The guidelines issued by the Malta Digital Innovation Authority (MDIA) outline the high-level standards that every Innovative Technology Arrangement (ITA) seeking voluntary certification must satisfy. A certificate granted by the Authority acts as a seal of approval assuring that the ITA is up to standard in relation to quality, attributes, behavior and purpose amongst others.

An application may be submitted by individuals or companies alike so long as they are resident in Malta. If they do not reside in Malta, they must appoint a resident agent- with regards to corporate entities a resident agent is appointed when none of the members of its board of administrators, secretary, senior officials are habitually resident in Malta.

Another interesting point worth mentioning is that the MDIA may refuse any application if the applicant falls under the jurisdiction of another authority in Malta such as the MFSA or MGA. In relation to this, the applicant shall complete a Financial Instrument Test in order to ensure that the ITA in question does not happen to be a Virtual Financial Asset where other frameworks would subsequently apply.

The Application Process

The application process for certification of an ITA may be divided into 2 phases. The first phase focuses on the technical formalities required for the issuance of the ‘Letter of Intent’ by the Authority. The second phase ties hand in hand with the first phase and deals with the role of the Systems Auditor in obtaining the final MDIA certification.  

To begin with, interested applicants are to apply before the MDIA by means of an application form which must contain several generic and specific requirements including the need to justify the reason why certification is being sought, clearly identifying the mandate that entitles the applicant to submit such an application, as well as the governance structure of the ITA. Upon receipt of a completed application, the authority would commence its review process to ensure that the ITA meets all the requirements (both generic and specific) and that the individuals involved hold the necessary qualifications and experience, as well as being of good standing and repute. Nevertheless, the Authority still reserves the right to vary any of the mentioned requirements, within certain limits.

Assuming all these criteria exist, the MDIA would proceed to issue a Letter of Intent to the applicant which would effectively give rise to the second phase of the application process; that of instructing the applicant to formalise the appointment of the Systems Auditor to initiate a Systems Audit. The MDIA is never bound to issue such Letter of Intent and may on its own accord raise certain issues which would impinge on the certification if these are not rectified. Since the second phase of the application process heavily depends on the role of the Systems Auditor, it is being strongly suggested to prospective applicants to first identify a potential Systems Auditor prior to submitting the ITA application form, since this will reduce unnecessary delays to the application process. After the systems audit report is finalised, it is the responsibility of the applicant to forward such systems audit to the Authority for review. Such a systems audit report is to include information such as the characteristics of the ITA and the state of compliance with pertinent legislation such as the ITAS Act.

General and Specific Requirements

The general requirements which the Authority must take into consideration during the application process are intended to ascertain the standards of legality of the purpose and function of the ITA, the integrity of the applicant (including the administrator and qualifying shareholders), transparency of the functions and limitations of the ITA to its users, compliance with all applicable legal obligations and accountability, by clearly identifying who will be fulfilling the roles contemplated in the ITAS Act and defining the responsibilities of each individual. On the other hand, specific requirements include the fit and properness of the ITA, the positive assurance from Systems Auditor, the appointment of technical administrators, compliance with applicable and mandatory law and lastly adequate disclosures to users. The technical administrator shall be responsible for duties such as demonstrating that the ITA is able to meet the standards outlined in the guidelines on a continuous basis.

If the review concludes that the Systems Audit meets these general and specific criteria contemplated in the ITAS Act as well as the standards the Authority deems necessary for the certification, the Authority will issue the certification of the ITA (valid for a period of 2 years) and update the Register of Recognitions. The Authority is well within its power to issue a conditional certificate to ITA’s who are already in operation (or are in a very advanced stage) where compliance with one of the requirements for certification is not practicable within short time frames due to technical challenges. Furthermore, in the event of any material changes, the certified ITA is obliged to engage with the Authority to either obtain the Authority’s prior approval to the change or to notify the Authority of such change.

For more information on the Innovative Technology Arrangement (ITA) Guidelines and any other related areas please contact Dr Ian Gauci on and Dr Sean Xerri de Caro on

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content