Compliance that protects — before and after an incident.
The NIS2 Directive and Malta's transposing legislation have expanded cybersecurity obligations significantly. Sammut Legal helps you understand your scope, build your programme, and respond if something goes wrong.
Cybersecurity is now a legal obligation, not just a technical one. Directors face personal liability, regulators are active, and cyber incidents increasingly trigger parallel legal and regulatory consequences. We help you build resilience and manage the legal dimensions of cybersecurity.
Our Services
We advise on cybersecurity obligations, incident response, and regulatory frameworks across the NIS2 spectrum.
Determine whether NIS2 applies to your organisation and in which sectors.
Build the governance, policies, and technical measures NIS2 requires.
Legal frameworks for notifying regulators and managing breaches.
Supply chain security assessments and contractual protections.
Representation before MITA and other competent authorities.
Advice on personal liability and board governance for cybersecurity.
NIS2 is in force. Many businesses operating in Malta do not know they are in scope. Penalties are substantial — up to €10 million or 2% of global turnover for essential entities. Personal liability for management is a real risk. The time to act is now, before an incident, not after.
We take a risk-based approach. We help you understand where you actually stand, prioritise what needs to be fixed, and build programmes that are proportionate to your organisation. We work closely with technical teams and can assist with incident response from the first hour.
Frequently Asked Questions
NIS2 applies to medium and large organisations in sectors including digital infrastructure, ICT services, financial services, healthcare, transport and energy operating in EU member states including Malta. Many businesses that were outside the scope of the original NIS Directive are now caught by NIS2.
For essential entities: up to €10,000,000 or 2% of total global annual turnover. For important entities: up to €7,000,000 or 1.4% of total global annual turnover. Management can also be held personally liable.
The NIS2 Directive required transposition into national law by October 2024. Malta has transposed the Directive and MITA (Malta Information Technology Agency) is the competent authority for most sectors.
Sammut Legal offers a free initial NIS2 scope assessment to help you determine whether your business is in scope, which obligations apply, and where to start your compliance programme. Contact us at hello@sammut.legal.
We offer a free initial consultation — no commitment, no invoice.
Contact Sammut Legal →