Malaysia: Ministry of Digital announced National Cloud Computing Policy

On 3 August 2025, Malaysia’s Ministry of Digital adopted the National Cloud Computing Policy (NCCP) as a framework for cloud adoption across the country’s digital ecosystem. The policy is structured around five thematic areas covering public sector transformation, private sector development, data protection and privacy, digital inclusion, and environmental considerations. Implementation measures, referred to as Cloud Stacks, correspond to each area. The NCCP includes a multi-tier data classification framework that requires data to be categorised into four sensitivity levels: public, internal, restricted, and confidential. Each level is associated with defined technical and deployment requirements. Public data may be processed on public cloud infrastructure with basic protections, while data classified as confidential is subject to sovereign cloud processing within Malaysia, with national encryption standards, access controls, and monitoring requirements. Public sector organisations must also comply with the Official Secrets Act and apply additional guidance issued by the National Digital Department and the Chief Government Security Office. The NCCP adopts a coordinated implementation model involving government agencies, service providers, academic institutions, and the public. It includes periodic policy reviews, interim updates, and a performance monitoring mechanism to align with technological and regulatory developments.