Digital Security (AMSN) • Certification of service providers as "ExpertCyber Monaco"

Presentation

Sovereign Order No. 11.325 of 10 July 2025 amending Sovereign Order No. 8.504 of 18 February 2021 implementing Article 24 of Law No. 1.435 of 8 November 2016 on combating technological crime, as amended (JDM no. 8755 of 11 July 2025) grants the Director of the Monegasque Digital Security Agency (AMSN) a new mission: the certification ("labélisation") of "ExpertCyber Monaco" service providers (Article 6, new letter m).

It is supplemented by Ministerial Order No. 2025-342 of 3 July 2025 implementing Article 6, m) of Sovereign Ordinance No. 8.504 of 18 February 2021 implementing Article 24 of Law No. 1.435 of 8 November 2016 on combating technological crime, as amended, defining the requirements for the qualification of information system security audit providers (JDM no. 8755 of 11 July 2025), which includes two append:

• Annex 1 - ExpertCyber Monaco provider certification system: defines the procedures for managing applications from companies seeking the 'ExpertCyber Monaco' certification and for awarding the mark, which attests to certification by the AMSN.
• Annexe 2 - List of criteria for evaluating applications for ExpertCyber Monaco certification.

The development of a Monegasque certification for digital security expertise among service providers engaged in IT installation, maintenance and support activities aims to "promote best practices in this area and provide victims of cybercrime with visibility on the expertise of the service providers they use" (Annex 1, 1. General overview).

* * *

SUMMARY

• The "ExpertCyber Monaco" label (registered trademark, owned and managed by AMSN; the ExpertCyber brand is the exclusive property of the ACYMA public interest group (GIP), incubated by the French ANSSI) recognises the quality of technical service providers' skills in all or part of the following areas of expertise: main attacks and malicious activities encountered by its customers, their characteristics and main impacts; securing information system architectures and technologies; Applications and their vulnerabilities (office applications, Internet browsers, web servers, databases, mail servers, software packages, etc.); analysis tools: system analysis (antivirus, memory, disks), log analysis (signature, system, application or network); knowledge of the authorities involved in dealing with an IT incident; knowledge of the main legal classifications of cybermalicious acts that they are required to deal with, as well as the competent courts with jurisdiction over them, in criminal and civil matters.
• The certification ("labélisation") of ExpertCyber Monaco service providers must comply with the certification system set out in Annex 1 and the set of criteria for evaluating applications set out in Annex 2.
• Afnor Certification verifies compliance with the requirements set out in Annexes 1 and 2.
• In the event that the requirements set out in Annexes 1 and 2 are no longer met, the Director of the AMSN may, after hearing the explanations of the party concerned or duly requesting them to provide such explanations, suspend for a specified period or even withdraw the "ExpertCyber Monaco" label.
• Personnel working under the "ExpertCyber Monaco" label are individually designated and duly authorised by service providers after an administrative investigation in accordance with the provisions of Ministerial Order No. 2016-622 of 17 October 2016, as amended. This authorisation is renewed every 3 years under the same conditions. Service providers must keep an up-to-date register of authorised persons.
• The individual certificate of competence is issued to each "ExpertCyber Monaco" service provider certified by the Director of the AMSN, who keeps an up-to-date register of certified service providers ("registre des prestataires labélisés").

* * *

Related text also published in July 2025:

Sovereign Order no. 11.326 of 10 July 2025 (JDM no. 8756 of 18 July 2025) establishes the "Cybermalveillance" subcommittee attached to the Strategic Committee for Digital Security, whose secretariat is provided by the AMSN. It is responsible for prevention, support and assistance to victims of cybermalicious acts, public awareness and the development of prevention campaigns on digital security and privacy issues, as well as the provision of statistical data offering a realistic and consolidated view of the cyber threat, in order to better anticipate it.

* * *