Malaysia’s Parliament passes cybersecurity bill

The bill seeks to enhance Malaysia’s cyber resilience.


To bolster the nation’s defences against cyber threats, the Dewan Negara, the upper house of Malaysia’s parliament, unanimously approved the Cyber Security Bill 2024 on Wednesday, 3 April. Spearheaded by Digital Minister Gobind Singh Deo, the bill seeks to enhance Malaysia’s cyber resilience through the implementation of rigorous measures, standards, and procedures to counter cyber threats effectively.

During the final reading of the Malaysia Cyber Security Bill 2024, Digital Minister Gobind Singh Deo underscored its significance in strengthening the country’s Critical National Information Infrastructure (CNII).

Highlighting the pivotal role of the CNII, which encompasses crucial sectors including government, banking and finance, transportation, defence and national security, information and communication, as well as digital industries, Gobind emphasised the imperative of safeguarding these sectors against malicious cyber attacks aimed at destabilising the nation.

Gobind emphasised that the importance of this bill cannot be overstated, particularly considering the diverse range of sectors encompassed within the CNII. From healthcare and water supply to energy and agriculture, these sectors constitute the nation’s lifeblood, and any disruption caused by cyber threats could result in catastrophic consequences.

Concerns, however, about the Malaysian Cyber Security Bill 2024 and its potential impact on freedom of expression online and on media and broadcast organisations in Malaysia. For instance, ARTICLE 19 expresses deep concerns over the expedited approval of the bill, fearing it will serve as a tool for government censorship of online expression. Granting the government unchecked control over computer-related activities and extensive search and seizure powers, the legislation’s criminal provisions lack the requirement for actual intent to violate, effectively introducing numerous strict liability offences. Consequently, it aligns with the regional trend of increasingly repressive cybersecurity regulations.