The Parliament of Malaysia announced that the Cybersecurity Bill 2024 passed the Parliament on March 27, 2024, after its first reading on March 25, 2024.

What are the key provisions of the bill?

In particular, the bill provides for:

• the establishment of the National Cyber Security Committee;
• duties, and powers of the Chief Executive of the National Cyber Security Agency;
• functions and duties of the national critical information infrastructure (CII) sector leads and entities;
• management of cybersecurity threats and cybersecurity incidents to national CII; and
• the regulations for cybersecurity service providers.

Notably, the bill states that no person can provide any cybersecurity service or advertise, or in any way hold themselves out as a provider of a cybersecurity service unless they hold a license issued under the bill. Importantly, this provision will not apply in the case where the cybersecurity service is provided by a company to its 'related company.'

The bill further details, among other things, the conditions of the license, qualification for application of license, requirements to maintain records, and the renewal, revocation, and suspension of a license.

Next steps

The bill will become law on Royal Assent and enter into effect on a date appointed by the Minister in charge of cybersecurity by notification in the Gazette

You can read the bill here and view its legislative history, only available in Malaysian, here.