What are you looking for?

Newsfeed
April 11, 2025

Malta Transposes NIS 2 Directive into National Law through LN 71 of 2025

The NIS 2 Directive, the European Union’s latest legislative instrument aimed at enhancing cybersecurity resilience across the bloc, has officially been transposed into Maltese law. This was done through Legal Notice 71 of 2025, published on 8 April 2025.

This landmark regulation significantly broadens the scope of cybersecurity obligations across a range of critical and high-impact sectors. These include Energy, Transport, Health, Pharmaceuticals, Drinking Water manufacture, supply and distribution, Manufacturing, and Online Marketplaces, among others.

The legislation introduces a stronger and more harmonised framework for the protection of network and information systems, reflecting the EU’s strategic push to mitigate growing cyber threats in an increasingly digital and interconnected landscape.

Snapshot of Key Obligations for Essential and Important Entities:

Entities falling under the “essential” or “important” category as defined by the law are now subject to a set of stringent compliance requirements, including:

  1. Registration – Obligatory inclusion in the national registry of essential and important entities.
  2. Governance – Implementation of clear internal structures for cybersecurity oversight and accountability, including training.
  3. Risk Management Measures – Adoption of technical, operational and organisational measures to manage risks to their network and information systems, including policies on risk analysis, incident handling, supply chain security, network and information systems acquisition, development and maintenance, and human resources security, coupled with CSIRT services.
  4. Incident Reporting – Timely notification of significant cyber incidents to the competent national authority.
  5. Appointment of a Qualified Auditor to verify that the necessary measures have been implemented.

Entities operating within the affected sectors are advised to familiarise themselves with the new obligations and initiate compliance planning without delay.

For tailored advice or further information on how this law may impact your organisation, contact us on nis@ganado.com directly.

Share

Go Back

Author

Paul Micallef Grimaud

Partner (Malta)
View Profile

Related Articles

All Insights
Newsfeed image
Events
May 26, 2025

Stephanie Jean Coppini to lecture about sanctions compliance
Newsfeed image
Publication
May 23, 2025

A constitutional tug of war over Malta’s rent laws
Newsfeed image
Events
May 21, 2025

André Zerafa at the MIA Biennial Conference 2025
01
image

How can we assist?

Contact us