This significant legal framework supersedes the previous NIS1 regime, introducing more stringent cybersecurity requirements, enhanced reporting protocols, and robust enforcement measures.

Main Features of NIS2 Implementaion in Malta

• NIS2 Regulatory Bodies

  • The Critical Infrastructure Protection Department (CIPD) acting as the primary regulatory authority for cybersecurity, overseeing compliance, conducting security audits, and enforcing penalties for non-compliance
  • The Computer Security Incident Response Team (CSIRT) coordinating cybersecurity responses, facilitating coordinated vulnerability disclosure processes and actively supporting entities in mitigating cybersecurity risks.
• Coordinated Vulnerability Disclosure (CVD): A formalised framework to encourage the reporting of potential vulnerabilities.
• Incident Reporting: Obligations for timely reporting of cybersecurity incidents.
• Penalties for Non-Compliance: Severe penalties, including fines up to €10 million or 2% of global turnover.
• Management Accountability: Direct responsibility and liability for management bodies.

This legislation is an important step toward strengthening Malta’s cybersecurity defences and aligning national measures with EU-wide standards.

Want to know more?

If you’re unsure how the NIS2 Directive affects your organisation or need support with compliance, our team is here to help. Get in touch to speak with one of our cybersecurity and regulatory experts.

 

For more info about NIS2, visit: NIS2: European and national legislation on the cyber security of organisations & NIS2: Strengthening Cyber Security across Europe