Malta Digital Innovation Authority (MDIA)? Yes, it’s the go-to authority to an Innovative Technology Arrangement certification.
MDIA is the main authority that is responsible for the promotion of Malta as the hub of technological innovation. It ensures that Malta is compliant with international obligations whilst seeking to protect users during the certification of Innovative Technology Arrangements (ITAs). In fact, such Authority was purposely set up for the drafting, regulations and management of ITAs.
The first step to MDIA certification is to have a deep understanding of a technology-based solution which needs to be exhaustively tested.
When dealing with ITAs, one needs to be aware that it involves a constant development and thus the MDIA’s role is to monitor such developments.
Features of a Certificate to an ITA
Voluntary – First thing to do is to register with the MDIA, and eventually get certification. If an applicant wants to get the approval of MDIA, he can apply on a voluntary basis. Thus, certification is indeed voluntary. However, it is expected to be certified on an international basis, and thus the norm is that an ITA needs to be certified due to its international value.
Identified – The ITA needs to be identified from several factors and such factors needs to be clearly identifiable. These include any public key, or brand name of the ITA. Once it is certified, the certification needs to be made available to all users of the ITA, and notified to the Authority. Ideally, it needs to be up on the website if the applicant has one.
Application for Recognition – The certificate confirms that the relevant ITA or its service is considered to have all functions and characteristics associated therein to move towards the application for recognition.
Certificate of Registration – The Certificate is a ‘Certificate of Registration’ is granted to Service Providers of an Innovative Technology whereby it lists the class or classes of the related services that the said Service Provider registered for. The Certificate of Registration helps the applicant to build trust with users and other relevant third parties, and it ultimately grants the applicant a reputable value, and a sense of good governance.
Validity – A Certificate of an ITA is valid for a 2-year period.
Certification – Stage by Stage
To submit the form to the MDIA, the applicant needs to gather all necessary documents that satisfies the criteria of the Authority. Upon satisfaction of the Authority, the applicant is issued with a Letter of Intent.
The applicant is to prove to the MDIA that the purpose of the project is abided by and that the persons involved can demonstrate their functions properly.
The next stage would be the appointment of a Systems Auditor, who needs to conduct an evaluation of the platform and he is to issue an opinion. Such opinion, which is issued by the said Systems Auditor is then reviewed by the Authority and if it is then satisfied with the opinion, the MDIA issues its certification in line with the laws of Malta and with the Innovative Technology Arrangements and Services Act, 2018.
Here then comes the role of the Technical Administrator who needs to verify that all requirements were satisfied and that the development is in line with the regulation. Any ITA that is subject to such certification needs to have a registered Technical Administrator which overviews operation. Such administrator always needs to be available and must be able to demonstrate the abilities of the ITA.
If the applicant does not usually reside in Malta, the Authority, in line with the regulations, requires the appointment of a Resident Agent who is to ensure compliance with the Maltese Regulations on behalf of the applicant.
Once the Authority is satisfied, it will then issue the certification for the ITA with a unique number, based on the following 5 purposes:
- Behaviours; or
Do you need a Systems Auditor?
The simple answer to this question would be YES, but you may be wondering about who and what are the functions of a Systems Auditor.
The Systems Auditor is a person who needs to be specifically engaged to review and/or audit ITAs and smart contracts. The System Auditor does not necessarily need to be a fully qualified accountant or auditor.
A systems auditor is defined in Article 2 of the Innovative Technology Arrangements and Services Act, 2018.
The applicant shall engage the systems auditor in a written form as this is a requirement imposed by law. His main task is to review the project of the applicant as an independent third party. Such task also includes the verification of the system in line with imposed standards attributed to an ITA.
There are currently three registered Systems Auditors with the MDIA which are publicly listed on their website ( https://mdia.gov.mt/systems-auditor/ ).
There are two types of Systems Audit:
1) Type 1 involves the opinion of the Systems Auditor on the project of the applicant. The opinion must be regarding the features of the project and its fulfilment of the imposed requirements. A Type 1 Systems Audit is a requirement for applicants who are not yet live or those who have operated for a period up to 6 months.
2) Type 2 also involves the opinion of the Systems Auditor which covers the same tasks as the Type 1 Systems Audit, however it does not stop there. The Type 2 Systems Audit’s opinion needs to include the value of efficiency of the project during the audit’s period. This type is compulsory audit carried out 6 months after the launch.
Types of Certification
1. Full Certification
The Authority will issue a certificate to the ITA and thus the ITA would be considered to have all required functions and characteristics. The applicant may then proceed with its application for recognition.
2. Conditional Certification
A conditional certification is issued when the Authority is confirming or denying the application in part. This means that the ITA would be lacking some or one of the imposed requirements because of technical limitations that need to be met within a particular time frame stipulated in the certification. A conditional certification is also conditioned on the systems auditor’s assurance that such conditions will be met within the respective time frames.
Once the Authority denies certification, the applicant can apply for a review or an appeal in front of the Tribunal. If the Appeal confirms the decision of the Authority, the ITA or the service will not be eligible for recognition unless it is modified, and it fits the relevant criteria.
Just to summarise, a Certification of an ITA is done by the MDIA. The purpose of the applicant’s ITAs need to be for one or more specified purposes being; qualities, features, attributes, behaviours or aspects. Once an ITA is certified, it will be given a Certificate in terms of ITAS which would be unique for the specific ITA. The authority needs to be satisfied that both the general and the specific requirements are met; including the registered systems auditor and the registered technical administrator. Once the Authority decides to certify it may do it in part or in full, and these two constitute the types of certification.