Detailed overview
Malaysia does not currently have a single horizontal AI Act. Its AI framework is based on national AI strategy, official governance and ethics guidelines, data-protection law, sectoral regulation and the work of the National AI Office.
National Guidelines on AI Governance and Ethics
Malaysia has published The National Guidelines on AI Governance and Ethics. These guidelines provide a national reference for responsible AI development and use. They cover AI governance, ethical principles, accountability, risk management, transparency, fairness, data governance, safety, security, privacy and human oversight.
The guidelines are intended to assist organisations that develop, procure, deploy or use AI systems. They are not a general AI licensing law. Their function is to help organisations structure AI governance, internal policies, risk controls and responsible-use practices.
National AI Office
Malaysia has also launched the National AI Office, or NAIO, under the Ministry of Digital. The NAIO is intended to shape AI policies and regulatory frameworks, support AI adoption and promote ethical and inclusive AI development.
Existing-law overlays
Where AI systems process personal data, Malaysia's personal-data protection framework may apply. AI used in finance, healthcare, telecommunications, employment, public services, advertising or consumer services may also trigger sector-specific obligations.
Penalties
Malaysia does not currently have one AI-specific penalty table equivalent to the EU AI Act. Penalties depend on the breached legal framework, such as data protection, communications regulation, financial regulation, healthcare regulation, consumer protection, employment law or criminal law.
Practical requirements & details
Sourced from the National Guidelines on AI Governance and Ethics (MOSTI, Sept 2024), the Personal Data Protection Act 2010 + 2024 amendments, the National AI Office (NAIO), and BNM AI in financial services discussion paper.
National Guidelines on AI Governance and Ethics
- Seven principles: fairness; reliability, safety and control; privacy and security; inclusiveness; transparency; accountability; pursuit of human benefit and happiness.
- Practical guidance for developers, providers and end-users.
National AI Office (NAIO)
- Under the Ministry of Digital; shapes AI policy, regulatory frameworks, AI adoption support.
PDPA 2010 + 2024 amendments
- Lawful basis (consent), purpose limitation, security, retention, individual rights.
- Mandatory data breach notification (Personal Data Protection (Amendment) Act 2024).
- DPO appointment requirement for certain data users.
- Cross-border transfer rules tightened.
- Fines up to MYR 1 million plus imprisonment.
Sector overlays
- BNM Discussion Paper on AI in Financial Services (2024) — governance, fairness, model risk, third-party risk.
- MCMC Code on online safety, AI-generated harmful content.
- MOH AI medical-device guidance.