules and Guidance have been created following extensive engagement with industry over the last two years and have been designed to be principles based allowing for application across the Bailiwick’s diverse finance sector.  They replace our existing Cyber Security Guidance. 

The Cyber Security Rules come into operation immediately however transitional arrangements within the Rules allow firms to implement changes to their internal controls to ensure compliance with the Rules by 9th August 2021.

The Commission would also recommend continued attention to the guidance issued by the National Cyber Security Centre - NCSC.GOV.UK

Copies of the Rules and Consolidated Rules and Guidance can be found at the following links:

Cyber Security Rules, 2021

Cyber Rules and Guidance, 2021

The making of the Rules and Guidance follows a period of extensive public consultation. The Commission would like to thank all those who provided comments in response to the consultation.  A copy of the feedback statement can be found on the Commission’s website at the following link:

Cyber Rules Consultation Paper Feedback