Use the Lexology Navigator tool to compare the answers in this article with those from 20+ other jurisdictions.

Recent developments and future prospects

Trends and developments

Have there been any notable recent trends or developments concerning the conduct of online and digital business (both business to business and business to consumer) in your jurisdiction, including any regulatory changes or case law?

A recent notable trend in the conduct of digital business has been the increased awareness and focus on compliance obligations. Arguably, this stems principally from the upcoming General Data Protection Regulation (2016/679).

Future prospects

What are the future prospects for digital business in your jurisdiction, including any proposed or potential regulatory reforms and future technological/market developments?

Future prospects in Malta primarily relate to blockchain technologies and virtual currencies. In this regard, in November 2017 the Malta Financial Services Authority (MFSA) issued a discussion paper formally proposing the regulation of initial coin offerings (ICOs), virtual currencies and related service providers. Furthermore, a consultation proposing a framework to allow professional investor funds to invest in virtual currencies was also published by the MFSA in October 2017. Following the feedback received from both consultation documents, the government of Malta released an additional consultation paper proposing the establishment of a new Digital Innovation Authority, information on a draft law regulating distributed technologies and further information relating to the Virtual Currency Act in February 2018.

Other proposed regulatory reforms and market developments relate to remote gaming. In July 2017 the Malta Gaming Authority published a white paper intended to future-proof Malta’s flourishing gaming industry. The white paper proposes an overhaul of all existing legislation, replacing it with a singular act – the Gaming Act. The white paper’s most anticipated reform is probably the replacement of the current multi-licence system, applied in regard to the regulation of remote gaming, with a system with only two licences: a business-to-consumer licence and a business-to-business licence. Tying with the developments outlined above in regard to blockchain and virtual currencies, the white paper also proposes that Malta licensed gaming operators be permitted to accept virtual currencies for the placement of bets.

Legal framework


What primary and secondary legislation governs the conduct of digital business in your jurisdiction?

The Electronic Commerce Act (Chapter 426 of the Laws of Malta) (E-commerce Act) is the primary legislation that governs the conduct of digital business in Malta and provides a general regulatory framework.

Other secondary legislation, typically of a sector-specific nature, may also be relevant – notably:

  • the Electronic Communications (Regulation) Act (Chapter 399 of the Laws of Malta);
  • the Data Protection Act (Chapter 440 of the Laws of Malta);
  • the Consumer Affairs Act (Chapter 378 of the Laws of Malta);
  • the Financial Institutions Act (Chapter 376 of the Laws of Malta);
  • the Lotteries and other Games Act (Chapter 438 of the Laws of Malta);
  • the Copyright Act (Chapter 415 of the Laws of Malta); and
  • the Trademarks Act (Chapter 416 of the Laws of Malta).

Other laws, such as the Commercial Code (Chapter 13 of the Laws of Malta), may also be relevant in the conduct of digital business. Jurisdictional rules under the Recast Brussels Regulation (1215/2012) on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters also apply.

Regulatory authorities

Which authorities regulate the conduct of digital business and what is the extent of their powers?

The Malta Communications Authority is the authority entrusted with the enforcement of the E-commerce Act. As such, it regulates the general conduct of digital business.

Other authorities regulate sector-specific issues, such as:

  • the Malta Financial Services Authority (MFSA), which regulates financial services;
  • the Malta Gaming Authority, which regulates gaming;
  • the Malta Consumer and Competition Affairs Authority, which regulates consumer and competition issues; and
  • the Office of the Information and Data Protection Commissioner, which regulates data protection.

While the extent of power varies among the various authorities, typically, Maltese authorities have the power to launch investigations into the conduct of a digital business and impose fines or other sanctions for non-compliance.

Government policy and regulatory approach

How would you describe the government’s policy and regulatory approach to digital business?

Malta’s government policy and regulatory approach to digital business is, and has in recent history been, very favourable and proactive. A pro-digital business approach has always been a top priority for the government, with various initiatives, incentives and innovative regulation and tax planning being promulgated to this end, in particular in the fields of remote gaming and financial services.

Malta’s National Digital Strategy (2014-2020) seeks to consolidate Malta as a centre of excellence for digital business by focusing on regulation and legislation, infrastructure and human capital. Furthermore, a broad national strategy is currently in place which assists the government in embracing blockchain innovation and seeking to establish Malta as a jurisdiction of choice for blockchain technologies and virtual currencies. In this respect, the government has proposed to establish the Malta Digital Innovation Authority which will be tasked with, among other responsibilities, promoting governmental policies in favour of the development of Malta as a centre of excellence for technological innovation and safeguarding and for maintaining and protecting the reputation of Malta in this regard.

Establishing digital businesses


What regulatory and procedural requirements govern the establishment of digital businesses in your jurisdiction? To what extent do these requirements and procedures differ from those governing the establishment of brick-and-mortar businesses?

Unless a sector-specific regulation applies, there are no general regulatory and procedural requirements that govern the establishment of a digital business in Malta. To this end, as a general rule, the requirements and procedures governing the establishment of a brick-and-mortar business are identical to those governing the establishment of a digital business.

Electronic contracts and signatures

Electronic contract availability

Are electronic contracts legally valid in your jurisdiction? If so, what rules and restrictions govern their formation (including any mandatory or prohibited provisions and contract formats)?

Electronic contracts are legally valid in Malta and are deemed to be formed (unless otherwise agreed by parties that are not consumers) when, after the placement of an order, the recipient of the service has received an acknowledgement of receipt from the service provider. Both the placement of an order and the acknowledgement of receipt are deemed to have been received when the addressee is able to access them and thus, the electronic contract is deemed to be concluded,

In terms of format, an electronic contract can take the form of any contract that is concluded wholly or partly by electronic communications or wholly or partly in an electronic form. Where the contract is provided in the form of terms and conditions, the service provider must make available such terms and conditions to the addressee in a way that allows the addressee to store and reproduce them.

Furthermore, a number of information requirements are mandatory in electronic contracts and must be provided in a clear, comprehensive and unambiguous manner. These include:

  • the name, address and email of the service provider;
  • the registration number of the service provider in any trade register or of any professional body (if applicable);
  • where the activity is subject to an authorisation, the activities covered by the authorisation and the particulars of the authority granting such authorisation;
  • the valued added tax (VAT) number of the service provider (if the service provider undertakes an activity subject to VAT);
  • the different steps that must be followed to conclude the contract;
  • the technical means for identifying and correcting input errors prior to the placing of the order;
  • the language(s) in which the contract may be concluded;
  • a statement of whether the concluded contract will be filed by the service provider and whether it will be accessible; and
  • in relation to a regulated profession:
  • any professional body or similar institution with which the service provider is registered;
  • the professional title and the member state where it has been granted; and
  • a reference to the applicable professional rules in the member state of establishment and the means to access them.

Any provisions that would be prohibited under general Maltese law are prohibited in an electronic contract.

Are there any limitations or restrictions on transactions that can be concluded through electronic contracts?

The Electronic Commerce Act (Chapter 426 of the Laws of Malta) (E-commerce Act) excludes concluding transactions through electronic contracts in relation to:

  • tax;
  • information society services matters that are covered by data protection laws or that concern the activities of notaries, the representation of a client and defence of its interests before the courts and gambling activities (that are not covered by the Remote Gaming Regulations (Subsidiary Legislation 438.04 of Malta));
  • agreements or practices governed by competition law;
  • rights over immovable property (except for lease);
  • contracts of suretyship and collateral security furnished by consumers;
  • wills, trusts and power of attorneys;
  • family law contracts;
  • affidavits and solemn declarations;
  • evidence in criminal proceedings; and
  • court rules, practices and procedures.

Data retention

Do any data retention requirements apply to electronic contracts?

Data retention specifically related to electronic contracts is not addressed under Maltese law. That being said, a number of retention requirements are provided under the E-commerce Act where information has been recorded in electronic form. These include, but are not limited to, the safeguarding of the integrity of the information recorded in electronic form.

Furthermore, data retention requirements that apply to standard contracts also apply to electronic contracts. For instance, under Maltese data protection law, personal data collected via contracting cannot be kept for longer than is necessary to fulfil the purpose for which it was originally collected.

Companies must generally keep documents and contracts relating to their business for a period of time as specified by sector-specific law, such as employment and tax related laws.


Are any special remedies available for the breach of electronic contracts?

Special remedies for the breach of electronic contracts are not available in Malta. The remedies that are available are the same as those available for standard contracts.

Electronic signatures

Are electronic signatures legally valid in your jurisdiction? If so, what rules and restrictions govern their use?

Electronic signatures are legally valid in Malta and are regulated under the E-commerce Act and the EU eIDAS Regulation (910/2014) on electronic identification and trust services for electronic transactions in the internal market.

Prior consent of the parties to a transaction signed electronically must be obtained for the validity of a contract concluded via electronic signatures. Malta recognises both advanced and qualified electronic signatures; neither type can be denied legal effect and admissibility as evidence in legal proceedings solely on the basis of the signature being in electronic form. A qualified electronic signature is considered to have a legal effect equivalent to a handwritten signature.

With regards to restrictions, various acts of misuse of an electronic signature are prohibited under the E-commerce Act.

Electronic payments

Electronic payment systems

Are there any rules, restrictions or other relevant considerations regarding the use of electronic payment systems in your jurisdiction?

The provision of payment services in or from Malta is subject to regulation in Malta and is likely to require that the service provider obtain a licence from the Malta Financial Services Authority (MFSA) (or, if so authorised in another EU/European Economic Area jurisdiction, passports its services into Malta). In this regard, Malta has transposed the second EU Payment Services Directive (2015/2366) through the Financial Institutions Act (Chapter 376 of the Laws of Malta) and the Central Bank of Malta Directive Number 1.

General legal considerations (eg, data protection and consumer laws) could also be relevant in this regard.

Virtual currencies

Are there any rules or restrictions on the use of virtual currencies (eg, Bitcoin)?

Virtual currencies are not currently regulated. However, it is expected that the MFSA will regulate them in the near future.

Data protection and cybersecurity

Collection, use and storage

What rules, restrictions and procedures govern the collection, use and storage of personal data in the course of digital business in your jurisdiction?

The Data Protection Act (Chapter 440 of the Laws of Malta) is the law that primarily governs the rules, restrictions and procedures on the collection, use and storage (and other forms of processing operations) of personal data in the course of digital business, and any other form of business, in Malta.

In terms of collection, personal data may be collected only for specific, explicitly stated and legitimate purposes. In addition, all reasonable measures must be undertaken to complete, correct, block or erase stored data to the extent that such data is incomplete or incorrect; and personal data may not be kept for a period longer than is necessary.

In all cases, the purposes for which the data are processed must be considered.

With regards to use and processing activities in general, including collection and storage, the data controller must, amongst other things, ensure that:

  • personal data is processed fairly, lawfully and in accordance with good practice;
  • personal data is not processed for any purpose that is incompatible with that for which the information is collected;
  • personal data that is processed is adequate and relevant in relation to the purposes of the processing;
  • no more personal data is processed than is necessary having regard to the purposes of the processing; and
  • personal data that is processed is correct and, if necessary, up to date.

Various restrictions apply to the processing of personal data, with the primary restriction being that the processing of personal data requires a lawful basis.

In terms of procedures, a data controller must notify the Office of the Information and Data Protection Commissioner of its data processing operations before undertaking any processing activity. Upon the entry into effect of the General Data Protection Regulation (2016/679) (GDPR), this prior notification requirement is expected to be removed.

International data transfers

What rules and restrictions apply to the cross-border transfer of personal data collected in the course of digital business?

Any cross-border transfer of personal data requires a lawful basis. No further restrictions or formalities apply (other than informing the Office of the Information and Data Protection Commissioner (IDPC) of said data processing activity in the general notification that is submitted before undertaking processing operations as mentioned above) in relation to cross-border data transfers of personal data to:

  • EU and European Economic Area member states; and
  • third countries that have been recognised by the EU Commission to have an adequate level of personal data protection.

Transferring personal data to third countries that do not provide an adequate level of protection of personal data is generally prohibited. Before undertaking such international transfers, the IDPC must be notified to this effect and has the discretion to prohibit the transfer to that third country. The Data Protection Act, however, stipulates exceptions where the IDPC’s discretion in relation to such transfer does not apply. These exceptions include where:

  • the data subject gives unambiguous consent to the transfer;
  • the transfer is necessary as a result of contractual (and pre-contractual) purposes;
  • the transfer is necessary for public interest grounds or for the establishment, exercise or defence of legal claims;
  • the transfer is necessary to protect the vital interests of the data subject;
  • the transfer is made from a register established by law and intended for consultation by the public or anyone who has a legitimate interest;
  • the controller provides adequate safeguards in respect to the protection of the transferred personal data. Contractual solutions such as the European Commission’s standard contractual clauses and binding corporate rules are recognised as providing the necessary safeguards.

The considerations above are expected to change when the GDPR comes into effect.

Consumer rights

What rights are afforded to consumers in relation to their personal data?

Generally, consumers would be afforded the same rights as those afforded to other data subjects, and would hold the right to access their personal data, object to the processing of their personal data, request to have their personal data corrected, rectified blocked or erased.

The rights granted to data subjects will be broader in scope when the GDPR comes into effect.


How is the use of cookies regulated?

The regulation of cookies primarily revolves on whether the cookies contain personal data or otherwise. If the cookies contain personal data, user consent prior to the placement of any cookies would be required and the cookies would be subject to Maltese data protection laws. Note in this regard that while the IDPC is the body in charge of regulating data protection matters, the Malta Communications Authority also supports the application of cookie compliance.

Data breach

What rules and standards govern digital operators’ response to data breaches? Are they subject to any notification requirements in the event of a data breach? What precautionary measures should be taken to avoid data breaches?

A general data breach response and notification obligation is not available under Maltese law. Sector-specific regulation may, however, impose such an obligation, such as the Processing of Personal Data (Electronic Communications Sector) Regulations (Subsidiary Legislation 440.01 of the Laws of Malta), which imposes a data breach notification requirement on electronic communications service providers.

Upon the coming into effect of the GDPR, a general data breach notification and response requirement is expected to become part of Maltese law and shall apply to all data controllers.


What cybersecurity regulations and/or standards apply to the conduct of digital business?

Malta has not yet enacted specific cybersecurity legislation. However, in 2012 Malta ratified the Council of Europe Cybercrime Convention, the provisions of which have subsequently been transposed into the Maltese Criminal Code (Chapter 9 of the Laws of Malta) under the sub-title “Of Computer Misuse”. These provisions criminalise the unlawful access to, or use of, information and the misuse of hardware.

Otherwise, cybersecurity regulation exists in a somewhat fragmented manner. Under the Data Protection Act, the data controller is under an obligation to implement appropriate technical and organisational security measures to protect the personal data that it processes against accidental destruction or loss or unlawful forms of processing. An adequate level of security must be ensured, having regard to:

  • the technical possibilities available;
  • the cost of implementing the security measures;
  • the special risks that exist for that processing; and
  • the sensitivity of the personal data being processed.

If a data controller engages a processor, the data controller must ensure that the processor can implement the security measures that must be carried out and actually undertakes the measures identified by the controller.

Under the Electronic Communications Networks and Services (General) Regulations (Subsidiary Legislation 399.28 of the Laws of Malta), providers of electronic communication services must ensure the security and integrity of electronic communications. Furthermore, cybersecurity regulation is imposed by way of licensing standards in certain specific sectors, such as in the remote gaming and financial services sectors.

Is cybersecurity insurance available and commonly purchased?

Cybersecurity insurance is available in Malta; however, it appears not to be commonly purchased.


Are there regulations or restrictions on the use of encryption?

To date, the use of encryption is not directly regulated in Malta. However, the Electronic Commerce Act (Chapter 426 of the Laws of Malta) outlaws the use of cryptographic and similar techniques for any illegal purpose.

Government interception/retention

What rules and procedures govern the authorities’ interception of communications and access to consumer data?

Upon obtaining a warrant from a court, the Police may lawfully intercept any communications and access consumer data. Note that general data protection requirements do not apply when a law provides for the provision of information as a necessary measure in the interest of national security, defence, public security and the prevention, investigation, detection and prosecution of criminal offences.

Furthermore, in terms of the Data Protection (Processing of Personal Data in the Police Sector) Regulations (Subsidiary Legislation 440.05 of the Laws of Malta), the processing of personal data for police purposes must, as far as possible, be limited to accurate data and to such data as are necessary to allow the public authority exercising police powers to perform their functions in accordance to law. Where personal data has been processed without the knowledge of the person concerned, the data subject should only be informed, where practicable, that information is held about him or her, as soon as the object of police activities is no longer likely to be prejudiced, and only if the data are not deleted.

The Security Service may also intercept any form of communication pursuant to a warrant. The required warrant in this instance is issued by the minister responsible for the Security Service, under the Security Service Act (Chapter 391 of the Laws of Malta).

Electronic communications providers are under an obligation to retain certain basic electronic communications data under the Processing of Personal Data (Electronic Communications Sector) Regulations (Subsidiary Legislation 440.01 of the Laws of Malta). Access to such basic electronic communications data must be granted to the Police and to the Security Service upon a written request to this effect.

Advertising and marketing


What rules govern digital advertising and marketing in your jurisdiction? Are there any specific regulations governing the use of targeted advertising?

Malta does not have dedicated rules addressing digital advertising, marketing or the use of targeted advertising. Advertising and marketing are typically governed by laws of a general nature, primarily the Commercial Code and consumer laws. Sector-specific regulation, in particular in the context of gaming and financial services, may be of relevance.


Are there any restrictions or limitations on goods and services that can be advertised, marketed and sold online?

Sector-specific regulation may apply, such as rules applying to financial services and distance selling regulations. The Tobacco (Smoking Control) Act (Chapter 315 of the Laws of Malta) also applies to online advertising. Restrictions to advertising on the Internet can also be found under online gambling services.

Spam messages

What rules and restrictions govern the sending of spam messages?

Spam messages are governed under the Processing of Personal Data (Electronic Communications Sector) Regulations (Subsidiary Legislation 440.01 of the Laws of Malta), which provide that no person may use any publicly available electronic communications service to make an unsolicited communication for the purposes of direct marketing by means of automatic calling machines, facsimile or electronic mail unless the user has given his or her prior consent in writing.

However, in instances where customers have provided their electronic mail address for the sale of a product or service, such electronic mail address may be used for direct marketing of similar products or services (subject to the right to object). This is expected to change following the implementation of the General Data Protection Regulation.

Digital content and IP issues

Required notices

Are websites and any other digital content required to display certain legal notices or other information in your jurisdiction?

There is no general obligation imposed on websites and other digital content to display legal notices or other information in Malta. However, there are laws of a lex specialis nature, such as consumer laws, data protection and remote gaming, in virtue of which legal notices and other information would need to be displayed depending on the mechanics of the website.

Liability for content

What rules govern liability for online or other digital content that is defamatory or infringes another party’s IP rights?

The rules governing liability online are generally the same rules that govern liability in the offline context.

Defamatory content is currently primarily governed under the Press Act (Chapter 248 of the Laws of Malta). In addition to damages, the injured person may be granted a sum not exceeding €11,646.87. A new Media and Defamation Act, which has the purpose of updating the regulation of media and defamation matters, has been tabled in Parliament and is expected to come into effect in the near future.

The rules governing infringement of another party’s IP rights depend on the IP right being infringed. The Copyright Act (Chapter 415 of the Laws of Malta), the Trademarks Act (Chapter 416 of the Laws of Malta), the Patents and Designs Act (Chapter 417 of the Laws of Malta) and the Enforcement of Intellectual Property Rights (Regulation) Act (Chapter 488 of the Laws of Malta) are the laws that typically govern online infringement of IP rights. Malta recognises liability for moral damages as a result of infringement of IP rights, over and above material damages.

How can liability be excluded or limited?

The main form of exclusion or limitation of liability that is generally proactively used in the online context are contractual solutions, such as requesting users to accept to be bound by online terms and conditions or similar texts, which, to the extent permitted by Maltese law, exclude or limit liability.

Intermediary service providers of information society services may benefit from the safe harbour protection afforded by the Electronic Commerce Act (Chapter 426 of the Laws of Malta) (E-commerce Act), which effectively reflect the provisions of the E-commerce Directive (2000/31), to conduits, caching and hosting service providers.

For instance, where a mere conduit service is provided – that is, a service which consist in the transmission, in a communication network, of information provided by the recipient of the service, or the provision of access to a communication network – the provider may claim a defence from liability in regard to the information transmitted where it does not:

  • initiate the transmission;
  • select the receiver of the transmission; and
  • select or modify the information contained in the transmission.

Which parties can be held liable for defamatory or infringing content? Can contingent liability be extended to internet service providers (ISPs)?

The Press Act provides that the author composing the infringing work may be held liable, as well as the editor of that work, or, where the aforementioned persons cannot be identified, the publisher of that work. Contingent liability can be extended to ISPs if they fail to act in a way that permits them to claim the defences available under the E-commerce Act – for instance, if in providing hosting services the ISP obtains knowledge of the illegal activity and fails to act expeditiously to remove or disable such content.

Content takedowns What rules and procedures govern content takedowns? Can ISPs remove defamatory or infringing content without permission?

The E-commerce Act regulates content takedowns in Malta in the safe-harbour defence provisions. There appears to be a widespread practice of taking down content, both at the ISP’s own initiative through moderation or similar techniques, and upon receiving a complaint.

As a general rule, however, the E-commerce Act provides that no requirement should restrict the freedom to provide unrestricted information society services, and that nothing in the act should be interpreted as imposing an obligation on information society service providers to monitor the information that they transmit or store or to seek actively facts or circumstances indicating illegal conduct in connection with the activities.

Domain names

What rules, restrictions and procedures govern the licensing of domain names?

The Malta Internet Foundation (NIC) is responsible for allocating and registering ‘.mt’ country-code top-level domain names (ccTLDs).

How are domain name disputes resolved in your jurisdiction?

Domain name disputes in Malta fall under the remit of the Civil Court. The Civil Court’s judgment in Clamus Ltd v Vella Gera (2004) suggests that the Maltese courts will treat domain name issues in a similar fashion to trademark issues.

Maltese registrants of generic top-level domain names (gTLDs) such as ‘.com’ can submit their disputes relating to gTLDs to the Internet Corporation for Assigned Names and Numbers’ Uniform Dispute Resolution Policy (UDRP). As a result, disputes in relation to gTLDs are generally resolved through the UDRP.

The UDRP is not available for the administration of ‘.mt’ ccTLDs. Therefore, registrants of ‘.mt’ ccTLDs have no option other than to resort to the Civil Court for the resolution of their disputes.

IP protection measures

What special measures and safeguards should rights holders consider in protecting their online/digital content?

Right holders should register any registrable IP rights in order to protect their online content. Filtering or blocking systems could also be considered, although these solutions remain largely untested in the Maltese courts and depend on the implementation by intermediary service providers.

Tax issues

Online sales

How are online sales taxed?

Online sales fall within the scope of the value added tax (VAT), which is generally charged on the supply of goods and services for a consideration that takes place in Malta by a taxable person acting as such. In the context of online sales, goods and services are subject to VAT at 18% or are exempt, dependent on the nature of the good or service. The applicability of Maltese VAT on such supplies is largely dependent on where the supply is deemed to take place.

The place of supply for goods is generally considered to be Malta where the goods are dispatched from Malta. The general place of supply rules for services is either:

  • the place where the recipient has established its business when the services are supplied to such taxable person (business-to-business); or
  • the place where the supplier is established when the services are supplied to a non-taxable person (business-to-consumer).

Specifically with respect to the supply of electronic services to non-taxable persons, with effect from January 1 2015 the place of supply shifted to the place where the customer is established. Such services include:

  • website supply;
  • website hosting;
  • distance maintenance of programmes and equipment;
  • supply of software and updating thereof;
  • supply of images, text and information and making available of databases;
  • supply of music, films and games;
  • the supply of political, cultural, artistic, sporting, scientific and entertainment broadcasts and events, and
  • supply of distance teaching.

Other than VAT, there are no other specific digital taxes or withholding taxes on digital business.

Other taxes

What other tax liabilities arise in respect of the conduct of digital business in your jurisdiction?

No other tax liabilities arise in this respect under Maltese law.

Malta has had no legislative intervention, nor issued any guidelines on the possibility of e-commerce activity constituting a permanent establishment of a Maltese company. There is also no definitive conclusion of what constitutes a permanent establishment for income tax purposes under Maltese law. However, the position adopted by the Organisation for Economic Cooperation and Development will in all likelihood be given due regard by the Maltese government when dealing with such international tax matters.

Jurisdiction, governing law and dispute resolution

Jurisdiction and governing law

How do the courts determine jurisdiction and governing law in relation to online/digital transactions and disputes?

Maltese law allows parties to choose the jurisdiction and laws applying to their contractual relationship, provided that this is not against mandatory and public policy rules.

As a member of the European Union, Malta determines jurisdiction in relation to online transactions and disputes, both of a tortuous and contractual nature, under the terms of the Recast Brussels Regulation (1215/2012). The governing law in regard to contractual obligations is determined by the Rome 1 Regulation (593/2008), while the governing law in regard to non-contractual obligations is determined by the Rome 2 Regulation (864/2007).

With regard to international jurisdiction – that is, parties not domiciled within the European Union – the rules on jurisdiction of the Code of Organisation and Civil Procedure (Chapter 12 of the Laws of Malta) apply.


Are there any specialist courts in your jurisdiction which deal with online/digital issues and disputes?

There are no specialist courts in Malta that deal with online/digital issues and disputes. Typically, such issues and disputes fall under the remit of the Civil Court.

Alternative dispute resolution

What alternative dispute resolution (ADR) methods are available for online/digital disputes? How common is ADR for online/digital disputes in your jurisdiction?

General ADR methods, such as arbitration under the Malta Arbitration Act (Chapter 387 of the Laws of Malta), are available for online/digital disputes. Sector-specific ADR, such as dispute in relation to online financial services, can be referred by consumers to the Consumer Complaints Manager at the Malta Financial Services Authority or, depending on the circumstances, the Arbiter for Financial Services in line with the Arbiter for Financial Services Act (Chapter 555 of the Laws of Malta).

Consumers may also resort to ADRs available under consumer laws, such as the out-of-court procedure provided under the Consumer Alternative Dispute Resolution (General) Regulations 2015 (Subsidiary Legislation 378.18). In Malta, the Malta Consumer and Competition Affairs Authority also receives complaints and may facilitate dialogue and amicable settlements between traders and consumers. If a settlement is not attained, the authority may refer claims that do not exceed €3,500 to the Consumer Claims Tribunal.