Special Authorisations
Pursuant to the Electronic Communications Act (Official Gazette Nos. 73/08, 90/11, 133/12, 80/13, 71/14, and 72/17), HAKOM may issue a specific authorisation to a legal entity to perform activities in the field of electronic communications. Pursuant to Article 61, paragraph 1, of the Ordinance on the Manner and Conditions for the Provision of Electronic Communications Networks and Services (Official Gazette Nos. 154/11, 149/13, 82/14, 24/15, 42/16, and 68/19; hereinafter: the "Ordinance"), operators whose revenue exceeds 2% of the total revenue in the relevant market for electronic communications services, or those for whom the Croatian Regulatory Authority for Network Industries (HAKOM) deems it necessary, shall, at their own expense:
For the purposes of the evaluation, testing, and certification of billing and invoicing systems, in accordance with Article 61, paragraph 4 of the Ordinance, HAKOM may authorise a legal entity.
With regard to the measurement of service quality, and pursuant to Article 61, paragraph 6 of the Ordinance, such measurements may be conducted by the operators themselves or by an authorised entity. The supervision of such measurements, pursuant to paragraph 2 of the same article, may be carried out by HAKOM or an authorised entity.
The authorised entities responsible for performing the tasks of evaluation, testing, and certification of billing and invoicing systems, as well as service quality measurements, are:
HAKOM issues authorisation to a legal entity to conduct audits of information systems in accordance with the applicable ISO 27 001 and ISO 22 301 standards, pursuant to Article 9 of the Rules on the Method and Deadlines for Implementing Measures to Ensure Network and Service Security (Official Gazette No. 52/2023).
Authorised Audit Body
(1) The auditing of network and service security for operators may be carried out by legal entities based on an authorisation decision issued by the Agency.
(2) The Agency shall issue authorisation if the legal entity is accredited by the Croatian Accreditation Agency or another national accreditation body in accordance with Regulation (EC) No. 765/2008, for conducting audits of information systems in accordance with the applicable ISO 27 001 and ISO 22 301 standards.
(3) The Agency shall issue the authorisation decision referred to in paragraph 1 of this article based on a request from the legal entity. The request submitted to the Agency by the legal entity must include the following:
- Details of the applicant
- A copy of the accreditation certificate referred to in paragraph 2 of this article.
(4) The authorisation decision referred to in paragraph 1 of this article shall be issued to legal entities with a validity period determined by the accreditation mentioned in paragraph 2 of this article.
(5) The Agency shall revoke the authorisation decision referred to in paragraph 1 of this article if the legal entity no longer meets the requirements set out in paragraph 2 of this article.
(6) The Agency shall maintain a list of authorised legal entities for conducting network and service security audits for operators, which it shall regularly update and publish on its website.
The authorised legal entity for conducting audits of information systems in accordance with the applicable ISO 27 001 and ISO 22 301 standards is:
- Ensure that the evaluation and testing of their billing and invoicing systems for the aforementioned services is carried out at least every six (6) months, or more frequently if required by HAKOM;
- Ensure that the measurement of service quality is conducted at least every six (6) months, or within a shorter period as specified by HAKOM;
- Implement any improvements required by HAKOM to ensure that their billing and invoicing systems are certified as fit for purpose.
For the purposes of the evaluation, testing, and certification of billing and invoicing systems, in accordance with Article 61, paragraph 4 of the Ordinance, HAKOM may authorise a legal entity.
With regard to the measurement of service quality, and pursuant to Article 61, paragraph 6 of the Ordinance, such measurements may be conducted by the operators themselves or by an authorised entity. The supervision of such measurements, pursuant to paragraph 2 of the same article, may be carried out by HAKOM or an authorised entity.
The authorised entities responsible for performing the tasks of evaluation, testing, and certification of billing and invoicing systems, as well as service quality measurements, are:
| TITLE | ADRESS | CONTACT | THE AUTHORISATION VALID UNTIL | CONNECTED DECISIONS |
| MICRO-LINK d.o.o. | Jaruščica 9a, 10 000 Zagreb | tel.: +385 1 3636 884 microlink@microlink.hr |
The authorisation is valid until: 12. July 2026. |
Connected decisions |
| MASH ICT d.o.o. | Lanište 22, 10 000 Zagreb | tel.: 095 583 2139 mash@mashict.eu |
The authorisation is valid until: 12. July 2026. |
HAKOM issues authorisation to a legal entity to conduct audits of information systems in accordance with the applicable ISO 27 001 and ISO 22 301 standards, pursuant to Article 9 of the Rules on the Method and Deadlines for Implementing Measures to Ensure Network and Service Security (Official Gazette No. 52/2023).
Authorised Audit Body
(1) The auditing of network and service security for operators may be carried out by legal entities based on an authorisation decision issued by the Agency.
(2) The Agency shall issue authorisation if the legal entity is accredited by the Croatian Accreditation Agency or another national accreditation body in accordance with Regulation (EC) No. 765/2008, for conducting audits of information systems in accordance with the applicable ISO 27 001 and ISO 22 301 standards.
(3) The Agency shall issue the authorisation decision referred to in paragraph 1 of this article based on a request from the legal entity. The request submitted to the Agency by the legal entity must include the following:
- Details of the applicant
- A copy of the accreditation certificate referred to in paragraph 2 of this article.
(4) The authorisation decision referred to in paragraph 1 of this article shall be issued to legal entities with a validity period determined by the accreditation mentioned in paragraph 2 of this article.
(5) The Agency shall revoke the authorisation decision referred to in paragraph 1 of this article if the legal entity no longer meets the requirements set out in paragraph 2 of this article.
(6) The Agency shall maintain a list of authorised legal entities for conducting network and service security audits for operators, which it shall regularly update and publish on its website.
The authorised legal entity for conducting audits of information systems in accordance with the applicable ISO 27 001 and ISO 22 301 standards is: