The Malta Digital Innovation Authority (the “MDIA”) is regulated by the Malta Digital Innovation Authority Act, Chapter 591 of the Laws of Malta. It is an independent organisation having distinct legal personality and complete autonomy from other bodies/ persons.
It was established to address the development of all Innovative Technology Arrangements (“ITAs”) and Innovative Technology Services (“ITS”) in Malta. The MDIA also aims to develop regulatory processes in relation to ITA to support all national competent authorities regulating different sectors to better administer the laws entrusted to their administration for the public benefit.
It also aims to encourage the development of innovative technology in as wide a manner and for as many uses as possible to achieve its benefits in as many economic and social sectors as possible including but not limited to, in financial services, health and education, voluntary organisations, public administration and transport.
The objectives of the MDIA
The MDIA shall endeavour to:
- promote the deployment of ITA by the Government within the public administration;
- foster, promote and facilitate the advancement and utilisation of ITAs and their design and uses;
- promote education on ethical standards and legitimate exploitation of ITA;
- protect the reputation of Malta in the use of ITA;
- protect users including consumers to ensure standards are developed to meet their legitimate expectations and protect against misuse;
- provide a sound financial basis for the Malta Financial Services Authority (“MFSA”) to achieve its purposes;
- harmonise practices and facilitate the adoption of standards in line with international norms, standards, rules or laws and with those of the EU in particular;
- assist the competent data protection authorities in safeguarding the data protection rights of data subjects and assist other competent authorities in the protection of vulnerable persons and the promotion of fair competition and consumer choice;
- promote and enforce ethical and legitimate criteria in the design and use of ITA to ensure quality of services and security therein;
- support and collaborate with other regulatory bodies and competent authorities to prevent money laundering and financing of terrorism and crime in general through the use of the ITA;
- promote transparency and auditability in the use of ITA;
- promote ease of accessibility to the facilities provided by publicly available ITA together with implementation of the right of exit, withdrawal or termination of such participation; and
- promote legal certainty in the application of laws, in a national and cross-border context, and the development of appropriate legal principles for the effective application of law to ITA.
The affairs of the MDIA are carried out by a board composed of a Chairman and its members (between 4–8 members) who are considered to have relative qualifications and experience in matters relating to ITAs and ITS, financial services, audit and accounting, law, regulation and other subjects. The legal and judicial representation of the MDIA vests with the Chairman. Currently the Chairman of MDIA is Dr. Joshua Ellul. The board members are appointed for a period of 1 year up to a maximum of 3 years. The board is required to convene on a monthly basis.
The board may also establish committees to address particular issues. It may also establish a National Technology Ethics Committee to ensure that (i) proper ethical standards are reflected in the use of ITA and (ii) proper guidance is given to other authorities in Malta.
The board may delegate or devolve all or part of the executive conduct of the MDIA, its administration and organisation and administrative control of its officers and employees to a CEO.
Mr. Stephen McCarthy has been duly appointed as the first CEO of the MDIA.
Duties and functions
The MDIA is required to address the development of all ITA in Malta to achieve the objectives (referred to above). It shall also exercise supervisory and regulatory functions in the field of ITA and ITS as it may deem fit or be assigned to it from time to time.
Furthermore, the MDIA is required to carry out the functions set out in the MDIA Act, including but not limited to:
- to regulate, monitor and supervise the provision of ITA and ITS in and from Malta;
- review all practices, operations and activities relating to ITA and ITS;
- promote fair competition, practices and consumer choice in the sector;
- provide the facilities for the recognition, certification, regulation or otherwise of the ITA;
- establish minimum standards for any ITA and ITS to protect the general public;
- monitor the working and enforcement of laws relating to ITA and ITS and carry out such necessary investigations;
- provide information and issue guidelines;
- establish minimum qualifications for persons engaged or employed in ITA / ITS activity;
- ensure compliance with international obligations;
- advise the Maltese Government through its Ministry on policy formulation and matters connected with the development of ITA;
- support innovation in the development, use and education of ITA and ITS
- review developments on relevant subjects relating to ITA and ITS
- investigate allegations of practices and activities and review trading practices relating to the provision of ITA /ITS.
Pursuant to its regulatory mandate and to enforce compliance, without in any way implying liability on the MDIA’s part, the MDIA is entitled to receive and access information (except for confidential source codes) on the ITA and its activities. To carry out this function, the MDIA can be a user and hold any wallet, account or other facility in relation to any form of digital assets.
It shall also be able to engage with facilities or persons administering or representing the same and carry out transactions which it may consider necessary for the carrying out of its functions. Furthermore, the MDIA may also enter and inspect, and take samples of records, documents or otherwise relating to the particular ITA/ITS.
The MDIA is to carry out its functions in an impartial, transparent and timely manner and to ensure compliance therewith. The Minister may give the MDIA such directions necessary in relation to matters which affect the public interest.
Application for Authorisation
An applicant desiring to have its ITA /ITS authorised, is required to provide the MDIA with any information, documentation and assurances as requested. The Applicant must be a fit and proper person to provide ITS and that the ITA is fit and proper and able to comply with the rules and regulations of the MDIA. Taking a risk-based approach, the MDIA will also consider the protection of the general public; Malta’s reputation; promotion of innovation, competition and choice; and the applicant’s reputation and suitability.
This authorisation may be granted subject to certain conditions which the MDIA shall deem appropriate. The ITS provider must specify the services to be provided and the MDIA will establish a register of all holders of authorisation. Any applications which the MDIA shall refuse will also be published on its website together with the reasons for such refusal. Authorisations are non-transferrable and can be revoked, cancelled or suspended by the MDIA at any time it deems fit.
Guidelines of the MDIA
The MDIA has so far published the following guidelines to assist ITA applicants and ITS providers:
- Systems Auditor Guidelines regulating the appointment of the Systems Auditor, the reports and control objectives.
- Technical Administrator Guidelines
- Resident Agent Guidelines
- ITA Guidelines
- Guidelines on “in or from Malta”
- ITA Blueprint Guidelines
- Technology Stack Nomenclature.
The MDIA is a new authority for Malta. It is understood that this Authority will be reviewing any new technology coming our way, be it DLT, AI, self- driving cars, super computers, or otherwise. Its effectiveness is highly dependent upon the knowledge of its members in these areas and on the MDIA’s capability of providing clear and proper guidance in such technology.