Data Sharing Act 2025: Everything You Need to Know
Introduction
The Data Sharing Act 2025 (“the Act”) marks a significant milestone in Malaysia’s commitment to enhancing digital governance through structured and secure inter-agency data exchange.[1] Coming into effect on 28 April 2025, the Act is designed to address long-standing challenges in data accessibility and coordination among public sector agencies.[2] It introduces a transparent legal framework that facilitates responsible data sharing, enhances evidence based policymaking, and ensures national development goals are met more efficiently.
Developed under the Ministry of Digital, the Act complements existing legislation such as the Official Secrets Act 1972 and other relevant government security directives.[3] By establishing a standard operating procedure for data handling and requests, it empowers agencies to operate more cohesively while maintaining high standards of accountability and confidentiality.
Background of the Data Sharing Act 2025
Prior to the Act, the absence of formal legal mechanisms prevented the smooth exchange of data in the public sector. Departments and ministries often function in divisions, which results in ineffective service delivery and policy implementation. The introduction of the Act seeks to close this gap by providing clear governance over how data is requested, shared, while remained protected.
The Act was unveiled as a centrepiece effort under Malaysia’s comprehensive plan for digital transformation. The Act is crucial towards creating an ecosystem for innovation to thrive and for facilitating the quick and safe deployment of digital services, according to Digital Minister YB Gobind Singh Deo, who supported the measure at its second and third readings in the Dewan Negara.[4]
The Minister of Digital explained that the phased rollout would begin with Federal agencies to ensure the system is secure and well-managed from the outset. Once the framework is firmly in place, the government will look into expanding the initiative to include state governments and, potentially, other sectors in the future.[5] The establishment of the National AI Office (NAIO), in conjunction with the Act, reflects Malaysia’s intent to harness artificial intelligence and big data for critical sectors such as agriculture, urban planning, and healthcare.[6]
Scope & Application
The Act applies to public sector agencies which includes those listed under Article 132(1) of the Federal Constitution while excluding the police and armed forces.[7] It also includes statutory bodies exercising powers under federal law. Notably, the Act is binding upon the Federal Government signifying its broad jurisdiction across federal agencies.[8]
Concurrently, the Ministry of Digital is initiating talks to involve state governments in enacting state-level legislation to align with the Act and further strengthen data security across the nation’s digital ecosystem in future phases even though its immediate focus is on data exchange at the federal ministries and agencies under the Federal Government’s jurisdiction.[9] Such partnerships would allow vetted local government entities to access verified, anonymized government data for purposes aligned with national interests.
Key Principles & Objectives of the Act
At its core, the Act embodies the principles of efficiency, transparency, accountability, and data security. The key objectives include:
- Enhancing Inter-Agency Coordination: By enabling structured data requests and responses, the Act improves real-time decision-making and service delivery.
- Strengthening Policy and Planning: It supports national development through access to comprehensive datasets for policy formulation.
- Safeguarding Data Integrity: Restrictions on data use and strict conditions for third-party access ensure data is used responsibly and lawfully.
The Act aims to create a unified data ecosystem, aligning with Malaysia’s MADANI vision of a more inclusive and technology-driven society.
Main Provisions
The operational framework of the Act is built around several key components. Firstly, is the National Data Sharing Committee laid out in Part II of the Act. The establishment of the National Data Sharing Committee is the primary body responsible for policy formulation, strategic oversight, and dispute resolution in matters of data sharing. It reports directly to the Cabinet and comprises top officials including the Chief Secretary to the Government and the Secretary-General of the Ministry of Digital.[10] Its functions as outlined includes formulating national data sharing strategies, supervising implementation across agencies, resolving operational disputes and ensuring privacy and data protection compliance.[11]
The Director General of the National Digital Department is tasked with carrying out the Act’s goals, as stated in Part III of the Act. This entails monitoring Act compliance, advising agencies on data sharing practices, and providing the Committee with regular reports.[12] In order to guarantee uniformity and compliance with the protocols set forth by the Act, the role of the Director General is essential as it reinforces the consistent and coordinated implementation of data governance principles throughout the entities, thereby ensuring that data sharing and management practices align with the statutory standards and the overall objectives of the Act.
The Act introduces a comprehensive legal framework that facilitates responsible data exchange among public sector agencies in Malaysia. Among its significant features is the structured procedure for data requests and approvals. Any agency seeking access to data must submit a written request that clearly outlines the intended purpose.[13] The data provider must then assess the request’s legality, necessity, and relevance before deciding whether to approve it.[14] Approval may be refused on several grounds, including national security or confidentiality concerns, and if approved, the data must be delivered in the agreed format and within the specified timeline.[15] This mechanism ensures that data sharing is purpose-driven and subjected to a rigorous screening process, thereby preventing excessive use of sensitive information.
Equally important are the limitations placed on the use and spreading of shared data. The Act stipulate those recipients, including any third parties, must observe the same confidentiality obligations as the original data holder.[16] More critically, the data cannot be repurposed for any use beyond what was originally approved unless further consent is obtained.[17] These provisions are vital for upholding public trust, as they prevent misuse and reinforce the principle of controlled, need-based data exchange.
The Act also reflects a commitment to openness where appropriate where it encourages the release of non-sensitive datasets to the public in anonymised form.[18] This aligns with broader open data initiatives, empowering researchers, innovators, and the general public to make meaningful use of government data while ensuring individual privacy is not compromised. This not only promotes transparency but also supports evidence-based policymaking and public participation in governance.
To ensure compliance, the Act establishes strong enforcement and liability mechanisms. Enforcement officers are empowered to inspect records and investigate breaches. These officers must maintain confidentiality at all times[19] and any failure to do so may attract criminal liability. Notably, officers who act in good faith are protected from legal action[20], but directors or officers of a statutory body who are found to have consented to or been negligent in an offence may face personal liability.[21] The Public Prosecutor is also authorised to initiate proceedings for non-compliance.[22] Together, these provisions serve as critical safeguards that encourage integrity and accountability in the management of shared data.
Finally, the Act provides necessary flexibility through the Minister’s discretionary powers. The Minister may exempt certain agencies from specific provisions, issue directives to guide implementation, or amend the Act’s Schedule via Gazette notification.[23] This ensures the legislation remains adaptive to evolving technologies, administrative challenges, and policy priorities. As such, the Act stands not only as a regulatory tool but as a forward-looking framework for responsible, secure, and efficient data governance in Malaysia’s public sector.
Challenges & Concerns
The Act introduces an essential framework, but it also presents several practical and legal challenges needed to be addressed. One of the main issues is balancing data privacy with access. Agencies must find a way to provide broad data access while ensuring that they do not compromise privacy protections. This delicate balance requires careful consideration, as any lapses could have significant consequences.
Another challenge lies in the readiness of various agencies. Not all departments have the necessary digital infrastructure or technical capacity to implement the Act effectively. To address this, substantial investments in training and system upgrades will be required to equip these agencies with the tools they need to succeed. Coordination between agencies also poses a potential barrier. Differing administrative cultures and varying data standards can slow down the process of standardization, which is essential for the smooth functioning of the Act.
Lastly, monitoring and oversight will be critical. Without rigorous compliance audits and enforcement mechanisms in place, there is a risk of data misuse or underreporting, which could undermine the intended objectives of the Act.
Conclusion
The Data Sharing Act 2025 provides Malaysia with a much needed legal infrastructure to regulate inter-agency data exchange within the public sector. By laying out clear definitions, procedures, and safeguards, it addresses previous inefficiencies and supports the broader goals of good governance, innovation, and inclusive development. More than a regulatory tool, the Act symbolizes Malaysia’s ambition to become a digitally empowered nation. Its success will depend on continued political commitment, inter-agency cooperation, and a shared vision of secure and transparent data governance.
With strong institutional backing and proper implementation, the Act has the potential to transform public sector performance and set a precedent for responsible data sharing across both government and, eventually, private sectors.
If you have any questions, please contact our Managing Partner, Nazmi Mohd Zaini (nazmi@nzchambers.com) or our Pupil-in-Chambers, Naufal Zamros.
Authors:
- Nazmi Mohd Zaini
- Naufal Zamros
References:
[1] Ministry of Digital. (2025, April 28). DATA SHARING ACT 2025 COMES INTO EFFECT TODAY; SET TO ENHANCE GOVERNMENT SERVICES, PROTECT PERSONAL DATA [Press release].
[2] Ibid.
[3] Section 4 of the Data Sharing Act 2025.
[4] ‘Data sharing law will aid smart nation goals.’ (2025, April 29). The Star. https://www.thestar.com.my/news/nation/2025/04/29/data-sharing-law-will-aid-smart-nation-goals
[5] Malaysia passes landmark law that allows data sharing between federal government agencies. (2024, December 19). https://www.digital.gov.my/en-GB/siaran/Malaysia-Meluluskan-Rang-Undang-Undang-Penting-Yang-Membolehkan-Perkongsian-Data-Antara-Agensi-Kerajaan-Persekutuan
[6] Ministry of Digital. (2025, April 28). DATA SHARING ACT 2025 COMES INTO EFFECT TODAY; SET TO ENHANCE GOVERNMENT SERVICES, PROTECT PERSONAL DATA [Press release].
[7] Section 3 of the Data Sharing Act 2025
[8] Section 2 of the Data Sharing Act 2025
[9] ‘Data sharing law will aid smart nation goals.’ (2025, April 29). The Star. https://www.thestar.com.my/news/nation/2025/04/29/data-sharing-law-will-aid-smart-nation-goals
[10] Section 5 of the Data Sharing Act 2025
[11] Section 6 of the Data Sharing Act 2025
[12] Section 11 of the Data Sharing Act 2025
[13] Section 12 of the Data Sharing Act 2025
[14] Section 14 of the Data Sharing Act 2025
[15] Section 15 & Section 16 of the Data Sharing Act 2025
[16] Section 17 of the Data Sharing Act 2025
[17] Section 18 of the Data Sharing Act 2025
[18] Section 20 of the Data Sharing Act 2025
[19] Section 23 of the Data Sharing Act 2025
[20] Section 24 of the Data Sharing Act 2025
[21] Section 26 of the Data Sharing Act 2025
[22] Section 25 of the Data Sharing Act 2025
[23] Section 27 of the Data Sharing Act 2025
Published Date: 13 May 2025