Skip to main content
All Posts By

Warren Ciantar

Chain
Malta’s Transposition of the NIS 2 Directive: S.L. 460.41 Telecoms, Media & Technology

Malta’s Transposition of the NIS 2 Directive: S.L. 460.41

Following Malta’s Draft Order transposing the EU NIS 2 Directive, which closed for public consultation on 7 October 2024, as an EU Member State, Malta was obliged to transpose EU Directive 2022/2555 (‘NIS 2’) by 17 October 2024. The transposition was finally implemented on 8 April 2025 through Legal Notice 71 of 2025 which creates the Measures for a High Common Level of Cybersecurity across the European Union (Malta) Order, 2025 as Subsidiary Legislation 460.41 (S.L. 460.41). It should however be noted that at time of writing, S.L. 460.41 is not yet in force, though it is expected to come…
Nicole Bonett and Warren Ciantar
22nd April 2025
St James Cavalier Web Dome
DORA is Now in Force: What’s Next? DORAFinTechTelecoms, Media & Technology

DORA is Now in Force: What’s Next?

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA” or the “Act”) became enforceable as of 17th January 2025. DORA Resources As highlighted in various DORA insights by our Firm over the last few months (including a very useful overview of DORA itself), DORA represents a significant milestone in aligning the financial services sector with the EU’s digital finance strategy, offering a regulatory framework for operational resilience and ICT risk management. Designed to bolster operational resilience against increasingly sophisticated cyber threats, DORA ushers in a new era…
Mario Mizzi and Warren Ciantar
17th January 2025
EU AI Act series
AI in Investment Services: MIFID Considerations Investment Services & Funds

AI in Investment Services: MIFID Considerations

This article is part of our EU AI Act series which explores the effect of the AI Act across various industries and sectors.  Investment legislation can be split into two broad categories: investment funds and investment services. The former principally relates to UCITS, AIFMD and local laws which regulate asset management and their service providers. The latter relates to regulating financial instruments and the investment markets thereof. The interplay of AI with investment funds was discussed by our Firm in a series of six insights last year titled “AI and Funds” which can be read here.  Hence, in this article in the ongoing…
Warren Ciantar and Mario Mizzi
25th October 2024
Pier on Seashore in Malta
DORA: An Overview of the Maltese Legal Provisions Data Protection and PrivacyDORATelecoms, Media & Technology

DORA: An Overview of the Maltese Legal Provisions

On 16 July 2024, Legal Notice 166 of 2024 was published in Malta. This implemented the relevant provisions of DORA (full title being Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) 648/2012, (EU) 600/2014, (EU) No 909/2014 and (EU) 2016/1011) into Maltese law. The said provisions can now be found under the Malta Financial Services Authority Act (Digital Operational Resilience Act (DORA)) Regulations, 2024 (S.L. 330.20) – the ‘Maltese Regulations’. The Maltese Regulations shall come into force on…
Warren Ciantar and Neeraj Bharwani
31st July 2024
U.S. President Joe Biden has recently signed an Executive Order implementing the commitments made by the U.S. in the agreement reached with the EU concerning a new EU-U.S. data privacy framework.
The New EU-US Personal Data Transfer Framework Data Protection and Privacy

The New EU-US Personal Data Transfer Framework

The agreement on a new EU-U.S. data privacy framework between EU Commission President Ursula Von Der Leyen and U.S. President Joe Biden had already been announced on 25 March 2022 (for background, please refer to our previous article The EU-US Privacy Shield: Third Time’s a Charm? - Mamo TCV). However, the stability and longevity of the agreement was questioned by Austrian privacy activist Max Schrems who sent an open letter to stakeholders as a warning that the new framework risks being declared invalid, and consequently being struck down by the CJEU, should no reforms to U.S. law take place to…
Nicole Bonett and Warren Ciantar
28th November 2022
The EU Data Act – Not Another GDPR
The EU Data Act – Not Another GDPR Data Protection and Privacy

The EU Data Act – Not Another GDPR

On 23 February 2022, the EU Commission proposed measures regulating the use and access of data, not being ‘personal data’ as understood by the GDPR, within the European Union across all economic sectors. The regulation of the use of data is essential given that data continues to be generated yet underutilised. The draft Regulation is to be read in conjunction with the EU’s Data Governance Act. The aim of the Data Act is to lay down common standards on the re-use of data across sectors. In this manner, the Act operates together with other legislation that has failed to address…
Warren Ciantar and Nicole Bonett
30th August 2022