Cybercrimes bill seeks to empower authorities to collect data from service providers

 The proposed law will allow prosecutors to obtain internet traffic data and the contents of communications if relevant to an investigation.

Offences involving hacking, computer-related fraud, identity theft, manipulated online content, and ‘intimate images’ are covered by the proposed bill.

PETALING JAYA:

Internet service providers and telecommunications companies may face fines of up to RM1 million or imprisonment of up to 10 years if they fail to comply with certain duties under a new draft law scheduled for tabling in the Dewan Rakyat.

The Cybercrimes Bill 2026 seeks to replace the Computer Crimes Act 1997 with a wider law covering online crime, digital fraud, identity theft, manipulated content, and the misuse of digital identification.

Among others, the bill also seeks to empower the authorities to obtain both internet traffic data and the actual contents of communications from service providers during investigations.

Under the bill, the public prosecutor may require a service provider to collect or record such data if it is considered relevant to an investigation.

Internet traffic data may include details such as a message’s origin, its destination, when it was sent, how long the communication lasted and what type of service was used.

The bill states that service providers must confidentially hand over such data to authorised officers when asked.

It also allows an authorised officer to enter premises and install a device to intercept, retain, collect or record communications or content data.

Service providers that fail to maintain the confidentiality of content interception orders may face a fine of up to RM1 million. Those that fail to collect, record or provide internet traffic data may be fined up to RM1 million, and a further fine of up to RM100,000 for every day the offence continues after conviction.

The proposed law also places a general duty on service providers to take steps to prevent their services from being used for cybercrimes. Those who fail to comply with a written notice may face a fine of up to RM1 million or imprisonment of up to 10 years, or both.

The bill says these enforcement powers may also apply to offences under other written laws if they are committed through a computer system, as well as to the collection of electronic evidence for investigations or court proceedings.

The bill also creates offences involving hacking, computer-related fraud, identity theft, manipulated online content, “intimate images”, and offences affecting national critical information infrastructure.

Its explanatory notes say such “intimate images” may include images or videos created or altered using artificial intelligence, machine learning, deepfake technology or other digital tools. - FMT