HOME/All Jurisdictions/MY

MY — Country Profile

Malaysia

84TOTAL
66OFFICIAL SOURCES
3TOPIC AREAS
Law / Act11
Executive Order24
National Strategy14
Other35
13 MAR 2026 · Executive Order

Communications and Multimedia Commission's online safety plan under Online Safety Act

On 13 March 2026, the Malaysian Communications and Multimedia Commission closes the consultation on the online safety plan under the Online Safety Act 2025. The consultation gathers information on the requirements under Section 20 of the Act, which obliges licensed application service providers and licensed content application service providers operating in Malaysia to develop, publish, and submit an Online Safety Plan to the Commission. The plan must explain how providers comply with statuto...

Content Moderationmcmc.gov.my ↗
13 FEB 2026 · Other

Communications and Multimedia Commission investigation into alleged false narratives pertaining to race, religion, and royalty distributed on Facebook and TikTok

On 13 February 2026, the Malaysian Communications and Multimedia Commission (MCMC) announced an investigation under Section 233(1)(a) of the Communications and Multimedia Act 1998 into the spread of false narratives relating to race, religion, and royalty (3R) on social media platforms, including Facebook and TikTok. The investigation concerns viral content relating to an accident in Selangor, which the Royal Malaysia Police clarified arose from a personal land access dispute. MCMC identified...

Content Moderationmcmc.gov.my ↗
03 FEB 2026 · Other

Report on compliance with social media content takedown requests under Communications and Multimedia Act and Online Safety Act

On 2 March 2026, Malaysia’s Ministry of Communications reported that social media platforms complied with around 90% of 115,161 government requests to remove online content during January and February 2026. It was highlighted that 103,986 requests were submitted under the Communications and Multimedia Act 1998, while additional cases were assessed under the Online Safety Act 2025, covering offences including financial fraud, obscene harassment, indecent content, threatening or insulting haras...

✓ OfficialContent Moderationkomunikasi.gov.my ↗
23 JAN 2026 · Other

Malaysian Communications and Multimedia Commission investigation into X over alleged misuse of artificial intelligence to generate harmful content

On 23 January 2026, the Malaysian Communications and Multimedia Commission (MCMC) lifted the temporary restriction on access to the Grok application on the X platform, after X implemented additional preventive and safety measures. The MCMC noted that a meeting was held on 21 January with the Ministry of Communications and X representatives to review compliance with Malaysian law and the implementation of safeguards. The MCMC will continue to monitor Grok to ensure ongoing compliance. Any futu...

Content Moderationmcmc.gov.my ↗
20 JAN 2026 · Other

Communications and Multimedia Commission investigation into China Press over alleged publication of false online content

On 20 January 2026, the Malaysian Communications and Multimedia Commission (MCMC) opened an investigation into China Press under Section 233 of the Communications and Multimedia Act 1998 following public complaints about allegedly false online content. The investigation concerns online content published by China Press relating to a speech by the King of Malaysia at the Opening Ceremony of Parliament, which complainants allege constitutes an improper use of network or communications services w...

Content Moderationmcmc.gov.my ↗
01 JAN 2026 · Law / Act

Content moderation authority governance in Online Safety Act 2025 (Act 866)

On 1 January 2026, the Online Safety Act 2025, including content moderation authority governance, enters into force. The Act applies to licensed service providers, including Application Service Providers (ASPs), Content Application Service Providers (CASPs), and Network Service Providers (NSPs). The Act requires service providers to implement risk-based safety measures, child protection safeguards, and reporting mechanisms. The Act establishes an Online Safety Committee to oversee and regulat...

✓ OfficialContent Moderationlom.agc.gov.my ↗
01 JAN 2026 · Executive Order

Content moderation regulation in Online Safety (Period) Regulations 2025 [P.U.(A) 465/2025]

On 1 January 2026, the Online Safety (Period) Regulations, including content moderation rules under the Online Safety Act 2025, enter into force. The Regulations apply to licensed application service providers, licensed content application service providers, and the Malaysian Communications and Multimedia Commission (the Commission). They establish prescribed timeframes for content moderation and complaint procedures. Service providers must act promptly on user reports under the Online Safety...

✓ OfficialContent Moderationlom.agc.gov.my ↗
01 JAN 2026 · Executive Order

Online Safety (Online Safety Appeal Tribunal) Regulations 2025 [P.U.(A) 478/2025]

On 1 January 2026, the Online Safety (Online Safety Appeal Tribunal) Regulations under the Online Safety Act 2025 enter into force. The Regulations establish procedures for appeals against written instructions, determinations, directions, or decisions of the Malaysian Communications and Multimedia Commission (MCMC) on online safety matters. The Regulations provide that aggrieved individuals or entities must file a notice of appeal within 14 days with an RM 1'000 fee, after which the Tribunal ...

✓ OfficialContent Moderationlom.agc.gov.my ↗
01 JAN 2026 · Executive Order

Online Safety (Fees) Regulations 2025 [P.U.(A) 466/2025]

On 1 January 2026, the Online Safety (Fees) Regulations under the Online Safety Act 2025, enter into force. The Act provides that the Malaysian Communications and Multimedia Commission may issue directions to service providers and shall maintain a register of such directions. The Regulations apply to parties seeking access to the Malaysian Communications and Multimedia Commission’s register of directions. They set a fee of RM 100 for inspection of the register and RM 1 per page for copies or ...

✓ OfficialContent Moderationlom.agc.gov.my ↗
31 OCT 2025 · Other

Communications and Multimedia Commission lawsuit against Telegram channels over allegedly spreading harmful content

On 31 October 2025, the High Court in Kuala Lumpur issued an Erinford injunction in favour of the Malaysian Communications and Multimedia Commission (MCMC) in proceedings against the Telegram platform as an application service provider class licensee under the Communications and Multimedia Act 1998. This ruling followed an interim injunction ruling issued on 19 June 2025 after Telegram reportedly did not respond to repeated notifications from MCMC concerning the channels “Edisi Siasat” and “E...

Content Moderationmcmc.gov.my ↗
26 OCT 2025 · Other

Prohibition of digital services tax in United States-Malaysia Agreement on Reciprocal Trade

On 26 October 2025, the United States and Malaysia signed an Agreement on Reciprocal Trade. The Agreement provides that Malaysia shall not impose digital services taxes discriminatory against US companies in law or in fact.

✓ OfficialNational Strategywhitehouse.gov ↗
05 OCT 2025 · Other

Malaysian Communications and Multimedia Commission investigation into allegedly offensive content for potential violation of Section 233 of the Communications and Multimedia Act

On 10 May 2025, the Malaysian Communications and Multimedia Commission (MCMC) announced an investigation into content uploaded to a personal Facebook account, suspected of containing elements deemed offensive under Section 233 of the Communications and Multimedia Act 1998 (CMA 1998). The content is alleged to involve extreme material related to religion, race, and the Royal Institution. Acting under Section 247 of the CMA 1998, MCMC obtained a search warrant from the Magistrate’s Court in Kua...

Content Moderationmcmc.gov.my ↗
28 AUG 2025 · Law / Act

Gig Workers Bill (Bill No. D.R. 27/2025)

On 28 August 2025, the Gig Workers Bill was passed by the House of Representatives. The Bill applies to the country's 1.2 million gig workers across platform-based services, including e-hailing and food delivery, and specified sectors, including acting, journalism, care services, and creative industries. The Bill introduces protections, including mandatory written service agreements, worker rights against unfair termination and discrimination and platform transparency requirements for automat...

National Strategyparlimen.gov.my ↗
12 AUG 2025 · Executive Order

Order appointing implementation date for Online Safety Act 2025 (P.U. (B) 449/2025)

On 8 December 2025, Malaysia’s Minister of Communications appointed 1 January 2026 as the date on which the Online Safety Act 2025 (Act 866) will enter into force, in accordance with subsection 1(2) of the Act. This subsection empowers the Minister to appoint the commencement date by notification in the Gazette. The Act regulates harmful online content and establishes the duties and obligations of application service providers, content application service providers, and network service provid...

✓ OfficialContent Moderationlom.agc.gov.my ↗
09 AUG 2025 · Executive Order

Data Protection Authority Regulation regulation amending Personal Data Protection Regulations (335/2013)

On 8 September 2025, the Malaysian Data Protection Authority closes the consultation on the regulation amending the Personal Data Protection Regulations 2013 (335/2013). First, the draft regulation changes all references in the original Regulation from “data user” to “data controller”. Second, the draft regulation obliges data controllers to display business contact information for appointed Data Protection Officers or other individuals responsible for handling matters relating to personal da...

National Strategypdp.gov.my ↗
28 JUL 2025 · Executive Order

Department of Personal Data Protection's notification requiring registration of data users under the Personal Data Protection Act 2010

On 28 July 2025, the Department of Personal Data Protection of Malaysia issued a notice urging companies and organisations that process personal data in commercial transactions to register as data users under the Personal Data Protection Act 2010 [Act 709]. The Act imposes a mandatory registration obligation, requiring entities to submit an application to the Personal Data Protection Commissioner via the Personal Data Protection System (SPDP) and pay a prescribed fee. It was highlighted that ...

✓ OfficialNational Strategypdp.gov.my ↗
11 JUL 2025 · Other

Communications and Multimedia Commission investigation into TikTok's internal monitoring and enforcement mechanisms against criminal misuse

On 7 November 2025, the Malaysian Communications and Multimedia Commission (MCMC) requested an official explanation from TikTok following reports that the platform was used to recruit individuals for drug smuggling abroad. MCMC sought details on TikTok’s internal monitoring and enforcement mechanisms against criminal misuse, including fake job offers. The Commission reminded that using online platforms for criminal purposes violates Sections 233 and 263(1) of the Communications and Multimedia...

Content Moderationmcmc.gov.my ↗
19 MAY 2025 · Other

Personal Data Protection Department automated decision-making and profiling guideline

On 19 May 2025, the Data Protection Authority closes its consultation on the automated decision-making and profiling guidelines under Malaysia’s Personal Data Protection Act 2010 (Act 709). The guidelines aim to provide clarity on the use of artificial intelligence (AI), machine learning, and other automated processes in decisions that may affect individuals. It also seeks to align Malaysia’s data protection framework with global standards. It introduces proposed definitions for automated dec...

National Strategypdp.gov.my ↗
19 MAY 2025 · Other

Personal Data Protection Department data protection impact assessment guideline

On 19 May 2025, Malaysia's Personal Data Protection Department closes its consultation on the data protection impact assessment (DPIA) guidelines under Malaysia’s Personal Data Protection Act 2010 (Act 709). The guideline outlines minimum requirements and practical steps for organisations to identify, assess, and manage risks associated with personal data processing. The guideline proposes a two-tier quantitative and qualitative threshold to determine when DPIAs are required, a five-step meth...

National Strategypdp.gov.my ↗
15 MAY 2025 · Other

Communications and Multimedia Commission investigation into allegedly offensive representation of national flag in violation of the Communications and Multimedia Act 1998 (AKM 1998)

On 15 May 2025, the Malaysian Communications and Multimedia Commission (MCMC) announced an investigation relating to a social media post featuring an incomplete depiction of the Jalur Gemilang (Malaysia's national flag), following several public complaints. The investigation is being conducted under Section 233 of the Communications and Multimedia Act 1998, which prescribes penalties of up to MYR 500'000 in fines or two years imprisonment, or both, for offenses concerned with offensive content.

Content Moderationmcmc.gov.my ↗
29 APR 2025 · Other

Personal Data Protection Department guidelines on cross-border personal data transfers

On 29 April 2025, the Personal Data Protection Department (PDPD) published guidelines on cross-border personal data transfer, in line with Section 129 of the Personal Data Protection Act 2010 (Act 709). The guideline details mechanisms for transferring data outside Malaysia, such as ensuring data is sent to countries with substantially similar laws or adequate protection levels, obtaining consent from data subjects, and using binding corporate rules, recognised certifications, or standard con...

✓ OfficialNational Strategydrive.google.com ↗
12 MAR 2025 · Other

Communications and Multimedia Commission investigation into illegal content displayed on social media platforms

On 3 December 2025, the Malaysian Communications and Multimedia Commission (MCMC) announced that between 1 January 2024 and 30 November 2025, it had identified 957 cases of child-related obscene content and had secured the removal of 899 posts, corresponding to a compliance rate of 94% from the part of the social media platforms. Tumblr, TikTok, and Facebook were the platforms that most frequently responded. Enforcement activities were carried out through joint operations with the Royal Malay...

✓ OfficialContent Moderationmcmc.gov.my ↗
08 MAR 2025 · Executive Order

Ministry of Digital National Cloud Computing Policy

On 3 August 2025, Malaysia’s Ministry of Digital adopted the National Cloud Computing Policy (NCCP) as a framework for cloud adoption across the country’s digital ecosystem. The policy is structured around five thematic areas covering public sector transformation, private sector development, data protection and privacy, digital inclusion, and environmental considerations. Implementation measures, referred to as Cloud Stacks, correspond to each area. The NCCP includes a multi-tier data classif...

✓ OfficialNational Strategyonline.flippingbook.com ↗
25 FEB 2025 · Other

Personal Data Protection Commissioner guidelines for appointment of data protection officers

On 25 February 2025, the Personal Data Protection Commissioner of Malaysia released Guidelines for the Appointment of Data Protection Officers (DPOs). The guidelines outline the requirements, roles, and responsibilities that data controllers and processors must adhere to, ensuring compliance with the Personal Data Protection Act 2010. The guidelines emphasise the legal requirement for data controllers and processors to appoint DPOs if their processing activities involve personal data exceedin...

✓ OfficialNational Strategypdp.gov.my ↗
25 FEB 2025 · Other

Personal Data Protection Commissioner guidelines on personal data breach notification

On 25 February 2025, the Personal Data Protection Commissioner of Malaysia adopted guidelines on personal data breach notification. This document outlines the requirements and procedures for notifying the Commissioner and affected data subjects in the event of a personal data breach, as mandated by the Personal Data Protection Act 2010 (Act 709). The guidelines emphasise the importance of recognising and reporting personal data breaches, which are defined as incidents that lead to unauthorise...

✓ OfficialNational Strategypdp.gov.my ↗
20 FEB 2025 · Law / Act

Establishment of National Data Sharing Committee in Data Sharing Act of 2025

On 20 February 2025, the Data Sharing Act of 2025 (Act 864) entered into force. The Act stipulates the sharing of data between public sector agencies, while outlining privacy and security requirements. It establishes the National Data Sharing Committee, responsible for formulating policies and strategies on data sharing, overseeing implementation and dealing with administrative matters. The Act stipulates the duties and powers of the Director General of the National Digital Department, includ...

✓ OfficialNational Strategylom.agc.gov.my ↗
11 JAN 2025 · Other

Broadcasting licensing clarification under Communications and Multimedia Act

On 1 November 2025, the Communications and Multimedia Commission (MCMC) issued a statement clarifying that broadcasting licences issued under the Communications and Multimedia Act do not include any requirement for 80% local content. The clarification addressed public claims suggesting that Malaysia was required, under a trade agreement with the United States, to abolish an alleged rule mandating such a quota. MCMC noted that these claims were inaccurate and did not reflect the current broad...

✓ OfficialContent Moderationmcmc.gov.my ↗
08 JAN 2025 · Other

Department of Personal Data Protection guideline on data protection officer competency

On 1 August 2025, the Department of Personal Data Protection released the data protection officer (DPO) competency guideline, which provides a structured framework for assessing and developing the functional competencies required of Data Protection Officers (DPOs) under the Personal Data Protection Act 2010 (Act 709), as amended by the Personal Data Protection (Amendment) Act 2024. The guideline sets out six core competency areas, namely advisory and support, risk management and assessment, c...

✓ OfficialNational Strategypdp.gov.my ↗
08 JAN 2025 · Other

Department of Personal Data Protection data protection officer professional development pathway and training roadmap

On 1 August 2025, the Department of Personal Data Protection released the data protection officer (DPO) professional development pathway and training roadmap, outlining a prospective framework to support the structured development of DPO capabilities aligned with the DPO competency guideline. The roadmap introduces a two-tier training structure, fundamental and advanced, designed according to the complexity and sensitivity of personal data processing activities. The fundamental tier focuses o...

✓ OfficialNational Strategypdp.gov.my ↗
06 JAN 2025 · Law / Act

Data protection regulation in Personal Data Protection (Amendment) Act 2024

On 1 June 2025, sections 6 and 9 of the Personal Data Protection (Amendment) Act 2024 (Act A1727) entered into force, mandating the appointment of data protection officers for data controllers and processors and introducing the right to data portability, subject to technical feasibility and format compatibility.

✓ OfficialNational Strategypdp.gov.my ↗
06 JAN 2025 · Other

Personal Data Protection Department appointment of Data Protection Officer guideline

On 1 June 2025, the Personal Data Protection Department's circular on Data Protection Officer appointment (Circular No. 1/2025) enters into force. The circular implements the amended Personal Data Protection Act by requiring organisations that process large volumes of personal data to appoint qualified DPOs. The DPO appointments are required if an organisation processes personal data of over 20’000 individuals, handles sensitive data (such as financial information) for more than 10'000 indivi...

✓ OfficialNational Strategypdp.gov.my ↗
06 JAN 2025 · Executive Order

Personal Data Protection Commissioner circular on personal data breach notification implementing Personal Data Protection (Amendment) Act

On 1 June 2025, the Personal Data Protection Commissioner’s circular on personal data breach notification (Circular No. 2/2025) enters into force. Under the circular, data controllers must notify the Commissioner as soon as practicable upon suspecting a breach and submit detailed information within 72 hours of the incident. If the breach is likely to cause significant harm, affected individuals must also be informed within seven days of the Commissioner being notified, using clear and accessi...

✓ OfficialNational Strategypdp.gov.my ↗
04 JAN 2025 · Law / Act

Cross-border data transfer regulation in Personal Data Protection (Amendment) Act 2024

On 1 April 2025, section 129 of the Personal Data Protection (Amendment) Act 2024 (Act A1727) entered into force, removing the previous white-list regime for cross-border data transfers. Under the amended provisions, data controllers may transfer personal data to jurisdictions providing comparable levels of protection, contingent upon conducting impact assessments to evaluate safeguards in recipient countries. This change was implemented alongside other amendments in sections 2, 3, 4, 5, 8, 1...

✓ OfficialNational Strategypdp.gov.my ↗
03 JAN 2025 · Other

Securities Commission and Communications and Multimedia Commission joint initiative to strengthen regulatory oversight against online scams

On 1 March 2025, the Securities Commission (SC) and Communications and Multimedia Commission (MCMC) announced a joint initiative to strengthen regulatory oversight against online scams, applying to online service providers and financial sector entities. The initiative enhances enforcement, scam prevention, and regulatory cooperation, including closer collaboration with service providers for faster scam detection and content takedowns. It focuses on the use of artificial intelligence to identi...

✓ OfficialConsumer Protectionmcmc.gov.my ↗
01 JAN 2025 · Executive Order

MCMC code of conduct for internet messaging and social media service providers

On 1 January 2025, the Code of Conduct (Best Practices) for Internet Messaging and Social Media Service Providers came into effect. The code of conduct aims to create a safe online environment for Malaysians, particularly children and vulnerable groups at high risk of exposure to harmful content. It outlines best practices to be adopted by service providers in addressing harmful online content and other conduct requirements. The Code aims to ensure that service providers prioritise online saf...

✓ OfficialContent Moderationmcmc.gov.my ↗
24 DEC 2024 · Executive Order

Ministry of Digital Order on Appointment of Date of Coming into Operation for Personal Data Protection (Amendment) Act 2024 (Act A1727)

On 24 December 2024, the Ministry of Digital gazetted the commencement dates for the Personal Data Protection (Amendment) Act 2024 (Act A1727) in the Federal Government Gazette, acting under subsection 1(2) of the Act. The notice stipulates that sections 7, 11, 13, and 14 of the Act come into force on 1 January 2025. Sections 2, 3, 4, 5, 8, 10, and 12 come into force on 1 April 2025, and sections 6 and 9 come into force on 1 June 2025.

✓ OfficialNational Strategypdp.gov.my ↗
12 DEC 2024 · Executive Order

Cabinet order establishing National AI Office

On 12 December 2024, the National AI Office (NAIO) was launched as the central authority for the governance of artificial intelligence. The NAIO will set strategic directions, guide policymaking, drive research and development, and address regulatory concerns related to AI, with the goal of positioning Malaysia as a leading regional hub.

✓ OfficialNational Strategymydigital.gov.my ↗
26 NOV 2024 · Other

Korea-Malaysia Information Security Cooperation memorandum of understanding

On 26 November 2024, the Korea Internet and Security Agency (KISA) and the Malaysian Communications and Multimedia Commission (MCMC) adopted a memorandum of understanding (MOU) on information and communications network protection. Under the MOU, the parties agree to exchange expertise for capacity building, share best practices and systems for protecting information infrastructure, and collaborate to address emerging technological threats.

✓ OfficialNational Strategykisa.or.kr ↗
11 NOV 2024 · Other

Outline on proactive management of unethical activities

On 11 November 2024, the Malaysian government adopted an outline on proactive management of unethical activities for social media platform operators. The outline advocates more proactive measures by platform operators to block immoral and illegal activities on their platforms, including the use of modern artificial intelligence technology for automatic screening. According to the regulator, the move comes in response to concerns over the slow action by platforms such as Meta in taking down ha...

✓ OfficialContent Moderationkomunikasi.gov.my ↗
18 OCT 2024 · Executive Order

PDPD Personal Data Protection Standards under Personal Data Protection (Amendment) Act 2024

On 18 October 2024, the Personal Data Protection Department (PDPD) closes the public consultation on personal data protection standards (Paper no. 04/2024) in relation to amendments to the Personal Data Protection Act. In particular, the consultation focuses on changes, including transitioning to outcome-based standards that provide more flexibility for data controllers and processors to implement measures according to their risk levels instead of adhering to rigid, prescriptive rules. The pr...

National Strategydrive.google.com ↗