Olegs Cernisevs, Doctor of Science and CTO of Blackcatcard, recently shared his insights on the NIS2 directive that aims to strengthen cybersecurity in the EU. But what is the current status of the implementation of the NIS2 in Malta?
Like many other European countries, including Portugal, the Netherlands, and Greece, Malta is actively working to transpose the European Union’s NIS2 Directive into national law. The Maltese government has initiated the transposition process by drafting the “Measures for a High Common Level of Cybersecurity Across The European Union (Malta) Order, 2024,” which is currently under public consultation. However, the Maltese government already created the Critical Infrastructure Protection Department. This department will be supervising the cybersecurity-related measures.
This draft legislation seeks to align Malta’s cybersecurity measures with the broader EU standards set by NIS2. Notably, it proposes the inclusion of sectors particularly significant to Malta’s economy, such as iGaming and digital services, which were not explicitly covered under the original NIS Directive.
Currently, Malta does not have a single, comprehensive law governing cybersecurity. Instead, various aspects of cybersecurity are addressed through a combination of sector-specific regulations and general legal provisions. The introduction of the NIS2 Directive into Maltese law represents a significant shift towards a more unified and robust cybersecurity framework. This move underscores the importance of safeguarding critical infrastructure and digital services against the increasing threat of cyberattacks.
The proposed Maltese legislation also emphasizes the establishment of a national cyber crisis management framework. This framework is designed to coordinate responses to large-scale cybersecurity incidents, ensuring that Malta is prepared to handle potential crises effectively. By aligning with NIS2, Malta aims to bolster its cybersecurity posture, protect essential services, and contribute to the overall resilience of the European Union’s digital landscape.
Olegs Cernisevs adds that the Maltese government already has an experience of successfully implementing another European directive connected with cybersecurity – DORA. Malta Financial Services Authority (MFSA) issued several important circulars detailing the necessary legal measures for DORA’s national implementation. The MFSA also provided numerous consultations with the industy representatives to help make the implementation of DORA smoother. This regulatory framework underscores Malta’s commitment to ensuring that financial entities can effectively withstand, respond to, and recover from various ICT-related disruptions and threats. Although DORA mostly focuses on the finance industry, it also highlights the necessity of reviewing and updating cybersecurity measures.
As the public consultation phase progresses, stakeholders, including businesses and public entities, are encouraged to engage with the proposed measures. This collaborative approach aims to ensure that Malta’s cybersecurity framework is robust, adaptive, and capable of mitigating emerging threats in an increasingly digital world.
