The Passing of the Online Safety Bill 2024

The Malaysian Parliament passed the Online Safety Bill 2024 (the “Bill”) in December 2024. The Bill is an effort of the Malaysian government in combatting against the proliferation of online harmful content. In this generation where Web 2.0 largely dominates the lives of many, it is important for the government to start paying attention to not just physical safety, but also online safety, and the Bill is set out to do just that.

.

When will the Online Safety Bill 2024 become law?

As mentioned earlier, the Bill was only recently passed in December 2024. It has to be presented for Royal Assent before it can be gazetted and come into force on a date to be appointed by the Minister of Communications. As at the date of this article, we are still awaiting further information.

.

Who will this affect?

The Bill, when it comes into effect, will set to affect three (3) groups of people:

• (i) Applications Service Providers – refers to persons who provide services by means of (but not solely) one or more network services (generally those who provide internet access services, messaging services);

• (ii) Content Applications Service Providers – refers to persons who provide services which provide content by means of (but not solely) one or more network services (generally those who provide terrestrial radio broadcasting, subscription broadcasting, satellite broadcasting);
• (iii) Network Service Providers – refers to persons who provide services for carrying communications by means of guided and/or unguided electromagnetic radiation (generally those who provide cellular mobile services, bandwidth services, broadcasting distribution services).

The Applications Service Providers and the Content Applications Service Providers are the most affected by the Bill. As readers will see in the following sections in this article, the Bill primarily imposes obligations and requirements on the ASPs and the CASPs, with minimal obligation on the part of NSPs. This is understandably so given that ASPs and CASPs are typically the ones that operate and maintain social media and applications that us netizens spend most of our free time on.

.

Obligations and requirements under the Bill

The Bill seeks to introduce a series of requirements and obligations on the part of the ASPs and CASPs, with the aim of better regulating the online safety of users of the applications and/or services operated and maintained by the ASPs and CASPs. Without going into details, we are setting out here in this article the obligations and requirements that we find to be most crucial:

3. 1. Mechanism for reporting and handling harmful content
4. The first on the ranking has got to be the harmful content reporting mechanism that the Bill seeks to introduce. As fellow users of social media, most of us are definitely familiar with the “Report” button (sometimes in the form of a red exclamation mark “!” or “flag” symbol”) on the applications that we use. The feature essentially allows users to report a user generated content and flag it to the platform operator or service provider for their attention. The reason for reporting is usually because the content features false information, nudity or sexual activity, violence inducing elements, or generally matters that could cause users or the public at large to feel uncomfortable, harassed or unsafe. Following the receipt of a report, the ASPs and CASPs are required to review the report and respond based on the manners prescribed under the Bill.
5. Local social media platform operators or service providers will now have no choice but to incorporate this content reporting mechanism in their applications. Essentially, users of applications and social media will now have the power to regulate the conducts of the online communities that they are in, putting safety into the hands of the users. We will be covering in a separate article the detailed working of the harmful content reporting mechanism sought to be introduced by the Bill.
6. .
7. 2. Publication of User Guidelines
8. Similarly, many online platforms, websites, applications and social media would have a document setting out the terms and conditions that users are bound by while using the applications or services. The document may go by the name “Terms of Service” or “Terms of Use”.
9. The Bill seeks to make it compulsory for ASPs and CASPs to prepare and publish on their services user guidelines which essentially will contain the provisions found in an online terms and conditions. In addition, the user guidelines will also need to incorporate a description of measures implemented by the ASPs and CASPs in mitigating risk of exposure to harmful content.
10. Similar to the user guidelines, the Bill would also require the ASPs and CASPs to prepare an Online Safety Plan, detailing how their obligations under the Bill are being complied with. The form and minimum information required in the Online Safety Plan will be prescribed later, presumably through a regulation or guideline to be published by the relevant regulators.
11. .
12. 3. Self-manage online safety
13. Once the Bill comes into force, it will also be mandatory for ASPs and CASPs to implement tools or settings on their services for users to be able to manage their online safety themselves. While this requirement may sound rather ambiguous, the Bill does make it clear that at the minimum the users must be able to prevent or limit other users from identifying, locating or communicating with them.
14. .
15. 4. Introduction of mechanism for user assistance
16. The Bill is also seeking to make it compulsory for ASPs and CASPs to introduce mechanism on their services for user assistance. Essentially, the services operated by the ASPs and CASPs will soon need to have features that allow users to raise concerns and obtain more information with respect to online safety, as well as to make enquiries.
17. .
18. 5. NSPs to Restrict Access to Harmful Content
19. It can be said that the NSPs will only have to be really concerned with one requirement under the Bill – the obligation to restrict the relevant parts of their network services to make harmful content permanently inaccessible to all users of their network services. The Bill seeks to empower the Malaysian Communication and Multimedia Commission to instruct NSPs to disable access on their network services to any content online that is determined to be harmful.

How can the ASPs, CASPs and NSPs prepare for the Bill?

The Bill is rather clear in terms of the requirements that it seeks to impose on the relevant service providers in Malaysia. In order for the ASPs, CASPs and NSPs to prepare for the imminent coming into force of the Bill, the following steps are recommended:

• (a) Understanding the requirements of the Bill – It would be crucial for the affected service providers to undertake a thorough examination of the Bill to assess the requirements that are applicable to them. As mentioned earlier, most of the requirements under the Bill are applicable to ASPs and CASPs. Some of these requirements would require the ASPs and CASPs to make changes to their services on a technical and operational level, and hence early preparation would be key.
• (b) Conducting gap analysis – Having identified the requirements under the Bill that are applicable to the ASPs and CASPs, a gap analysis will be helpful to ascertain which of these requirements are not being met. The existing services offered by the ASPs and CASPs may already have some online safety mechanisms sought to be made compulsory through the Bill, but they may not yet be at the standards that the Bill is expecting them to be.
• (c) Change implementation for compliance with the Bill – The last step of preparation is obviously to implement the relevant changes to the services of the ASPs and CASPs to bring them in conformity with the requirements under the Bill. It is advisable that the IT team / developers, compliance team and legal team of the ASPs and CASPs to work together while implementing the new changes to ensure that they are compliant with the Bill.

If you are an Applications Service Provider, Content Applications Service Provider or a Network Service Provider and would like to know more about the Online Safety Bill 2024, please do not hesitate to contact the partners from our Technology Practice Group (contact details below) for more information. Our Technology Practice Group frequently works with online service providers and platform operators, including on compliance with local laws, and will definitely be able to assist you with your undertaking.

About the authors

Lo Khai Yi
Partner
Co-Head of Technology Practice Group
Technology, Media & Telecommunications (“TMT”), Technology
Acquisition and Outsourcing, Telecommunication Licensing and
Acquisition, Cybersecurity
ky.lo@hhq.com.my.

.

Ong Johnson
Partner
Head of Technology Practice Group
Technology, Media & Telecommunications (“TMT”),
Fintech, TMT Disputes, TMT Competition, Regulatory
and Compliance
johnson.ong@hhq.com.my

More of our Tech articles that you should read:

• • Dissecting IP-Related Clauses in IT Contracts
• • Due Diligence on Open-Source Software
• • Preparing for the Personal Data Protection (Amendment) Act 2024: A Three-Stage Implementation Plan