
The Dewan Rakyat yesterday has passed the Cybercrimes Bill 2026, a new law aimed at strengthening Malaysia’s ability to tackle modern cybercrime, including offences involving deepfakes and AI-generated intimate images. The Bill marks the culmination of efforts that began last year, when the government confirmed it was drafting a dedicated cybercrime law to address gaps in the existing legal framework and deal with increasingly sophisticated online offences.
The Bill, which contains 61 clauses, was approved through a majority voice vote on Wednesday after being debated by 48 Members of Parliament from both the government and opposition. It introduces several new offences that were previously not clearly covered under existing legislation, particularly those involving digitally manipulated content.

AI Content Not Automatically Illegal
One of the Bill’s headline provisions targets malicious deepfakes and the non-consensual sharing of digitally manipulated intimate images. According to Deputy Prime Minister Datuk Seri Dr Ahmad Zahid Hamidi, generated content does not become illegal simply because AI was used. Instead, prosecutors must still prove that an offence was committed, including establishing criminal intent, how the content was used, and the harm it caused.
The Cybercrimes Bill 2026 also introduces specific offences for the creation or use of digitally manipulated content to facilitate crimes, as well as the distribution of intimate images without consent, including AI-generated or digitally altered ones. These are areas that existing laws did not explicitly address.

Access Must Follow Legal Procedures
During the debate, several MPs raised concerns over the powers granted to investigators, particularly regarding access to computer systems, digital data, and the seizure of electronic devices. In response, Zahid stressed that the Cybercrimes Bill 2026 does not give authorities unrestricted powers or override existing legislation such as the Official Secrets Act 1972. He said any access to computer systems or digital data must follow legal procedures and cannot be carried out arbitrarily.
For example, investigators may only issue a notice requiring computer data to be preserved if they believe the information is needed for an investigation and there is a risk that it could be deleted, altered or destroyed. Likewise, requests for the disclosure of computer data must be made through written notices and only as part of a lawful investigation.

Stronger Protection For Victims
The government said the new law is intended to better protect victims who are increasingly being targeted by cybercriminals through scams, sexual exploitation, revenge pornography, and manipulated digital content. To improve enforcement, the Royal Malaysia Police (PDRM) will remain the lead agency for investigations, while the National Cyber Security Agency (NACSA) will coordinate efforts alongside the Malaysian Communications and Multimedia Commission (MCMC), Bank Negara Malaysia, and other technical agencies.
The government also plans to work more closely with digital platform providers and international partners. This is aimed to speed up the removal of illegal online content, while strengthening real-time information sharing through the National Scam Response Centre (NSRC).

New Cybersecurity Centre Already Established
Separately, Zahid revealed that the government established the Cybersecurity and Cryptology Development Centre on 3 June by merging CyberSecurity Malaysia with the Malaysian Cryptology Technology and Management Centre under NACSA. He said the new centre will strengthen Malaysia’s cyber expertise, including capabilities in AI forensics, as cyber threats continue to evolve.
(Source: Bernama)