GVZH Newsletter - June 2025 Q2 Issue

Welcome to this quarter’s edition of our Legal & Compliance Bulletin, where we provide key updates on the latest legal, regulatory, and compliance developments shaping the industry. This edition features notable developments that may be relevant to your business, helping you stay informed and prepared for any changes in the legal landscape.

Below, you will find a summary of the most notable updates for this quarter:

Regulatory

MGA

1. On 5 June 2025, the Malta Gaming Authority published its 2024 Annual Report, highlighting key supervisory and enforcement activity, including the issuance of 17 new gaming licences, nearly 1,200 probity checks, and over 9,000 land-based inspections. The MGA also enhanced its AML/CFT oversight, resolved over 3,300 player assistance requests, and reinforced international cooperation, all underscoring its commitment to regulatory resilience and player protection in a rapidly evolving gaming landscape.
2. On 25 April 2025, the MGA closed consultation regarding financial requirements came to an end, where stakeholders were asked to gather input on proposed amendments to the under the Gaming Authorisations and Compliance Directive (Directive 3 of 2018). These changes aim to strengthen the MGA’s risk-based approach to regulating the financial aspects of licensees, addressing industry challenges while enhancing regulatory efficiency.

MFSA 

Authorised persons under the Digital Operational Resilience Act (DORA) were mandated to submit their Register of Information (RoI) to the MFSA between 1 and 8 April 2025. Non-compliance may lead to regulatory actions.

IDPC 

1. On 11 April 2025, the IDPC issued FAQs addressing the management of employee email accounts after their departure, providing guidance on data protection compliance in such scenarios.
2. On 7 April 2025 the Commissioner imposed an administrative fine of €20,000 on a private clinic for failing to update a data subject’s residential address, resulting in the disclosure of her sensitive health data to third parties.

FIAU

 The FIAU reminded subject persons of the following Risk Evaluation Questionnaire (REQ) submission deadlines:

1. 10 April 2025: Virtual Financial Assets Service Providers, Real Estate Agents, Notaries, Gaming Operators.
2. 17 April 2025: Trustees and Fiduciaries, Company Service Providers, Accountants and Auditors, Tax Advisors, Advocates.
3. 24 April 2025: Credit Institutions, Financial Institutions, Investment Services and Securities Markets, Insurance and Pensions.

The FIAU is organising a half-day training session on ongoing monitoring obligations for subject persons offering directorship services, scheduled for Wednesday, 21 May 2025. Registration opens on Tuesday, 29 April 2025, at 10:00 AM. This session aims to enhance understanding of AML/CFT obligations specific to directorship roles. Further details and registration information are available on the FIAU website.

MCA 

1. The MCA initiated a consultation on its market analysis concerning the provision of wholesale fixed access in Malta. Stakeholders were invited to submit feedback by 11 April 2025. This consultation aims to assess competition levels and determine appropriate regulatory measures in the fixed access market.
2. On 1 April 2025, the MCA published the Q3 and Q4 2024 Data Report Sheet, providing insights into end-user trends and market dynamics in the electronic communications sector.

MTA 

On 2 April 2025, the MTA announced openings for Beach Supervisors for the upcoming Blue Flag Season. The roles involve ensuring compliance with Blue Flag criteria and maintaining high standards on Malta’s beaches during the summer months.