Skip to main content
Chain
Malta’s Transposition of the NIS 2 Directive: S.L. 460.41 Telecoms, Media & Technology

Malta’s Transposition of the NIS 2 Directive: S.L. 460.41

Following Malta’s Draft Order transposing the EU NIS 2 Directive, which closed for public consultation on 7 October 2024, as an EU Member State, Malta was obliged to transpose EU Directive 2022/2555 (‘NIS 2’) by 17 October 2024. The transposition was finally implemented on 8 April 2025 through Legal Notice 71 of 2025 which creates the Measures for a High Common Level of Cybersecurity across the European Union (Malta) Order, 2025 as Subsidiary Legislation 460.41 (S.L. 460.41). It should however be noted that at time of writing, S.L. 460.41 is not yet in force, though it is expected to come…
European Blockchain Sandbox
European Blockchain Sandbox 3rd Cohort & Best Practices Webinar Telecoms, Media & Technology

European Blockchain Sandbox 3rd Cohort & Best Practices Webinar

The selection process for the third and final cohort of the European Blockchain Sandbox has been completed and the final twenty selected use cases have now been announced. Moreover, the European Blockchain Sandbox will soon be publishing the second cohort’s Best Practices Report which shall contain an overview of the regulatory best practices identified. The Report will be launched during a public webinar to be held on the 29th April 2025 at 14:00 CET, wherein the public is invited to ask any questions they may have regarding the Report. In conjunction, the award for the Most Innovative Regulator for the…
Mamo TCV Advocates
15th April 2025
Rejected!
European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting DORATelecoms, Media & Technology

European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting

The European Commission has communicated its rejection of the draft Regulatory Technical Standards (RTS) on subcontracting ICT services supporting critical or important functions supplementing the Digital Operational Resilience Act (DORA).  In its communication, the Commission held that the European Supervisory Authorities (ESAs) exceeded their mandate under Article 30(5) of DORA (which came into effect on 17 January 2025) by introducing requirements not specifically linked to the conditions for subcontracting in Article 5 of the RTS. The Commission has made it clear that Article 5 and the related recital 5 of the draft RTS must be omitted from the draft RTS…
Mamo TCV Advocates
31st January 2025
EU AI Act
EU AI Act: Banned AI Practices from 2 February 2025 Telecoms, Media & Technology

EU AI Act: Banned AI Practices from 2 February 2025

The EU AI Act becomes applicable across the EU, including Malta, on 2 August, 2026 (you may read our general overview here). However, the AI Act’s general provisions and the provisions on prohibited AI practices that present an unacceptable level of risk, will come into force as early as 2 February 2025. With this deadline fast approaching, organisations subject to the AI Act must ensure compliance accordingly. AI Literacy By 2 February 2025, providers and deployers of AI systems, including those based in Malta, must take steps to guarantee an adequate level of AI literacy among their staff and any…
Triangular Patterns
MFSA Issues Two Circulars on ICT Risk DORAFinTechTelecoms, Media & Technology

MFSA Issues Two Circulars on ICT Risk

On the 16th of January 2025, the MFSA published a circular on the register of information-reporting-timelines for MFSA-authorised persons. Subsequently, on the 17th of January 2025, the MFSA published another circular outlining several resources uploaded to its website to assist compliance with Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”). The circular issued on 16th of January 2025 focuses on the Register of Information required under Article 28(3) of DORA. This register mandates financial entities to document all contractual arrangements with ICT Third-Party Service Providers (“ICT TPPs”), ensuring transparency in…
Mamo TCV Advocates
20th January 2025
St James Cavalier Web Dome
DORA is Now in Force: What’s Next? DORAFinTechTelecoms, Media & Technology

DORA is Now in Force: What’s Next?

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA” or the “Act”) became enforceable as of 17th January 2025. DORA Resources As highlighted in various DORA insights by our Firm over the last few months (including a very useful overview of DORA itself), DORA represents a significant milestone in aligning the financial services sector with the EU’s digital finance strategy, offering a regulatory framework for operational resilience and ICT risk management. Designed to bolster operational resilience against increasingly sophisticated cyber threats, DORA ushers in a new era…