Regulatory framework in Malta for certification of Blockchains and Smart Contracts


The country adds up the long-term value for businesses to obtain the sought-after regulation and refurbish their brands with one-of-a-kind legal certificate


2018 marked a historical year for the blockchain and cryptocurrency industry, but even more notably, for the small Mediterranean island country of Malta. The Maltese government had enacted 3 bills into law, constituting the first legal framework for blockchain technology. By doing this, Malta became the first country ever to establish official regulations for blockchain operators and following this news, several blockchain businesses moved their headquarters to the island. Such laws, being the first of their kind, sparked a great deal of interest due to their pioneering nature, but also as a result of their unparalleled concept.

  1. Virtual Financial Assets Act (‘VFA Act’) lays out a regulatory framework for Initial Virtual Financial Asset Offerings and all enterprises dealing with Virtual Financial Assets (‘VFA’). Business activities subject to the VFA Act include brokerages, crypto-exchanges (centralized and decentralized), wallet providers, asset managers, investment advisors, and market makers doing business in relation to virtual financial assets.

  2. The Malta Digital Innovation Authority Act (‘MDIA Act’) establishes the Malta Digital Innovation Authority (‘MDIA’), which is assigned the role to certify a platform’s innovative technology arrangement (‘ITA’), that is, the technology behind the platform using distributed ledger technology (‘DLT’)1 and smart-contracts. They also accredit Systems Auditors and Technical Administrators, who are key parts in the certification process. Once authorised by the MDIA, blockchain platforms can finally establish a great deal of trust within the ecosystem, thereby verifying that the users’ data cannot be tampered with.

  3. Innovative Technology Arrangements and Services Act (‘ITAS Act’) is tailored for the underlying technology, that is, the registration of software and architecture gearing the DLT platforms using smart contracts or other arrangements. Systems Auditors are responsible for evaluating the software and architectures which are used in designing and delivering DLT, but also the perusal of smart contracts. ITA certification is voluntary except for two instances; when an ITA is being used by an Initial VFA Offering; or a gaming platform seeking to be licensed by the Malta Gaming Authority (‘MGA’)

The application process for obtaining regulatory certification of ITAs is divided into two stages:

  1. Gathering requisite documents and filing a submission form to the MDIA. Once the MDIA carries out an assessment to ensure compliance with general and specific requirements. It then issues a Letter of Intent.

  2. The System Auditor, appointed by the applicant, evaluates the platform and is responsible for issuing an opinion on it. The opinion is later reviewed by the MDIA, and if the assessment is satisfactory, the MDIA certifies the business in terms of the ITAS Act.

A technical administrator must be on-site at all times to verify that all pre-requisite aspects have been addressed, all norms are met, and oversee parameters and features which may change hand-in-hand with the regulation.

ITA certification is valid for a term of 2 years.


To obtain certification, all applicants must meet generic and specific requirements as outlined by the Innovative Technology Arrangement Guidelines as issued by the MDIA.

In addition, ITA applicants must prove that their project abides by the purpose for which it has been established originally, and that the individuals and functionaries involved are fit and proper to carry out their functions as such.

Applicants which are not habitually resident in Malta are required to appoint a Resident Agent whose purpose, above all, is to administer legal and regulatory proceedings on behalf of the applicants.

Systems Audit

The applicant’s software must undergo a thorough review by a registered Systems Auditor who is an independent third party.

The Systems Auditor’s task is to verify that the applicant met pre-defined general and specific standards with reference to the purposes, qualities, features, attributes, behaviours or aspects of the ITA as declared in the Blueprint/Whitepaper.

There are two types of Systems Audit:

Type 1 Systems Audit: The Systems Auditor forms an opinion on whether a blockchain project is fairly explained and if the features within the project itself are fittingly crafted to meet the requirements. This is required for non-operative organisations (not yet live or have been operating for 6 months).

Type 2 Systems Audit:This covers the same points as defined in Type 1, but it also incorporates the auditor’s opinion on the feature efficacy throughout the period covered by the audit. Type 2 will be required following 6 months from the platform’s launch date.

Legal compliance and certification types

All applicants are strictly required to comply with all applicable rules, regulations and guidelines issued by the MDIA, and predetermined conditions such as the prevention of money laundering and financing of terrorism, protection of personal data, protection of consumer rights and other mandatory laws, depending on the purpose and functionalities of the platform.

In terms of certification, two outcomes are potentially attainable, depending on the circumstances:

1. Full certification — MDIA issues a certificate to the ITA stating the qualities, features, attributes, behaviors and aspects of the arrangement.

2. Conditional certification — if one of the aforementioned requirements is not met within short times frames due to technical limitations, a conditional certification can be issued.


The world’s legal system must progress hand-in-hand with the technological innovations. Blockchain, being one of the most disruptive fintech instruments, is in special demand for legal regulation by default. We urge businesses that operate in this area to exploit the safe haven that Maltese government proposed, and get familiar with the process.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  trending

Plagiarism is the copying & pasting of others work without giving credit to the original author or artist. Plagiarized posts are considered spam.

Spam is discouraged by the community, and may result in action from the cheetah bot.

More information and tips on sharing content.

If you believe this comment is in error, please contact us in #disputes on Discord

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in: