Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject foreign goods not covered by any EU international commitments from its tender procedures. In these cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
The Public Procurement Act transposes the restriction on foreign goods as established by the Utilities Directive (2014/25/EU) into law. A contracting authority or a “special sector company”, i.e. legal persons or institutions that provide privatised public services, may reject any tender submitted for the purpose of awarding a supply contract if the proportion of goods originating in third countries (with which the EU does not have international commitments) exceeds 50% of the total value of the goods to which such tender relates (Public Procurement Act, Art. 3.76).

According to Art. 4 of the Public Procurement Act, tenderers may be asked to submit a 'declaration of conduct', which provides evidence that there are no legal objections to an entrepreneur bidding for a tender (for instance, because of criminal proceedings). Foreign firms are ineligible to apply for a Dutch declaration of conduct, but an equivalent declaration from the country in which the tenderer is based is sufficient. In the absence of this document, it may be replaced by a sworn statement. It is reported that the process of gaining a type of 'declaration of conduct' can be burdensome for both domestic and foreign firms.

The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Electronic Commerce Act.

Malta has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Malta has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Malta has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Malta, the intermediary liability in the E-commerce Directive is implemented almost verbatim in the Electronic Commerce Act (Part IV). The most remarkable difference is that it covers exclusively liability in damages.

It is reported that Malta imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card or a passport in case of foreigners to activate a new prepaid SIM card.

Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters), under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms. Graduated exemptions are expected to be put in place for new providers active in the EU for less than three years with a turnover under EUR 10 million and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
To implement Directive 2019/790, the Minister for the Economy and Industry has issued the Subsidiary Legislation 415.08, Regulations on Copyright and Related Rights in the Digital Single Market, therefore making online content-sharing service providers partially liable for copyright violations on their platforms.

Art. 13 of the Virtual Financial Assets Act stipulates that no individual or entity shall provide, or present themselves as providing, a virtual financial asset (VFA) service within or from Malta without holding a valid licence issued under this Act by the Malta Financial Services Authority (MFSA). In its Virtual Financial Assets Rulebook (Chapter 3 of the Virtual Financial Assets Rules for VFA Services Providers), specifically under R3-3.5.2.1.6, the MFSA requires that licence holders ensure their IT infrastructure is situated in Malta, any other member state of the European Economic Area, or in a third-country jurisdiction where the Authority is satisfied that the infrastructure guarantees the integrity and security of stored data, as well as the availability, traceability, accessibility, privacy, and confidentiality of the data.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Art. 13.1 provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works by facilitating access to such works using any appropriate means to ensure their prominence. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In Malta, the EU Directive was transposed into domestic law through the amendment of the Broadcasting Act of December 2020 (Act No. LVI of 2020). According to Art. 16N of the Act, providers of on-demand audiovisual media services must ensure that their catalogues contain at least 30% European works and that they are prominently displayed. Additionally, Malta has not implemented financial contribution obligations for VOD service providers.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. The Data Protection Act (Act XX 2018) implemented the GDPR in Malta.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned.
Despite the ECJ ruling, the Maltese law on data retention still applies. According to Art. 21 of Subsidiary Legislation 586.01 Processing of Personal Data (Electronic Communications Sector) Regulations, internet access and Internet e-mail data shall be retained for a minimum of six months, while communications data of fixed network telephony, mobile telephony and Internet telephony shall be retained for a minimum of one year.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Malta, the intermediary liability in the E-commerce Directive is implemented almost verbatim in the Electronic Commerce Act (Part IV). The most remarkable difference is that it covers exclusively liability in damages.