Malaysia's Online Safety Bill 2024 was passed by the Dewan Rakyat (House of Representatives) and the Dewan Negara (Senate) on 11 and 16 December 2024 respectively. The Bill will now be presented for Royal Assent and become law upon it being gazetted and
will come into operation on a date to be appointed by the Minister of Communications. The Bill aims to: enhance and promote online safety in Malaysia; reduce harmful content available online and mitigate its potential detrimental effects; and impose
duties and obligations on online service providers. Scope of Application The Bill will apply to licensed Network Service Providers (NSPs), Application Service Providers (ASPs), and Content Application Service Providers (CASPs). However, it
will not extend to private messaging features of any application service or content application service, defined as a feature that allows a user to communicate a content to a specific and limited number of recipients determined by the user and may
contain any other characteristics as may be prescribed . Extraterritorial Application: The Bill will have extraterritorial effect, applying to the above service providers outside Malaysia that offer application services, content
application services, or network services within Malaysia. These provisions fall under the authority of the Minister and will be enforced by the Malaysian Communications and Multimedia Commission (MCMC). Harmful Content and Priority Harmful
Content Harmful content , as defined in the Bill, includes the following specific types of content:
- (i) content on child sexual abuse material as provided for under section 4 of the Sexual Offences against Children Act 2017 [Act 792];
- (ii) content on financial fraud;
- (iii) obscene content including content that may give rise to a
feeling of disgust due to lewd portrayal which may offend a persons manner on decency and modesty;
- (iv) indecent content including content which is profane in nature, improper and against generally accepted behaviour or culture;
- (v)
content that may cause harassment, distress, fear or alarm by way of threatening, abusive or insulting words or communication or act;
- (vi) content that may incite violence or terrorism;
- (vii) content that may induce a child to cause
harm to himself;
- (viii) content that may promote feelings of ill-will or hostility amongst the public at large or may disturb public tranquillity; and
- (xi) content that promotes the use or sale of dangerous drugs.
Priority harmful content is defined as the first two types of harmful content listed above, namely (i) content involving child sexual abuse material, and (ii) content related to financial fraud. Duties of ASPs and CASPs The Bill introduces
comprehensive obligations for ASPs and CASPs ( Service Providers ) to enhance online safety and mitigate risks associated with harmful content. These duties aim to create a safer online environment for all users, with particular emphasis on protecting
vulnerable groups like children and addressing priority harmful content more stringently. Key requirements include:
- (a) Mitigating Exposure to Harmful Content: Service Providers must implement measures to reduce the risk of users encountering harmful content, either as outlined in the Code of Conduct (Best Practice) for Internet Messaging and Social Media Service
Providers issued by the MCMC or through alternative, proven-effective measures.
- (b) User Guidelines: Service Providers are required to provide users with clear guidelines on implemented safety measures and terms of use of their services.
- (c) Online Safety Tools: Service Providers must offer tools and settings that allow users to manage their online safety, such as limiting or preventing interactions with others who may identify, locate, or communicate with them.
- (d)
Reporting Mechanisms: Mechanisms must be in place for users to report harmful content and to seek responsive assistance for online safety concerns or inquiries about safety measures.
- (e) Blocking Priority Harmful Content: Service Providers are
obligated to establish systems that make priority harmful content inaccessible on their platforms.
- (f) Child Safety Measures: Specific protections for children must be implemented, including preventing access to harmful content, limiting
communication with adults, controlling personalised recommendations, reducing features that encourage prolonged use, and safeguarding personal information.
- (g) Online Safety Plan: Service Providers must develop, submit to the MCMC, and publicly
share an Online Safety Plan detailing compliance with these obligations.
MCMC is empowered to impose a financial penalty of up to RM10 million (£1,750,000) on Service Providers that fail to comply with any of the aforementioned duties. | 
