	AI Legislative Guide
	Malaysia
	(Asia Pacific) Firm Skrine Contributors Charmayne Ong Updated 08 May 2026
Has specific legislation, final regulations or other formal regulatory guidance addressing the use of AI in your jurisdiction been implemented (vs reliance on existing legislation around IP, cyber, data privacy, etc.)?	No. There are currently no AI-specific laws, final regulations, or formal and mandatory regulatory guidance addressing the use of AI in Malaysia, though the government is reportedly working on drafting such laws. However, the Ministry of Science, Technology and Innovation has issued the National Guidelines on AI Governance and Ethics (“AIGE Guidelines"), which are intended as voluntary guidance whilst the government develops specific laws to regulate the use of AI.
Please provide a short summary of the legislation/regulations/guidance and explain how legislators aim to strike the balance between innovation and regulation.	The AIGE Guidelines are aimed at three categories of stakeholders (i.e., end-users, policy makers, and developers/providers of AI technology), and consist of the following seven AI principles: Fairness; Reliability, safety and control; Privacy and security; Inclusiveness; Transparency; Accountability; and Pursuit of human benefit and happiness. While the other principles focus on preventing the misuse and unethical application of AI, the principles of inclusiveness and the pursuit of human benefit and happiness respectively emphasise that AI should be designed and developed with consideration for the diverse needs and perspectives of all users throughout the process, and should prioritise applications that positively impact individuals and communities. That said, please note that compliance with the AIGE Guidelines is voluntary.
Which agency regulates the use of AI in your jurisdiction?	The National AI Office (“NAIO”), an agency under the Ministry of Digital, was launched in December 2024 to accelerate AI adoption, foster innovation, and ensure ethical development of AI in Malaysia. NAIO is widely understood to be responsible for spearheading the development of AI regulation in Malaysia. The NAIO is expected to roll out guidelines on AI Security in early July 2026. These guidelines are intended to serve as a reference, and they are intended for use by government agencies and organisations to ensure that their use of AI does not pose security risks, though private companies are welcome to adopt the guidelines. Apart from the above, please also note that: The Government is reportedly drafting an AI Governance Bill, which is expected to be ready by early 2027. The bill will reportedly: adopt a risk-based regulatory model and cover areas such as AI-related harm, incident reporting and ethical principles; introduce a statutory duty of care for parties developing and implementing AI systems; require technology providers to implement proactive risk management measures and take preventive steps to avoid harm to the public; introduce a governance framework spanning the full lifecycle of AI technology and incorporate an AI risk and classification framework. The Ministry of Communications is reportedly working on guidelines regarding the use of AI in media and broadcasting industries. Certain industry-specific regulators and agencies may also regulate the use of AI, depending on the specific industry the entity is in. For example, banks that intend to adopt AI in their business operations must abide by industry-specific policy documents relating to the adoption of new technologies and will be regulated by the Central Bank of Malaysia. Another example, the Malaysian Medical Council has issued guidelines on the ethical use of AI in medical practice, outlining guidance for medical practitioners to comply with their ethical obligations when using AI. Certain regulators may also regulate the use of AI depending on the specific data/information involved. For example, the Personal Data Protection Department has issued the Automated Decision-Making and Profiling Guideline ("ADMP Guidelines") which provides guidance to data controllers who implement automated decision-making and profiling when processing personal data. Among others, the *ADMP Guidelines* outline the best practices which data controllers may adopt when using AI to process personal data. These best practices include, among others, recommendations to: (a) assess the risks before deployment; (b) implement measures to mitigate over-dependence on AI systems; and (c) ensure that AI is not relied upon as the sole factor when making decisions concerning data subjects.

AI Legislative Guide

Back XLS

Has specific legislation, final regulations or other formal regulatory guidance addressing the use of AI in your jurisdiction been implemented (vs reliance on existing legislation around IP, cyber, data privacy, etc.)?

No.

There are currently no AI-specific laws, final regulations, or formal and mandatory regulatory guidance addressing the use of AI in Malaysia, though the government is reportedly working on drafting such laws.

However, the Ministry of Science, Technology and Innovation has issued the National Guidelines on AI Governance and Ethics (“AIGE Guidelines"), which are intended as voluntary guidance whilst the government develops specific laws to regulate the use of AI.

Please provide a short summary of the legislation/regulations/guidance and explain how legislators aim to strike the balance between innovation and regulation.

The AIGE Guidelines are aimed at three categories of stakeholders (i.e., end-users, policy makers, and developers/providers of AI technology), and consist of the following seven AI principles:

Fairness;
Reliability, safety and control;
Privacy and security;
Inclusiveness;
Transparency;
Accountability; and
Pursuit of human benefit and happiness.

While the other principles focus on preventing the misuse and unethical application of AI, the principles of inclusiveness and the pursuit of human benefit and happiness respectively emphasise that AI should be designed and developed with consideration for the diverse needs and perspectives of all users throughout the process, and should prioritise applications that positively impact individuals and communities.

That said, please note that compliance with the AIGE Guidelines is voluntary.

Which agency regulates the use of AI in your jurisdiction?

The National AI Office (“NAIO”), an agency under the Ministry of Digital, was launched in December 2024 to accelerate AI adoption, foster innovation, and ensure ethical development of AI in Malaysia. NAIO is widely understood to be responsible for spearheading the development of AI regulation in Malaysia.

The NAIO is expected to roll out guidelines on AI Security in early July 2026. These guidelines are intended to serve as a reference, and they are intended for use by government agencies and organisations to ensure that their use of AI does not pose security risks, though private companies are welcome to adopt the guidelines.

Apart from the above, please also note that:

The Government is reportedly drafting an AI Governance Bill, which is expected to be ready by early 2027. The bill will reportedly:
1. adopt a risk-based regulatory model and cover areas such as AI-related harm, incident reporting and ethical principles;
2. introduce a statutory duty of care for parties developing and implementing AI systems;
3. require technology providers to implement proactive risk management measures and take preventive steps to avoid harm to the public;
4. introduce a governance framework spanning the full lifecycle of AI technology and incorporate an AI risk and classification framework.
The Ministry of Communications is reportedly working on guidelines regarding the use of AI in media and broadcasting industries.
Certain industry-specific regulators and agencies may also regulate the use of AI, depending on the specific industry the entity is in. For example, banks that intend to adopt AI in their business operations must abide by industry-specific policy documents relating to the adoption of new technologies and will be regulated by the Central Bank of Malaysia. Another example, the Malaysian Medical Council has issued guidelines on the ethical use of AI in medical practice, outlining guidance for medical practitioners to comply with their ethical obligations when using AI.
Certain regulators may also regulate the use of AI depending on the specific data/information involved. For example, the Personal Data Protection Department has issued the Automated Decision-Making and Profiling Guideline ("ADMP Guidelines") which provides guidance to data controllers who implement automated decision-making and profiling when processing personal data. Among others, the ADMP Guidelines outline the best practices which data controllers may adopt when using AI to process personal data. These best practices include, among others, recommendations to: (a) assess the risks before deployment; (b) implement measures to mitigate over-dependence on AI systems; and (c) ensure that AI is not relied upon as the sole factor when making decisions concerning data subjects.