31/12/2025

WEDNESDAY | DEC 31, 2025

5

Review of Malaysia’s digital agenda in 2025 o Platform accountability highlighted, paving way for tougher rules on age-appropriate access, content moderation, safety duties

Ű BY FAIZ RUZMAN newsdesk@thesundaily.com

PETALING JAYA: This year, the gloves came off. Regulators found themselves under growing pressure to rein in online harms hitting children and vulnerable users, and the heat did not let up. A combination of enforcement crackdowns, headline-grabbing incidents and blunt international warnings inevitably placed platform accountability squarely in the spotlight, paving the way for tougher rules on age-appropriate access, content moderation and digital safety duties. Platform accountability and child safety Escalating cases involving harmful online content and youth exposure intensified regulatory scrutiny of social media platforms in the second half of 2025. Between January and November, the Malaysian Communications and Multimedia Commission (MCMC) detected 957 cases of offensive content targeting children on social media platforms, with 899 items removed, reflecting a 94% compliance rate by platforms as of Dec 3. MCMC said services such as TikTok, Facebook and Tumblr responded most promptly to takedown requests as enforcement cooperation with police intensified through joint operations. Concerns over children’s social media exposure were further amplified by violent incidents involving youths. In October, a 14-year-old student was charged with the murder of a schoolmate at a secondary school in Bandar Utama, Petaling Jaya. Police revealed that investigators had recovered a handwritten note containing gaming-related references, including “NPC” (non-player character), alongside phrases pointing to a distorted perception of reality. On Oct 27, police also said they had not ruled out the possibility that online game Roblox may have influenced a case in Batu Pahat, where a nine-year-old boy allegedly attacked his six-year-old brother. Johor police chief Datuk Ab Rahaman Arsad said preliminary investigations showed that the elder child had been playing the game extensively. These incidents further fuelled debate over age limits, parental controls and the adequacy of

of the Communications and Multimedia Act 1998, emerged as one of the most consequential digital regulatory moves of the year. 2025 digital newsflash in a nutshell As the year closes, Malaysia’s digital agenda has moved firmly into enforcement territory. Platform practices, online harm and mounting financial losses drive regulatory expansion, shifting the focus from policy signalling to accountability. The year ahead would test whether these measures translate into meaningful protection and deterrence.

Against this backdrop, Malaysia moved to anchor these expectations within its licensing framework. On Dec 15, MCMC announced that social media and internet messaging platforms with eight million or more users in Malaysia would be automatically deemed registered under the Application Service Provider Class licence from Jan 1, 2026. The new deeming provision, set to be enforced under Section 46A

MyKad and MyDigital ID. The measures were framed as part of broader enforcement under the Online Safety Act 2025, aimed at strengthening regulators’ powers to act against harmful online content. Throughout the year, MCMC also stepped up engagements with platform operators, summoning representatives to address enforcement gaps, delayed takedowns and advertising-related abuses.

platform safeguards for minors.

Global scrutiny of platform practices intensified The human cost behind commercial cybercrime in Malaysia was laid bare on Dec 6, when theSun exclusively reported that online scam losses had exceeded RM2.16 billion since 2022, involving more than 57,000 cases as of October 2025. Citing data linked to police records, the National Cybersecurity Agency told theSun that investment scam losses alone had grown from RM219 million to RM1.25 billion while telecommunication fraud losses surged to RM628 million. Globally, a Nov 6 report blew the lid off Meta’s own projections, revealing that roughly 10% of its 2024 revenue, an estimated US$16 billion (RM64.83 billion), was tied to advertisements linked to scams, banned goods and services, including illegal gambling. More damning still, the report cited internal estimates suggesting billions of high-risk scam ads were being served to users every day across Meta’s platforms. In response, Communications Minister Fahmi Fadzil said the ministry had summoned platform representatives to press for stronger enforcement on child protection and scam-related advertisements. Expanding regulatory reach By late 2025, Malaysia intensified its move to formalise oversight of major digital platforms amid mounting concerns over online harm, scams and child safety. Fahmi signalled a series of policy shifts, including plans to restrict social media access for users aged under 16 by mid-2026 and the proposed rollout of electronic Know Your Customer mechanisms tied to verified identity documents such as

Fahmi said the Communications Ministry summoned platform representatives to press for stronger enforcement on child protection and scam-related advertisements. – ADAM AMIR HAMZAH/THESUN

‘Cyber security awareness in society remains weak’ PETALING JAYA: As 2025 winds down and CyberSecurity Malaysia chief Datuk Dr Amirudin Abdul Wahab nears his retirement on Jan 13, 2026, his focus is not on trophies or policy wins but instead on a stubborn blind spot he says Malaysia still has not fixed: real understanding. than easier as deception becomes increasingly convincing. “Now, voices, videos and images can all be faked. With deepfake technology, it is becoming more difficult to distinguish what is real and what is not.” He warned that exposure without understanding creates false confidence rather than resilience, stressing that responsibility cannot sit with a single party. “Cybersecurity is a shared responsibility. It is not only the government’s job or the platform’s job or the parents’ job.

government agencies to share data legally under defined conditions. “Previously, agencies worked in silos. This enables digital government to function more effectively.” As he prepares to step down from his position in helming CyberSecurity Malaysia, Amirudin said he remains open to contributing in an advisory capacity in the public or private sector. He expressed hope to continue supporting the cybersecurity ecosystem “directly or indirectly” beyond his tenure at CyberSecurity Malaysia. He said the next leadership must rest on the principles of uncompromising integrity, teamwork and institutional trust. “Once trust is broken, people will no longer believe.” – BY FAIZ RUZMAN

“Within the Act, there are many regulations. Critical infrastructure organisations must conduct risk assessments, carry out audits on their systems and strengthen incident response mechanisms. “It shows that we cannot depend on the government alone. Organisations themselves must be responsible and this Act introduces accountability. “Data is a core element of the digital ecosystem. Protecting personal data is fundamental.” He also lauded amendments to the Personal Data Protection Act 2010, which came into force on June 1, and the Data Sharing Act 2025 framework passed by Parliament in December 2024 and fully enforced on April 28 this year, which were designed to allow

From his observations, Amirudin said exposure to cyber risks cuts across age groups, but for different reasons. “I can categorise three groups. Young adults who are very tech savvy and highly dependent on digital services often assume they know what they are doing. “Older users tend to be more trusting. Children are exposed to devices very early, without realising the threats outside,” he said, citing risks such as online grooming, scams and cyberbullying.

“Awareness has gone up, but it is still shallow. We run countless campaigns and programmes, yet basic cyber hygiene remains weak. “People still use default or ridiculously simple passwords. And even when they get fancy with complex ones, they recycle them across emails, apps, everything. “That is an open invitation for attackers the moment one platform gets hacked,” he told theSun . He said technological advances have made the problem harder rather

“Police also cannot stand in front of your house 24 hours a day. You still need to lock your gate, your doors and your windows.” That behavioural gap is why the legal reforms of 2025 matter, said Amirudin. He pointed to the Cyber Security Act 2024, Malaysia’s first law built specifically for cybersecurity, which applies across National Critical Information Infrastructure in 13 critical sectors.