Business Services
Cybersecurity
The Malta Digital Innovation Authority (MDIA) has been designated as a National Cybersecurity Certification Authority (NCCA) in Malta pursuant to the Cybersecurity Act (CSA) (Regulation (EU) No 2019/881) and Subsidiary Legislation 591.02 “Cybersecurity Certification Regulations”.
The MDIA plays a central role in strengthening Malta’s cybersecurity posture and ensuring alignment with the European Union’s evolving regulatory landscape. Through the implementation of the Cyber Resilience Act (CRA) and its responsibilities under the CSA, the MDIA aims to promote secure, trustworthy, and resilient digital products, services, and infrastructures throughout Malta. The MDIA is the prospective Notifying Authority and Market Surveillance Authority pursuant to the CRA.
Cybersecurity Act
The Cybersecurity Act strengthens the mandate of the European Union Agency for Cybersecurity (ENISA) and enhances cooperation across Member States within the European Union (EU).
It also establishes an EU-wide cybersecurity certification framework for ICT products, services, processes and managed security services to increase trust and security in the Digital Single Market.
Cyber Resilience Act
The Cyber Resilience Act lays down cybersecurity requirements for products with digital elements placed on the EU market. It requires such products to be designed, developed and maintained in a secure manner throughout their lifecycle.
National Coordinated Vulnerability Disclosure Policy (NCVDP)
ICT systems may contain vulnerabilities that, if not handled responsibly, could be exploited. In this context, the Critical Infrastructure Protection Department (CIPD) and the Malta Digital Innovation Authority (MDIA) have jointly introduced the National Coordinated Vulnerability Disclosure Policy (NCVDP), aligned with Malta’s National Cybersecurity Strategy 2023–2026 and the NIS2 Directive.
The NCVDP encourages ICT system owners and managers to adopt coordinated vulnerability disclosure policies and highlights that “Essential” entities under NIS2 are required to have such a policy in place. While not established by the Cyber Resilience Act, the NCVDP complements EU and national cybersecurity obligations and supports responsible vulnerability management practices.