- within Criminal Law, Litigation, Mediation & Arbitration and Real Estate and Construction topic(s)
- with readers working within the Consumer Industries industries
As from today, 23 January 2026, Malta's NIS2 transposition is fully in force.
Through L.N. 22 of 2026, the Minister responsible for critical infrastructure protection has established 23 January 2026 as the date on which all provisions of the Measures for a High Common Level of Cybersecurity across the European Union (Malta) Order, 2025 (S.L. 460.41) (originally published as L.N. 71 of 2025) come into force.
This marks an important milestone for entities operating in Malta that fall within the scope of the NIS2 regime, as compliance obligations are no longer transitional, they are now fully applicable.
What organisations should do now
Organisations should now take immediate steps to confirm whether they fall within scope of Malta's NIS2 framework and ensure they are compliant. This includes strengthening cybersecurity risk management and internal governance, updating incident response and reporting procedures, and reviewing third-party and supply chain risks, particularly where ICT services are outsourced. Management should also ensure there is proper oversight, staff training, and clear accountability in place.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]