- CelcomDigi forum explores quantum computing risks and AI governance as regional privacy landscape evolves
- Country’s flexible approach contrasts with stricter regional policies while maintaining international compatibility
Standing before more than 150 privacy, cybersecurity, and regulatory leaders from across Malaysia’s digital ecosystem, CelcomDigi Chief Corporate Officer Joachim Rajaram reflected on the monumental task ahead. “We have set for ourselves a big vision of being a trusted brand, and we believe that trust is an important capital in the digital world,” he told the gathering at the company’s third Trust Circle forum on May 8.
“We ourselves serve 20.4 million customers daily through the entire spectrum of digital life, and there’s a strong need for governance, especially when working at the speed of innovation.” His words captured the central challenge facing Malaysia as artificial intelligence transforms how data is collected and processed.
The country is positioning itself as a pragmatic middle ground in Southeast Asia’s evolving digital trust ecosystem – balancing innovation with protection amid rapidly evolving technological and regulatory landscapes.
Speaking at the forum, industry leaders painted a picture of a country that has learned from both Western privacy-as-human-right approaches and Asia’s more transactional view of data sharing, emerging with what could become a template for the region.
Serene Kan, Partner in Intellectual Property & Technology Practice Group at Wong & Partners, highlighted how geopolitical tensions have driven countries like Vietnam, China, and the US toward data sovereignty measures that restrict cross-border data flows.
“Malaysia stands out amongst Asian peers,” Kan noted, highlighting how the country has moved away from strict data localization requirements that characterize neighbors like Vietnam, Thailand, and even traditionally business-friendly Singapore.
“Unless you are in very sensitive industries like banking, finance, healthcare, or public sector services, there is actually no real concept of data localization. You are able to host data in regions like Singapore or China.”
This approach contrasts sharply with neighbors like Vietnam and Thailand, which are implementing stricter localization requirements, and even traditionally business-friendly Singapore, which has introduced sector-specific data residency rules for highly regulated industries.
However, this approach has yet to be tested at scale, and some privacy advocates question whether business-friendly policies provide sufficient protection for citizens’ data rights, particularly as AI systems become more pervasive.
The quantum threat on the horizon
Perhaps the most sobering discussion centered on quantum computing’s potential to render current encryption methods obsolete. Farlina Said, Director of Cyber and Tech Policy at the Institute of Strategic and International Studies (ISIS) Malaysia, explained how quantum computing represents both an opportunity and an existential threat to digital security.
“Quantum computing is good at breaking things, but it’s actually less good at encrypting things,” Said noted. “It should theoretically be able to break encryption in hours, but it doesn’t come up with the same mathematical solutions for you to actually encrypt anything.”
This “store now, decrypt later” threat means malicious actors could be collecting encrypted data today with the intention of breaking it once quantum computing becomes commercially viable – with industry consensus pointing to around 2030 as a potential timeline for significant quantum advantage.
The implications for Malaysia’s digital infrastructure are profound. “If something like this is not addressed, then you find certain things that underpin identity and security architecture are compromised,” Said warned.
AI’s double-edged impact
The forum highlighted how AI simultaneously creates new privacy challenges while offering solutions. The technology’s ability to build detailed profiles from metadata and behavioral patterns raises fundamental questions about consent and data collection.
During the panel discussion, Said presented a scenario that illustrated the complexity: a visually impaired person using smart glasses powered by AI to understand their environment. While the technology provides crucial assistance, it simultaneously captures and processes images of bystanders without their consent.
“What are you supposed to do? Are you supposed to call a lawyer and say, ‘hey, that’s not right?'” Said asked during the panel, highlighting how existing legal frameworks struggle to keep pace with technological realities and the speed at which AI interactions occur in daily life.
This captures the real-time nature of AI privacy challenges, where traditional consent mechanisms and legal recourse may be inadequate for the instantaneous data processing that modern AI systems perform.
ASEAN’s harmonisation challenge
Looking ahead, the forum identified three interconnected trends shaping the region’s digital future: harmonization of data practices across ASEAN, evolving AI governance frameworks, and the looming Digital Economy Framework Agreement.
The anticipated regional agreement could establish common standards for data breach reporting (around 72 hours), similar rights to access personal data, and unified approaches to automated decision-making and profiling. However, challenges remain significant.
“You have 10 different data protection practices across ASEAN,” Said noted during her presentation on regional regulatory trends. “The question is: do you ask Singapore to enforce on behalf of the other nine countries, or do you ask the EU to enforce some of the privacy protections?”
This enforcement complexity is compounded by the fact that many platforms are only registered in Singapore, creating jurisdictional gaps across the region. Said highlighted how this fragmentation means that privacy protections available to users in the EU or Australia – such as the ability to opt out of automated decision-making – are often not available to Asean users, despite using the same platforms.
The challenge extends beyond enforcement to practical implementation. As digital services become increasingly cross-border, the lack of harmonized standards creates compliance burdens for businesses and unequal protection levels for consumers across the region, underscoring the urgency of the The ASEAN Digital Economy Framework Agreement currently being negotiated.
Trust as economic capital
Throughout the discussions, speakers emphasized trust as fundamental economic capital in the digital age. National AI Office CEO Shamsul Izhan Abdul Majid described how his agency established working groups with over 210 AI experts and practitioners to ensure policy development includes diverse perspectives.
“The biggest question that I always have is: how much control will we have over AI, particularly where the technology and investment are largely outside our region?” Abdul Majid reflected, highlighting the challenge of maintaining sovereignty in a globally interconnected digital ecosystem.
The forum’s emphasis on practical solutions resonated with Malaysia’s broader approach to digital governance. Rather than adopting rigid regulatory frameworks like the EU’s comprehensive AI Act or China’s strict data laws, Malaysia appears to be crafting a more flexible approach that adapts to local contexts while maintaining international compatibility.
This pragmatism extends to public attitudes toward privacy. Ipsos’ Global Citizens & Data Privacy report from February 2019 found that 60% of Malaysian respondents trusted financial service companies with their personal data, with Malaysians generally willing to share information in exchange for tailored services or benefits – a stark contrast to European privacy-as-fundamental-right perspectives.
Recognizing this knowledge gap, CelcomDigi launched its National Privacy Awareness Survey 2025 alongside the forum to assess Malaysians’ understanding of data privacy and protection. The survey, open to citizens aged 18 and above until June 30, aims to provide crucial insights that will influence policy development and help organizations build greater trust with consumers.
As Malaysia navigates this complex landscape, the stakes could not be higher. The country faces the dual challenge of protecting its citizens’ digital rights while positioning itself as a regional hub for AI innovation and investment.
Unlike neighbors pursuing either strict data localization or laissez-faire approaches, Malaysia’s calibrated middle path – evidenced by its flexible data transfer rules and collaborative policy development through the National AI Office’s 210-member expert network – represents an attempt to balance protection with progress
With quantum computing threatening current encryption standards and AI reshaping data collection at unprecedented scale, Malaysia’s pragmatic approach could prove significant for regional digital stability.
As Rajaram emphasised in his closing remarks, “From shaping policy to embedding ethical AI, every player in this ecosystem has a role to play. Together, we can turn regulatory changes into sustainable opportunities — protecting rights, enabling innovation, and securing a trusted digital future for all Malaysians.”
Related Articles
Keyword(s) :