AI Legislative Guide |
|
Malta |
|
(Europe)
Firm
Ganado Advocates
Contributors
Paul Micallef Grimaud |
|
Has specific legislation, final regulations or other formal regulatory guidance addressing the use of AI in your jurisdiction been implemented (vs reliance on existing legislation around IP, cyber, data privacy, etc.)? | No. Amendments to laws have been made to allow for the implementation of subsidiary legislation, if and when needed, to cater to AI legal requirements that may result from the use of AI. There is only one piece of legislation that was seemingly enacted to allow for the secondary use of medical data by public health providers, including in its use with technology – the processing of personal data (secondary processing) (health sector) regulations (Subsidiary Legislation 528.10). |
Please provide a short summary of the legislation/regulations/guidance and explain how legislators aim to strike the balance between innovation and regulation. | Under the processing of personal data (secondary processing) (health sector) regulations, where the use of health data by health providers for purposes other than the original intended use, which purposes are listed in the law, can lead to benefits for the health system in Malta, this use can be deemed permitted subject to the use of anonymization techniques or clearance from an established ethics committee. This permitted secondary use of health data should lead to AI advances in the Maltese health sector, yet at the same time ensure ethical use of data in accordance with GDPR. |
Which agency regulates the use of AI in your jurisdiction? | The Malta Digital Innovation Authority (“MDIA”) is central to the regulation and take up of the technology. But, so far, the only way AI may be regulated is if it falls within a broader context of regulation relating to sectors that regulate the use of technology – such as financial services. In that case, it would be the Malta financial services authority that would regulate these aspects of technology use by licensed entities in relation to, for instance, digital and operational resilience and outsourcing requirements. |
AI Legislative Guide
No. Amendments to laws have been made to allow for the implementation of subsidiary legislation, if and when needed, to cater to AI legal requirements that may result from the use of AI. There is only one piece of legislation that was seemingly enacted to allow for the secondary use of medical data by public health providers, including in its use with technology – the processing of personal data (secondary processing) (health sector) regulations (Subsidiary Legislation 528.10).
Under the processing of personal data (secondary processing) (health sector) regulations, where the use of health data by health providers for purposes other than the original intended use, which purposes are listed in the law, can lead to benefits for the health system in Malta, this use can be deemed permitted subject to the use of anonymization techniques or clearance from an established ethics committee. This permitted secondary use of health data should lead to AI advances in the Maltese health sector, yet at the same time ensure ethical use of data in accordance with GDPR.
The Malta Digital Innovation Authority (“MDIA”) is central to the regulation and take up of the technology. But, so far, the only way AI may be regulated is if it falls within a broader context of regulation relating to sectors that regulate the use of technology – such as financial services. In that case, it would be the Malta financial services authority that would regulate these aspects of technology use by licensed entities in relation to, for instance, digital and operational resilience and outsourcing requirements.