As of the beginning of this month, licensed social media providers are obligated to implement measures to ensure the safety of children on their platforms. These requirements, which are outlined in Part III of the Online Safety Act 2025 (Act 866), include the introduction of age verification systems. Under the Act, platforms that fail to fulfill these responsibilities could face penalties of up to RM10 million.
According to Communications Minister Datuk Fahmi Fadzil, Section 30 of Act 866 empowers the Malaysian Communications and Multimedia Commission (MCMC) to issue written directives to licensed service providers regarding compliance with any provision of the legislation. Should a provider receive such a notice, it is required to either pay the prescribed penalty, or submit representations to the MCMC for review.

“For non-compliance with Part III of Act 866, licensed service providers may be subjected to financial penalties of up to RM10 million as provided under Section 39 of the Act,” the minister told the Dewan Rakyat today. He went on to explain that failure to comply with the directives constitutes an offence. Upon conviction, the offending company may face a fine of up to RM1 million, with an additional fine of up to RM100,000 for each day the offence continues after conviction.
Fahmi also noted that the government has been engaging with social media providers since January through a sandbox initiative. These efforts concern the implementation of age verification mechanisms. So far, more than 30 sessions have been conducted with the relevant platforms, either collectively or individually. The minister acknowledged that each company faces its own challenges and business objectives. That said, Fahmi asserted that the government will proceed with the age verification requirements in line with practices already adopted in over 25 nations worldwide.
While the Malaysian government takes a technology-neutral approach that focuses on the outcome rather than a specific method, there are a few stipulations. Firstly, the age checks cannot rely on self-declaration alone. Instead, they must be supported by official government records such as the MyKad, passports, birth certificates, and other equivalent documents. According to Fahmi, this is to prevent manipulation.
Other than that, service providers must comply with personal data protection laws. Basically, the data collected must be used for age verification purposes only and disposed properly afterwards.
(Source: Bernama [1], [2])

