diff --git a/techniques/applications/repoGpgKeyManagement/1.1/repoGpgKeyManagement.st b/techniques/applications/repoGpgKeyManagement/1.1/repoGpgKeyManagement.st
index 069708266..6720fcdae 100644
--- a/techniques/applications/repoGpgKeyManagement/1.1/repoGpgKeyManagement.st
+++ b/techniques/applications/repoGpgKeyManagement/1.1/repoGpgKeyManagement.st
@@ -106,7 +106,11 @@ bundle agent check_repo_gpg_key_RudderUniqueID
       ## Handle import/remove reports
 
       "any" usebundle => repo_gpg_report_RudderUniqueID("result_success",  "${keyid}", "The GPG Key is already imported"),
-        ifvarclass => "repo_gpg_key_${keyid}_action_add.hook_repo_gpg_key_${repo_gpg_hash_lc[${keyid}]}_present";
+          ifvarclass => "repo_gpg_key_${keyid}_action_add.hook_repo_gpg_key_${repo_gpg_hash_lc[${keyid}]}_present";
+
+      "any" usebundle => repo_gpg_report_RudderUniqueID("audit_noncompliant",  "${keyid}", "The GPG Key is not imported"),
+           ifvarclass => "(dry_run|global_dry_run).repo_gpg_key_${keyid}_action_add.!hook_repo_gpg_key_${repo_gpg_hash_lc[${keyid}]}_present";
+
 
       "any" usebundle => repo_gpg_report_RudderUniqueID("result_repaired", "${keyid}", "The GPG Key was imported successfully"),
         ifvarclass => "repo_gpg_key_${keyid}_imported_RudderUniqueID_ok";
@@ -166,10 +170,10 @@ bundle agent check_repo_gpg_key_RudderUniqueID
   commands:
 
     repo_gpg_uses_apt|repo_gpg_uses_rpm::
-
+       # we completly skip the command in dry run, so that it doesn't wrongly set the _reached class
       "${runhook_repoGpgKeyManagementGetKeys.repo_gpg_binary} ${runhook_repoGpgKeyManagementGetKeys.repo_gpg_options} ${repo_gpg_file[${keyid}]} | ${paths.awk} -v HASH='${repo_gpg_hash_lc[${keyid}]}' -F':' '$1 == \"pub\" { ++count; if (tolower($5) == HASH) { printf \"+repo_gpg_file_%s_validated\n\", HASH; } } END { if (count > 1) { printf \"+repo_gpg_file_%s_multikeyed\n\", HASH; } }'"
         comment    => "We verify the content of the key-field matches the actual hash that was provided by the user. We also check for multiple keys present in one key-field, which is not acceptable",
-        ifvarclass => "repo_gpg_file_${keyid}_created_RudderUniqueID_ok.repo_gpg_has_gpg_binary",
+        ifvarclass => "!(dry_run|global_dry_run).repo_gpg_file_${keyid}_created_RudderUniqueID_ok.repo_gpg_has_gpg_binary",
         classes    => classes_generic("repo_gpg_hash_${keyid}_verified_RudderUniqueID"),
         contain    => outputable,
         module     => "true";