SC Calls for Feedback in Public Consultation for Reforms to Digital Asset Exchange Operators
The Securities Commission Malaysia (“SC“) has released a public consultation paper proposing significant reforms to the Guidelines on Recognised Markets (“RMO Guidelines“), with a strong focus on the governance and operations of Digital Asset Exchanges (“DAXs“) in Malaysia. If pushed through, these proposals could significantly reshape the regulatory landscape for existing and prospective DAX operators in Malaysia, including the following:
- Enhanced and stricter safeguards: DAX operators and affiliates would explicitly be prohibited from co-mingling client assets. DAX operators would be required to hold at least 90% of investors’ digital assets in cold wallets, and maintain distinct wallet addresses and trust accounts for local and foreign transactions.
- Higher capital requirements: It is proposed that paid-up share capital be increased to a minimum of RM15 million, with shareholders’ funds increased to a minimum of RM5 million or 25% of DAX’s operating expenses.
- Operational localisation: Key senior management responsible for access to wallet addresses must be Malaysian residents. The proposals explicitly prohibit any foreign or domestic affiliate entities from exercising control or operational influence over wallet infrastructure, including private keys and custody arrangements.
- Token listings liberalisation: SC is proposing a Liberalisation Framework allowing DAX operators to conduct due diligence and determine the suitability of tokens for trading, subject to safeguards and criteria. Feedback is also sought on potential listings of utility tokens, stablecoins and other digital assets such as meme coins and privacy coins.
These proposals reflect SC’ dual approach of supporting innovation through token listings liberalisation, while also tightening safeguards, governance and security controls. This balance supports digital asset innovation in a highly secure and locally governed framework in Malaysia, and presents a valuable opportunity for market players to give feedback.
The public consultation ends on 11 August 2025.
For more information, click here to read our Legal Update.
Legislative Changes and Implications for Competition Law in the Aviation Services Sector
The Malaysian Aviation Commission (“MAVCOM“), the current regulator of certain aviation services and economic matters relating to the civil aviation industry, is expected to be dissolved in the near future on a date to be determined by the Minister of Transport, Malaysia (“Appointed Date“). Pursuant to the Malaysian Aviation Commission (Dissolution) Act 2024, all MAVCOM’s powers, rights, duties, liabilities and obligations will be devolved to the Civil Aviation Authority of Malaysia (“CAAM“) on the Appointed Date.
Based on CAAM’s Advisory Information 07/2025 dated 23 June 2025, the rationalisation of functions between CAAM and MAVCOM will take effect on 1 August 2025.
Businesses operating in the aviation industry, particularly those intending to apply for individual exemptions or submit merger notifications, should monitor this regulatory transition. While CAAM will inherit MAVCOM’s economic regulatory powers, it is unclear whether the guidelines for competition law issued by MAVCOM will be equally applicable under CAAM’s regulation.
Updates on Upcoming Laws and Regulations in the Technology, Media and Telecommunications Space
In 2024, the Technology, Media and Telecommunications (“TMT“) space witnessed significant legal and regulatory developments, as the Government focused on strengthening the country’s legal framework for the digital economy, and addressing online harms and emerging technologies. Many initiatives introduced in 2024 have carried over into 2025, with several new developments, and more expected in the coming months.
An overview of key regulatory developments in the TMT space include:
- Gazettement of the Online Safety Act 2025 (“OSA”): The OSA, which imposes new duties on online service providers to address harmful content on their services, was officially published in the Federal Gazette on 22 May 2025, but has yet to come into force. The Communications Minister has since announced that its official commencement will be contingent on the finalisation of 10 subsidiary instruments required for the operationalisation of the OSA, which is currently anticipated to be completed between Q4 2025 and Q2 2026. For more information on the key features of the OSA, click here to read our Legal Update;
- Commencement of Malaysian Media Council Act 2025 (“MMCA”): The MMCA, which aims to establish an independent statutory media council to regulate and develop the media industry, officially came into force on 14 June 2025. In conjunction with its commencement, the Minister of Communications also announced the appointment of the founding board members of the newly established Malaysian Media Council (“Council“). The Council will be responsible for drawing up a Code of Conduct and a Dispute Resolution Procedure to handle public complaints against the media industry under the MMCA;
- Review of e‑commerce legal framework: The Domestic Trade and Cost of Living Minister recently announced that the comprehensive review of Malaysia’s e-commerce legal framework, which began in 2024, is expected to be completed by August 2025. The objective of the review is to introduce a more comprehensive legal framework that affords better consumer protection and encourages wider adoption of e-commerce platforms.
The Minister aims to finalise the review and obtain Cabinet approval by the end of 2025. This includes determining whether to introduce a new standalone e-commerce framework or to amend existing laws to ensure they are more comprehensive, relevant, and aligned with current challenges.
- Upcoming Personal Data Protection Guidelines for Automated Decision Making and Profiling (“ADMP”), Data Protection by Design (“DPbD”) and Data Protection Impact Assessment (“DPIA”): As part of the suite of subsidiary guidelines being developed by the Personal Data Protection Commissioner (“Commissioner“) to supplement the changes introduced by the Personal Data Protection (Amendment) Act 2024, public consultation papers have been issued for three upcoming guidelines on ADMP, DPbD, and DPIA. The public consultation period concluded on 19 May 2025, and the guidelines are currently pending finalisation by the Commissioner and relevant government agencies.
For further information, click here to read our Legal Update.
- Review of the Communications and Multimedia Content Forum’s (“CMCF”) Content Code: The CMCF has initiated a review of the Content Code. Public consultation on the current version concluded on 31 May 2025, and the preparation of a revised draft Content Code by the CMCF is currently pending, with the potential conduct of a second round of public consultation. Once finalised, the revised Content Code must be approved by and registered with the Malaysian Communications and Multimedia Commission.
- Broader reforms under consideration for parental shared responsibility on minor safety: The Law and Institutional Reform Minister (“LIR Minister“) has indicated that the Government is reviewing existing legal provisions to introduce clearer and stronger parental obligations in relation to the online safety of minors. This may include proposed amendments to require parents to monitor their children’s online activities and participate in digital safety education programmes. While no fixed timeline has been set for the tabling of such reforms, the LIR Minister has confirmed that this remains an active area of review for her office. Further updates will be provided once a formal proposal is ready for Cabinet or parliamentary consideration.
- Updates on standalone artificial intelligence (“AI”) legal framework: The Digital Minister has recently updated that his Ministry is still finalising the proposed regulatory framework for AI. The Government is currently evaluating the most appropriate regulatory model for AI. The Digital Minister hopes to table Malaysia’s first dedicated AI legislation by the second half of 2026. This upcoming bill is expected to establish Malaysia’s first legal framework to govern AI, address the current regulatory gap and provide clearer guidance for businesses and developers.
Launch of the Personal Data Protection Guideline for Cross-Border Data Transfers under the Personal Data Protection Act 2010
On 29 April 2025, the Personal Data Protection Commissioner issued the Cross-Border Data Transfer (“CBDT“) Guideline which provides additional guidance on the specific measures and steps that data controllers must take to fulfil the conditions specified under section 129 of the Personal Data Protection Act 2010 (“PDPA“) for cross-border data transfers.
Background: Section 129 of the PDPA (as amended by the Personal Data Protection (Amendment) Act 2024) sets out conditions for the transfer of personal data outside Malaysia.
Data controllers are required to fulfil at least one of these conditions to lawfully carry out cross-border data transfers.
Examples of the prescribed conditions include ensuring that the recipient jurisdiction has a law in place that is substantially similar to the PDPA. The CBDT Guideline provides that, to rely on this condition, data controllers must conduct a Transfer Impact Assessment (“TIA“) to assess the personal data protection laws of the recipient country, taking into account the specific factors outlined in the CBDT Guideline.
The CBDT Guideline also introduced a new record-keeping obligation. Data controllers must maintain records of all outbound transfers of personal data from Malaysia, including the condition(s) relied upon for each transfer.
All Data Controllers who transfer personal data outside Malaysia are strongly encouraged to review the CBDT Guideline to ensure continued compliance with cross-border data transfer conditions under Section 129 of the PDPA. Failure to comply with any of these conditions, when conducting such transfers, constitutes a criminal offence and may render Data Controllers liable to a fine of up to RM300,000, imprisonment for up to two years, or both.
For more information, click here to read our Legal Update.
MyCC's Market Review of the Digital Economy Ecosystem
In March 2025, the Malaysia Competition Commission (“MyCC“) published its Interim Report titled “Market Review of the Digital Economy Ecosystem under the Competition Act 2010” (“Interim Report“), following its latest review of competition issues in Malaysia’s digital economy. The Interim Report was coupled with a public consultation process to gather feedback on the Interim Report, prior to the issuance of the final report.
MyCC also launched a nationwide public survey as part of its market review initiative, at around the same time. MyCC, in its public announcement, highlighted growing concerns over the unchecked dominance of global digital platforms, stating that such growth should not come at the expense of fair competition, transparency, and opportunities for local businesses. This reflects MyCC’s ongoing commitment to addressing structural and behavioural challenges in the digital economy.
Key competition concerns identified in the review of the following markets include:
- mobile operating and payment system market: high entry barriers, limited application distribution avenues, restrictive payment options and potential self-preferencing;
- e-commerce market: opaque product ranking processes, preferential treatment, exclusive dealing, potential self-preferencing and masking of delivery options;
- digital advertising market: vertical integration of incumbents, opaque algorithms and auction processes and limited access to advertising inventory practices; and
- online travel agencies market: price parity clauses and opaque business practices.
Given that many of these concerns may contravene the Competition Act 2010 and/or the Communications and Multimedia Act 1998, businesses operating in these sectors must review their practices and ensure compliance to mitigate legal and financial risks.
Clear Communication in the Workplace and Risks of “Forced” Leave: Malaysian Court of Appeal Finds Constructive Dismissal in the Absence of Employment Clarity
The Malaysian Court of Appeal in Sudhir a/l A K Kumaren v Industrial Court of Malaysia & Anor [2025] 4 MLRA 385 held in favour of a flight instructor who claimed he was constructively dismissed after, amongst others, being directed to take extended leave.
The dispute arose when Sudhir Kumaren (“Employee“) received a letter on 13 October 2017 from his employer (“Company“) who directed him to utilise his 56 days of annual leave over a spread of almost three months and hand over his duties and return company property, while being told that the Company reserved the right to “review” his employment upon his return from leave. The Employee responded through a letter dated 23 October 2017 contending that the Company had indicated an intention to dismiss him from his employment, and he sought confirmation that he would remain employed upon his return from leave. The Employee did not respond to his letter, and he wrote a further letter dated 13 November 2017 to the Company stating that he deemed himself constructively dismissed.
The Company, for its part, issued a letter on 19 January 2018 (following the expiration of the Employee’s leave entitlement), stating that if the Employee did not report for work, his absence would be deemed as abandonment of his employment.
The Employee, meanwhile, filed a claim at the Industrial Court, alleging that he had been constructively dismissed by the Company.
The Industrial Court, after full trial, found that there was no reason to doubt the Company’s evidence that it wanted the Employee to remain with the Company, and dismissed the Employee’s claim. The Employee then filed an application for judicial review to the High Court against the decision of the Industrial Court, but that too was dismissed.
On 13 March 2025, a three-member panel of the Court of Appeal (“Court“) allowed the Employee’s appeal and remitted the case back to the Industrial Court for assessment of back wages and compensation, overturning the earlier decisions of both the Industrial Court and High Court.
The Court found that the Company’s actions breached the employment contract and collectively undermined (i) the employment relationship; (ii) the implied term of mutual trust; and (iii) confidence between the Employee and the Company. The Court further held that the Company’s silence (in response to the Employee’s letter seeking confirmation of his continued employment upon his return from leave) contributed to the constructive dismissal.
The Court’s decision underscores the importance of timely and clear communication between companies and their employees, highlighting that relevant factors should be taken into account by companies when issuing directives or instructions to employees to utilise their accrued annual leave, especially if such directives or instructions are accompanied by actions (e.g. reassignment of duties) that may be construed as raising ambiguity about the employment status of an employee.
Federal Court Upholds Liability against Public Bank for Breach of Duty of Confidentiality
In Public Bank Berhad v National Feedlot Corporation Sdn Bhd & Ors & Another Appeal [2025] CLJU 1556, there were two questions of law posed to the Federal Court. These concerned the scope and nature of a bank’s duty of confidentiality under common law, specifically, whether it would be subject to exceptions.
The Plaintiffs, as customers of Public Bank, alleged that the bank had wrongfully disclosed confidential information about their accounts to third parties. They claimed that this disclosure led to a press conference at which their banking details were made public. On this basis, the Plaintiffs commenced proceedings against Public Bank for breach of its statutory, contractual and/or fiduciary duties of confidentiality as a financial institution.
Public Bank’s defence was that, among others, the disclosure was a result of two “rogue” employees who had gone beyond the scope of their employment and were on a frolic of their own.
At the High Court, the Plaintiffs’ claim was dismissed. The High Court held that the disclosure was an unauthorised act of “rogue employees” who had acted beyond their powers. As such, Public Bank had no involvement or had not provided authorisation for the leak. Consequently, damages were not awarded. In obiter, the Court also remarked that even if liability was found, only nominal damages in the sum of RM15 would have been awarded.
The Court of Appeal reversed the High Court’s decision and found that Public Bank had breached an implied contractual term imposing a duty of confidentiality not to disclose the Plaintiffs’ banking information. Nominal damages of RM10,000 were awarded to the Plaintiffs. Aggrieved, Public Bank appealed against the decision on liability, while the Plaintiffs appealed against the decision on nominal damages.
The Federal Court dismissed Public Bank’s appeal and held that Public Bank’s duty of confidentiality towards National Feedlot Corporation and four others are governed by statute (in this case, section 97(1) of the Banking and Financial Institutions Act 1989 (“BAFIA“) and was not an implied contractual duty under the Tournier principle as developed by common law. It was further reported by the media that Public Bank was found liable to National Feedlot Corporation and four others for the sum of RM90 million in damages (including exemplary and aggravated damages). The part of the Federal Court’s decision on the quantum of damages that was awarded has not been reported as of the date of this write up. It is to be noted that BAFIA has since been repealed by the Financial Services Act 2013, which also contains a secrecy provision under section 133.
Please note that whilst the information in this Update is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as a substitute for specific professional advice
