— AI-First Cash Rebate Platform
— AI-First Cash Rebate Platform
A single, intelligent system that unifies OFA and the Screen Malta Cash Rebate workflow — eliminating duplicate data, automating vetting, and giving the Cash Rebate team the oversight and analytics they've never had.
The current Cash Rebate application process — spread across PDFs, email, WhatsApp and a disconnected OFA system — consumes weeks of the Cash Rebate team's time per application and leaves crew data perpetually out of date.
SKIOS proposes a single AI-orchestrated platform that ingests every document, validates it the moment it is uploaded, keeps crew lists live, and lets the Cash Rebate team focus on judgement rather than data entry.
OFA becomes the directory of record. The Rebate platform pulls crew, service providers, CW numbers and profiles live — no re-keying, ever.
Contracts, compliance certificates, invoices and budgets are screened by purpose-trained AI before a human sees them.
Crew is captured at application stage, linked to CW numbers, supports TBC roles, and stays in sync with OFA throughout the production.
Sectioned final submission with full audit download, invoice explorer, eligibility flags and side-by-side budget reconciliation.
Applicants get an AI guide through every form field. the Cash Rebate team gets an internal co-pilot that answers "why was this flagged?".
Eleven years of historic data plus live applications, feeding dashboards for Screen Malta, Ministry briefings and parliamentary reporting.
This programme is delivered jointly. SKIOS leads application, AI and delivery. VERACLOUD leads infrastructure, cloud and security operations. Both contract directly with Screen Malta under a single master agreement, with one accountable programme director.
Applications · AI · Delivery
Malta-headquartered boutique technology firm operating embedded AI squads across Malta, Spain, Cyprus and Greece. Dual civilian and defence divisions, built around secure-by-design engineering.
Infrastructure · Cloud · SecOps
Boutique managed cloud and cybersecurity operator with offices in Malta (NuBis Centre, Lija), Cyprus and Greece — delivering across the UK and Europe with a 17-minute average first response.
Both partners hold ISO 27001-aligned postures and operate under Maltese and EU legal frameworks. GDPR DPAs, data-processor agreements and breach-notification SLAs are signed on day one.
SKIOS holds the programme management contract. A single weekly steering call, a single delivery dashboard, a single escalation path — even though two companies are behind the curtain.
VERACLOUD manages infrastructure for regulated Maltese banks. The same SecOps team that watches BOV, BNF and FimBank workloads watches the Cash Rebate platform.
Foreign or local — the form adapts to jurisdiction. Maltese incorporation pulls VAT & NACE; other EU shows NACE; non-EU shows SIC. Each field is validated by country-specific rules.
The dropdown is the authoritative OFA list. New providers created in OFA appear instantly, with details pulled automatically — no double data entry.
Every Screen Malta form — Application, Cultural Test, Financial Details, Difficult Audiovisual Works, Distribution Declaration — recreated as native, conditional, validated fields.
Crew is captured here — not after the fact in OFA. Movie Magic (.mov) or Excel template upload; MFC-code-aware eligibility engine highlights non-qualifying expenses.
Once approved, the production can request the 10% advance through a proper form (no more emails). Budget-change requests are tracked with approval trail and version history.
Applicants update TBC roles, add crew, upload interim docs. Every file is AI-screened on arrival. Dashboards show coverage in real time.
Instead of a single ZIP dump, final submission is split into structured sections. Each row is an expense with a contract, invoice and proof of payment attached — fully traceable, fully downloadable by the third-party auditor.
Every agent is purpose-built, trained on Screen Malta's actual guidelines, and orchestrated behind a single approval queue. Humans stay in the loop — AI does the reading.
Reads the uploaded contract and confirms it is specifically between the qualifying company and the named LSP. Flags mismatch, missing signatures, wrong jurisdictions.
Refuses certs older than three months. Detects forgery hallmarks. Matches issuing authority to declared jurisdiction.
Trained on Malta Film Commission codes. Flags each line as eligible / ineligible / review-required. Handles .mov & .xlsx.
Supplier, VAT, line-items, VAT treatment, currency conversion. Matches invoice against the approved budget line.
Reads bank PDFs, matches amounts, dates and counterparties to invoices. Flags unmatched payments.
Live Action and VFX/Animation variants. Explains each criterion and pre-computes a score based on script metadata & crew mix.
Verifies the crew excel sticks to Screen Malta's template; rejects free-form uploads; resolves OFA linkage.
Validates codes and registration numbers against live EU VIES, Maltese MBR, and selected foreign registries.
Cross-checks distribution declarations against industry databases (IMDb Pro, Box Office Mojo, distributor sites).
Surfaces related-party charges, checks markup disclosures, flags anomalies compared with historic norms.
Auto-assembles the "top sheet" expenditure summary (Footnote 173) from underlying invoices and budget lines.
Walks applicants through every form, answers "what's a compliance certificate?", links back to the guideline section.
Summarises every application in 1 paragraph; explains each AI flag; drafts "missing documents" emails to applicants.
Compares each application against 11 years of imported data — surfaces outliers in spend, crew ratios, per-diem costs.
All agents feed one queue. Each flag is human-overridable. Every override feeds back into the next training cycle.
Block = upload rejected client-side (with reason). Warn = accepted with flag. Note = passes, informational only.
All inference runs in EU data centres; contracts are never used for public model training. GDPR DPA included.
OFA is not replaced — it becomes the authoritative directory of Maltese industry talent and service providers. The Rebate platform borrows from OFA; OFA borrows back the crew captured at application stage.
Result: no more "we still don't have the crew list" three months after wrap.
Every application, status, coordinator, stage, AI-flag count, last activity. Filter by production, stage, year, spend.
Assigned coordinator visible, but the whole team has full-access visibility as requested.
One unified queue of AI flags across all applications. Resolve, override, or escalate.
Structured form, approval workflow, letter generation, Ministry export.
Single-click download for external auditor — structured folders, manifest file, integrity checksums.
Fine-grained: Applicant · LSP · Coordinator · Reviewer · Ministry-Viewer · Auditor.
If the upload does not conform, it is rejected at the point of upload — never cluttering the reviewer queue.
If Movie Magic export is unavailable, the producer exports to Excel; the template enforces structure.
Every line is tagged against the MFC eligibility codes and surfaced in three colours:
Each classification cites the MFC clause it is based on, so overrides are defensible in audit.
Modelled on Screen Malta's guidelines (Film & TV, Reality & Game Shows, Construction, Rate Card) — so the applicant never has to hunt through PDFs again.
Screen Malta's historic application data (specific BI fields, per the Matthew brief) is imported, normalised and indexed — forming a single, clean historical baseline.
Dashboards are built on a semantic layer — so Ministry briefings, parliamentary questions, and internal performance reviews all pull from a single source of truth.
Shadcn / Tailwind · accessible by default · exported to Cloudflare Pages.
Row-level security, audit log on every write, time-travel on every record.
Orchestrated via an agent router with cost and latency SLOs per agent.
Encryption at rest & in transit, signed URLs, legal-hold per application.
Single login spans both systems; MFA enforced for reviewers.
Out-of-the-box connectors and webhooks for Ministry systems.
Who saw what · when · overrode which AI flag · logged immutably.
SOC-style controls, pen-test prior to go-live, GDPR DPA.
The Cash Rebate Platform is hosted on a sovereign cloud architecture designed and operated by VERACLOUD — the same team responsible for regulated banking workloads at BOV, BNF Bank and FimBank. Screen Malta retains full data ownership; nothing leaves the EU.
Multi-AZ Azure deployment with warm DR to a secondary EU region. Data residency is locked to the EU on every layer — storage, compute, inference and logs.
24/7 monitored by VERACLOUD's SOC team in Malta & Greece. Weekly threat-hunt reports; monthly compliance posture reviews.
Conditional access, hardware-key MFA for reviewers, device compliance, break-glass emergency accounts audited quarterly.
Daily point-in-time backups, 35-day retention, legal-hold per application. Annual DR exercise with Screen Malta observer.
No public database surface. Web Application Firewall, rate limiting, geo-fencing, DDoS protection at the edge.
The Cash Rebate programme handles tax-incentive disbursements, supplier invoices and personal data of industry professionals. Security is not a late-stage bolt-on — it is architected in from the first line of code.
Full Data Processing Agreement, Record of Processing Activities, Privacy Impact Assessment, and data-subject request workflow delivered before UAT.
Mapped to Annex A controls; both partners already operate under this framework. Control evidence auto-generated into an evidence vault.
Threat modelling per module, dependency scanning, SAST/DAST in CI, signed commits, peer review mandatory on every PR.
Independent CREST-accredited pen-test pre-go-live; retest after remediation; executive summary shared with Screen Malta.
Every database read is scoped. A reviewer cannot see an application they are not assigned to; applicants cannot see each other.
Every view, download, AI-flag, override and file upload is logged to append-only storage with 7-year retention.
Each AI agent ships with a model card, cited reasoning, human-override rights, and "right to explanation" for applicants.
Workflow mirrors the Malta State Aid Guide requirements — cumulation checks, transparency, Ministry reporting paths.
All inference runs on zero-retention endpoints. Contracts, invoices and crew data are never used to train foundation models.
This programme is delivered by a fixed, named squad that stays with Screen Malta from kickoff through hyper-care. No staff rotation without written approval.
30 minutes. Screen Malta + SKIOS + VERACLOUD. What shipped, what's blocked, what's next.
Live demo of what was built in the past 2 weeks; backlog re-prioritised together.
Screen Malta leadership, SKIOS Programme Director, VERACLOUD Infra Architect. Risks, budget, scope.
Threat-hunt summary, control evidence, incidents, pen-test status, AI governance update.
Screen Malta has a live dashboard link from day one: burndown, open risks, AI flag trend, applications by stage, upcoming milestones, infrastructure health. No status-report email chains.
From first-touch to provisional approval — target reduction after migration.
AI-side rejection means invalid docs never reach the reviewer queue.
Crew list uploaded upfront instead of post-wrap.
From complete submission to coordinator decision.
Measured quarterly by VERACLOUD, reported in the steering pack.
Zero tolerance. Any near-miss triggers a full review.
Measured by reviewer override rates; tuned against a golden set each sprint.
Every action on every record, signed and immutable.
Measured after every final submission; quarterly trend review.
| Risk | Likely impact | Mitigation |
|---|---|---|
| Historic data quality | Inconsistent 11-year spreadsheets | Data-quality scorecard per year + reconciliation workshops with the Cash Rebate team before go-live. |
| OFA coupling | API instability during transition | Dual-write period; canary traffic; explicit fallback path with OFA team agreed on week 2. |
| Movie Magic format drift | Parser breaks on new MM versions | Excel fallback is always available; parser covered by a regression suite against 15+ real budgets. |
| AI false-positives | Genuine documents wrongly blocked | Only narrow rules block; rest are "warn". Override path with one-click human approval; weekly precision review. |
| Regulatory change | Guidelines evolve mid-build | Guideline content stored as configuration, not code — updates are a content change, not a release. |
| Key-person dependency | Squad member unavailable | Named backups per role inside both SKIOS and VERACLOUD. Knowledge base maintained weekly. |
| Budget creep | Scope expands during build | Fixed-scope contract; change requests go through a lightweight CR process with Screen Malta sign-off. |
Two-day hands-on workshop; scenario-based exercises using live historic applications; persona-specific playbooks.
On-demand video library + a 45-minute onboarding webinar. LSP-specific help-centre in the chatbot.
Guided wizard, contextual help bubbles, and the chatbot on every page. No manual to read.
30-minute orientation covering the audit portal, manifests, integrity checks and download flow.
PowerBI dashboard walkthrough plus a one-page briefing template for parliamentary questions.
Dedicated Slack/Teams channel with SKIOS + VERACLOUD. Named humans on the other end. Included in the fixed price.
Workshops with the Cash Rebate team, LSPs and OFA. Locked data model. Wireframes & approval criteria.
Structured e-forms, SSO, company profiles, OFA directory sync, LSP dropdown.
Contract vetter, compliance checker, budget classifier (.mov + .xlsx), chatbot, reviewer co-pilot.
Invoices · payslips · proofs of payment · contracts · expenses — with auditor export.
11-year import, reconciliation, dashboards, Ministry reports.
Shadow-run in production; feedback loop; AI flag tuning.
Security review, penetration test, hand-over, launch.
Fixed-scope · ex-VAT · all-in.
Covers discovery, build, AI agents, OFA integration, data migration of 11 years of historic data, dashboards, pilot, training and 90 days of post-launch hyper-care.
| Work package | Deliverable | Investment |
|---|---|---|
| 1 · Discovery & design | Workshops · data model · wireframes · acceptance criteria | €22,000 |
| 2 · Core platform | Profiles · applications · SSO · OFA binding · LSP directory | €48,000 |
| 3 · AI agent suite (14 agents) | Contract · compliance · budget · OCR · POP · anomaly · chatbot · co-pilot etc. | €72,000 |
| 4 · Crew & budget module | Crew sheet validator · Movie Magic + Excel · eligibility engine | €28,000 |
| 5 · Final submission & auditor portal | Sectioned uploads · invoice explorer · auditor export · manifest | €32,000 |
| 6 · Back-office cockpit | Application list · coordinator assignment · queue · advance payments | €24,000 |
| 7 · Data migration (11 years) | ETL · reconciliation · DQ reports · identity resolution | €18,000 |
| 8 · PowerBI & analytics | Semantic model · Ministry dashboards · Parliamentary report pack | €14,000 |
| 9 · Security · UAT · go-live · training | Pen-test · UAT · team training · 90-day hyper-care | €17,000 |
| Total (ex-VAT) | €275,000 | |
OFA continues — but slims down into the authoritative directory of people and service providers. Everything workflow-shaped migrates into the Rebate platform.
The "block" class only triggers on clear-cut violations (wrong entity in a contract, cert older than 3 months). Edge cases are "warn", meaning the applicant can proceed while a reviewer decides.
We parse .mov natively. Where a production cannot export from Movie Magic, they export to Excel and use our format-locked template — which the budget classifier accepts identically.
The applicant sees an in-line warning ("Your application may be declined"). The backend escalates it with a high-visibility alert — as per the brief.
Yes — any section can be filled by either party, with full attribution. The submission email fans out to both.
Yes. IP assigned on final-milestone payment. SKIOS retains a licence for the underlying AI orchestration framework.
We propose a 60-minute review with the Cash Rebate team and a representative LSP — and a decision within two weeks to start the build.