MALAYSIA Trends and Developments Contributed by: Janet Toh, Boo Cheng Xuan and Yee Yong Xuan, Shearn Delamore & Co.
compliance with evolving data protection regu - lations and international standards. Introduction of Cyber Security Act 2024 As discussed in the chapter on Law and Prac - tice, the Cyber Security Act 2024 (CSA) came into force on 26 August 2024. Key provisions of the CSA applicable to national critical informa - tion infrastructure entities and cybersecurity ser - vice providers include the implementation of the measures, standards and processes specified in the code of practice, notification of cybersecu - rity incidents, the conduct of cybersecurity risk assessments and audits, the licensing of cyber - security service providers. Four pieces of subsidiary regulations have been introduced under the Cyber Security Act 2024, namely: • Cyber Security (Period for Cyber Security Risk Assessment and Audit) Regulations 2024; • Cyber Security (Notification of Cyber Security Incident) Regulations 2024; • Cyber Security (Licensing of Cyber Security Service Provider) Regulations 2024; and • Cyber Security (Compounding of Offences) Regulations 2024. The Cyber Security (Exemption) Order 2025 has also been issued to exempt entities listed therein from all of the provisions of the CSA. The Chief Executive of the National Cyber Secu - rity Agency has also issued the following direc - tives pursuant to his statutory powers under Section 13 of the CSA: • Directive No 1: Notification of Cyber Security Incident;
• Directive No 2: Licensing of Cyber Security Service Provider; • Directive No 3: Designation of National Criti - cal Information Infrastructure Entity; • Directive No 4: National Cyber Security Base - line Self-Assessment; • Directive No 5: Cyber Security Risk Assess - ment; and • Directive No 6: Extension of Grace Period for Obtaining Cyber Security Service Provider’s Licence. The National Cyber Security Baseline, which is a set of minimum security controls and best practices to ensure a basic level of cybersecu - rity protection, has also been introduced on the website of the National Cyber Security Agency, alongside a National Cyber Security Baseline Self-Assessment Tool. Amendments to Communications and Multimedia (Licensing) Regulations 2000 and Communications and Multimedia (Licensing) (Exemption) Order 2000 Pursuant to the Communications and Multi - media (Licensing) (Amendment) (No 2) Regula - tions 2024 and Communications and Multime - dia (Licensing) (Exemption) (Amendment) Order 2024, starting from 1 January 2025, providers of internet messaging services and social media services with 8 million or more users in Malaysia will be required to obtain an applications service provider class licence under the CMA to offer their services within Malaysia. Following a public consultation and the even - tual release of the Public Consultation Report on the draft Code of Conduct (Best Practice) for Internet Messaging Service Providers and Social Media Service Providers on 18 December 2024, the MCMC on 20 December 2024 published the Code of Conduct (Best Practice) for Internet
247 CHAMBERS.COM
Powered by FlippingBook