Skip to content

Business Services

Cybersecurity

National Cybersecurity Certification Authority

The EU Cybersecurity Act (CSA) strengthens the EU Agency for cybersecurity (ENISA) and establishes a cybersecurity certification framework for products and services. As National Cybersecurity Certification Authority (NCCA.MT), the MDIA has the below supervisory functions:

  • supervise and enforce rules included in European cybersecurity certification schemes;
  • monitor compliance with and enforce the obligations of the manufacturers or providers of ICT products, ICT services or ICT processes that are established in their respective territories and that carry out conformity self-assessment;
  • assist and support the national accreditation bodies (NAB) in the monitoring and supervision of the activities of conformity assessment bodies;
  • monitor and supervise the activities of the NCCA certification authority based on the respective certification scheme;
  • monitor relevant developments in the field of cybersecurity certification.

NCCA.MT as national hub in the European certification landscape

NCCA.MT cooperates with the European Commission and other European NCCAs. This includes active participation in the European Cybersecurity Certification Group (ECCG) and the peer review of other NCCAs according to ‘article 59 CSA’.

Every NCCA must ensure an information exchange on the European level, by for instance, providing an annual summary report on the activities which will be sent to the European Union Agency for Cybersecurity (ENISA) and the ECCG. In addition, the NCCA will notify the accredited CABs for each European cybersecurity certification scheme to the Commission. One year after the entry into force of a European cybersecurity certification scheme those CABs will be listed and published in the Official Journal of the European Union.

The National Coordinated Vulnerability Disclosure Policy

ICT Systems are inherently susceptible to vulnerabilities, which may expose them to incidents that compromise their security. In response to these challenges, the Critical Infrastructure Protection Directorate (CIPD) and the Malta Digital Innovation Authority (MDIA) have collaborated to implement measures addressing coordinated vulnerability disclosure, aligning with the National Cybersecurity Strategy 2023-2026 and the NIS 2 Directive (Directive (EU) 2022/2555). The resulting National Coordinated Vulnerability Disclosure Policy (NCVDP) encourages ICT system owners and managers to establish their own policies in line with the NCVDP, with the directive mandating compliance for entities classified as “Essential” according to the NIS2 Directive.

Guideline: Building trust in AI through a cyber risk-based approach

AI, a transformative technology under development since the 1950s, now impacts almost every sector from defence to energy, health to finance and many others. Its rapid adoption, including the use of large language models (LLM) and increasing reliance on AI, should encourage stakeholders to assess related risks, including the ones associated to cybersecurity.

Without adequate measures – and given that users still tend to underestimate AI-related cyber risks – malicious actors could exploit vulnerabilities of AI systems and jeopardize the use of AI technology in the future. It is therefore crucial to understand and mitigate these risks, to foster trusted AI development and fully embrace the opportunities that this technology offers.

While the matter of AI-enhanced solutions, whether defensive or offensive, is already well addressed both in academic papers and in various frameworks currently being developed, this document focuses on the cybersecurity of AI systems. It aims to provide a high-level synthetic and comprehensive analysis of related cyber risks and to offer guidance to assess threats and implement adequate security measures building on the Guidelines for Secure AI Systems Development, developed in collaboration with over 20 international organizations and jointly released on November 2023.

This risk analysis aims to consider not only the vulnerabilities of individual AI components, but also the security of broader AI systems integrating these components. Its purpose is to provide a wide overview of AI-related cyber risks rather than an exhaustive list of vulnerabilities.

Read the document here.

#MDIATalent

Connect your digital talent with Malta’s thriving innovation scene through MDIATalent.

MDIATalent supports the growth of Malta’s digital innovation sector by connecting skilled individuals with relevant opportunities with MDIA.

Find out more