Malaysia’s bold move to register all internet messaging and social media service providers with eight million or more users has sent shockwaves through the tech world—and for good reason. It’s a game-changer for digital accountability and regulation, but here’s where it gets controversial: is this a masterstroke in governance or an overreach that could stifle innovation? Let’s dive in.
Cybersecurity experts are hailing this decision as a regulatory triumph. Prof Dr Selvakumar Manickam, Director of the Universiti Sains Malaysia Cybersecurity Research Centre, calls it “nothing short of a regulatory masterstroke.” Instead of passively waiting for tech giants to navigate bureaucratic red tape, Malaysia has effectively installed an automatic gate—a system that ensures these companies fall under regulatory oversight the moment they enter the market. No delays, no voluntary opt-ins, just immediate compliance. And this is the part most people miss: it’s not just about control; it’s about protecting users through stronger data protection and safety-by-design approaches.
But here’s the catch: will it work as intended? Cybersecurity expert Fong Choong Fook points out that while a licensing program provides clear guidelines for providers, its success hinges on enforcement. Without robust implementation, the much-anticipated Online Safety Act 2025 (Onsa) risks becoming a “paper tiger.” Fong suggests scaling penalties based on revenue—a move that’s gaining traction globally. He even proposes holding Malaysian-based social media platform CEOs criminally liable for non-compliance. Bold? Yes. Effective? That’s up for debate.
Prof Selvakumar echoes this sentiment, arguing that the current RM10 million fine for non-compliance is a mere slap on the wrist for tech giants. He advocates for Malaysia to follow the European Union’s lead, which recently imposed steep fines on Apple and Meta for legal breaches. But here’s the controversial question: Is Malaysia ready to wield such a heavy stick, or could this drive tech companies away? The proposed “carrot and stick” model—cooperative frameworks paired with harsh penalties—sounds promising, but its success depends on execution.
Here’s the bigger question for you: Is Malaysia’s approach a necessary step toward digital safety, or does it risk overregulation? Should penalties be scaled to revenue, and is criminal liability for CEOs a step too far? Let’s spark a conversation—share your thoughts in the comments below!
