Malaysia: Communications and Multimedia Commission opened consultation on risk mitigation code under Online Safety Act

On 12 February 2026, the Malaysian Communications and Multimedia Commission (MCMC) opened a consultation on the proposed risk mitigation code under the Online Safety Act, until 13 March 2026. The code applies to licensed online service providers operating services that may expose users, including children, to harmful content. The code is to be issued under the Online Safety Act in support of the duty under section 13 of the Act, requiring providers to conduct harmful content risk assessments. The code requires providers to conduct suitable and sufficient annual harmful-content risk assessments, including child-specific assessments where services are likely to be accessed by children. Providers must maintain skilled assessment teams, keep clear written records of methodologies and outcomes, and process personal data in compliance with data protection law. The code also provides that, based on these assessments, providers must implement reasonable, proportionate, and effective mitigation measures, including content moderation, user empowerment tools, child online safety protections, and safe-by-design service requirements such as registered-user posting, verified advertisers, algorithm testing, deepfake labelling, and safety evaluation before significant service changes. Providers must also adopt clear and accessible safety policies, deliver user education, maintain reporting procedures, cooperate with authorities and civil society, and establish internal assurance with governance reporting. It also provides that compliance must be demonstrated through an Online Safety Plan, with scope to use alternative measures where they can be shown to better mitigate risk.