MALAYSIA Law and Practice Contributed by: Janet Toh, Irene Yong, Krystle Lui and Boo Cheng Xuan, Shearn Delamore & Co.
However, both the Central Bank of Malaysia (BNM) and the SC have emphasised that, cur - rently, cryptocurrency is not a payment instru - ment regulated by BNM. Therefore, cryptocur - rencies are not considered as legal tender in Malaysia. 2. Cloud and Edge Computing 2.1 Highly Regulated Industries and Data Protection CMA Cloud computing is regulated in Malaysia pri - marily by the CMA and the Communications and Multimedia (Licensing) Regulations 2000 (the “Licensing Regulations”). Pursuant to the Information Paper on Regulat - ing Cloud Services published by the Malaysian Communications and Multimedia Commission (MCMC) on 17 December 2021 and updated on 30 September 2024 (the “Information Paper”), the provision of cloud services, defined as “any service made available to end users on demand via the internet from a cloud computing pro - vider’s server”, is considered as the provision of applications services under the CMA. The provision of applications services is one of the categories of licensable activities under the CMA, alongside the provision of network facili - ties, network services and content applications services. Unless otherwise exempted from the CMA licensing requirements, the conduct of the foregoing activities requires the facility or service provider to be licensed. Noting that cloud services could generally be categorised as either software-as-a-service, platform-as-a-service and infrastructure-as- a-service, the Information Paper clarifies that providers of software and solutions which rely
on other cloud services platform and infrastruc - ture, known as “pure software providers”, are not subject to the foregoing cloud service licens - ing requirement. The licensing framework under the CMA impos - es the requirement of local presence in the pro - visioning of the licensable activities. As such, the regulation on cloud services will be based on this premise, whereby a person with local presence would be required to be registered as an ASP class licensee. Pursuant to Ministerial Direction No 2 of 2024 issued on 24 July 2024, CMA class licensees providing cloud services are required to take part in the contribution of universal service provision fund, in accordance with the provision under the Communications and Multimedia (Universal Service Provision) Regulations 2002, for the return of net revenue for the calendar year 2025 onwards. PDPA To the extent personal data is processed in the context of cloud and edge computing, the requirements of the PDPA shall be fulfilled. The obligations under the PDPA are generally imposed on data users (to be known as “data controllers” from 1 April 2025). From 1 April 2025, data processors will also assume certain obligations under the PDPA. This means that, in the context of cloud and edge computing, both the users of cloud and edge computing and the providers may directly be subject to the PDPA, depending on the roles they assume. The principles and other requirements enumer - ated in the PDPA must therefore be meticu - lously assessed within the framework of cloud and edge computing. This includes examining their interplay with the unique characteristics and challenges of these technologies, such as
223 CHAMBERS.COM
Powered by FlippingBook