Cybersecurity & Cyber-Risk Advisory
The Critical Entities Resilience Directive is now fully in force through Malta’s S.L. 460.43
The Critical Entities Resilience Directive is now fully in force through Malta’s S.L. 460.43
< 1 min read
Malta has formally brought into force the Resilience of Critical Entities and Infrastructures (Identification, Designation and Protection) Order, 2026 (S.L. 460.43)[1], following the publication of Legal Notice 23 of 2026 (Commencement Notice). The Commencement Notice establishes 23 January 2026 as the date on which all provisions of the Order came into effect.
Notably, this Commencement Notice came into force on the same day that Malta’s NIS2 transposition under S.L. 460.41, became fully enforceable, and should therefore be viewed as part of a coordinated national approach to strengthening both operational resilience and cybersecurity, while promoting coordination and reducing unnecessary duplication or overlapping supervisory expectations.
For further context on Malta’s broader resilience and cybersecurity framework, you may also wish to read our related insights: