Key Amendments to the Communications and Multimedia Act Pursuant to the Communications and Multimedia (Amendment) Bill 2024
The Communications and Multimedia (Amendment) Bill 2024 (“CMA Bill”) has brought forward a series of significant updates to the Communications and Multimedia Act 1998 (“CMA”). This article explores the key changes introduced by the CMA Bill and compares them with the existing legal framework.
Introduction
The CMA Bill 2024 was passed by the Dewan Rakyat on 9 December 2024 and subsequently by the Dewan Negara on 16 December 2024. The CMA Bill, along with amendments to the Malaysian Communications and Multimedia Commission Act 1998, marks a pivotal shift in Malaysia’s approach to regulating its digital and multimedia sectors by focusing on enhancing regulatory supervision, widening enforcement powers, and introducing stricter penalties.
Comparison of Key Amendments
The following table summarises the notable changes introduced by the CMA Bill:
1. Increased Penalties
1.1 General Overview
| Existing Penalties | New / Increased Penalties | Notes |
|---|---|---|
| Fines (e.g., RM300,000 – RM500,000) | Up to RM1 million | Significant increase in financial penalties |
| Prison Terms (3 – 5 years) | Up to 10 years | Extended imprisonment durations to deter non-compliance |
| Daily Fines | Up to RM100,000 per day for certain ongoing offences | Heightens financial pressure for continuous non-compliance |
1.2 Specific Offences and Revised Penalties
| Section | Offence | Existing Penalties | New Penalties |
| 16(2) | Ministerial Regulations (contravening regulations or other subsidiary legislation) | Up to RM 300,000 or up to 3 years’ imprisonment + RM 1,000/day for continuing offence | Up to RM 1 million or up to 10 years’ imprisonment + RM 100,000/day for continuing offence |
| 53 | Non-compliance with the Commission’s direction | Up to RM 300,000 or up to 3 years’ imprisonment | Up to RM 1 million or up to 10 years’ imprisonment + RM 100,000/day for continuing offence |
| 99(2) | Failure to comply with a direction to comply with a registered voluntary industry code | Up to RM 200,000 (pursuant to the deleted Section 100) | Up to RM 500,000 |
| 105(5) | Failure to comply with a direction to comply with mandatory standards | Up to RM 200,000 fine (pursuant to the deleted Section 109) | Up to RM 500,000 |
| 126(2) | Operating without a licence (e.g., network facilities, network services) | Up to RM 500,000 or up to 5 years’ imprisonment + RM 1,000/day for continuing offence | Up to RM 1 million or up to 10 years’ imprisonment + RM 100,000/day for continuing offence |
| 205(3) | Operating a content applications service without a licence | No specific penalty | Up to RM 500,000 or up to 5 years’ imprisonment |
| 149 | Non-compliance with standard access obligations | Up to RM 500,000 or up to 5 years’ imprisonment | Up to RM 1 million or up to 10 years’ imprisonment |
| 233 | Improper use of network facilities/services (general) | Up to RM 50,000 or up to 1 year’s imprisonment + RM 1,000/day for continuing offence | Up to RM 500,000 or up to 2 years’ imprisonment + RM 5,000/day for continuing offence |
2. Expansion of the Commission’s Power
2.1 Power to Make Directions, Determinations, and Mandatory Standards
| Section | Subject | Existing | Bill |
| 51 | Directions by the Commission | Narrower: focused on ensuring compliance with licence conditions or specified CMA provisions. | Commission’s directions can address compliance with any part of the CMA or its subsidiary legislation. |
| 55 | Determination by the Commission | Narrower scope; only to matters specified in the CMA. | Determinations can cover any matter that promotes industry conduct consistent with CMA objectives, relevant instruments, or subsidiary legislation. |
| 104 | Determination of Mandatory Standard | Current section 104 requires a “satisfactory” voluntary code to exist or to fail. | Now it explicitly empowers the Commission to set any mandatory standard addressing crucial aspects of the industry. |
| 105 | Mandatory standards to be consistent | Current section 105 only targets “licensees.” | Mandatory standards can apply to any person (not only licensees). |
3. Protection Against Harmful Content and Prohibition on Spam
| Section | Subject | Existing | Bill |
| 211 | Prohibition on the provision of offensive content | Current section 211 used broader “offensive content” and applied to content applications service provider and other persons using a content applications service. | Grossly offensive content ban (narrower than “offensive”). Applies to content application service providers only. |
| 233A | Sending of unsolicited commercial electronic message | Typically addressed under section 233(a)(b) which is general in nature. | Unsolicited Commercial Electronic Messages (Spam). Outlaws sending or causing spam. |
4. New Chapter on Network Security (Chapter 1A in Part X)
| Section | Subject | Existing | Bill |
| 230A | Certifying agencies | None | The Commission can register local/foreign agencies for certifying compliance with network security regulations/standards. |
| 230B | Network security measures and requirements | None | The Commission may instruct any person to take/preventive measures against security risks. |
5. Lodgement Replaces Registration
| Section | Subject | Existing | Bill |
| 90–93 | Registration of Agreements | Requires formal registration of agreements with the Commission. | Deleted. No more registration requirements for agreements. |
| 150 | Registration of access agreements | Previously, Section 150 required formal registration. | Access Agreements must now be lodged within 30 days of execution or amendment. |
Key Takeaways
- Increased Penalties – Significant increase in financial penalties and durations of imprisonment.
- Expanded Commission Powers – The Commission can issue directions (Section 51), determinations (Section 55), and mandatory standards (Sections 104, 105) for all industry players.
- Greater Audit & Data Powers – The Commission can conduct audits (Sections 73A, 73B), demand data retention (Sections 252A, 252B), and enforce search warrants despite errors (Section 248A).
- Stricter Content & Spam Regulations – ‘Grossly offensive’ content (Sections 211, 233) faces RM1 million fines or 10 years’ jail, with new anti-spam laws (Section 233A) and service suspension powers (Section 211A).
- Stronger Network Security Rules – New provisions (Sections 230A, 230B) enforce security measures, allowing registration of security certifiers and penalties for non-compliance.
- Lodgement Replaces Registration – Agreement registration (Sections 90–93, 150) is abolished, requiring lodgement within 30 days instead.
- Right of Private Action – Victims of network facility fraud (Section 236A) can sue offenders directly, independent of criminal prosecution.
- Restricted Access to Right of Way – Amendments (Sections 228, 229) now limit rights to public utilities, removing network facility access.
Conclusions
The Bill introduces significant regulatory changes, reinforcing compliance obligations, expanding enforcement powers, and imposing heavier penalties.
For businesses operating in this space, understanding these changes is essential. Ensuring compliance now can prevent costly penalties and disruptions in the future. Staying informed and proactive in adapting to this evolving legal framework will be key to navigating the new regulatory landscape effectively.
If you have any questions, please contact our Head of Advisory & Compliance, Mr. Fakhrul Fadzilah (fakhrul@nzchambers.com), or our Pupil-in-Chambers, Mr. Alif Mustaqim.
Authors:
- Fakhrul Fadzilah
- Alif Mustaqim
Published Date: 12 February 2025