You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Deutsch
|
English
Insights – Make Way for E-Invoicing! The Future of Invoicing » |
Worldwide
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Germany
Ansbach
Bayreuth
Berlin
Bielefeld
Chemnitz
Cologne
Dortmund
Dresden
Eschborn
Fuerth
Hamburg
Herford
Hof
Jena
Mettlach
Muenster
Munich
Nuremberg
Plauen
Regensburg
Selb
Stuttgart
Ulm
Worldwide
Algeria
Angola
Argentina
Australia
Austria
Azerbaijan
Bahrain
Belarus
Belgium
Bosnia and Herzegovina
Botswana
Brazil
Bulgaria
Cambodia
Canada
Chile
China
Colombia
Costa Rica
Croatia
Cyprus
Czech Republic
Denmark
Ecuador
Egypt
Estonia
Ethiopia
Finland
France
Georgia
Germany
Ghana
Greece
Hong Kong (S.A.R.)
Hungary
India
Indonesia
Ireland
Italy
Japan
Kazakhstan
Kenya
Kuwait
Latvia
Libya
Liechtenstein
Lithuania
Luxembourg
Malaysia
Malta
Mauritius
Mexico
Moldova
Mongolia
Morocco
Mozambique
Myanmar
Namibia
Netherlands
New Zealand
Nigeria
North Macedonia
Norway
Oman
Pakistan
Paraguay
Peru
Philippines
Poland
Portugal
Qatar
Romania
Saudi Arabia
Serbia
Singapore
Slovakia
Slovenia
South Africa
South Korea
Spain
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Tunisia
Turkey
Uganda
Ukraine
United Arab Emirates
United Kingdom
Uruguay
USA
Uzbekistan
Vietnam
Zambia
Own offices of Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(Colours appear during mouseover)
We use cookies to personalise the website and offer you the greatest added value. They are, among other purposes, used to analyse visitor usage in order to improve the website for you. By using this website, you agree to their use. Further information can be found in our
data privacy statement
.
Insights
Services
Expertise from a single source
Our service lines
Legal advisory
Tax consulting
Business Process Outsourcing
Management and IT consulting
Audit services
Interdisciplinary services
MERGERS & ACQUISITIONS
Succession advisory
Mergers & Acquisitions
Newsletter M&A Dialogue
Completed deals
Who we advise
Media
Newsletters
Virtual reality tours
Virtual reality tours
Publications
Good to know
Newsletters
Brochures
Investment guides
Books
Download centre
Releases
Completed deals
Media contacts
Facts and figures
About us
Entrepreneurial spirit and values
Factbook
Facts and figures
Sustainability
Entrepreneurial spirit and values
Factbook
Managing Partners
Founder Dr. Bernd Rödl
Locations worldwide
Social responsibility
Project Fundus
Rödl Employee Fund for Children’s Aid
Partner cities: Kharkiv-Nuremberg
Family and career
Awards
Digital Agenda
Careers
Insights
Malaysia passes Cyber Security Bill 2024
ASEAN
ASEAN Forum
Digital Agenda
E-Invoicing
Insights
Currently selected
Recent
Alle Kolumnen
Altersvorsorge
Antitrust Law
AOA
Artikelserie im OMV Fokus
ASEAN
Assurance & IT in der Gesundheits- und Sozialwirtschaft
Aufsichtsrecht
Außenwirtschaft und Zoll
BilRUG und weitere Reformen
International Expert Roundtable
Malaysia passes Cyber Security Bill 2024
Page Content
In April 2024, Malaysia’s Parliament passed the Cyber Security Bill 2024 (the “Bill”). The Bill aims to establish a robust regulatory framework for enhancing national cybersecurity. In this article, we delve into the key provisions of the Bill, with a particular focus on its extraterritorial application and the potential impact on foreign companies operating within Malaysia.
Background and Purpose
The Bill represents a significant step towards safeguarding Malaysia’s digital infrastructure. Its primary objective is to address cybersecurity threats by mandating compliance with specific measures, standards and processes.
The overarching goal is to protect National Critical Information Infrastructure (“NCII”) which is defined as
“…a computer or computer system which the disruption to or destruction of the computer or computer system would have a detrimental impact on the delivery of any service essential to the security, defence, foreign relations, economy, public health, public safety or public order of Malaysia, or on the ability of the Federal Government or any of the State Governments to carry out its functions effectively”
.
Extraterritorial Application
One notable feature of the Bill is its extraterritorial effect. It applies not only to individuals within Malaysia but also to those outside the country.
Specifically, if an offense under the Bill pertains to an NCII—whether wholly or partly located in Malaysia—the law applies regardless of the offender’s physical location.
Foreign companies operating in Malaysia should take note of this extraterritorial reach, as their activities related to NCIIs within the country may fall under the Bill’s purview.
Key Provisions
The Bill designates specific sectors as NCII Sectors:
Government
Banking and finance
Transportation
Defence and national security
Information, communication and digital
Healthcare services
Water, sewerage and waste management
Energy
Agriculture and plantation
Trade, industry and economy
Science, technology and innovation
Entities operating in these sectors must comply with the regulatory requirements outlined in the Bill. Each NCII Sector will have a designated sector lead responsible for regulating compliance within that sector.
Both private and public entities designated as NCII Entities will be subject to compliance once the Bill comes into force. The newly introduced duties are:
Duty to provide information relating to national critical information infrastructure to the relevant NCII sector lead
Duty to implement the code of practice prepared by the relevant NCII sector lead
Duty to conduct cyber security risk assessment and audit
Duty to give notification on cyber security incident
Furthermore, the Bill introduces licensing requirements for providers of cybersecurity services. Compliance with these requirements is essential for service providers.
Lastly, the Bill establishes the National Cyber Security Committee, responsible for overseeing cybersecurity matters.
Implications for Foreign Companies under Malaysia’s Cyber Security Bill 2024
The proposed licensing requirements for providers of cybersecurity services will be relevant for foreign companies offering such services within Malaysia as they must obtain the necessary licenses to operate legally.
Entities operating in sectors designated as NCII will face numerous new compliance requirements. Foreign companies involved in these sectors need to align their practices with the specified security measures and standards stipulated in the Bill and – not yet enacted – implementation rules.
The Bill empowers regulatory authorities to impose administrative fines for non-compliance. These fines can be substantial and may vary based on the severity of the violation. Authorities can also issue cessation orders, requiring an entity to cease specific activities related to cybersecurity if they pose a risk to national security or critical infrastructure. Certain violations may lead to criminal charges. Foreign companies failing to meet their obligations could face legal proceedings and potential imprisonment for responsible individuals. Compliance with the Bill will be crucial for foreign companies seeking to operate in Malaysia. In addition to fines and potential imprisonment in serious cases, failure to comply may result in restricted market access or exclusion from critical sectors.
Operational Challenges
The Bill imposes compliance obligations that, depending on the specific circumstances, may require foreign companies to store certain data locally, impacting their existing data management practices. The Bill mandates timely reporting of cybersecurity incidents. Foreign companies must establish incident response protocols and report breaches promptly, and they should conduct thorough due diligence before entering the Malaysian market. Understanding the Bill’s requirements and assessing risks will become an integral part of market entry and operations strategy.
In summary, foreign companies operating in Malaysia must proactively assess their cybersecurity practices, obtain necessary licenses, and comply with the requirements imposed on them under the Bill. Failure to do so could have serious consequences for companies’ future business in the country. As the bill awaits royal assent, affected entities should prioritize alignment with its provisions to avoid adverse effects on their operations.
From The Newsletter
Newsflash ASEAN
Contact
Felix Engelhardt
Manager
+60 3 2276 2755
Send inquiry
How We Can Help
R
ö
dl & Partner in ASEAN
Rödl & Partner in Malaysia
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
