Artificial Intelligence and the Law in Malaysia: Challenges, Opportunities, and the Road Ahead

By / Uncategorized

Artificial Intelligence (AI) is rapidly transforming industries and public services across the globe. From predictive analytics in banking to facial recognition in security, AI technologies are becoming increasingly embedded in our society. However, this digital revolution raises a host of legal questions, especially in areas such as liability, data protection, intellectual property, and governance. While Malaysia has made strides toward digital transformation, its legal framework must evolve in parallel to address the implications of AI-driven innovation.

Legal Framework for AI in Malaysia: A Work in Progress

The existing legislation and policies in Malaysia are not comprehensive enough to govern the law on AI. Some laws in Malaysia touch on key aspects of AI:

  • The Personal Data Protection Act 2010 (PDPA)

This is the core data protection law, which governs the collection, use, processing, and disclosure of personal data by commercial entities. AI systems often rely on vast amounts of personal data to function effectively. This reliance amplifies privacy concerns, particularly in areas such as biometric surveillance, predictive policing, and targeted advertising. The PDPA 2010 provides some safeguards, such as requirements for consent, purpose limitation, and data security.

However, the shortcomings of the PDPA 2010 are:

a. It does not apply to the public sector and government authorities;

b. It lacks provisions for automated decision-making and profiling, unlike the EU’s General Data Protection Regulation (GDPR);

c. It lacks strong enforcement mechanisms and penalties, which limits its deterrent effect; and

d. It lacks public sector applicability, allowing government-led AI systems to operate without oversight under the PDPA.

  • Malaysian Communications and Multimedia Commission (MCMC) and Bank Negara Malaysia (BNM)

The sectoral authorities, such as MCMC and BNM, have issued guidelines and consultation papers on the responsible use of emerging technologies, including AI, especially in fintech and telecommunications. BNM also implements regulatory sandboxes to supervise and govern fintech.

  • The Digital Economy Blueprint (MyDIGITAL) and National AI Roadmap (2021–2025)

These policy documents outline Malaysia’s vision for becoming a regional leader in AI and digital technology. While not legally binding, they signal a strong government commitment to ethical and human-centric AI development.

The National AI Roadmap does emphasize the need for ethical and trustworthy AI, calling for mechanisms to ensure transparency, fairness, and accountability. However, without legislative force, such principles remain aspirational.

  • Intellectual Property Rights in AI-Generated Works

Another emerging issue is whether AI-generated inventions or creative works can be protected under Malaysian intellectual property (IP) laws.

a. Copyright under Malaysia’s Copyright Act 1987 currently requires a human author for protection to apply. This creates uncertainty for works generated autonomously by AI.

b. Patents similarly require a human inventor. Malaysia has yet to recognize AI as a legal person capable of holding rights.

c. This gap in IP law may discourage innovation or lead to disputes over ownership when AI is used to generate commercial outputs. Policy makers may need to consider reforms that define ownership rules and authorship for AI-generated content.

  • Cyber Security Act 2024

This legislation aims to strengthen cyber defences and enhance the country’s resilience against emerging threats by putting the necessary measures in place in Malaysia. It defines clear regulations on cybercrime, data breaches, and cybersecurity practices.

  • Data Sharing Act 2025

This Act aims to govern the data sharing mechanism between organisations, governments, and individuals. It may streamline data flow while ensuring privacy, security, and transparency. However, there might be an increased risk of cyberattacks or unauthorized access, potentially exposing citizens’ private information. Citizens may lose control over how their data is shared and used.

2.         AI and Liability

AI systems can act autonomously, making decisions without direct human input. This raises complex questions around liability when things go wrong, such as in autonomous driving, algorithmic trading, or medical diagnosis.

The legal system in Malaysia is based on common law, which relies on tort law and contract law to determine liability. However, these doctrines may fall short when applied to AI-related harm:

a. Negligence and foreseeability become difficult to prove when outcomes are generated by complex algorithms; and

b. Product liability could apply if AI systems are deemed defective, but it may be challenging to pinpoint whether the fault lies with the developer, the data provider, or the end-user.

So far, Malaysian courts have not dealt with landmark AI liability cases, but such scenarios are likely to emerge as adoption grows.

Regulatory and Ethical Challenges Ahead

Malaysia is at a pivotal moment. On one hand, Malaysia is marching into the digital economy. On the other hand, its legal and regulatory framework must evolve to prevent discrimination, harm, and misuse from AI technologies. Some suggestions for the regulations of AI are:

a. Developing AI-specific legislation or a code of ethics that addresses bias, accountability, transparency, and explainability.

b. Reforming the PDPA to address gaps in automated decision-making and expand its scope to include the public sector.

c. Strengthening capacity among regulators and the judiciary to deal with the technical and ethical challenges of AI.

d. Promoting cross-sector collaboration between technologists, lawmakers, civil society, and academia to shape a balanced regulatory ecosystem.

Conclusion

As Malaysia embraces the digital era, the legal system must keep pace with the fast-evolving world of AI. The current patchwork of regulations and guidelines provides a basic foundation, but it is not sufficient to address the multifaceted legal challenges posed by AI. Malaysia has a unique opportunity to craft a regulatory framework that not only supports innovation but also protects individual rights and upholds public trust in technology. By taking proactive steps now, through law reform, stakeholder engagement, and international co-operation, Malaysia can position itself as a regional model for responsible and legally robust AI governance.