Status regarding Budapest ConventionStatus : NA Declarations and reservations : N/A See legal profile
On October 12, 2020 the Government of Malaysia launched the Malaysia Cyber Security Strategy (MCSS) 2020-2024. The key objectives are categorised into five strategic Pillars that will govern all aspects of cyber security planning and implementation in Malaysia until 2024.
The five strategic pillars are:
- Pillar I: Effective Governance and Management;
Addressing enhancement of the management of national governance and cyber security by improving the country's critical information and communication technology (ICT) infrastructure as well as raising the ability to deal with cyber security issues effectively.
- Pillar II: Strengthening Legislative Framework and Enforcement;
Strengthening the enforcement of existing cyber security policies and standards by reviewing digital legislation as well as formulating specific laws to deal with cyber security.
- Pillar III: Catalysing World Class Innovation, Technology, R&D and Industry;
Empowering innovation and world-class technology for adopting cyber security tools and techniques.
- Pillar IV: Enhancing Capacity and Capability Building, Awareness and Education;
Improving development capacity as well as cyber security skills and capabilities to protect Malaysian interests.
- Pillar V: Strengthening Global Collaboration.
Enhancing international cooperation by activating regional and international cooperation to protect national digital interests and assets.
The MCSS consists of 12 strategies, 35 action plans and 113 programmes encompassing various initiatives to safeguard the nation’s cyberspace. The Communications and Multimedia Ministry (KKMM) and the National Cyber Security Agency (NACSA) are tasked with formulating, implementing, monitoring and coordinating the medium-term action plan.
Malaysia was one of the first nations in South-East Asia to adopt a National Cyber Security Policy (NCSP). Formulated in 2006, the NCSP anchored the establishment of the relevant government agency and provided a solid foundation for the MCSS 2020-2024.
State of cybercrime legislation
Computer Crimes Act and Communications and Multimedia Act of Malaysia provide for several substantive law provisions, such as partial implementation of illegal access, illegal interception, data/system interference and misuse of devices. Sexual Offences against Children Bill of 2017 addresses the offence of child pornography.
Although the Evidence Act (1950) does contain references to admissibility of electronic evidence, specific implementation of procedural powers corresponding to the Budapest Convention is not found.
Cybercrime investigations are governed by a number of pieces of legislation:
Communications and Multimedia Act 1998 (CMA)
Electronic Government Activities Act 2007
Personal Data Protection Act 2010
Sexual Offences Against Children Bill 2017
The Computer Crimes Act, Penal Code, Copyright Act and Communications and Multimedia Act of Malaysia provide for several substantive law provisions, such as partial implementation of illegal access, illegal interception, data/system interference and misuse of devices, conventional and cyber fraud, copyright infringements. The Sexual Offences against Children Bill of 2017 addresses the offence of child pornography.
The Evidence Act contains references to admissibility of electronic evidence.
The Computer Crimes Act is covering such aspects as Powers of search, seizure and arrest.
The Communications and Multimedia Act 1998 is detailing Powers of entry, investigation into offences and prosecution; General duty of the licenses, Powers of Entry, Investigation into Offences and Prosecution, Access to computerised data; Power to intercept communications; Improper use of network facilities and network services; Prohibition on provision of offensive content.
The Federal Constitution of Malaysia protects the Fundamental Liberties.
Section 252 of Communication sand Multimedia Act 1998 – Power to intercept covers requirement to make application and obtain authorisation from Public Prosecutor prior to conducting interception.
Related laws and regulations
Cybercrime investigations are governed by a number of pieces of legislation:
- Computer Crime Act 1997 (CCA)
- Communications and Multimedia Act 1998 (CMA)
- Digital Signature Act 1997
- Telemedicine Act 1997
- Optical Disc Act 2000
- Electronic Commerce Act 2006
- Electronic Government Activities Act 2007
- Personal Data Protection Act 2010
- Sexual Offences Against Children Bill 2017
- Evidence Act 1950
- Penal Code, Act 574
- Copyright Act 1987
- Mutual Assistance in Criminal Matters Act 2002
- Arms Act 1960
- Security Offences (Special Measures) Act 2012
Cybercrime offences are investigated by several relevant enforcement agencies:
- Royal Malaysian Police (Commercial Crime Investigation Department) – is the leading department in commercial and cybercrime investigations. It conducts investigations and prosecutes white collar criminals who commit fraud, criminal breach of trust, cybercrime forgeries etc.
- Malaysian Special Cyber Court provides the judicial system with sufficient and adequate means of handling cybercrime offences, such as hacking, online fraud/scamming, botnet attacks, online defamation, sedition and harassment, web-defacement, theft of online information, cyber gambling and pornography, etc.
- Ministry of Communications and Multimedia (KKMM) - responsible for communications, multimedia, broadcasting, information, personal data protection, special affairs, media industry, film industry, domain name, postal, courier, mobile service, fixed service, broadband, digital signature, universal service, international broadcasting, content.
- Malaysian Communications and Multimedia Commission (MCMC) – one of the main functions of MCMC is to ensure information security and network reliability and integrity.
- National Cyber Security Agency (NACSA) – is the national lead agency for cyber security matters, with the objectives of securing and strengthening Malaysia's resilience in facing the threats of cyber-attacks, by co-ordinating and consolidating the nation's best experts and resources in the field of cyber security. NACSA is also committed to developing and implementing national-level cyber security policies and strategies, protecting Critical National Information Infrastructures (CNII), undertaking strategic measures in countering cyber threats, spearheading cyber security awareness, acculturation and capacity-building programmes, formulating strategic approach towards combatting cyber crimes, advising on organizational cyber risk management, developing and optimizing shared resources among agencies, and fostering constructive regional and global networks among entities with shared interests in cyber security.
- Central Bank of Malaysia. - Bank Negara Malaysia, as the central bank for Malaysia, is mandated to promote monetary stability and financial stability conducive to the sustainable growth of the Malaysian economy.
- Ministry of Science, Technology and Innovation (MOSTI) – has the mission to develop a High-Tech Nation through Science, Technology, Innovation and Economy (STIE) by strengthening the needed policies and regulations.
- CyberSecurity Malaysia Agency - provides a broad range of cybersecurity innovation-led services, programmes, and initiatives to reduce vulnerability of digital systems, and at the same time strengthen Malaysia’s self-reliance in cyberspace. The agency is focused on specialised cybersecurity services such as Cyber Security Responsive Services, Cyber Security Proactive Services, Outreach and Capacity Building, Strategic Study and Engagement, Industry and Research Development.
- MyCERT (Malaysia Computer Emergency Response Team) - Performs 24/7 computer security incident response services to any user, company, government agency or organisation by handling incidents such as intrusion, identity theft, malware infection, cyber harassment and other computer security related incidents.
- Cyber Security Professional Development (CSPD) formerly known as Training Department is nurturing Information Security practitioners and promoting knowledge sharing with leading industry experts and academicians as well as fostering local and international collaborations by means of training and advice.
Other relevant initiatives:
- MyCyberSecurity Clinic – is involved in recovery, analysis and management of data and information and is a trustworthy and credible entity for secure data handling and recovery.
- CyberSAFE Malaysia – special program carried out by CyberSecurity Malaysia focusing on increasing public awareness and knowledge on cyber safety and how to mitigate online threats.
Competent authorities and channels
Pillar V of Malaysia Cyber Security Strategy (MCSS) 2020-2024 refers to strengthening of global collaboration.
Malaysian law already provides the mechanism for international cooperation to combat the increasingly globalised crime of cybercrime as follows:
(a) Extradition Act 1992 [Act 479] (EA);
(b) Mutual Assistance in Criminal Matters Act 2002 [Act 621] (MACMA); and
(c) Anti-Money Laundering and Anti-Terrorism Financing Act 2001 [Act 613] (AMLATFA).
Section 9 of the Computer Crimes Act 1997 expressly refers to territorial scope of offences, stating that:
- The provision of this Act shall, in relation to any person, whatever his nationality or citizenship, have effect outside as well as within Malaysia, and where an offence under this Act is committed by any person in any place outside Malaysia, he may be dealt with in respect of such offence as if it was committed at any place within Malaysia;
- For the purposes of subsection (1), this Act shall apply if, for the offence in question, the computer, program or data was in Malaysia or capable of being connected to or sent to or used by or with a computer in Malaysia at the material time;
- Any proceeding against any person under this section which would be a bar to subsequent proceedings against such person for the same offence if such offence was committed in Malaysia shall be a bar to further proceedings against him under any written law relating to the extradition of persons, in respect of the same offence outside Malaysia.
Competent authorities and channels
The main institutions dealing with extradition issues and mutual legal assistance in criminal matters are the Ministry of Home affairs, Attorney General Chambers, Sessions Court and Magistrate Court and High Court .
- Tong Seak Kan & Anor v Loke Ah Kin & Anor
- YB Dato Haji Husam bin HJ Musa v Mohd Faisal bin Rohban Ahmad
- Stemlife Berhad v Mead Johnson Nutrian (Malaysia) Sdn Bhd
- Salleh Berindi Bin Hj Othman v Professors Madya Dr Abdul Hamid Ahmad & Ors
- Tan Jye Lee & Anor v PP
- PP v Mohd Zaid bin Ibrahim
- Basheer Ahmad Maula Sahul Hameed & Anor v Pendakwa Raya (Malay)
- Roslan bin Mohamad Som & Anor v Pendakwa Raya (Malay)
- Pendakwa Raya v Vishnu Devarajan (Malay)
Sources and links
- The rise of cybercrime in Malaysia - what you need to avoid, Siti Farhana Sheikh Yahya, Astro Awani (Oct. 25, 2020)
- Cybercrimes went up 99% in 2020, Nurul Suhaidi, The Malaysian Reserve (Nov. 26, 2021)
- Malaysians suffered RM2.23 billion losses from cyber-crime frauds, Mohamed Basyir, New Straits Times (Jul. 16, 2021)
- Malaysia calls for regional cooperation in combating cybercrime, Vietnam News (March 29, 2022)
Reports and research
- Understanding Cybercrime in Malaysia: An Overview, Prasad Jayabalan, Roslina Ibrahim, Azizah Abdul Manaf, Sains Humanika (2014)
- Cybercrime: Malaysia, DSP Mahfuz Bin Dato’ Ab. Majid, Royal Malaysia Police
- Malaysia: Freedom on the Net 2020 Country Report (2021), Freedom House
- Investigating Cybercrimes under The Malaysian Cyberlaws and The Criminal Procedure Code: Issues and Challenges, Dr Duryana Mohamed, Ahmad Ibrahim Kuliyyah of Laws, International Islamic University Malaysia, Malayan Law Journal Articles (2012)
Databases and institutions
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.