Consultation Alert: Public Consultation on Malaysia’s AI Governance Bill

July 10, 2026

The National AI Office (“NAIO”) has launched a public consultation on the proposed AI Governance Bill through the Unified Public Consultation (“UPC”) platform. The consultation invites stakeholders and members of the public to submit written feedback, comments, or proposals by 31 July 2026. You can find access to the public consultation here.

Background

Artificial Intelligence (“AI”) is rapidly emerging as one of the most powerful technologies of our generation, with the ability to transform industries, enhance productivity, improve public services, and create new economic opportunities. However, the current regulatory landscape poses the risk of differing standards and approaches being applied across various sectors. In response, Malaysia is developing a national AI Governance Bill to establish a comprehensive and coherent governance framework that aims to ensure responsible and trustworthy use of AI while stimulating innovation.

It is noteworthy that the formulation of the Bill is built upon three core approaches: institutional oversight through a Central AI Authority whilst leveraging existing sectoral institutions, a principle-based approach that allows the framework to remain agile and adaptable, and a risk-based approach ensuring that regulatory obligations are proportionate to the level of risk posed by an AI System.

Key Features of the Proposed AI Governance Bill

NAIO has released a Consultation Paper setting out six key areas of the Bill for preliminary public feedback. These areas are summarised below.

Scope of the Bill

The Bill proposes to regulate the AI Lifecycle of AI Systems which are placed on the market or put into service within Malaysia, designed, developed, or used in Malaysia, or used by a Deployer established in Malaysia regardless of where the system is physically hosted. The Bill introduces definitions for key concepts including “Artificial Intelligence”, “AI Systems”, and “AI Lifecycle”, and identifies two primary regulated parties which are “Developers, who materially shape what an AI System is capable of doing, and “Deployers”, who cause the AI System to operate in the real world or domain of deployment. Exemptions are proposed for personal use and national security applications.

AI Governance Architecture

The Bill proposes the establishment of a Central AI Authority which operates as an institutional anchor for the AI governance framework. The Central AI Authority would have three core functions: AI Safety, Investigation and Enforcement, and AI Enablement. The Bill further proposes leveraging existing frameworks through the appointment of Sectoral Leads who may be appointed and delegated specific powers under the Bill to support implementation where they have sufficient legal authority, technical expertise, and governance capacity.

AI Governance Principles

Adopting a principle-based approach, the Bill sets out five guiding AI Governance Principles:

  1. Protecting, promoting, and preserving human dignity by upholding human agency and safeguarding human rights.
  2. Transparency and explainability proportionate to risk and impact;
  3. Clear accountability through traceability and effective redress;
  4. Safe and secure use through robust and resilient AI Systems; and
  5. Responsible data governance and stewardship in relation to AI Systems.

Developers and Deployers of AI Systems would be required to have “due regard” for these principles throughout the AI System’s lifecycle, with compliance scaled based on the level of risk, context, and purpose of the AI System.

Implementation of these principles is expected to take a phased approach with voluntary documents issued at the early stages of the Bill and progressively moving towards codifying full implementation once a level of maturity is reached by the ecosystem.

AI Risk Framework

The Bill proposes a risk-based approach anchored to four categories of harm: death, bodily injury, unlawful deprivation of fundamental liberty anchored to the Federal Constitution, and contravention of any written law. Based on this, a three-tier risk framework is envisaged namely Tier 1 (Unacceptable Risk), Tier 2 (High Risk), and Tier 3 (Low Risk). Requirements set on these tiers will be proportionate to the nature, context, and level of risk posed by an AI System.

AI Incident Reporting

The Bill proposes a structured AI incident reporting mechanism to ensure a systematic approach in identifying, assessing, learning from, and addressing AI-related incidents. AI Incidents may include an event, failure, weakness, misuse, unexpected effect, material circumstances, or near misses.

Reporting may be made by Developers or Deployers as well as through public complaints to the Central AI Authority, and in cases where a similar mechanism exists, the Central AI Authority may leverage them through Sectoral Leads.

AI Sandbox

The Bill proposes the establishment of an AI Sandbox as a controlled environment to test AI Systems under supervised conditions. The AI Sandbox is intended to encourage innovation, facilitate flexible testing, and support evidence-based policymaking. It may be implemented either as a centralised sandbox operated by the Central AI Authority or by designating and leveraging existing infrastructures through Sectoral Leads.

Conclusion

This public consultation is timely, particularly in light of Malaysia’s aspiration to become an AI Nation by 2030 under the recently launched Malaysia Digital 2030 Action Plan. As the country seeks to position itself at the forefront of AI innovation and adoption, a robust governance framework will be essential in building trust, ensuring safety, and maintaining competitiveness on the global stage.

The consultation is also in line with the National Policy on Good Regulatory Practice (NPGRP), reflecting the Government’s commitment to inclusive, transparent, and evidence-based policy-making. Thus, all stakeholders are encouraged to take this opportunity to contribute to the shaping of Malaysia’s AI governance landscape.

This alert is for general information only and is not a substitute for legal advice.