Regional Round-Up: Malaysia Q1 2024

New Malaysian Cyber Security Act to Regulate National Critical Information Infrastructures and Cyber Security Service Providers

On 3 April 2024, the Malaysian Parliament passed the Cyber Security Bill (“Bill“), which establishes a legal framework for the oversight and maintenance of national cyber security in Malaysia, while also strengthening the protection of National Critical Information Infrastructures (“NCIIs“) against cyber security threats and incidents. The Bill achieves these objectives by:

  1. defining the regulatory and enforcement authority of the Chief Executive of the National Cyber Security Agency (“NACSA“) over cyber security matters;
  2. establishing a framework for the designation of “NCII Entities” and clarifying the obligations of such Entities to proactively protect NCII owned or operated by them from cyber security threats and incidents; and
  3. regulating the provision of certain types of cyber security services through a new licensing regime.

In the Bill, NCIIs refer to computers or computer systems whose disruption or destruction would have a detrimental impact on Malaysia’s economy, public safety, public order, or the effective functioning of the Government.

The framework established by the Bill enables the designation of entities that own or operate NCIIs in 11 sectors (“NCII Sectors“) identified in the Bill as “NCII Entities”. The Bill identifies NCII Sectors to include (i) the Government, (ii) banking and finance, (iii) transportation, (iv) defence and national security, (v) information, communication and digital, (vi) healthcare services, (vii) water sewerage and waste management, (viii) energy, (ix) agriculture and plantation, (x) trade, industry and economy, and (xi) science, technology and innovation sectors.

NCII Entities designated under the Bill are subject to various obligations, including:

  1. compliance with minimum security measures, standards and processes specified in sector-specific Codes of Practice to be drawn up pursuant to the Bill;
  2. fulfilment of cyber security incident notification obligations;
  3. conduct of cyber security audits and risk assessments for the NCIIs owned and operated by them;
  4. participation in cyber security exercises conducted by the Chief Executive of NACSA; and
  5. compliance with various directives issued under the Bill.

For more information, click here to read our Legal Update.

New Renewable Energy Programmes in Line with National Energy Transition Roadmap

The Malaysian government launched the National Energy Transition Roadmap (“NETR“) in 2023 to guide the country’s journey toward achieving net zero greenhouse gas emissions by 2050. In line with the objectives outlined in the NETR, the Government has announced a series of energy transition programmes and initiatives for 2024. These include:

  1. the Large Scale Solar (LSS) photovoltaic programme, which utilises a competitive bidding process to drive down the Levelised Cost of Energy (LCOE) for the development of large scale solar photovoltaic plants;
  2. the Low Carbon Energy Generation Programme (LCEGP) initiative, under the New Enhanced Dispatched Arrangement (“NEDA“) mechanism, which aims to enhance competition and cost efficiency in the Single Buyer market. It allows non-Power Purchase Agreement (“PPA“)/Service Level Agreement (“SLA“) power generators to sell energy to the Single Buyer by bidding their variable costs against those stated in the PPAs and SLAs;
  3. Increased Net Energy Metering (“NEM“) Quota under the NEM Programme where the Government has announced additional quota under the NEM programme. This programme allows energy produced from solar photovoltaic installations to be consumed first, with any excess exported to Tenaga Nasional Berhad (TNB) at a prevailing displaced cost; and
  4. the Solar for Rakyat Incentive Scheme (SolaRIS) which is a special incentive to encourage the installation of solar photovoltaic systems by domestic consumers.

For more information, click on the links below to read our Legal Updates on the NETR as well as the energy transition programmes and initiatives mentioned above:

Relief to Public Listed Companies – The Federal Court's Decision in Concrete Parade

The recent Federal Court decision in Dato’ Azizan Abd Rahman & Ors v Concrete Parade Sdn Bhd & Ors & Other Appeals [2024] CLJU 610 gives companies, in particular Malaysian public-listed companies (PLCs), long-awaited clarification following uncertainties brought on by the Court of Appeal’s decision in Concrete Parade Sdn Bhd v Apex Equity Holdings Bhd & Ors [2021] 9 CLJ 849.

The Federal Court held among others:

  • Section 85 of the Companies Act 2016 (“CA 2016“), which confers a statutory pre-emptive right to shareholders, is subject to the constitution of a company. The constitution may:
      • provide for an ability to renounce or disapply such pre-emptive rights;
      • be silent; or
      • fortify such pre-emptive rights.
  1.  
      Where a provision in a company’s constitution states that the shareholders’ pre-emptive rights are subject to “any direction to the contrary that may be given in a general meeting” (or words to that effect), it will enable shareholders (in an extraordinary general meeting (EGM) voting on a resolution such as that of placement of shares to third parties) to decide whether their pre-emptive rights should be disapplied. There will be no need for the company to first make an offer of shares to existing shareholders or to stipulate or explain (whether in a circular to shareholders or in the resolution) the pre-emptive rights to the shareholders.
  • Section 223(1)(b) of the CA 2016 should be construed so that sub-sections (i) and (ii) of section 223(1)(b) are read disjunctively.

Thus, directors of a company may proceed with the company’s entry into an agreement for a substantial value acquisition or disposal if the agreement contains a condition that the acquisition/disposal is subject to shareholders’ approval. Alternatively, the board may seek shareholders’ approval prior to the close of the transaction, i.e. before the actual acquisition or disposal.

This decision provides welcome legal and practical guidance and enables a return to normalcy for corporate transactions involving share issues and substantial acquisitions/disposals. 

Cambodia and Malaysia Sign MOU to Enhance Cooperation in Financial Innovation and Payments

In its 27 February 2024 press release, Bank Negara Malaysia announced that Cambodia and Malaysia have signed a Memorandum of Understanding (“MOU“) to enhance cooperation of these two countries in financial innovation and payment. This includes, among others, the linking of domestic payments in both countries to enable cross-border QR payments. The MOU will also facilitate cooperative oversight for safer and more efficient transactions.

The MOU supports the ASEAN Regional Payment Connectivity initiative and the G20 Roadmap for cross-border payments. This in turn will boost cross-border trade and tourism between the countries.

It is expected that up to five million merchants, including small businesses, from both countries will benefit from this cooperation.

JPDP Announces the Development of New Guidelines under Malaysian Personal Data Protection Act 2010

The Personal Data Protection Department (“JPDP” or Jabatan Perlindungan Data Peribadi) has entered into a Memorandum of Understanding with Futurise Sdn Bhd (“Futurise“), Malaysia’s national regulatory sandbox body, to develop seven new guidelines to complement the forthcoming changes and amendments that will be introduced in the upcoming bill (“PDPA Amendment Bill“) amending the Malaysian Personal Data Protection Act 2010 (“PDPA“).

The PDPA Amendment bill is expected to be tabled in Malaysian Parliament sometime this year, most likely in the June 2024 parliamentary sitting.

The seven new guidelines to be developed by JPDP and Futurise are:

  1. Notification of Data Breach Guidelines;
  2. Data Protection Officers Guidelines;
  3. Data Portability Guidelines;
  4. Cross Border Data Transfer Guidelines and Mechanism;
  5. Data Protection Impact Assessment Guidelines;
  6. Privacy by Design Guidelines; and
  7. Profiling and Automated Decision Making Guidelines.

To-date, JPDP has not provided further details about when the guidelines will be issued. 

Malaysia and Singapore Sign MOU to Boost Economic Cooperation through Johor-Singapore Special Economic Zone

On 11 January 2024, Malaysia and Singapore signed a Memorandum of Understanding (“MOU“) to work on a Johor-Singapore Special Economic Zone (“JS-SEZ“) to strengthen economic connectivity and cooperation between Johor and Singapore.

Under the MOU, Malaysia and Singapore have agreed to work towards improving cross-border flows of goods and people and strengthening the business ecosystem within the JS-SEZ to support investments. The JS-SEZ rides on the improved growth of Johor and Singapore’s substantial investment in the region.

Aside from the MOU, the two countries will also look into various initiatives aimed at developing the JS-SEZ, including the following:

  1. Establishment of a one-stop business/investment service centre in Johor to streamline the application processes for licences needed to establish a business presence in Johor by Singapore entities;
  2. Adoption of a passport-free QR code clearance system to expedite clearance of people at the land checkpoints, as well as digitised processes for cargo clearance at the land checkpoints;
  3. Holding an investors’ forum to seek feedback on the JS-SEZ;
  4. Facilitating Malaysia-Singapore renewable energy cooperation in the JS-SEZ;
  5. Developing training modules to address talent and skills gaps for relevant industries in the JS-SEZ; and
  6. Organising joint events between Johor and Singapore to promote investment into the JS-SEZ.

New Guidelines for Online Curated Content Service Providers

The Communications and Multimedia Content Forum of Malaysia (“Content Forum“) has published Guidelines for Online Curated Content Service Providers (“OCC Guidelines“) to align content standards among content service providers whose content are available in Malaysia.

The OCC Guidelines set out best practices on content standards within online curated content (“OCC“) services. OCC services are defined as the provision of curated digital content directly to paying subscribers via an Internet connection to the subscriber’s device. Examples of OCC services include video streaming services such as Netflix, Disney+Hotstar and Apple TV.

However, the OCC Guidelines do not apply to services offering user-generated content (e.g. social media platforms such as Meta, YouTube and TikTok), and intermediary services that provide access to a repertoire of OCC service providers (e.g. content aggregators such as Google News, or streaming aggregator services such as Roku and Amazon Fire TV).

The best practices outlined by the OCC Guidelines cover several key areas:

  1. Ratings and content classification guidelines applicable to the content provided by OCC services;
  2. Safety features to be integrated into OCC services to facilitate consumer feedback, enable consumers to choose their own content, and enhance content protection for minors;
  3. Guidance on the promotion and advertising of content provided by OCC services; and
  4. General principles and standards on content standards within OCC services.

While the OCC Guidelines do not create legally enforceable obligations on OCC service providers to comply, the Content Forum may advise OCC service providers to remove content that conflicts with the best practice principles and guidance outlined in the OCC Guidelines.

Please note that whilst the information in this Update is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as a substitute for specific professional advice

Rajah & Tann Asia is a network of legal practices based in Asia.

Member firms are independently constituted and regulated in accordance with relevant local legal requirements. Services provided by a member firm are governed by the terms of engagement between the member firm and the client.

This website is solely intended to provide general information and does not provide any advice or create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on this website.

© 2024 Rajah & Tann Asia. All Rights Reserved. All trademarks are property of their respective owners.