Data Centres: An International Legal and Regulatory Perspective Spotlight on Malaysia

“Malaysia is not only reducing its carbon footprint but also positioning itself as a responsible and forward-thinking leader in the global data economy.”

By integrating sustainability into its digital infrastructure strategy, Malaysia is not only reducing its carbon footprint but also positioning itself as a responsible and forward-thinking leader in the global data economy. These efforts are helping to attract environmentally conscious investors and operators who are looking to build and expand in markets that support long-term green growth.

Protective Legislative and Regulatory Framework

Malaysia’s data centre industry operates within a well-established legal and regulatory environment that prioritizes data security, cyber resilience and operational integrity. This framework plays a vital role in building investor confidence and ensuring that data centres meet international standards for safety and accountability.

At the core of Malaysia’s cybersecurity legislation is the Computer Crimes Act 1995, which mandates that data centres implement stringent measures to safeguard against cyber threats. These measures are designed to protect the integrity, confidentiality and availability of data stored and processed within these facilities. Operators are required to maintain robust systems that can detect, prevent and respond to malicious activities, ensuring that sensitive information remains secure.

Oversight of the data centre sector is provided by the Malaysian Communications and Multimedia Commission (“MCMC”), which regulates operations and enforces high standards in data protection. The MCMC plays a key role in ensuring that data centres comply with national policies and technical codes, particularly in areas related to network security, data privacy and service reliability.

Malaysia also maintains a business-friendly approach to foreign investment, with minimal restrictions on foreign ownership in the data centre sector. This openness has helped attract global players and foster a competitive environment for digital infrastructure development.

A cornerstone of Malaysia’s data protection regime is the Personal Data Protection Act 2010 (“PDPA”). This legislation governs how personal data is collected, processed and stored by both public and private entities. Under the PDPA, data centres must implement technical and organisational safeguards to prevent unauthorised access, loss or misuse of personal data. The law promotes transparency and accountability, requiring data controllers and processors to uphold high standards of privacy and security.

The Communications and Multimedia Act 1998 (“CMA”) further strengthens the legal framework by providing comprehensive guidelines for Malaysia’s digital and communications industries. It empowers the MCMC to enforce regulations related to online activities, data privacy and network integrity, and requires data centres to secure the systems and infrastructure they operate.

In the financial sector, Bank Negara Malaysia has issued a Policy Document on Risk Management in Technology, which sets out requirements for financial institutions to ensure that their data centres meet resilience and availability objectives aligned with business continuity needs. This policy underscores the importance of reliable infrastructure in supporting Malaysia’s financial ecosystem.

Environmental sustainability is also gaining prominence in the regulatory landscape. Data centres are increasingly pursuing certifications such as the Green Building Index (“GBI”) and Leadership in Energy and Environmental Design (“LEED”) to demonstrate compliance with energy efficiency and environmental standards. These certifications reflect a growing commitment to sustainable operations and responsible resource management.

Additional requirements include voluntary industry codes issued by the MCMC, such as the Technical Code on Specifications for Green Data Centres, which provide best practices for environmentally friendly design and operation. Operators must also navigate import permits and duties related to the procurement of data centre equipment, ensuring compliance with trade and customs regulations.

Together, these legal and regulatory measures form a comprehensive framework that supports the secure, sustainable and resilient growth of Malaysia’s data centre industry.

CHALLENGES AND FUTURE OUTLOOKS

Current Challenges