The Malaysian Communications and Multimedia Commission has intensified its fight against synthetic media abuse, having taken down over 11,600 items of false or artificially generated content since the start of 2024. Deputy Communications Minister Teo Nie Ching disclosed the scale of enforcement action to Parliament on June 30, drawing from information gathered across the period encompassing nearly 12,500 complaints lodged with the regulator specifically concerning misuse of artificial intelligence technologies. The figures reflect a growing problem that authorities are racing to contain as the technology becomes increasingly accessible to bad actors.

The trajectory of complaints reveals a genuinely alarming acceleration in deepfake-related harm across Malaysia's digital landscape. During 2024, the MCMC received 917 complaints about deepfake content, a baseline that seemed manageable. However, the trend reversed sharply when complaints reached 3,612 during 2025, representing a roughly fourfold jump in a single year. By mid-June of the current year, the number had surged to 7,967, demonstrating that the problem is not stabilising but rather accelerating at a rate that outpaces the capacity of traditional regulatory responses. This eightfold increase overall signals a watershed moment in how Malaysians encounter synthetic media, whether created maliciously or otherwise, and underscores why the government prioritised legislation to address the phenomenon.

The removal of deepfake materials has been achieved through systematic coordination between the MCMC and social media platform operators, with the regulator submitting formal takedown notices to companies controlling the distribution channels where harmful content spreads. This mechanism, while necessary, represents an essentially reactive posture—authorities can address content only after it has been created and uploaded, after complaints have been filed, and after the damage may already have occurred. The lag between creation and removal creates a window of vulnerability, particularly when deepfakes target political figures, celebrities, or ordinary citizens whose reputations can suffer lasting harm within hours before content enforcement kicks in.

To establish a more preventive framework, the government introduced the Risk Mitigation Code under the newly enacted Online Safety Act 2025, a legislative initiative that shifts responsibility upstream toward platform operators themselves. Rather than relying solely on complaint-driven takedowns, the code mandates that licensed social media platforms implement proactive safeguards specifically designed to detect and constrain the distribution of artificial intelligence-generated content. This represents a substantive change in the liability model, effectively making platforms accountable for the conditions they permit on their services. Teo indicated that the MCMC is actively assessing whether these licensed providers are meeting their obligations, suggesting that compliance verification is ongoing and that platforms cannot assume a passive posture toward their new responsibilities.

Beyond removing content after the fact, the MCMC has positioned itself as a technical collaborator with law enforcement agencies investigating specific incidents of AI misuse. The commission provides forensic analysis, digital profiling of suspect accounts, and other investigative support that helps establish patterns of coordinated harm or identify the individuals and organisations responsible for generating and distributing synthetic media. This intelligence work complements the takedown process and creates a feedback loop whereby enforcement action can be directed toward repeat offenders rather than simply treating each piece of problematic content as an isolated incident. For Malaysian law enforcement, which may lack the technical expertise to trace deepfakes independently, this support substantially enhances investigative capacity.

A particular concern animating recent policy changes involves the intersection of artificial intelligence misuse with commercial fraud, particularly the proliferation of deceptive advertising on social platforms. Scammers have reportedly exploited platform systems by purchasing advertisement placement for fraudulent schemes, sometimes leveraging synthetic media or fake identities to lend credibility to their pitches. To counter this, the Risk Mitigation Code now requires licensed platforms to implement advertiser verification protocols that cross-reference claims against official databases, including records maintained by the Companies Commission of Malaysia. This approach aims to prevent the creation of shell accounts designed purely for running scams, though its effectiveness will depend on how rigorously platforms implement verification and how rapidly they can respond to verification failures.

The enforcement teeth behind these regulations are significant, establishing financial incentives for compliance that extend beyond administrative inconvenience. Platforms found to violate their obligations under the Risk Mitigation Code can be prosecuted in court, and if convicted, face a primary fine of up to RM1 million with additional penalties potentially reaching RM10 million. These cumulative financial exposures, while perhaps modest relative to the revenues of major technology companies, represent the first time Malaysia has established a credible threat of substantial financial consequences for platform non-compliance on content governance matters. The structure suggests that future enforcement actions, should they occur, could meaningfully affect corporate calculations regarding compliance investments.

The scale and growth of deepfake complaints raises broader questions about the changing nature of information hazards in Southeast Asia. Malaysia, like many regional nations, has experienced campaigns of online disinformation linked to political events, and synthetic media introduces a qualitatively new dimension to these challenges. Unlike traditional false information, which can be fact-checked and debunked through editorial processes, deepfakes exploit human psychological vulnerabilities to manipulated visual and audio evidence, making them particularly effective at undermining trust in institutions and public figures. The eightfold increase in complaints suggests that perpetrators have recognised this vulnerability and are deploying the technology more extensively, often without clear accountability or attribution.

For Malaysian citizens and businesses, the implications extend into personal security, political integrity, and commercial confidence. Individuals face risks of reputational damage through synthetic intimate imagery or false statements attributed to them. Politicians and candidates encounter the possibility of campaign disruption through coordinated deepfake distribution. Companies may be harmed by fraudulent deepfake advertisements or impersonations. These harms are not purely digital; they translate into real consequences for employment, electoral outcomes, and consumer behaviour. The regulatory framework now in place represents an acknowledgment that market forces and voluntary platform governance have proven insufficient to manage these risks.

While Malaysia's regulatory response is substantively more comprehensive than what existed previously, questions remain about implementation rigour, international coordination, and whether legislation can keep pace with advancing technology. Deepfake creation tools are becoming increasingly sophisticated and user-friendly, suggesting that the gap between what regulations target and what perpetrators can accomplish may continue widening. Furthermore, the geopolitical dimension of deepfake campaigns—potentially originating outside Malaysia and targeting Malaysian audiences—requires international cooperation that bilateral enforcement cannot fully address. The coming months will reveal whether the MCMC's engagement with platforms translates into measurable reductions in harmful content or whether the complaint numbers continue their steep trajectory upward.

Looking forward, Malaysia's approach to artificial intelligence misuse reflects a broader global transition toward platform accountability and proactive content governance. The country's legislative framework is now among the more explicit in the region regarding platform obligations, though it remains to be seen whether compliance will be thorough or whether platforms will seek to minimise compliance costs through minimal implementation of the required safeguards. The effectiveness of these rules will depend not only on regulatory resolve but also on technological capacity, inter-agency coordination, and sustained investment in the forensic and analytical capabilities necessary to distinguish synthetic content from authentic material at scale. For Malaysia and the broader Southeast Asian region, this moment represents a critical juncture in determining whether societies can adapt their governance structures rapidly enough to address novel information hazards posed by exponentially improving artificial intelligence technologies.