Cyber Related Policies and Laws in Malaysia


Cyber Related Policies and Laws in Malaysia

Portal Team 's picture

Posted By: 

Portal Team

The following overview was prepared by Sufian Jusoh Senior Fellow, Institute of Malaysian and International Studies Universiti Kebangsaan Malaysia

Malaysia is among the earliest nation in Southeast Asia that undertake to design a National Cyber Security Policy. Malaysia is also among the earliest nations in Southeast Asia to enact cyber related laws.

The main objective of Malaysia’s National Cyber Security Policy is to address the risks to the Critical National Information Infrastructures (CNII) to ensure that they are protected to the level commensurate with the risks they face. The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets covering several sectors. Such assets include those covering national economic strength, national image, national defence and security, the functioning of the Government and public health and safety.

The National Cyber Security Policy specifies eight policy thrusts, which are to be implemented by the relevant ministries and agencies.

  • Policy Thrust 1: Effective Governance
    The establishment of the National Security Information Centre
    Implementing Agency: Ministry of Science, Technology and Innovations
  • Policy Thrust 2: Legislative and Regulatory Framework
    Reduction in and increased in success of the prosecution of cyber crimes
    Implementing Agency: The Attorney-General’s Chambers
  • Policy Thrust 3: Cyber Security Technology Framework
    Expansion of national certification scheme for information security management and assurance
    Implementing Agency: Ministry of Science, Technology and Innovations
  • Policy Thrust 4: Culture of Security and Capacity Building
    Reduced number of information security incidents through increased awareness and skills
    Implementing Agency: Ministry of Science, Technology and Innovations
  • Policy Thrust 5: Research and development towards self-reliance
    Acceptance of locally developed cyber security products
    Implementing Agency: Ministry of Science, Technology and Innovations
  • Policy Thrust 6: Compliance and Enforcement
    Strengthening information security enforcement in all CNII regulators
    Implementing Agency: Ministry of Communications and Telecommunications
  • Policy Thrust 7: Cyber Security Emergency Readiness
    CNII resilience against cybercrime, terrorism and information warfare
    Implementing Agency: National Security Council
  • Policy Thrust 8: International Cooperation
    Implementing Agency: Ministry of Energy, Green Energy and Water

Malaysia Cyber Security Policy.pdfDownload


The main agency responsible for cybersecurity in Malaysia is National ICT Security and Emergency Response Centre (now known as CyberSecurity Malaysia), under the Ministry of Science, Technology and Innovation. Among the role of CyberSecurity Malaysia is to provide specialised cybersecurity services and to continuously identify possible areas that may be detrimental to national security and public safety. CyberSecurity Malaysia provides specialised cyber security services, including Cyber Security Emergency Services; Security Quality Management Services; InfoSecurity Professional Development and Outreach; and Cyber Security Strategic Engagement and Research.


Technology Roadmap for CyberspaceSecurity


National Cybersecurity Roadmap

national_cybersec roadmap.pdfDownload


Malaysia has also enacted cyber laws as shown below:

The Digital Signature Act 1997: The Digital Signature Act 1997, enforced on the 1st of October 1998, is an enabling law that allows for the development of, amongst others, e-commerce by providing an avenue for secure on-line transactions through the use of digital signatures. The Act provides a framework for the licensing and regulation of Certification Authorities, and gives legal recognition to digital signatures. The Controller of Certification Authority, who has the authority to license and regulate Certification Authorities, was appointed on the 1st of October 1998.

Digital Signature Act 1997.pdfDownload

The Communications and Multimedia Act 1998: The Communications and Multimedia Act 1998 which came into effect on the 1st of April 1999, provides a regulatory framework to cater for the convergence of the telecommunications, broadcasting and computing industries, with the objective of, among others, making Malaysia a major global centre and hub for communications and multimedia information and content services.

The Malaysian Communications and Multimedia Commission was appointed on the 1st November 1998 as the sole regulator of the new regulatory regime.

Although regulation in the form of licensing is provided for, one of the cornerstones of the new regulatory framework is self-regulation by the various industries, including the ICT and multimedia content industries.

Communications and Multimedia Act.pdfDownload

The Copyright (Amendment) Act 1997: The Copyright (Amendment) Act 1997 which amended the Copyright Act 1987 came into force on the 1st of April 1999, to make unauthorised transmission of copyright works over the Internet an infringement of copyright. It is also an infringement of copyright to circumvent any effective technological measures aimed at restricting access to copyright works. These provisions are aimed at ensuring adequate protection of intellectual property rights for companies involved in content creation in the ICT and multimedia environment.

The Computer Crimes Act 1997: The Computer Crimes Act 1997, effective as of the 1st of June 2000, created several offences relating to the misuse of computers. Among others, it deals with unauthorised access to computer material, unauthorised access with intent to commit other offences and unauthorised modification of computer contents. It also makes provisions to facilitate investigations for the enforcement of the Act.


The Telemedicine Act 1997: The Telemedicine Act 1997 is intended to provide a framework to enable licensed medical practitioners to practice medicine using audio, visual and data communications. To date, the Telemedicine Act has yet to be enforced.

Telemedicine Act 1997.pdfDownload

Electronic Government Activities Act 2007

Digital Signature Act 1997.pdfDownload