Critical Infrastructure Protection Department
On 19 November 2024, Legal Notice 306 of 2024, titled the Critical Infrastructures and European Critical Infrastructures (Identification, Designation, and Protection) (Amendment) Order, 2024 was published within the Government Gazette.
The key introduced amendments are as follows:
I. Introduction of the "Department"
A new definition for "Department" has been added under Article 2 to define the Critical Infrastructure Protection Department. This addition marks a shift in governance and operational structure as the previous "Unit" designation has been removed.
II. Creation of the Critical Infrastructure Protection Department
Article 3 formally establishes the Critical Infrastructure Protection Department ("CIPD") as a department at law, assigning it specific functions as outlined by law.
These amendments represent a significant step toward aligning Malta's legislation with the principles deriving from the NIS2 Directive and the Critical Entities Directive. By introducing these changes, Malta is not only enhancing its capacity to protect critical infrastructures but also reinforcing its commitment to EU-wide efforts to strengthen its posture against cyberattacks. In addition, this marks an important milestone in Malta's journey towards eventual transposition of these Directives into national law.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.