Financial Crime World

Malta Reinforces Cybersecurity Regulations

The Maltese government has taken significant steps to strengthen cybersecurity regulations, with the aim of protecting personal data and ensuring the security of electronic communications networks.

Transposing EU Directive

According to a recent draft legal notice issued by the Malta Critical Infrastructure Directorate (CPID), Malta is transposing the EU Network and Information Security Directive (2016/1148/EC) into national law. This directive represents the first EU-wide rules on cybersecurity, and its implementation is expected to enhance the security of critical infrastructure and networks.

Key Regulatory Considerations

  • Malta has adopted International Organisation for Standardisation Standard 27001 as a key standard for managing data security.
  • The Criminal Code criminalises unlawful access to or use of information, particularly through the use of computers or other devices.
  • The Office of the Information and Data Protection Commissioner regulates and enforces cybersecurity aspects of personal data processing.
  • The Communications Authority is responsible for enforcing the security of Malta’s public communication networks.

Cybersecurity Best Practices

  • Insurance coverage for cybersecurity breaches is available in Malta, although it is uncommon for businesses to obtain such coverage.
  • Companies are not specifically required to keep records of cybercrime threats, attacks and breaches, but they may be required to report significant breaches to the relevant authorities.
  • The Electronic Communications Networks and Services (General) Regulations require providers to notify the Communications Authority and users concerned in the event of a significant risk of breach of security or integrity.

Criminal Sanctions

  • Cybersecurity offences under the Criminal Code carry maximum fines of €150,000 and four years’ imprisonment or both.
  • Breaches of cybersecurity regulations may result in administrative fines, ranging from one-time fines of up to €23,300 and daily fines of up to €2,500.

Conclusion

Malta’s cybersecurity regulatory framework is designed to protect personal data and ensure the security of electronic communications networks. By adopting international standards and enforcing strict regulations, Malta aims to create a secure environment for businesses and individuals alike.