Civil society groups in Malaysia have also previously criticised the licensing regime as one that could stifle free speech and criticism of the government, but authorities have reiterated that it is necessary at a time of rising cybercrime and a perceived lack of effort by tech firms in tackling it.
“(The tech firms) will likely persist in their efforts to challenge or at least seek revisions to the licensing requirements, even as the Malaysian government stands firm,” Dr Shafizan Mohamed, a communications lecturer at the International Islamic University Malaysia, told CNA.
“However, given the significant financial repercussions of withdrawing from Malaysia, I don’t think these firms would be very outright (in their demands).”
“NOT HAPPY”
The AIC – which was established in 2010 – released the latest version of its open letter on Monday (Aug 26), urging the government to reconsider the upcoming licensing regime, criticising the costs of compliance and what it said was insufficient time to prepare before the regulation kicks in from Jan 1, 2025.
Firms that fail to get the class licence could face penalties of up to five years’ jail and a maximum fine of RM500,000 (US$115,650). Operators could also be fined RM1,000 for each day they remain unlicensed.
AIC also warned in its letter that the proposed regulation will hinder ongoing investments and deter future ones, adding that the tech industry is ready to “work together” with the Malaysian government in tackling issues of cybercrime on their platforms.
Dr Shafizan said the letter, which was addressed to Prime Minister Anwar Ibrahim, showed that the tech firms were “not happy” with the government trying to regulate their activities and are trying to have their voices heard.
“I would say that this letter is somewhat like a diplomatic protest by the industry. They want to protest, but in a nice way, telling the government that they’re not trying to go against or dispute the regulation outright,” she said.
“But they want the government to give more thought about this and allow them to contribute more.”
Dr Shafizan said the AIC’s letter highlighted macro issues like the impact on investment and innovation with a hope that the government could be persuaded that the economic harms of regulation would outweigh its benefits.
“Throughout the letter, we can see that they were really focusing on economic impact, investments and things like that, which are obviously the main arguments that they can use,” she said.
Dr Shafizan believes there is “some weight” to the AIC’s argument on the timeline for implementation, noting that public consultations on the licensing regime were completed only in June before details were released in August, five months ahead of enforcement from the start of next year.
“I think the whole process of imposing this regulation was done rather hastily,” she added.
MCMC FIRES BACK
But Communications Minister Fahmi Fadzil on Aug 27 stressed that the licensing regime will not be delayed, with the Malaysian Communications and Multimedia Commission (MCMC) saying in its response letter that the five-month grace period was “reasonable and aligned with international best practices”.
“This timeline was established to balance the urgent need to address cyber threats with the practical requirements for compliance by the online service providers,” it said.
“Extending the grace period further would compromise the objective of enhancing user safety and mitigating the rapidly growing risks in the digital space.”
The MCMC dismissed suggestions of the negative impact on investment and innovation, saying that the licensing regime was “carefully designed” to balance regulatory requirements with the need for flexibility.
“By holding online service providers accountable, the framework will increase investor confidence, knowing that Malaysia prioritises a stable and legally compliant digital ecosystem,” it said.
The commission also brushed off the notion that the regulations were excessive, comparing it to similar laws like Singapore’s Protection from Online Falsehoods and Manipulation Act (POFMA), and saying that Malaysia’s version was “proportionate”.
The licensing regime targets only “irresponsible” platforms that meet the specific criteria of having at least eight million users in Malaysia, therefore minimising regulatory burden on smaller or less impactful services, it said.
“If the online service providers’ unilateral initiative to impose community guidelines can be welcomed as a reasonable safety measure, there is no reason why a regulatory framework grounded on safety, security, transparency and accountability features cannot be accepted and adhered to,” MCMC added.
REISSUED LETTERS “REFLECT POORLY” ON TECH FIRMS
Dr Benjamin Loh, a senior lecturer in media and communication at Taylor’s University, told CNA that the “main ask” in the AIC’s letter seems to be for platforms to self-regulate, something that he said has not quite worked out.
For instance, he pointed to the Cambridge Analytica scandal in 2018, when it was revealed that the British consulting firm collected personal data belonging to millions of Facebook users without their consent, mainly to be used for political advertising. Meta is the parent company of Facebook.
“Personally, the main issues that still need to be addressed, and are paramount, would be increased and improved localised content moderation,” Dr Loh said.
“There is no mention (in the AIC letter) of improved content moderation nor how it will work under these conditions. Since this is only presented as ‘costly compliance’, this letter fundamentally sidesteps the only major issue that needs to be addressed.”