{"id":7790,"date":"2026-05-29T09:00:00","date_gmt":"2026-05-29T01:00:00","guid":{"rendered":"https:\/\/drhariz.com\/blog\/?p=7790"},"modified":"2026-05-21T18:02:04","modified_gmt":"2026-05-21T10:02:04","slug":"ai-governance-malaysia","status":"publish","type":"post","link":"https:\/\/drhariz.com\/blog\/ai-governance-malaysia\/","title":{"rendered":"MY-AI Standards & AI Governance in Malaysia: A Practical Compliance Guide"},"content":{"rendered":"

What is AI governance in Malaysia and why does it matter?<\/h2>\n

AI<\/a> governance Malaysia is the framework of laws, standards, and internal policies that ensure AI systems are safe, fair, and accountable. It matters because Malaysian organisations now face the MY-AI Standards, the National AI Roadmap, and PDPA 2010 obligations, with regulators expecting documented controls for AI risk, bias, and data protection.<\/p>\n

Dr. Muhamad Hariz Muhamad Adnan, an HRD Corp Certified AI Trainer at Universiti Pendidikan Sultan Idris (UPSI<\/a>), helps Malaysian agencies and enterprises map their AI use to these frameworks and build practical, auditable controls before deployment.<\/p>\n

What are the MY-AI Standards and who must follow them?<\/h2>\n

The MY-AI Standards are Malaysia\u2019s national guidelines for trustworthy AI, covering ethics, risk, data governance, transparency, and accountability. They apply to government agencies, GLCs, and increasingly to private firms that handle citizen data or critical services. Compliance is voluntary today but expected to become mandatory for high-risk AI by 2027.<\/p>\n

The seven MY-AI principles at a glance<\/h3>\n
    \n
  1. Fairness and non-discrimination<\/li>\n
  2. Reliability, safety, and control<\/li>\n
  3. Privacy and security<\/li>\n
  4. Inclusiveness<\/li>\n
  5. Transparency<\/li>\n
  6. Accountability<\/li>\n
  7. Pursuit of human benefit and happiness<\/li>\n<\/ol>\n

    How does AI governance Malaysia interact with PDPA 2010?<\/h2>\n

    AI governance in Malaysia must align with PDPA 2010 because most AI systems process personal data. Organisations must obtain consent, limit purpose, secure data, and respect data-subject rights when training or running AI. The 2024 PDPA amendments add mandatory breach notification, making AI logging and incident response especially important.<\/p>\n\n\n\n\n\n\n\n\n
    Requirement<\/th>\nPDPA 2010<\/th>\nMY-AI Standards<\/th>\n<\/tr>\n
    Consent for data use<\/td>\nMandatory<\/td>\nReinforced<\/td>\n<\/tr>\n
    Purpose limitation<\/td>\nMandatory<\/td>\nReinforced<\/td>\n<\/tr>\n
    Bias and fairness testing<\/td>\nNot explicit<\/td>\nRequired<\/td>\n<\/tr>\n
    Model documentation<\/td>\nNot explicit<\/td>\nRequired<\/td>\n<\/tr>\n
    Breach notification<\/td>\nMandatory (2024)<\/td>\nReinforced<\/td>\n<\/tr>\n
    Cross-border transfer<\/td>\nRegulated<\/td>\nRegulated<\/td>\n<\/tr>\n<\/table>\n

    What does a Malaysian AI governance programme look like in practice?<\/h2>\n

    A practical AI governance programme in Malaysia has six components: an AI register, a risk-tiering policy, model cards, bias and safety testing, human oversight, and an incident response plan. Organisations should appoint an AI lead, integrate governance into procurement, and review high-risk systems at least quarterly.<\/p>\n