KUALA LUMPUR: Online safety regulations must be implemented in phases and backed by strong institutional safeguards to protect users while ensuring cooperation from digital platforms, says the Cybersecurity Research Centre (CYRES).

Its director Prof Dr Selvakumar Manickam said lessons from countries that introduced online safety laws showed that regulation cannot just be placed on the government’s shoulders and must involve civil society, parents and educators.

“It has to involve civil society and parents. This cannot be done in one shot,” he said in an interview on Bernama TV’s World programme titled “Online Safety in Focus: Understanding Malaysia’s ONSA 2025” yesterday.

Selvakumar said a layered strategy should be adopted, prioritising high-impact platforms before gradually expanding obligations.

“There has to be a phased approach ... categorise different social media platforms based on their impact,” he said, adding that platforms with smaller local presence should face lighter compliance requirements.

He added that enforcement complexity stemmed from the rapidly evolving nature of online harms, including scams, AI-driven misinformation and child exploitation.

In balancing regulation with freedom of speech, Selvakumar stressed the need for transparency and independent oversight, proposing an independent online safety body involving civil society and academic experts.

“First of all, it is transparency. The government should publish reports showing why content has been removed and what the impact would be on Malaysians.

“We need to have an online safety Appeal Tribunal. This gives both our users and platforms a fair opportunity to challenge decisions.”

While the government has created an Online Safety Committee under the Online Safety Act to provide strategic guidance on online safety issues, Selvakumar said there remains a need to strengthen independent oversight mechanisms, mainly in ensuring transparency and fair avenues for appeal involving users and platforms.

On whether major global platforms would comply, he said Malaysia was taking a pragmatic approach by engaging them through a regulatory sandbox rather than imposing immediate punishment.

“The Act has been in effect since Jan 1, 2026, but we are not punishing social media platforms as of now. We want to work with them.”

On cross-border digital crimes, Selvakumar noted that regional coordination was critical given the borderless nature of online platforms.

He linked Malaysia’s Asean leadership to stronger data-sharing and collective response mechanisms under the regional cybersecurity framework.

“As the Internet is a globalised, borderless platform, there has to be collaboration, joint effort between countries. At least at the Asean level, we can share data and collaborate. I think we can address many of the issues when it comes to scams and fraud in this region.”

It was previously reported that a regulatory sandbox was being conducted to test governance mechanisms for social media platforms to ensure regulation is implemented in an orderly and effective manner without stifling innovation.