Govt tables Cybercrime Bill in Parliament to replace outdated computer crimes law, cover AI offences

KUALA LUMPUR, June 22 — The Cybercrime Bill 2026, which seeks to repeal the Computer Crimes Act 1997 (Act 563), was tabled for its first reading in the Dewan Rakyat today.

Deputy Prime Minister Datuk Seri Dr Ahmad Zahid Hamidi said that cybercrime threats today not only involve computer system intrusions and data theft, but also encompass identity theft, online fraud, exploitation and ransomware attacks, as well as the misuse of technologies such as artificial intelligence (AI).

“Therefore, the Cybercrime Bill 2026 is important in preventing and combating increasingly complex cybercrimes,” he said in a statement after tabling the Bill, adding that the second and third readings are scheduled for July 1.

Ahmad Zahid said the Bill is intended, among other things, to repeal the Computer Crimes Act 1997 (Act 563) to ensure that Malaysia can meet its international obligations under the Budapest Convention (Council of Europe Convention on Cybercrime) and the United Nations Convention Against Cybercrime.

“The Cybercrime Bill 2026 will provide regulatory and law enforcement powers relating to cybercrime and will be regulated by the National Cyber Security Agency (Nacsa) under the National Security Council (MKN), Prime Minister’s Department (JPM),” he said.

Ahmad Zahid said the Bill contains eight parts and 61 clauses that will provide regulatory and enforcement powers for addressing increasingly complex cybercrime offences, and expressed confidence that its enactment would improve the national cybersecurity ecosystem and ensure a safer, secure and trustworthy digital environment.

“Through a more sustainable legal framework, it will not only comprehensively protect the public but also support digital economic growth, encourage innovation and enhance Malaysia’s competitiveness at the regional and global levels,” he said.

Meanwhile, the text of the Bill published on the Parliament portal today revealed that it contains 61 clauses covering various types of cybercrime and penalties for offences involving unauthorised access to computers for the purpose of committing offences, computer-related forgery, computer-related fraud and offences relating to the National Digital Identity service.

The Bill outlines offences and proposed penalties relating to false communications, identity theft, the transmission of content generated or manipulated using computer systems and the dissemination of intimate images.

Clause 10 proposes that any person who intentionally accesses a computer system without authorisation or lawful excuse may, upon conviction, be fined up to RM100,000, imprisoned for up to three years or both, while Clause 13 prohibits a person from damaging, deleting, altering or obstructing access to computer data without authorisation or intentionally doing so.

The offence carries a penalty of a fine of up to RM100,000, imprisonment for up to three years or both.

Meanwhile, Clause 16 provides for the offence of falsifying computer data, including inserting, altering, deleting or concealing data without authorisation, resulting in false data intended to be regarded as authentic and used for legal purposes, and is punishable with fines of up to RM500,000 or seven years’ jail, or both, in cases involving valuable security instruments, while for other cases, the offender may be fined up to RM300,000 or imprisoned for up to five years or both.

Also, Clause 19 concerns the offence of disclosing a National Digital Identity password or granting access to another party while knowing or having reasonable grounds to believe that such access will be used to commit or facilitate an offence.

The offence carries a penalty of a fine of up to RM100,000, imprisonment for up to three years or both.

Clause 24 seeks to establish an offence for disseminating intimate images of any person by sending, distributing, publishing, selling, offering for sale or otherwise making such images available and is punishable with fines of up to RM3,000,000 or jail terms not exceeding five years or both, if convicted.

The Bill also provides for enhanced penalties where the offence is committed with the intention of causing embarrassment or harm to, or coercing or threatening, the person depicted in the intimate image. — Bernama