Malaysia is moving towards a broader approach to artificial intelligence governance as AI tools become more common in workplaces, public services, business platforms, and everyday online life.
The government wants to encourage AI adoption as part of the country's digital growth plans, but it is also increasingly focused on the risks that come with fast-moving technology. Deepfakes, synthetic media, impersonation, fraud, and other forms of AI-enabled misuse are now part of that conversation.
Rather than waiting for a new law to be completed before taking action, the government is looking at a two-pronged strategy. Existing laws would continue to be used against harmful or illegal AI-related activity, while a forthcoming AI Governance Bill is expected to introduce clearer preventive measures and responsibilities for those developing or deploying AI systems.
Existing Laws Would Still Apply
One important point is that AI-generated content does not exist outside the law simply because it was created by a new technology.
If someone uses AI to impersonate another person, commit fraud, spread harmful material, or produce content that violates existing laws, authorities may already have legal avenues to investigate and act. The proposed AI Governance Bill is not intended to replace those laws overnight.
Instead, it is expected to add another layer.
That distinction matters because harmful AI content can spread quickly. A deepfake video, cloned voice recording, or manipulated image can be created and shared long before a new piece of legislation is passed, debated, and enforced.
By relying on current laws while drafting a more dedicated AI framework, the government is trying to address immediate concerns without losing sight of the longer-term challenge.
The Bill Would Focus on Prevention, Not Just Punishment
Digital Minister Gobind Singh Deo has described the proposed AI Governance Bill as a preventive layer that would sit alongside existing legal measures.
The broader aim is to look beyond the final piece of content that people see online. Instead of only responding after a harmful deepfake or fraudulent AI-generated message has already caused damage, the government wants the framework to consider how AI is designed, tested, released, and monitored.
That means responsibility could extend across the lifecycle of an AI system.
For example, future requirements may place greater attention on risk assessments before deployment, data protection practices, model safety, testing processes, and the steps taken by developers or providers to reduce foreseeable harm.
The exact details of the Bill have yet to be finalised, but the direction is clear: AI governance is likely to become more focused on accountability before problems grow into widespread public harm.
Why Deepfakes Are Becoming a Major Concern
Deepfakes are one of the clearest examples of why governments around the world are paying closer attention to AI governance.
A convincing AI-generated video, image, or voice clip can make it appear as though someone said or did something that never happened. In some cases, this can be used for scams, identity theft, misinformation, reputational damage, or harassment.
The technology itself is not always harmful. AI-generated content can also be used in entertainment, accessibility tools, education, marketing, film production, and creative work.
The problem is whether it is used transparently and responsibly.
When AI content is designed to deceive people, especially when it imitates a real person without consent, the consequences can be serious. Victims may face financial loss, emotional distress, damage to their personal reputation, or difficulty proving that a fake recording is not real.
That is why the government's approach is expected to place particular emphasis on synthetic content, identity manipulation, and high-capability AI systems that can be misused at scale.
Balancing Innovation With Public Protection
Malaysia is not trying to slow down AI adoption entirely. The technology is already being positioned as an important part of economic development, digital transformation, productivity, and public-sector modernisation.
However, innovation works best when people can trust the systems behind it.
Businesses may be more willing to adopt AI when expectations are clearer. Consumers may feel safer using AI-powered services when they know there are rules around privacy, accountability, and harmful misuse. Developers, meanwhile, may benefit from having more defined guidance around what responsible deployment looks like.
The challenge will be finding the right balance.
Rules that are too vague may not provide enough protection. Rules that are too restrictive may make it harder for smaller companies, startups, researchers, and local developers to experiment and compete.
A practical AI governance framework will need to protect people without treating every use of AI as equally risky.
AI Sovereignty Is Also Part of the Discussion
The conversation is not only about deepfakes or online scams.
AI sovereignty has also become part of the wider policy discussion. In simple terms, this refers to a country's ability to make meaningful decisions about the data, infrastructure, standards, and AI systems that affect its people and institutions.
For Malaysia, this could involve questions around where data is stored, how personal information is protected, whether AI models are properly tested before use, and how much control the country has over critical digital systems.
A secure AI ecosystem is not built through one law alone. It also depends on technical standards, cybersecurity, data governance, skilled talent, public awareness, and cooperation between government, industry, researchers, and technology providers.
What This Could Mean for Businesses and Developers
For organisations using AI, the proposed Bill may eventually mean that risk management becomes a more central part of product development.
Companies may need to think more carefully about the data they use, the safeguards built into their systems, the potential for misuse, and how they respond when something goes wrong.
This does not necessarily mean every business will face the same compliance burden. A simple AI-powered writing assistant does not create the same level of risk as a system capable of generating realistic fake identities, influencing public opinion, or making high-impact decisions about people.
A risk-based approach would allow stronger requirements for higher-risk uses while giving lower-risk tools more room to operate.
Final Thoughts
Malaysia's proposed two-pronged approach recognises that AI misuse is already happening, while also accepting that a dedicated governance framework takes time to develop properly.
Existing laws can help address immediate wrongdoing. The AI Governance Bill, meanwhile, is expected to focus on preventing harm earlier by setting clearer expectations across the development and deployment of AI systems.
As AI becomes more deeply woven into daily life, the real test will not be whether Malaysia can regulate the technology quickly. It will be whether the country can create rules that protect people, support innovation, and build public trust at the same time.
Comments