Skip to main content
Tag

EULaw

Person using a credit card
Payments Insights #5 – When CASPs Overlap PSPs Banking & FinanceFinTech

Payments Insights #5 – When CASPs Overlap PSPs

The EU’s Markets in Crypto-Assets Regulation (MiCA) provides in Article 70(4) that a crypto-asset service provider (CASP) offering payment services related to its crypto activities must either obtain a payment institution authorisation itself or partner with an authorised payment service provider (PSP) under PSD2. This reflects the “dual nature” of certain crypto-assets: notably, MiCA classifies e-money tokens (i.e. stablecoins) as electronic money, meaning they are not only crypto-assets under MiCA but also “funds” under the Second Payment Services Directive (PSD2). In practice, this dual status raised uncertainty about whether CASPs dealing in stablecoins need a separate PSD2 licence in addition…
Katya Tua and Mario Mizzi
4th July 2025
Tokenisation of Funds
Fintech Insights #11 –
Tokenising Fund Units FinTechInvestment Services & Funds

Fintech Insights #11 –
Tokenising Fund Units

Malta has uniquely positioned itself at the crossroads of EU legislative initiatives of investment funds and digital assets. The island has steadily built a forward-thinking fintech ecosystem whilst at the same time maintained an investment fund framework which is comparable to those with the EU’s largest jurisdictions by assets-under-management (“AUM”).  This makes Malta the ideal EU jurisdiction to set up a tokenised investment fund. In June 2025, the Malta Financial Services Authority (“MFSA”) published a detailed ‘Position Paper on Tokenisation of Fund Units’ (the “Position Paper”), reflecting Malta’s ongoing pioneering approach to digital finance and asset management. The paper emphasises…
Katya Tua and Mario Mizzi
18th June 2025
Chain
Malta’s Transposition of the NIS 2 Directive: S.L. 460.41 Telecoms, Media & Technology

Malta’s Transposition of the NIS 2 Directive: S.L. 460.41

Following Malta’s Draft Order transposing the EU NIS 2 Directive, which closed for public consultation on 7 October 2024, as an EU Member State, Malta was obliged to transpose EU Directive 2022/2555 (‘NIS 2’) by 17 October 2024. The transposition was finally implemented on 8 April 2025 through Legal Notice 71 of 2025 which creates the Measures for a High Common Level of Cybersecurity across the European Union (Malta) Order, 2025 as Subsidiary Legislation 460.41 (S.L. 460.41). It should however be noted that at time of writing, S.L. 460.41 is not yet in force, though it is expected to come…
Nicole Bonett and Warren Ciantar
22nd April 2025
High rise in Malta
Fintech Insights #10 –
Raising Funds Through Tokenisation FinTech

Fintech Insights #10 –
Raising Funds Through Tokenisation

The EU’s process towards further harmonisation of its Capital Markets Union (“CMU”) provides a timely context for the implementation of tokenisation. The CMU aims to create a single, integrated financial market across the EU, fostering cross-border investments, mobilising citizens’ personal savings and reducing the reliance on bank-driven financing. The implementation of tokenisation within capital markets can help achieve these objectives by enabling frictionless trading and unlocking access to new pools of capital whilst increasing liquidity. As discussed in the previous insight on tokenisation in Malta, tokenisation reimagines asset representation by embedding ownership and legal rights into programmable tokens recorded on…
Mario Mizzi
17th April 2025
Triangular Patterns
MFSA Issues Two Circulars on ICT Risk DORAFinTechTelecoms, Media & Technology

MFSA Issues Two Circulars on ICT Risk

On the 16th of January 2025, the MFSA published a circular on the register of information-reporting-timelines for MFSA-authorised persons. Subsequently, on the 17th of January 2025, the MFSA published another circular outlining several resources uploaded to its website to assist compliance with Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”). The circular issued on 16th of January 2025 focuses on the Register of Information required under Article 28(3) of DORA. This register mandates financial entities to document all contractual arrangements with ICT Third-Party Service Providers (“ICT TPPs”), ensuring transparency in…
Mamo TCV Advocates
20th January 2025
St James Cavalier Web Dome
DORA is Now in Force: What’s Next? DORAFinTechTelecoms, Media & Technology

DORA is Now in Force: What’s Next?

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA” or the “Act”) became enforceable as of 17th January 2025. DORA Resources As highlighted in various DORA insights by our Firm over the last few months (including a very useful overview of DORA itself), DORA represents a significant milestone in aligning the financial services sector with the EU’s digital finance strategy, offering a regulatory framework for operational resilience and ICT risk management. Designed to bolster operational resilience against increasingly sophisticated cyber threats, DORA ushers in a new era…
Mario Mizzi and Warren Ciantar
17th January 2025