Malta transposed the NIS2 Directive into national legislation with Legal Notice 71 of 2025, known as the Measures for a High Common Level of Cybersecurity Across the European Union (Malta) Order (Subsidiary Legislation 460.41). https://legislation.mt/eli/sl/460.41/eng
Malta has transposed the CER Directive into its national legislation through a new legal instrument titled the Resilience of Critical Entities and Infrastructures (Identification, Designation and Protection) Order, 2026. The Order was first published on 16 January 2026 as L.N. 5 of 2026. The text of the Order has been formally brought into force as Subsidiary Legislation 460.43. The Order’s provisions are fully in force from 23 January 2026, following the publication of Legal Notice 23 of 2026 (Commencement Notice). This means Malta’s CER framework, which identifies, designates and protects critical entities and infrastructures, is now officially effective and enforceable. https://legislation.mt/eli/ln/2026/5/eng
Malta published Legal Notice 166 of 2024 titled “Malta Financial Services Authority Act (Digital Operational Resilience Act (DORA)) Regulations, 2024” under the Malta Financial Services Authority Act (Cap. 330). This legal notice locally implements the key provisions of the DORA Regulation and designates the MFSA as the competent supervisory authority for DORA-related compliance. These Malta DORA Regulations came into force on 17 January 2025, matching the Regulation’s EU-wide applicability date. They largely mirror the EU Regulation without adding or reducing material obligations — but provide the national legal basis for enforcement and supervisory powers. https://legislation.mt/eli/ln/2024/166/eng
The implementation of Regulation (EU) 2024/1366 n cybersecurity aspects of cross-border electricity flows will take place through the implementation of the NIS2 Directive. Malta CIP, as the supervisory authority for the NIS2 Directive will act as the competent authority for Regulation (EU) 2024/1366.
Obligations arising from EU Regulation (EU) 2019/1583 – Cybersecurity Measures in Aviation Security are reflected in Malta’s National Civil Aviation Security Programme through the Aviation Security Directorate within the Ministry For Home Affairs that issues guidance and instructions to industry accordingly. https://www.transport.gov.mt/aviation/regulation-policy/european-legislation-702
In Malta, the Civil Aviation Directorate (TM-CAD) is responsible for applying and enforcing Part-IS requirements (EASA Part-IS – Information Security for Aviation Safety) for entities certificated/approved in Malta. https://www.transport.gov.mt/aviation/regulation-policy/european-legislation-702
