- within Government and Public Sector topic(s)
- in United States
- within Government, Public Sector, Media, Telecoms, IT, Entertainment and Immigration topic(s)
Effective 10 July 2025, Malta amended the Companies Act (Register of Beneficial Owners) Regulations, implementing key provisions of the EU's 6th Anti-Money Laundering Directive and updating the statutory Beneficial Ownership (BO) forms companies must use. These amendments reshape the BO regime by introducing a controlled access model, expanding reporting obligations, and refining the statutory BO forms companies must use.
While the changes are partly procedural, their real significance lies in the enhanced protection of your BO data. The framework strengthens GDPR safeguards and limits who can view your BO information, ensuring that privacy is preserved while transparency obligations under EU law are met.
What part of AMLD6 has Malta implemented so far?
Malta has implemented the first transposition phase focused on BO register access and form reporting – i.e., the legitimate‑interest access channel, revised BO forms, and wider scope of entities obliged to file BO data. Additional elements of the EU AML package (e.g., the forthcoming central EU AML Authority's role and related guidance) will continue to roll out at EU and national levels, but the operative changes for Maltese companies today are those above.
The big picture: What changed on 10 July 2025?
1) Controlled Access on a Legitimate Interest Basis
Unrestricted public access to BO registers ended with the CJEU's landmark 2022 ruling (Joined Cases C-37/20 and C-601/20), which found that such access infringed fundamental rights to privacy and data protection. Malta's new system reflects both this decision and the requirements of AMLD6.
Access is now limited to applicants who can demonstrate a legitimate interest – such as AML/CFT investigators, compliance professionals, or certain NGOs. Applicants must provide identification and a clear explanation of the legal and AML/CFT basis for their request. The Registrar then determines whether access is justified.
Key safeguards for companies include:
- Your BO data is no longer available to the general public.
- Requests are vetted by the Registrar before any data is released.
- No notification is sent to the company, preserving confidentiality.
- Rejections can only be appealed in court, further filtering access.
This means your BO data is shielded from random or abusive access, available only where there is a proven and lawful regulatory need.
2) Scope widens; multi-nationality captured
The revised regulations explicitly cover companies created or continued in Malta via cross-border mergers, conversions or divisions, and clarify that in certain cases, a general partner in a Maltese limited partnership is treated as a "shareholder" for BO purposes. The forms also shift "nationality" to "nationalities," requiring companies to record all nationalities of a beneficial owner.
Stronger Protection for Beneficial Owners
The introduction of Legal Notice 127 of 2025 is more than a regulatory update: it represents a balanced policy shift. Malta has successfully reconciled transparency obligations with data protection rights under the EU Charter of Fundamental Human Rights, thereby:
- Protecting beneficial owners' privacy and GDPR rights.
- Reducing the risk of misuse of BO data by third parties with no legitimate regulatory purpose.
- Aligning Malta with EU best practice under AMLD6, reinforcing its credibility as a compliant yet business-friendly jurisdiction.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
