Communications policy

Regulatory and institutional structure

Summarise the regulatory framework for the communications sector. Do any foreign ownership restrictions apply to communications services?

The regulatory framework for telecommunications in Malta is based primarily on the following primary and secondary legislation:

 

This is not an exhaustive list of legislation and there are various other main and subsidiary laws that directly or indirectly affect parts of the sector. Additionally, the Malta Communications Authority (MCA) regularly issues consultation documents, decision documents, guidelines and directives that further regulate this sector in Malta.

Authorisation/licensing regime

Describe the authorisation or licensing regime.

In terms of ECRA, undertakings wishing to provide electronic communications are required to notify the MCA to obtain a general authorisation to provide such services.

Malta’s current telecommunications authorisation system is divided into three main categories, namely authorisations for the provision of networks and (or) services, spectrum licensing and licensing for use of radio communications equipment.

Any undertaking that provides in Malta, or intends to provide in Malta, an electronic communications service (and network if relevant) is required to formally notify the MCA on the official Notification Form. Once the MCA acknowledges the undertaking’s submission of notification, the undertaking concerned is deemed to be authorised to provide an electronic communications network or service subject to the conditions established in the ECNSR. Administrative charges are specified therein.

Rights of use of radio frequencies are granted by the MCA either under a general authorisation or under an individual licence, depending on the frequency band. When individual licences have been granted, this has been done either by auction or by beauty contests.

An undertaking can also be required to obtain authorisations to provide other specialised services in terms of other subsidiary legislation enacted under ECRA. Such legislation includes, among others:

 

There are no restrictions on foreign companies commencing operations in the Maltese telecommunications market and in fact, all of the larger telecoms players in Malta have material or controlling foreign interests.

Flexibility in spectrum use

Do spectrum licences generally specify the permitted use or is permitted use (fully or partly) unrestricted? Is licensed spectrum tradable or assignable?

All types of technology used for electronic communications services may be used in the radio frequency bands declared available in the frequency plan in accordance with EU law, provided that restrictions may be imposed where necessary to avoid harmful interference, to ensure technical quality of service, and to safeguard the efficient use of spectrum, among other reasons provided for under ECRA. In accordance with ECRA, radio spectrum for the provision of electronic communications services is assigned on a service-neutral basis.

An undertaking may transfer or lease the individual rights to use radio frequencies in the bands identified in the national frequency plan that may be transferred or leased to other undertakings in accordance with the conditions attached to such rights of use of radio frequencies, provided that conditions attached to individual rights to use radio frequencies shall continue to apply after the transfer or lease, unless otherwise specified by the MCA.

In such cases, the licensed transferring undertaking shall notify the MCA of its intention to transfer rights to use radio frequencies, as well as the effective transfer thereof to the MCA. The undertaking shall also make such intention public.

Ex-ante regulatory obligations

Which communications markets and segments are subject to ex-ante regulation? What remedies may be imposed?

The latest version of the Commission Recommendation on relevant product and service markets within the electronic communications sector susceptible to ex-ante regulation published in December 2020 (the Recommendation) lists two markets in which ex-ante regulation might be warranted, namely:

  • wholesale local access provided at a fixed location; and
  • wholesale dedicated capacity.

 

In a decision on ‘wholesale local access provided at a fixed location’, dated 18 December 2018, the MCA determined that ex-ante regulatory intervention is required in Malta in the said wholesale market and accordingly chose to maintain the following regulatory obligations of access to (and) use of specific facilities, non-discrimination, transparency and price control. The MCA has also mandated the cost accounting obligation on two operators in Malta, namely GO plc and Melita plc.

With regard to the MCA’s analysis of the ‘wholesale market for the provision of dedicated capacity in Malta’, a consultation document was issued on 30 September 2022 wherein the MCA considered no undertaking enjoys significant market power in the wholesale market for the provision of dedicated capacity in Malta and accordingly, that the relevant market is effectively competitive and expected to remain structurally so within the coming five-year period. Thus, the MCA is of the opinion that it is not justifiable to maintain regulatory obligations and is proposing to withdraw such obligations. The withdrawal of such obligations does not affect other obligations that may have been imposed on undertaking under other decision documents.

Structural or functional separation

Is there a legal basis for requiring structural or functional separation between an operator’s network and service activities? Has structural or functional separation been introduced or is it being contemplated?

The ECNSR provides for the possibility of requiring vertically integrated undertakings to situate activities relating to the wholesale provision of relevant access products in an autonomously functioning business entity in the event that other measures have failed to resolve persisting competition problems or market failures identified by the MCA. This separate entity is to supply access products and services to all undertakings, including to other business entities within the parent company on the same timescales, terms and conditions.

When the MCA decides to impose this type of obligation, it must first present a proposal to the European Commission, and such a proposal should include all the requisite information that ultimately will enable the European Commission to reach a decision. Once such a decision is reached, the MCA shall undertake to carry out a fully fledged analysis of the different markets related to the access network.

Universal service obligations and financing

Outline any universal service obligations. How is provision of these services financed?

The MCA is empowered to establish universal service obligations (USOs) to ensure that adequate broadband internet access service and voice communications services at the specified quality, including the underlying connection, at a fixed location are made available at affordable prices to all consumers in Malta, in the light of national conditions and independently of geographic location. The MCA is also required to ensure the continuation of the availability and affordability of existing universal services when justified according to the national circumstances.

On 28 April 2023, the MCA issued a decision notice titled the Universal Service Obligations On Electronic Communications Services updated the universal service regime in Malta in respect of the following USOs:

  • provision of voice communications services at a fixed location;
  • provision of reduced tariff options;
  • provision of other specific measures for vulnerable users;
  • control of expenditure by users; and
  • the comprehensive electronic directory.

 

The decision notice also states that providers responsible for the provision of all or part of the USOs may submit a claim for compensation in relation to any unfair burden they claim to have suffered because of providing each respective USO. This will subsequently be evaluated by the MCA to determine whether a burden in fact exists in this regard.

Number allocation and portability

Describe the number allocation scheme and number portability regime in your jurisdiction.

Number allocation in Malta is contemplated under the ECNSR and within several documents published by the MCA itself, particularly the National Numbering Plan, which provides the necessary framework that outlines the award of rights of use, as well as the conditions for the use of numbering resources. The MCA is responsible for establishing procedures to guarantee that the allocation of numbers is carried out in an objective, transparent, non-discriminatory, equitable and well-timed manner. Moreover, the National Numbering Plan includes a list of the available numbering ranges and the requisites and standards that apply to them. If these ranges are made available, a prospective applicant can apply for numbers by either submitting an application for new numbers or number blocks or by submitting an application for additional numbers or number blocks. The MCA may also revoke, suspend or change number use, in certain instances.

With regard to number portability, on 15 November 2022, the MCA published a decision notice updating its previous decision on Number Portability In Malta. The decision notice makes reference to Regulation 94(5) of the ECNSR, which states that end-users subscribed to voice communications services with numbers from the National Numbering Plan may request that they retain their numbers, independently of the undertaking providing the service. The right applies:

  • in the case of geographic numbers, at a specific location; and
  • in the case of non-geographic numbers, at any location.

 

Thus, the requirement for provider portability applies to numbers assigned for fixed voice communications services, mobile voice communications services and special tariffs; namely, freephone numbers and premium-rate numbers. The right does not apply to the porting of numbers between networks providing services at a fixed location and mobile networks, ‘service portability’. It should also be noted that in the case of machine-to-machine or internet-of-things (M2M/IoT) connectivity services and other non-interpersonal communications services (non-ICS), which benefit from a solely dedicated E.164 national numbering range with the prefix ‘4’, there is no obligation to provide number portability for numbers from this range as this could, in some cases, constitute service portability. Nonetheless, numbers from the ‘4’ range may be ported out, to another provider of M2M/IoT connectivity service or other non-ICS, subject to a voluntary agreement between the donor and recipient operators. The MCA did not impose location portability as a requirement but encourages providers of fixed voice communications services to provide subscribers with this facility where possible. The MCA has published a number of other decisions that define the requirements associated with number portability and various related processes.

Customer terms and conditions

Are customer terms and conditions in the communications sector subject to specific rules?

To safeguard the interests of customers, the MCA, which is in charge of regulating the electronic communications industry in Malta, has adopted a number of laws, regulations and guidelines. By way of example, the MCA has established rules on its website for the minimal details that must be included in contracts for electronic communications services, such as broadband, telephone and television services, and are required to be disclosed to customers. The rules stipulate that contracts must be drafted in simple, straightforward language and that customers must be given details about costs, fees and service levels. Moreover, subscribers must be given at least 30 days prior notice of the undertaking’s intention to modify the contractual terms and in such circumstances, a subscriber may dissolve from the contract without incurring a penalty. Additionally, undertakings must offer consumer contracts of 12 months and cannot offer consumer contracts exceeding 24 months. The MCA has also produced guidelines for the minimum terms and conditions for electronic communications services, including clauses about invoicing, payment, termination and dispute resolution.

Net neutrality

Are there limits on an internet service provider’s freedom to control or prioritise the type or source of data that it delivers? Are there any other specific regulations or guidelines on net neutrality?

EU Regulation (EU) 2015/2120 (Roaming Regulation) laying down measures concerning open internet access entered into force on 15 June 2017. The Roaming Regulation was accompanied by a set of guidelines published by the Body of European Regulators for Electronic Communications that aim to guide national regulatory authorities when it comes to implementing these rules. The Roaming Regulation permits the use of ‘reasonable traffic management practices’ to avoid an ‘impending network congestion’. Nevertheless, the guidelines clarify that, although the monitoring of generic content, such as the internet protocol packet header, is allowed, the monitoring of specific content (such as the information provided by the user) is prohibited.

The Roaming Regulation provides that specialised services, that is, ‘services other than internet access services which are optimised for specific content, applications or services, or a combination thereof’ fall outside the scope of the Roaming Regulation and thus users of specialised services are not protected by the open internet rules as provided in the Roaming Regulation.

Zero rating remains a thorny issue under the Roaming Regulation, as, although some forms of zero rating are allowed, others are prohibited. Zero rating is prohibited when it is applied to specific applications or services. Once a data cap is reached, and all applications are throttled, the zero-rated applications must also be throttled, otherwise, this would be an infringement of the Regulation. On the other hand, zero rating may be applied to an entire category of applications without being in contravention of the Roaming Regulation. Therefore, the latter form of zero rating is allowed.

With regard to bandwidth throttling, the Roaming Regulation holds that bar the exception of reasonable traffic management, blocking, slowing down, altering, restricting, interfering with, degrading or discriminating between specific content, applications or services, or specific categories thereof, are all prohibited.

It is pertinent to note that within the Roaming Regulation – concerning open internet access, amending the directive on universal service and users’ rights relating to electronic communications networks and amending the roaming regulation – was implemented into the MCA Act through Act XVIII of 2016. The MCA also took the opportunity to publish a ‘Report on the Malta Communications Authority’s work on the implementation of the EU Net Neutrality Regulation’.

Platform regulation

Is there specific legislation or regulation in place, and have there been any enforcement initiatives relating to digital platforms?

Legislation in relation to digital platforms have come into effect through the EU’s Digital Services Act and the Digital Market Act, which are directly applicable across the European Union.

Regulation (EU) 2019/1150 on promoting fairness and transparency for business users of online intermediation services (Platform to Business Regulation) has been implemented through the Online Intermediation Services for Business Users (Enforcement Measures) Regulations (Chapter 399.49) that:

  • put into place enforcement tools whereby a business user can seek redress before the Civil Court if there is non-compliance by the provider of an online intermediation service with certain obligations onerous on any such provider as stated in Platform to Business Regulation; and
  • enables a designated organisation, association or public body to apply to the Civil Court to stop or prohibit non-compliance with certain articles of the Platform to Business Regulation by a provider of an online intermediation service or a provider of an online search engine.
Next-Generation-Access (NGA) networks

Are there specific regulatory obligations applicable to NGA networks? Is there a government financial scheme to promote basic broadband or NGA broadband penetration?

Broadband access forms part of the universal service obligations (USO). In accordance with the MCA’s decision notice on ‘Broadband as a Universal Service Ensuring the availability of an adequate broadband internet access service, including the underlying connection, at a fixed location’, an adequate broadband internet access service, including the underlying connection, at a fixed location must be provided throughout Malta with all the following functional characteristics:

  • download sync speed of at least 30Mbps;
  • an upload sync speed of at least 1.5Mbps;
  • latency, which is capable of allowing the end-user to make and receive voice calls over the connection effectively; and
  • an unlimited data usage cap.

 

The ECNSR states that the minimum set of services that the adequate broadband internet access service must be capable of supporting are:

  • electronic address;
  • search engines enabling search and finding of all types of information;
  • basic training and education online tools;
  • online newspapers or news;
  • buying or ordering goods or services online;
  • job searching and job searching tools;
  • professional networking;
  • internet banking;
  • e-government service use;
  • social media and instant messaging; and
  • calls and video calls (standard quality).

 

A designated operator is required to offer the broadband internet access service, including the underlying connection, at a fixed location at prices that are uniform throughout Malta and are to services offered to its non-USO end-users, unless the MCA has determined that there is clear justification for not doing so. A designated operator is required to offer the same level of quality of service to premises connected under the USO as it does to premises connected to the rest of Malta.

Data protection

Is there a specific data protection regime applicable to the communications sector?

In addition to the protection provided in the Data Protection Act and Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR), it is pertinent to note the additional protections afforded through the provisions of the Processing of Data (Electronic Communications Sector) Regulations (SL 586.01). The Processing of Data (Electronic Communications Sector) Regulations (SL 586.01) regulate data protection in the electronic communications sector. Thus, for instance, Regulation 20 establishes that service providers must retain certain categories of data necessary to:

  • trace and identify the source of a communication;
  • identify the destination of a communication;
  • identify the date, time and duration of a communication;
  • identify the type of communication;
  • identify users’ communication equipment or what is purported to be their equipment; and
  • identify the location of mobile communication equipment.
Cybersecurity

Is there specific legislation or regulation in place concerning cybersecurity or network security in your jurisdiction?

First, the Maltese Criminal Code criminalises unlawful access to, or use of, information, particularly using computers or other devices. Actions including the unlawful use of a computer or other device or equipment to access any data, unauthorised activities that hinder access to any data as well as unlawful disclosure of data or passwords and the misuse of hardware may all result in a criminal offence. The Information and Data Protection Commissioner is the authority empowered to regulate and enforce cybersecurity aspects of the processing of personal data whereas the MCA is charged with the responsibility of enforcing the security of Malta’s public communication networks.

Additionally, Maltese legal instruments dealing with various aspects of cybersecurity include the following:

  • the Processing of Personal Data (Electronic Communications Sector) Regulations (SL 586.01);
  • the Electronic Communications Act (Chapter 399, namely article 48)
  • the Electronic Communications Networks and Services (General) Regulations (SL 399.28); and
  • the Council of Europe Cybercrime Convention, to which Malta has been a signatory since 2001, and was ratified in April 2012.

 

The Malta Financial Services Authority has suggested Cybersecurity Guidance Notes, which might be thought of as a minimal set of best practices and risk management guidelines to be followed to successfully reduce cyber risks.

Legislation in relation to cybersecurity will come into effect through the NIS 2 Directive, which is applicable to all EU member states, with each state needing to make state law applicable with the NIS 2 Directive by 17 October 2024

Big data

Is there specific legislation or regulation in place, and have there been any enforcement initiatives in your jurisdiction, addressing the legal challenges raised by big data?

In Malta, the processing of personal data, especially big data, is governed by the GDPR. Individuals have several rights under the GDPR, including the right to view their personal data, the right to have inaccurate data corrected, the right to object to processing, and the right to have their personal data erased. Additionally, the GDPR mandates that organisations obtain explicit consent before collecting or processing any personal data.

The processing of personal data in Malta is governed by the Data Protection Act (Chapter 586 of the Laws of Malta). The Data Protection Act and the GDPR have both been actively enforced in Malta by the Office of the Data Protection Commissioner. The office has the authority to look into and punish businesses that disobey data protection laws, and it has imposed fines for noncompliance. Overall, Malta has created a solid legal system and enforcement apparatus to handle the legal issues brought on by big data.

Data localisation

Are there any laws or regulations that require data to be stored locally in the jurisdiction?

The Processing of Data (Electronic Communications Sector) Regulations (SL 586.01) regulate data protection in the electronic communications sector. Thus, for instance, Regulation 20 establishes that service providers must retain categories of data necessary to:

  • trace and identify the source of a communication;
  • identify the destination of a communication;
  • identify the date, time and duration of a communication;
  • identify the type of communication;
  • identify users’ communication equipment or what is purported to be their equipment; and
  • identify the location of mobile communication equipment.

 

In terms of Regulation 18, a service provider of publicly available electronic communications services or of a public communications network is bound to retain the data referred to, to the extent that the data is generated or processed by such providers in the process of providing the communications services concerned.

There are currently no other generally applicable laws or regulations that require data to be stored locally. Having said this, regulated activities such as financial services or remote gaming could be subject to significantly more stringent data storage policies including specific locations for such data to be stored or replicated to be accessible to the relevant regulators.

Key trends and expected changes

Summarise the key emerging trends and hot topics in communications regulation in your jurisdiction.

Within the communications sector in Malta, changing consumer and business needs continue to drive demand for a better quality of service, greater reliability and security, faster speeds and additional bandwidth on both fixed and wireless electronic communications networks. In its Annual Plan 2022, the MCA has stated that it will continue to:

 

facilitate the deployment of very high-capacity fixed and wireless broadband networks by providing the necessary support and guidance to sector players and other institutional players. Such support and guidance will address areas related to the sharing and re-use of existing physical infrastructure, co-investment, and access to in-building physical infrastructure.

 

The MCA has also declared that it will ‘work with other competent authorities to further facilitate the deployment of very high-capacity networks, including fibre and 5G networks’. The Annual Plan also refers to the recently set up Utilities Services Coordinating Committee, which is ‘one of the ideal vehicles in terms of setting out the related policies for infrastructure access’, a very pertinent topic in relation to the Maltese market at the current time. The MCA has also declared that they will ‘continue to closely monitor and ensure compliance by the operators with net-neutrality principles, taking utmost account of BEREC guidelines’. The MCA shall continue to ensure that ‘operators take appropriate measures to ensure the integrity and security of their networks and services in line with the established technical guidelines issued by ENISA’. Finally, the MCA also declares that it will:

 

continue to work closely with the Ministry for Home Affairs, National Security and Local Enforcement, the Critical Information Infrastructure Protection Unit within the Critical Infrastructure Protection Directorate, the Office of the Information and Data Protection Commission, Malta Security Services and the police on matters related to cyber-security.