MDIA Certification

Introduction

Mal­ta Dig­i­tal Inno­va­tion Author­i­ty (MDIA)? Yes, it’s the go-to author­i­ty to an Inno­v­a­tive Tech­nol­o­gy Arrange­ment cer­ti­fi­ca­tion.

MDIA is the main author­i­ty that is respon­si­ble for the pro­mo­tion of Mal­ta as the hub of tech­no­log­i­cal inno­va­tion. It ensures that Mal­ta is com­pli­ant with inter­na­tion­al oblig­a­tions whilst seek­ing to pro­tect users dur­ing the cer­ti­fi­ca­tion of Inno­v­a­tive Tech­nol­o­gy Arrange­ments (ITAs). In fact, such Author­i­ty was pur­pose­ly set up for the draft­ing, reg­u­la­tions and man­age­ment of ITAs.

The first step to MDIA cer­ti­fi­ca­tion is to have a deep under­stand­ing of a tech­nol­o­gy-based solu­tion which needs to be exhaus­tive­ly test­ed.

When deal­ing with ITAs, one needs to be aware that it involves a con­stant devel­op­ment and thus the MDIA’s role is to mon­i­tor such devel­op­ments.

Features of a Certificate to an ITA

Vol­un­tary — First thing to do is to reg­is­ter with the MDIA, and even­tu­al­ly get cer­ti­fi­ca­tion. If an appli­cant wants to get the approval of MDIA, he can apply on a vol­un­tary basis. Thus, cer­ti­fi­ca­tion is indeed vol­un­tary. How­ev­er, it is expect­ed to be cer­ti­fied on an inter­na­tion­al basis, and thus the norm is that an ITA needs to be cer­ti­fied due to its inter­na­tion­al val­ue.

Iden­ti­fied — The ITA needs to be iden­ti­fied from sev­er­al fac­tors and such fac­tors needs to be clear­ly iden­ti­fi­able. These include any pub­lic key, or brand name of the ITA. Once it is cer­ti­fied, the cer­ti­fi­ca­tion needs to be made avail­able to all users of the ITA, and noti­fied to the Author­i­ty. Ide­al­ly, it needs to be up on the web­site if the appli­cant has one.

Appli­ca­tion for Recog­ni­tion — The cer­tifi­cate con­firms that the rel­e­vant ITA or its ser­vice is con­sid­ered to have all func­tions and char­ac­ter­is­tics asso­ci­at­ed there­in to move towards the appli­ca­tion for recog­ni­tion.

Cer­tifi­cate of Reg­is­tra­tion — The Cer­tifi­cate is a ‘Cer­tifi­cate of Reg­is­tra­tion’ is grant­ed to Ser­vice Providers of an Inno­v­a­tive Tech­nol­o­gy where­by it lists the class or class­es of the relat­ed ser­vices that the said Ser­vice Provider reg­is­tered for. The Cer­tifi­cate of Reg­is­tra­tion helps the appli­cant to build trust with users and oth­er rel­e­vant third par­ties, and it ulti­mate­ly grants the appli­cant a rep­utable val­ue, and a sense of good gov­er­nance.

Valid­i­ty — A Cer­tifi­cate of an ITA is valid for a 2-year peri­od.

Certification – Stage by Stage

To sub­mit the form to the MDIA, the appli­cant needs to gath­er all nec­es­sary doc­u­ments that sat­is­fies the cri­te­ria of the Author­i­ty. Upon sat­is­fac­tion of the Author­i­ty, the appli­cant is issued with a Let­ter of Intent.

The appli­cant is to prove to the MDIA that the pur­pose of the project is abid­ed by and that the per­sons involved can demon­strate their func­tions prop­er­ly.

The next stage would be the appoint­ment of a Sys­tems Audi­tor, who needs to con­duct an eval­u­a­tion of the plat­form and he is to issue an opin­ion. Such opin­ion, which is issued by the said Sys­tems Audi­tor is then reviewed by the Author­i­ty and if it is then sat­is­fied with the opin­ion, the MDIA issues its cer­ti­fi­ca­tion in line with the laws of Mal­ta and with the Inno­v­a­tive Tech­nol­o­gy Arrange­ments and Ser­vices Act, 2018.

Here then comes the role of the Tech­ni­cal Admin­is­tra­tor who needs to ver­i­fy that all require­ments were sat­is­fied and that the devel­op­ment is in line with the reg­u­la­tion. Any ITA that is sub­ject to such cer­ti­fi­ca­tion needs to have a reg­is­tered Tech­ni­cal Admin­is­tra­tor which overviews oper­a­tion. Such admin­is­tra­tor always needs to be avail­able and must be able to demon­strate the abil­i­ties of the ITA.

If the appli­cant does not usu­al­ly reside in Mal­ta, the Author­i­ty, in line with the reg­u­la­tions, requires the appoint­ment of a Res­i­dent Agent who is to ensure com­pli­ance with the Mal­tese Reg­u­la­tions on behalf of the appli­cant.

Once the Author­i­ty is sat­is­fied, it will then issue the cer­ti­fi­ca­tion for the ITA with a unique num­ber, based on the fol­low­ing 5 pur­pos­es:

  1. Qual­i­ties
  2. Fea­tures
  3. Attrib­ut­es
  4. Behav­iours; or
  5. Aspects

Do you need a Systems Auditor?

The sim­ple answer to this ques­tion would be YES, but you may be won­der­ing about who and what are the func­tions of a Sys­tems Audi­tor.

The Sys­tems Audi­tor is a per­son who needs to be specif­i­cal­ly engaged to review and/or audit ITAs and smart con­tracts. The Sys­tem Audi­tor does not nec­es­sar­i­ly need to be a ful­ly qual­i­fied accoun­tant or audi­tor.

A sys­tems audi­tor is defined in Arti­cle 2 of the Inno­v­a­tive Tech­nol­o­gy Arrange­ments and Ser­vices Act, 2018.

The appli­cant shall engage the sys­tems audi­tor in a writ­ten form as this is a require­ment imposed by law. His main task is to review the project of the appli­cant as an inde­pen­dent third par­ty. Such task also includes the ver­i­fi­ca­tion of the sys­tem in line with imposed stan­dards attrib­uted to an ITA.

There are cur­rent­ly three reg­is­tered Sys­tems Audi­tors with the MDIA which are pub­licly list­ed on their web­site ( https://mdia.gov.mt/systems-auditor/ ).

There are two types of Systems Audit:

1)    Type 1 involves the opin­ion of the Sys­tems Audi­tor on the project of the appli­cant. The opin­ion must be regard­ing the fea­tures of the project and its ful­fil­ment of the imposed require­ments. A Type 1 Sys­tems Audit is a require­ment for appli­cants who are not yet live or those who have oper­at­ed for a peri­od up to 6 months.

2)    Type 2 also involves the opin­ion of the Sys­tems Audi­tor which cov­ers the same tasks as the Type 1 Sys­tems Audit, how­ev­er it does not stop there. The Type 2 Sys­tems Audit’s opin­ion needs to include the val­ue of effi­cien­cy of the project dur­ing the audit’s peri­od. This type is com­pul­so­ry audit car­ried out 6 months after the launch.

Types of Certification

1. Full Certification

The Author­i­ty will issue a cer­tifi­cate to the ITA and thus the ITA would be con­sid­ered to have all required func­tions and char­ac­ter­is­tics. The appli­cant may then pro­ceed with its appli­ca­tion for recog­ni­tion.

2. Conditional Certification

A con­di­tion­al cer­ti­fi­ca­tion is issued when the Author­i­ty is con­firm­ing or deny­ing the appli­ca­tion in part. This means that the ITA would be lack­ing some or one of the imposed require­ments because of tech­ni­cal lim­i­ta­tions that need to be met with­in a par­tic­u­lar time frame stip­u­lat­ed in the cer­ti­fi­ca­tion. A con­di­tion­al cer­ti­fi­ca­tion is also con­di­tioned on the sys­tems auditor’s assur­ance that such con­di­tions will be met with­in the respec­tive time frames.

3.Denied Certification

Once the Author­i­ty denies cer­ti­fi­ca­tion, the appli­cant can apply for a review or an appeal in front of the Tri­bunal. If the Appeal con­firms the deci­sion of the Author­i­ty, the ITA or the ser­vice will not be eli­gi­ble for recog­ni­tion unless it is mod­i­fied, and it fits the rel­e­vant cri­te­ria.

Conclusion

Just to sum­marise, a Cer­ti­fi­ca­tion of an ITA is done by the MDIA. The pur­pose of the applicant’s ITAs need to be for one or more spec­i­fied pur­pos­es being; qual­i­ties, fea­tures, attrib­ut­es, behav­iours or aspects. Once an ITA is cer­ti­fied, it will be giv­en a Cer­tifi­cate in terms of ITAS which would be unique for the spe­cif­ic ITA. The author­i­ty needs to be sat­is­fied that both the gen­er­al and the spe­cif­ic require­ments are met; includ­ing the reg­is­tered sys­tems audi­tor and the reg­is­tered tech­ni­cal admin­is­tra­tor. Once the Author­i­ty decides to cer­ti­fy it may do it in part or in full, and these two con­sti­tute the types of cer­ti­fi­ca­tion.

Our com­pa­ny DWP VFA Agent Lim­it­ed was amongst the first VFA Agents to be licensed by the MFSA. If you require any fur­ther infor­ma­tion regard­ing MDIA Cer­ti­fi­ca­tion, kind­ly con­tact us on info@drwerner.com.

About Rebecca Mifsud

Dr Rebec­ca Mif­sud, born 6th May 1994, attend­ed the Uni­ver­si­ty of Mal­ta and is an LLB Hon­ours grad­u­ate. She also grad­u­at­ed in the Mas­ters in Advo­ca­cy and will be sit­ting for her Mal­ta War­rant Exam in 2019. She suc­cess­ful­ly defend­ed her dis­ser­ta­tion enti­tled: ‘Imput­ing respon­si­bil­i­ty for foot­ball injuries inflict­ed by minors in the Mal­tese sce­nario,’ in 2017.

View All Posts

Leave a Reply

Your email address will not be published.