Skip to main content

The Ministry for Home Affairs, Security and Employment (MHSE) published the proposed Maltese draft order for the transposition of the EU Network and Information Systems Directive II (‘NIS 2’) on 6 September 2024. The draft order, titled ‘Measures For A High Common Level Of Cybersecurity Across The European Union (Malta) Order, 2024’ (the ‘Draft Order’) is currently open for public consultation until 7 October, seeking input for the effective implementation of the NIS 2 Directive in Malta, which must be transposed in national law by 17 October 2024.

The Draft Order implements the NIS 2 Directive which significantly expands upon the original NIS Directive. It aims to strengthen the EU’s cybersecurity resilience by addressing gaps in the original framework and adapting to the evolving threat landscape. From a local standpoint, the Draft Order is set to repeal and replace the current Subsidiary Legislation 460.35.

NIS 2 broadens its scope to include additional sectors, including: space; waste management; food production, processing and distribution; postal and courier services; chemical manufacture, production and distribution; manufacture; digital providers, and research. It also extends coverage to medium-sized entities in sectors previously covered by the original NIS Directive, increasing the number of organisations subject to compliance.

Aligning with NIS 2, the Draft Order introduces a two-tier system of “essential ” and “important entities.” This classification dictates the level of oversight and requirements for security measures. It mandates stricter security measures, focusing on risk management and state-of-the-art cybersecurity practices. Incident prevention, detection, response, recovery and stricter reporting requirements (including specific timelines and detailed notification content) are also emphasised.

Although the text of the Draft Order is still subject to finalization following the close of the public consultation on 7 October 2024, compliance will be expected from 18 October 2024, when the Directive’s obligations take effect.

If you would like to verify whether your organisation falls within the scope of the NIS 2 Directive and/or discuss your legal obligations thereunder, please feel free to contact us.

Are you ready for DORA? Is it applicable to you?
Find out more on our dedicated DORA section by clicking here

This document does not purport to give legal, financial or tax advice. Should you require further information or legal assistance, please do not hesitate to contact info@mamotcv.com