DORA Legal Notice, MALTA

Achieving a high level of digital operational resilience for financial entities requires the harmonisation of various rules across Union and national law.

In preparation for the Digital Operational Resilience Acts (“DORA”) imminent coming into force on 17 January 2025, the Malta Financial Services Authority Act (Digital Operational Resilience Act) Regulations have been issued by virtue of Legal Notice 166 of 2024, marking the first legislative implementation of DORA’s provisions at the level of Maltese law.

This Legal Notice, published on 16 July 2024, aims to establish the pertinent national level provisions of DORA. This follows the draft regulations issued by the Malta Financial Services Authority (“MFSA”) for public consultation earlier in the year (accessible here).

The regulations are designed to ensure that financial entities in Malta enhance their digital operational resilience, and to ultimately align with the broader European objectives of achieving a high level of commonality in digital operational resilience; safeguarding financial stability and consumer protection in the digital age. This article will focus on the localised provisions of DORA within the Legal Notice.

Noteworthy Local provisions

Authority:

As expected, the Legal Notice establishes the MFSA as the competent authority within Malta for ensuring that financial entities comply with both the Regulation and the local provisions as well as other relevant laws and regulations. In the exercise of this role, the MFSA shall carry out all functions and duties assigned to competent authorities by DORA.

Exemption for the Malta Development Bank:

DORA, provides an exhaustive list of entities which fall outside the scope of its scope and this has resulted into an exemption for the Malta Development Bank.

Local Penalties:

If an entity fails to cooperate with an investigation or on-site inspection, the MFSA can impose administrative measures or penalties up to €150,000 per violation, without requiring a court hearing, simply by issuing a written notice.  Criminal penalties are set out whereby on conviction one could be liable to either for an imprisonment term of up to one year or a fine not exceeding €150,000.

Broader penalty publication requirements by the MFSA:

DORA imposes that penalties are to be published on the MFSA’s official website. The Legal Notice seems to broaden the scope to include not only administrative penalties, but also other administrative measures taken under the regulations. It is  specified that such publication must occur "without undue delay" after the decision is made and after the addressee has been notified, where there is no appeal.

Designated Forum of Appeal:

The Legal Notice establishes the Financial Services Tribunal to be the forum for appeal for administrative penalties imposed by the MFSA.

The issuance of Legal Notice 166 of 2024 marks a significant step in Malta's preparation for DORA, set to come into effect on 17 January 2025.

Do you require any help complying with the imminent coming into force of DORA?

 GTG is here to assist! For more information, assistance or clarification kindly contact Dr Ian Gauci or Dr Terence Cassar.

Looking for more information regarding DORA? Feel free to continue reading on:

ESAs Release Second Set of Policy Products under DORA

Get Ready: DORA Impact Looms for ICT Service Providers

Navigating the Urgent and Significant New Regulatory Landscape of Digital Operational Resilience (DORA) and AI Governance

 

News update by J.J. Galea


 

 

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content