KUALA LUMPUR, June 22 — The Cybercrime Bill 2026, which seeks to repeal the Computer Crimes Act 1997, was tabled for its first reading in the Dewan Rakyat today.
Deputy Prime Minister Datuk Seri Ahmad Zahid Hamidi said cybercrime threats today not only involve computer system intrusions and data theft, but encompass identity theft, online fraud, exploitation and ransomware attacks, as well as the misuse of technologies such as artificial intelligence (AI).
“The Cybercrime Bill 2026 is important to prevent and combat increasingly complex cybercrimes,” he said in a statement after tabling the bill, adding that the second and third readings are scheduled for July 1.
Zahid said the bill is intended to repeal the Computer Crimes Act 1997 to ensure Malaysia meets its international obligations under the Budapest Convention and the United Nations Convention Against Cybercrime.
“The Cybercrime Bill 2026 will provide regulatory and law enforcement powers relating to cybercrime and will be regulated by the National Cyber Security Agency (NACSA) under the National Security Council,” he said.
Zahid said the bill contains eight parts and 61 clauses that will provide regulatory and enforcement powers to address increasingly complex cybercrime offences, and expressed confidence that its enactment would improve the national cybersecurity ecosystem and ensure a safer, secure and trustworthy digital environment.
“Through a more sustainable legal framework, it will not only comprehensively protect the public but also support digital economic growth, encourage innovation, and enhance Malaysia’s competitiveness at the regional and global levels,” he said.
Meanwhile, the text of the bill published on the Parliament portal today revealed that it covers various cybercrimes and consequent penalties involving unauthorised access to computers for the purpose of committing offences, computer-related forgery, computer-related fraud, and offences relating to the National Digital Identity service.
Some clauses are as follows:
Clause 10 proposes that anyone who intentionally accesses a computer system without authorisation or lawful excuse may, upon conviction, be fined up to RM100,000, imprisoned for up to three years, or both.
Clause 13 prohibits one from damaging, deleting, altering, or obstructing access to computer data without authorisation or intentionally doing so, and carries a penalty of a fine of up to RM100,000, imprisonment for up to three years, or both.
Clause 16 provides for the offence of falsifying computer data, including inserting, altering, deleting, or concealing data without authorisation, resulting in false data intended to be regarded as authentic and used for legal purposes, and is punishable with fines of up to RM500,000, seven years’ jail, or both, in cases involving valuable security instruments, while for other cases, the offender may be fined up to RM300,000, imprisoned for up to five years, or both.
Clause 19 concerns the offence of disclosing a National Digital Identity password or granting access to another party while knowing, or having reasonable grounds to believe, that such access will be used to commit or facilitate an offence. The offence carries a penalty of a fine of up to RM100,000, imprisonment for up to three years, or both.
Clause 24 seeks to establish an offence for disseminating intimate images of any person by sending, distributing, publishing, selling, offering for sale, or otherwise making such images available and is punishable with fines of up to RM3,000,000, a jail term not exceeding five years, or both. The bill also proposes enhanced penalties where the offence is committed with the intention of causing embarrassment or harm, or coercing or threatening, the person depicted in an intimate image.
