โ† All jurisdictions

Asia

Malaysia

41%DSA alignment

Malaysia pairs a CMA-based social-media licensing/content-control regime (ASP-C, MCMC) with the new Online Safety Act 2025 and its June-2026 codes, which add genuine accountability duties (mandatory annual written risk assessments, a child-safety duty of care and age verification for 16+) enforced by MCMC fines up to RM10m, but no DSA-style public transparency instruments.

In forceOnline Safety Act 2025 + Risk Mitigation & Child Protection Codes (2025)ยท MCMC
In forceCommunications and Multimedia Act 1998 + ASP-C social-media licensing (1998)ยท MCMC

Scored against the DSA

Each obligation the DSA imposes on very large platforms, and whether Malaysiaโ€™s law requires the same. Cells cover DSA-style, user-protective transparency and accountability only.

  • Required by law
  • Partial / emerging
  • No such obligation
  • Undetermined

Transparency

  • No such obligation

    Public ad libraryDSA Art. 39

    No public ad-library; the Risk Mitigation Code requires advertiser verification, not a public archive.

  • Transparency reportsDSA Art. 15 / 24 / 42

    ONSA requires published user-facing safety guidelines and ASP-C licensees submit biannual compliance reports to MCMC (regulator-facing, not necessarily public).

    Source โ†—
  • No such obligation

    Researcher data accessDSA Art. 40

    No researcher data-access mandate.

  • No such obligation

    Reach disclosureDSA Art. 24(2)

    No public reach-disclosure duty; the 8M-user figure is a licensing threshold.

Accountability

  • Required

    Systemic risk assessmentDSA Art. 34โ€“35

    The Risk Mitigation Code (in force June 2026) requires licensed providers to conduct annual written harmful-content risk assessments and keep records.

    Source โ†—
  • No such obligation

    Independent auditDSA Art. 37

    No external audit mandate; obligations are internal risk-assessment and record-keeping.

  • No such obligation

    Algorithmic transparencyDSA Art. 27 / 38

    No recommender-transparency duty; ONSA only requires personalised recommendation systems be controlled suitably for child users.

  • Required

    Regulator + penaltiesDSA Art. 49โ€“52, 74

    MCMC can impose ONSA penalties up to RM10,000,000 for code non-compliance, plus CMA/ASP-C fines and licence revocation.

    Source โ†—

Child protection

  • No such obligation

    No profiling ads to minorsDSA Art. 26(3) / 28

    No ban on targeted advertising to minors.

  • Required

    Age assuranceBeyond the DSA

    The Child Protection Code (in force June 2026) requires platforms with 8M+ users to verify ages against government records so only 16+ may register.

    Source โ†—
  • Required

    Child-safety duty of careDSA Art. 28

    ONSA imposes a duty of care that services be safe by design and default for children, operationalised by the Child Protection and Risk Mitigation Codes.

    Source โ†—

On the horizon

What's being debated

Online Safety Act 2024/2025 + social-media class licensing

A risk-based duty of care requiring platforms to publish an Online Safety Plan and safety guidelines and enable reporting, plus an MCMC class-licence regime for platforms with 8M+ users.

Latest: The Online Safety Act came into force 1 January 2026; MCMC deemed major platforms licensed from 2026, with penalties up to RM10M. source โ†—

Compare every jurisdiction

Malaysia is one of 30 non-EU jurisdictions we scored against the DSA. See them all side by side.