Malaysia is moving forward with legislation designed to establish clear legal responsibility for artificial intelligence systems, with Digital Minister Gobind Singh Deo confirming that the forthcoming AI Governance Bill will centre on ensuring individuals and organisations bear accountability for any adverse outcomes or dangers linked to AI deployment. Speaking in Parliament on June 24, Gobind explained that the legislative framework addresses a fundamental gap in current law: since artificial intelligence cannot be held legally liable in the manner humans can, the burden of accountability must fall squarely on those who create, supply, deploy, or utilise such systems.
The crux of the government's approach recognises an essential principle in technology governance. Unlike humans or corporate entities, AI systems possess no legal personality and cannot be assigned moral responsibility. This means that when an AI system causes harm or generates risk, responsibility cannot be deflected onto the technology itself. Instead, the developers, operators, and users of these systems must be positioned as the primary parties responsible for managing outcomes. Gobind's comments came during a parliamentary response to Kota Melaka member of parliament Khoo Poay Tiong, who raised concerns about whether the bill would furnish adequate legal protections for citizens encountering AI-related challenges in their daily lives.
The accountability principle represents a cornerstone of the bill's design, particularly as artificial intelligence becomes progressively embedded in both government and private sector operations across Malaysia. The Digital Ministry has undertaken a detailed examination of how accountability can be applied across the entire lifespan of an AI system, from its initial conception through development, deployment, and eventually retirement or decommissioning. This comprehensive approach acknowledges a critical reality: AI safety is not a static property. A system may function safely initially, yet develop dangerous characteristics when updated, relocated to different operational contexts, integrated with other technologies, or applied to populations or use cases beyond its original intended scope.
The proposed legislation will operate as a horizontal governance framework rather than a replacement for existing regulatory structures. Gobind clarified that the bill is designed to work alongside and complement current laws, sector-specific regulations, and the jurisdictions of specialised agencies. Should an AI incident fall within the remit of criminal law, consumer protection statutes, intellectual property regulations, or sector-specific frameworks, those existing laws and their respective enforcement bodies will retain their authority and continue to manage these matters. This layered approach prevents regulatory duplication while ensuring comprehensive coverage.
Crucially, the government has signalled that it will not directly regulate or censor the content and outputs that AI systems generate. Instead, the legislative focus will concentrate on establishing governance mechanisms designed to prevent risks from materialising in the first place. This preventative philosophy reflects a pragmatic understanding that technological regulation works best when it addresses systemic vulnerabilities upstream rather than attempting to control what emerges from AI applications downstream. The bill will explore several enforcement and assessment mechanisms to achieve this objective.
Among the innovations under consideration is a mandatory incident reporting regime for artificial intelligence failures and adverse events. Such a system would create transparency around when and how AI systems malfunction or cause harm, enabling regulatory authorities to evaluate emerging risks, implement corrective measures, and analyse patterns across incidents to forestall future occurrences. This intelligence-gathering function is essential in an environment where AI applications are rapidly proliferating and where regulators must keep pace with technological advancement.
The government is also examining the implementation of an AI regulatory sandbox, a controlled testing environment where developers, commercial entities, and relevant government agencies can experiment with and refine AI systems before they are widely deployed to the public. This mechanism allows for responsible innovation, enabling Malaysian technology companies and researchers to develop advanced capabilities while maintaining safety guardrails. Such sandboxes have proven effective in other jurisdictions seeking to balance entrepreneurial freedom with public protection.
Gobind emphasised that the bill represents a balanced framework intended to enable Malaysia's AI sector to develop and grow while meeting rigorous safety and responsibility standards. The government's dual objectives—protecting the public interest whilst fostering innovation and research—reflect Malaysia's broader ambition to compete effectively in the digital economy. Strengthening accountability mechanisms throughout an AI system's entire lifecycle serves both purposes: it reassures citizens and businesses that AI deployment carries legal safeguards, whilst simultaneously providing clarity to developers and entrepreneurs about their obligations.
The timing of this legislative initiative is significant for Malaysia and the broader Southeast Asian region. As artificial intelligence increasingly influences decisions affecting citizens' livelihoods, access to services, and personal rights, the absence of clear accountability frameworks creates legal and ethical hazards. Malaysia's move to establish this governance structure ahead of more widespread AI adoption positions the nation as a responsible actor in the global AI governance conversation. Other regional economies watching Malaysia's approach may reference this framework as they develop their own strategies.
The development of this bill also reflects the government's commitment to protecting public interests amid rapid technological change. By establishing that accountability rests with humans and organisations rather than abstract systems, Malaysia's approach upholds the principle that technology should serve humanity, not absolve human responsibility. As artificial intelligence becomes embedded in healthcare decisions, financial assessments, law enforcement, and myriad other critical domains, ensuring that someone—an identifiable person or organisation—bears responsibility for outcomes is essential to maintaining public trust and enabling effective legal recourse when things go wrong.
