Skip to main content
Category

Telecoms, Media & Technology

The EU AI Act
European Commission Proposes Updated EU Cybersecurity Act (The Cybersecurity Act 2) DORAGDPRTelecoms, Media & Technology

European Commission Proposes Updated EU Cybersecurity Act (The Cybersecurity Act 2)

On 20 January 2026, the Proposal for a Regulation for the EU Cybersecurity Act (‘The Cybersecurity Act 2’) was published by the European Commission to update and replace Regulation (EU) 2019/881 (the “2019 Cybersecurity Act”). The Proposal was introduced in response to major changes in cybersecurity threats as well as the weaknesses identified in the 2019 Cybersecurity Act. Since the adoption of the 2019 Cybersecurity Act, cyberattacks have become more frequent and sophisticated, increasingly targeting critical infrastructures, essential services and digital supply chains. At the same time, growing geopolitical tensions and the EU’s reliance on technologies from third countries have…
Mamo TCV Advocates
30th January 2026
NIS 2 and Critical Entities Resilience Framework Enter into Force in Malta DORAGDPRTelecoms, Media & Technology

NIS 2 and Critical Entities Resilience Framework Enter into Force in Malta

Two long-awaited Legal Notices published on Friday, 23rd January 2026 have brought into force key elements of Malta’s cybersecurity and resilience framework, implementing two recent EU legislative developments. Entry Into Force of the NIS 2 Directive Legal Notice 22 of 2026 brought Subsidiary Legislation 460.41, the Measures for a High Common Level of Cybersecurity Across the European Union (Malta) Order, into force on Friday, 23rd January 2026. This Subsidiary Legislation transposes the EU Network and Information Systems Directive II (more commonly known as ‘NIS 2’) into Maltese law and is brought into force as already previously published without substantial substantive…
Mamo TCV Advocates
26th January 2026
DORA reporting timelines
DORA: Register of Information Reporting Timelines for 2026 and Beyond DORATelecoms, Media & Technology

DORA: Register of Information Reporting Timelines for 2026 and Beyond

On 3rd November 2025, the MFSA published a circular on the reporting timelines for submissions of the Register of Information (‘ROI’) pursuant to Article 28(3) of  Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector (‘DORA’). The circular outlines the reporting period for submitting the ROI from 2026 onwards, which falls between 1 January and 21 March of every reporting year. Financial entities falling within the scope of DORA must submit to the MFSA the updated ROI, containing all information regarding the contractual arrangements in place with ICT third-party service providers, annually and within the specified reporting period.…
Mamo TCV Advocates
3rd November 2025
AI Act’s Impact on Businesses Operating Within the EU
AI Laws of the World: Mamo TCV Contributes to the First Edition of DLA Piper’s Comparative Guide Data Protection and PrivacyFinTechIntellectual PropertyNewsTelecoms, Media & Technology

AI Laws of the World: Mamo TCV Contributes to the First Edition of DLA Piper’s Comparative Guide

DLA Piper’s recently published ‘AI Laws of the World’ guide provides a 2025 Q3 snapshot of AI laws and proposed regulations across more than 40 countries (including all 27 EU Member States), highlighting key legislative developments, regulations, proposed bills, and guidelines issued by governmental bodies. The guide also includes a contribution made by Mamo TCV Advocates which illustrates the legal position in Malta. The guide underscores significant geographical variation in regulatory approaches and attitudes, yet also reveals numerous common concerns, with lawmakers and AI-focused organisations worldwide adopting and exchanging a variety of strategies. Whilst some jurisdictions have established their own…
Mamo TCV Advocates
26th August 2025
Malta's AI Act
Malta’s AI Act Authority Designations Data Protection and PrivacyTelecoms, Media & Technology

Malta’s AI Act Authority Designations

The Malta Digital Innovation Authority (“MDIA”) and the Information Data Protection Commission (“IDPC”) have been identified as the Maltese Market Surveillance Authorities (“MSA”) under EU Regulation 2024/1689 (the “AI Act”), albeit the process of designation has yet to be formally concluded. It is expected that this will take place shortly in the coming days. The MSAs will be tasked with overseeing the responsible use of AI systems in Malta and with having the competence to carry out investigations and issue fines and penalties where necessary. They will have a diverse set of responsibilities that may be categorised as follows: Maintaining…
Mamo TCV Advocates
4th August 2025
Penetration Testing
Threat-Led Penetration Testing Regulatory Technical Standards under DORA Take Effect DORATelecoms, Media & Technology

Threat-Led Penetration Testing Regulatory Technical Standards under DORA Take Effect

As of today, 8 July 2025, the Regulatory Technical Standards (RTS) on Threat-Led Penetration Testing (TLPT) are now effective, including in Malta, following their publication in the Official Journal on 18 June 2025. These RTS supplement Article 26 of the Digital Operational Resilience Act (‘DORA’) and lay down a framework for the execution of TLPT. The RTS specify the criteria used for identifying the financial entities which are required to perform threat-led penetration tests and lay down organisational arrangements for financial entities. The RTS also include provisions on risk management and specify criteria for engaging TLPT providers. Moreover, the RTS…
Mamo TCV Advocates
8th July 2025