KUALA LUMPUR: The Cybercrimes Bill 2026 seeks to criminalise the non-consensual sharing of intimate images, including sexually explicit photographs or videos of another person.
Under Clause 24, anyone who sends, distributes, publishes, sells or otherwise shares an intimate image through a computer system could face up to five years’ imprisonment, a fine of up to RM300,000, or both.
The penalty increases to up to seven years’ jail, a fine of up to RM500,000, or both, if the offence is committed with the intention of humiliating, harming, coercing or threatening the person depicted.
The Bill defines an intimate image as a visual recording, including photographs or videos, whether altered or otherwise, depicting a person in a sexual context, with intimate body parts exposed or engaged in sexual activity.
The Cybercrimes Bill 2026 has been tabled by Deputy Prime Minister Datuk Seri Dr Ahmad Zahid Hamidi and is expected to be debated during the current parliamentary meeting.
Ahmad Zahid said the Bill would be tabled for second and third readings on July 1.
The proposed law seeks to repeal the Computer Crimes Act 1997 and enable Malaysia to meet its international obligations under the Council of Europe Convention on Cybercrime, also known as the Budapest Convention, and the United Nations Convention Against Cybercrime.
Ahmad Zahid said in a statement that the Bill would provide regulatory and enforcement powers related to cybercrime, and would be overseen by the National Cyber Security Agency (Nacsa) under the National Security Council in the Prime Minister’s Department.
He said cybercrime threats today extend beyond unauthorised access to computer systems and data theft, encompassing identity theft, online fraud, exploitation, ransomware attacks and the misuse of emerging technologies such as artificial intelligence (AI).
“As such, the Cybercrimes Bill 2026 is important to prevent and combat increasingly complex cybercrime,” he said.
The Bill comprises eight parts and 61 clauses aimed at strengthening the country’s ability to address increasingly sophisticated and complex cybersecurity threats.
Ahmad Zahid said the legislation would help improve Malaysia’s cybersecurity ecosystem and ensure a safer, more secure and trusted digital environment.
“Through a more sustainable legal framework, it will not only provide comprehensive protection for the people, but also support the growth of the digital economy, encourage innovation and enhance Malaysia’s competitiveness at the regional and global levels,” he added.
Separately, the proposed Artificial Intelligence (AI) Governance Bill will act as a preventive layer on top of existing laws to curb abuses such as deepfakes and synthetic content, says Digital Minister Gobind Singh Deo.
He said the Bill was being drafted to cover the entire life cycle of AI systems, and not just the content they produced.
“The AI Governance Bill is designed to deal with risks in a systemic way across the whole life cycle of an AI system,” he told Kluang MP Wong Shu Qi.
“This approach allows threats such as deepfakes and synthetic content to be controlled from the start through data governance, transparency, risk assessment and clear accountability for developers and those who deploy AI systems.”
Gobind said the new law would require those who develop, provide, use or operate AI systems to take reasonable and appropriate governance steps based on the level of risk of each system.
He stressed that misuse of AI, including child sexual exploitation materials generated by AI, identity impersonation and the spread of intimate content without consent, already fell under current laws.
These include the Sexual Offences Against Children Act 2017, the Online Safety Act 2025 and the Communications and Multimedia Act 1998, which allow action to be taken against those who produce, distribute, make available, access or possess such illegal materials, even when it is created or manipulated using AI.
However, Gobind said rapid advances in AI meant an extra layer of governance was needed to focus on the systems themselves.
“AI risks do not only appear at the end when content is produced.
“They can arise earlier through system design, data selection and use, model training methods, security controls, access controls, human oversight and how the AI system is used in its operational context,” he said.
