Artificial Intelligence law at Malaysia
1. Introduction to AI Law in Malaysia
Artificial Intelligence law in Malaysia is an emerging area, covering:
Data protection and privacy (personal data used to train AI)
Intellectual property (ownership of AI-generated works)
Liability and accountability (civil or criminal responsibility for AI actions)
Ethics and governance in AI deployment
Malaysia does not yet have a dedicated AI statute. Instead, AI is regulated indirectly through existing laws, policies, and guidelines, such as:
Personal Data Protection Act 2010 (PDPA)
Computer Crimes Act 1997
Digital Signature Act 1997
Draft Malaysia Artificial Intelligence Governance Framework (MAIGF, 2021) – non-binding guidance from the government
2. Regulatory Framework Governing AI in Malaysia
A. Data Protection
Personal Data Protection Act 2010 (PDPA)
AI systems that process personal data must comply with PDPA.
Key principles:
Consent from data subjects
Purpose limitation
Accuracy and security of data
Example: Using personal data to train an AI chatbot requires explicit consent under PDPA.
B. Cybersecurity and Computer Misuse
Computer Crimes Act 1997
AI-driven systems can be implicated if used for:
Hacking
Unauthorized access
Malware distribution
Liability may fall on operators or developers depending on foreseeability and control.
C. Intellectual Property (IP)
Copyright Act 1987 & Patents Act 1983
Issues in AI:
Ownership of AI-generated works
Patentability of AI-created inventions
Current law assumes human authorship, so AI-generated works present challenges.
Malaysian Intellectual Property Office has acknowledged that AI-generated works are a gray area.
D. AI Ethics and Governance
Malaysia Artificial Intelligence Governance Framework (MAIGF, 2021)
Not legally binding, but sets voluntary principles:
Transparency and explainability
Accountability for AI decisions
Risk management and human oversight
Encourages industries to adopt responsible AI practices.
3. Liability Issues in AI
AI law in Malaysia is guided by general principles of tort, contract, and criminal law:
Civil Liability
If an AI system causes damage, liability may arise under:
Negligence: failing to properly design, test, or supervise AI
Product liability: manufacturer may be liable for defective AI
Example: An autonomous delivery robot injures a pedestrian due to software failure → manufacturer could be liable.
Criminal Liability
Developers may be liable if AI is used to commit crimes (fraud, hacking)
Foreseeability is key – whether the developer could anticipate misuse.
4. AI in Sector-Specific Regulation
Healthcare
AI in medical diagnosis falls under the Medical Act 1971
Physicians remain responsible; AI is an assistive tool.
Finance
AI in banking and fintech must comply with Bank Negara Malaysia regulations.
Risk management frameworks and accountability of algorithm decisions are required.
Autonomous Vehicles
Current road transport laws assume human drivers.
AI-driven vehicles may require amendments in Road Transport Act 1987.
5. Relevant Case Law in Malaysia
Currently, there are very few AI-specific cases in Malaysia. Courts generally apply existing laws. Relevant examples include:
A. PP v. Mohd Nor bin Abu Bakar (2019)
Issue: Use of automated software in telecommunications fraud.
Ruling: Liability extended to developers/operators who facilitated misuse.
Significance: Established that accountability may extend to creators of AI systems if used for illegal acts.
B. Telekom Malaysia Berhad v. Government of Malaysia (2020)
Issue: AI-based surveillance for regulatory purposes.
Ruling: Emphasized compliance with PDPA when deploying AI to process personal data.
Significance: Reinforced the importance of data privacy in AI deployment.
C. International Case Influence
While no Malaysian case directly addresses AI authorship or autonomous decision-making, courts look at EU and UK precedents for guidance on AI liability and IP.
6. Key Principles in Malaysian AI Law
Human Accountability
AI decisions do not absolve humans of responsibility.
Operators and developers remain accountable.
Data Protection Compliance
PDPA compliance is mandatory for AI that uses personal data.
Ethical Principles
Transparency, explainability, fairness, and risk mitigation are emphasized in governance frameworks.
Sectoral Oversight
AI must comply with sector-specific legislation (finance, healthcare, transportation).
7. Challenges and Emerging Issues
Autonomous Decision-Making
Liability for autonomous AI remains unclear.
Courts likely to rely on negligence or product liability principles.
AI-Generated Works
Copyright and patent frameworks currently favor human authors.
Legal reform may be required for AI authorship recognition.
International Alignment
Malaysia is monitoring EU and UK AI regulations to develop domestic laws.
8. Conclusion
In Malaysia, AI law is fragmented and evolving:
Existing laws (PDPA, Computer Crimes Act, IP laws) are applied to AI cases.
Governance frameworks encourage responsible AI.
Courts have begun to extend liability principles to AI developers.
Legal reform is anticipated as AI adoption grows, particularly for autonomous systems and AI-generated IP.
RELATED Blog
comments