The Malaysian Communications and Multimedia Commission said the Child Protection Code (CPC) and the Risk Mitigation Code (RMC), which take effect on June 1, set clear expectations for service providers to take greater responsibility in addressing harmful content on their platforms, particularly in protecting children and vulnerable users.

Failure to comply with the requirements under RMC may result in enforcement action, including fines or financial penalties of up to RM10 million.

“The implementation under these codes is outcome-based, giving service providers the flexibility to implement solutions that align with safety, privacy, and legal requirements,” MCMC said in a statement.

Under the CPC, platform providers must adopt safety-by-design measures, including restricting account registration and ownership for users under 16, introducing age-appropriate protections, and limiting certain functions that could expose children to risks, thereby reducing exposure to exploitative and harmful content.

Meanwhile, the RMC requires service providers to implement proactive and comprehensive measures to mitigate the risk of harmful content.

These include conducting risk assessments, strengthening content governance, establishing effective reporting and response mechanisms, implementing advertiser verification measures, and labelling manipulated content.

“The implementation of these key obligations under the Online Safety Act is part of the government’s ongoing efforts to ensure a safer digital experience for children and families,” said MCMC.

“This step helps strengthen child protection in the online environment, while giving parents greater confidence in navigating increasingly complex digital risks.”

It said both codes were developed following engagement sessions with industry players, civil society organisations, and other stakeholders, including a public consultation held from Feb 12 to March 31.