KUALA LUMPUR, July 1 — The Dewan Rakyat passed the Cybercrimes Bill 2026 today, which provides for offences and penalties related to deepfakes and the dissemination of digitally manipulated intimate images created using sophisticated computer systems, among other things.
The Bill, which comprises 61 clauses relating to cybercrime, was passed by a majority voice vote after being debated by 48 government and Opposition MPs.
Deputy Prime Minister Datuk Seri Ahmad Zahid Hamidi said the Bill does not grant absolute powers to the authorities or override any existing laws, including the Official Secrets Act 1972. Instead, it is subject to checks and balances as well as stringent legal procedures to safeguard the fundamental rights and privacy of the people.
The power to access computer systems and data also cannot be exercised arbitrarily but must comply with procedures prescribed by law.
"A notice to preserve computer data may only be issued if the investigating officer is satisfied that the data is reasonably required for the purposes of an investigation and that there is a risk of the data being deleted, altered or destroyed if immediate action is not taken.
"With regard to the disclosure of computer data, the government wishes to emphasise that it may only be carried out through a written notice to the person who owns or has control of the data, and is subject to the requirements of a lawful investigation," he said when winding up the debate on the Bill.
Responding to concerns that the Bill could curb freedom of speech, Zahid said the legislation focuses on cybersecurity and cybercrime.
He added that artificial intelligence (AI)-generated content does not constitute an offence merely because it was produced using AI. Rather, the prosecution must prove the elements of the offence, including criminal intent, the purpose for which the content was used, and the consequences of the act.
Zahid also told the House that the government had established the Cybersecurity and Cryptology Development Centre on June 3 by merging CyberSecurity Malaysia and the Malaysian Cryptology Technology and Management Centre under the National Cyber Security Agency (NACSA) to strengthen expertise, including in AI forensics.
On protection for victims of cybercrime, the government shares concerns that vulnerable groups are increasingly being targeted by syndicates through financial scams, sexual exploitation, the non-consensual dissemination of intimate images and the manipulation of digital content.
He emphasised that the Bill introduces several specific offences that were previously not explicitly provided for under existing laws, thereby strengthening protection for victims.
The government will also strengthen cooperation with the Malaysian Communications and Multimedia Commission (MCMC), digital platform providers, and international partners to expedite the removal of unlawful content and enhance real-time information sharing through the National Scam Response Centre (NSRC).
In terms of enforcement, the Royal Malaysia Police will remain the lead agency, with the Commercial Crime Investigation Department spearheading investigations, while NACSA will serve as the strategic coordinator alongside MCMC, Bank Negara Malaysia, and other technical agencies.
Earlier, several MPs proposed improvements to the Bill, including provisions relating to data access powers, the seizure of electronic devices and the need to clarify the definition of AI-generated content to avoid misinterpretation involving satire, artistic works, and political criticism.
They also proposed the inclusion of representatives from Sabah and Sarawak in the Committee Against Cybercrime, as well as a faster mechanism for the removal of pornographic deepfakes and intimate visual content to protect victims' privacy.
The House will sit again tomorrow.







