Malaysia is positioning itself as a key player in the global artificial intelligence (AI) landscape, with more than 140 AI solution providers already integrated into its digital economy. As national initiatives strive to create up to 900 AI start-ups, Malaysia’s rapidly expanding AI ecosystem reflects a broader trend where countries compete not just in technological development but also in governance frameworks that guide the responsible deployment of these technologies. This growth is bolstered by strategic investments from global technology firms such as Google, Microsoft, and Nvidia, which are establishing cloud computing and hyperscale data centres across Southeast Asia, further enhancing Malaysia’s digital appeal.
With internet penetration exceeding 97% of households, Malaysia’s competitive energy and land costs have made it an attractive destination for data infrastructure. The country stands at a critical juncture, having invested significantly in digital infrastructure and articulated national strategies aimed at becoming a regional digital hub. However, mere infrastructure expansion does not assure technological leadership. The challenge for emerging digital economies like Malaysia is to balance innovation-driven growth with regulatory oversight that ensures trust, security, and social legitimacy.
International organisations, including the Organisation for Economic Co-operation and Development and the International Monetary Fund, stress the importance of AI governance as a determining factor for long-term digital competitiveness. Currently, Malaysia’s primary legal framework for personal data protection, the Personal Data Protection Act 2010 (PDPA), was amended in 2025 to strengthen enforcement mechanisms. While these reforms are essential for enhancing digital accountability, the PDPA lacks comprehensive provisions governing automated decision-making or algorithmic profiling, similar to those outlined in the European Union’s General Data Protection Regulation (GDPR).
Learns from the EU
The GDPR empowers individuals to contest decisions made exclusively by automated systems and to request meaningful human intervention. As global digital services increasingly transcend borders, this regulatory model shapes international expectations for responsible AI governance. The EU has further advanced this agenda with the introduction of the Artificial Intelligence Act, considered the most comprehensive AI regulatory framework globally. This legislation adopts a risk-based approach, requiring that high-risk applications, such as those in recruitment or critical infrastructure, adhere to stringent transparency, documentation, and human oversight requirements.
Malaysia can bolster its individual rights and accountability mechanisms by drawing on the GDPR’s principles. According to the European Commission, digital transformation could contribute up to €2.2 trillion (RM10.15 trillion) to the EU economy by 2030, suggesting that robust regulatory frameworks can coexist with widespread technological adoption when accompanied by clear rules and institutional oversight. By implementing a similar risk-tiered regulatory structure, Malaysia can safeguard high-impact AI applications while retaining flexibility for innovation in lower-risk sectors.
As AI continues to evolve, it also introduces new cybersecurity risks that go beyond traditional digital threats. Analysts from MIT Technology Review highlight that AI systems may serve as both tools and targets in a dynamic cybersecurity landscape. Past incidents, such as the WannaCry ransomware attack and the MOVEit data breach, showcase the vulnerabilities within interconnected digital ecosystems. In Malaysia, large-scale data breaches involving telecommunications and public sector information have underscored the necessity of integrating AI responsibly across various sectors.
However, another challenge arises concerning the implications of AI training datasets. Modern machine learning models require vast amounts of data, often sourced from public and proprietary datasets, raising intellectual property concerns and triggering copyright litigation. Within ASEAN, discrepancies in data localisation policies could fragment the regional digital economy. Initiatives like the “ASEAN Guide on AI Governance and Ethics” aim to establish shared governance principles while allowing for flexibility among member states. The National AI Office’s My-AI Standards seeks to accelerate AI adoption in strategic sectors while strengthening responsible governance.
As Malaysia navigates these complexities, three pivotal questions emerge: Can governance frameworks adapt quickly enough to regulate fast-scaling AI systems? Will Malaysia prioritise sovereign AI capabilities and local data, or continue to rely on global technology platforms? Should AI governance be regarded as a formal board-level responsibility akin to financial reporting and cybersecurity oversight? How the country addresses these questions will ultimately shape whether it becomes a leader in responsible AI deployment or merely a consumer of AI technologies.
In a rapidly evolving global AI economy, speed can offer a temporary advantage. However, sustainable leadership hinges on trust. By not only embracing artificial intelligence but also governing it wisely, Malaysia has the opportunity to establish a model of responsible innovation that enhances its national resilience and contributes to ASEAN’s collective digital future.
Badrulhisam C K, vice-president of group legal at AFED Holdings, oversees governance across key sectors such as agriculture, food, energy, and digital businesses.
See also
Meta Launches Elite AI Research Team for Enhanced Social App Recommendations
Germany”s National Team Prepares for World Cup Qualifiers with Disco Atmosphere
95% of AI Projects Fail in Companies According to MIT
AI in Food & Beverages Market to Surge from $11.08B to $263.80B by 2032
Satya Nadella Supports OpenAI’s $100B Revenue Goal, Highlights AI Funding Needs
