Fintech 2025

MALTA Law and Practice Contributed by: Ian Gauci and Cherise Abela Grech, GTG Legal

GTG Legal 66 Old Bakery Street Valletta VLT 145 Malta Tel: +356 2124 2713 Email: info@gtg.com.mt Web: www.gtg.com.mt

1. Fintech Market 1.1 Evolution of the Fintech Market EU Markets in Crypto-Assets Regulation In 2024, the EU Markets in Crypto-Assets Regu - lation (MiCA) entered in force in two tranches. The first part relating to electronic money tokens (EMTs) and asset-referenced tokens (ARTs) entered into force on 30 June 2024, while the remainder of MiCA entered into force on 30 December 2024. As a result of MiCA’s coming into force, the Vir - tual Financial Assets Act (VFAA) is no longer applicable, except in relation to those issuers and service providers that were authorised by the Malta Financial Services Authority (MFSA) before 30 December 2024, and will be fully repealed on 3 July 2026. Digital Operational Resilience Act Another very significant piece of legislation is the Digital Operational Resilience Act (DORA), which came into force in January 2023 and became applicable from 17 January 2025. DORA sets uniform requirements for the security of net - work and information systems of companies and organisations operating in the financial sector as well as critical third parties that provide ICT-relat -

ed services to them, such as cloud platforms or data analytics services. Network and Information Security Directive Ancillary to DORA is the Network and Informa - tion Security Directive (NIS2), which aims to establish a higher level of cybersecurity and resil - ience within EU organisations. This new Direc - tive updates the original NIS Directive of 2016, which was the EU’s first legislation on cyberse - curity. It enhances the cybersecurity resilience of critical sectors across the EU by expanding its scope, strengthening security requirements and improving incident response co-ordination. The deadline to transpose NIS2 into national law was 17 October 2024. Cyber Resilience Act The Cyber Resilience Act is an EU regulation aimed at enhancing the cybersecurity of prod - ucts with digital elements, ensuring they are secure throughout their lifecycle. It places the responsibility on manufacturers to ensure that such products meet stringent cybersecurity standards before they can be marketed within the EU. It entered into force in January 2024 and will become fully applicable within 36 months thereof.

531 CHAMBERS.COM

Powered by