Perspectives
Malaysia’s New Licensing Framework: Navigating Digital Accountability and Safety
By Dr Justin Ong, Regulatory & Financial Risk Leader, Deloitte Southeast Asia
KUALA LUMPUR, 11 DECEMBER 2024 – Amid escalating concerns about online harm in Malaysia, the Malaysian Communications and Multimedia Commission (MCMC) has introduced a regulatory framework for social media services and internet messaging service providers. This initiative signals a pivotal shift in digital safety, accountability, and the broader digital ecosystem. It aims to tackle pressing issues such as user safety, harmful content moderation, and the protection of vulnerable groups. With the introduction of the licensing regime, businesses operating in the digital space will need to navigate new compliance requirements, underscoring the evolving expectations in Malaysia’s digital ecosystem.
Prior to the introduction of this regulatory framework, Service Providers were exempted from obtaining a license pursuant to the Communications and Multimedia (Licensing) (Exemption) Order 2000. Under the new regulations however, service providers with at least 8 million users in Malaysia are required to obtain an Applications Service Provider Class (ASP(C)) License from the MCMC. Social media and messaging platforms, including Facebook, Instagram, TikTok, WhatsApp, and Telegram, are expected to comply with this framework within the five-month grace period from 1 August 2024. Providers failing to secure the ASP(C) License by 31 December 2024 may face penalties and enforcement actions.
The Malaysian government’s efforts to regulate such Service Providers are part of a broader global trend to address online harm and ensure online safety. Other countries in the APAC region, such as Singapore, Indonesia, Thailand, and India have also implemented similar regulations to tackle these challenges. The Malaysian government’s new regulatory framework combines measures such as licensing requirements, content moderation, and user reporting mechanisms to achieve its objectives.
Introduced on 1 August 2024, the MCMC gazetted a new regulatory framework for social media services and internet messaging service providers (Service Providers). This framework represents a landmark shift in the country’s digital regulation landscape, aligning with global regulatory trends, such as the EU’s Digital Services Act (DSA) and the Digital Markets Act (DMA). These frameworks seek to enhance platform accountability and protect users, addressing challenges such as misinformation, cyberbullying, scams, and harmful or illegal material.
This regulatory framework represents a significant step in supporting Malaysia’s digital transformation journey by enhancing safeguarding measures, promoting data privacy, and fostering a secure digital ecosystem. While presenting new challenges, this framework provides businesses an opportunity to drive innovation, foster trust, and shape a safer, more inclusive digital future for Malaysia.
Key obligations of the regulatory framework include:
- Licensing Requirement: Platforms with a substantial Malaysian user base must apply for an ASP(C) License. The application must be submitted by 31 December 2024.
- Local Incorporation: Service providers must be locally incorporated in Malaysia to meet the licensing requirements, which may present challenges for foreign-based companies.
- Content Moderation and Safety: Platforms are required to implement robust content moderation measures to address harmful content such as misinformation, cyberbullying, and illegal material. This includes having processes to handle user complaints and ensure prompt removal of flagged content.
- Reporting Obligations: Platforms must submit regular reports to the MCMC, detailing their compliance with content moderation and safety protocols.
Challenges for Service Providers
Service providers within scope must establish a locally incorporated entity in Malaysia, presenting challenges such as navigating tax and legal requirements, structuring legal entities, and managing associated administrative and operational costs. These include compliance with corporate laws, incorporation fees, and setup expenditures, all of which require careful strategic planning.
Additionally, companies will need to ensure they have the appropriate systems in place to monitor and remove harmful content, including appointment of a local content moderation team. They will also need to have infrastructure in place to support reporting, respond to user reports and flags, and establish and enforce clear limits on the use of personal data in advertising.
The requirements related to conducting risk assessments will also necessitate the development of policies, risk models and related monitoring and reporting systems. All of which will require the implementation of appropriate governance, oversight, and controls.
Companies that are not yet within scope of the framework, will also have to consider if expansion within the Malaysian market will lead to future licensing requirements or if the MCMC will expand the scope of application at a future date and what this will mean for their business.
To meet the complexities and challenges that come with navigating new regulatory frameworks, it is crucial for global platforms to have strong digital regulations capabilities to ensure a smooth and successful implementation process.
Dr Justin Ong is Deloitte Southeast Asia’s Regulatory & Financial Risk Leader. The above views are his own.
Deloitte Malaysia
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL. Members of Deloitte Asia Pacific Limited and their related entities, each of which is a separate and independent legal entity, provide services from more than 100 cities across the region, including Auckland, Bangkok, Beijing, Bengaluru, Hanoi, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne, Mumbai, New Delhi, Osaka, Seoul, Shanghai, Singapore, Sydney, Taipei and Tokyo.
About Deloitte Malaysia
In Malaysia, services are provided by Deloitte PLT (LLP0010145-LCA) (AF0080), a limited liability partnership established under Malaysian law, and its affiliates.
This communication contains general information only, and none of DTTL, its global network of member firms or their related entities is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.
No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication.
© 2024 Deloitte PLT
Press contact:
Samantha Yong
Tel: +603 7624 3502
Email: zeyong@deloitte.com
Maxine Gui
Tel: + 60 3 7610 8954
Email: maxgui@deloitte.com