Social Media Platforms Face Up To RM10 Million Penalties For Failing Age Verification Requirements

Social media platforms operating in Malaysia face substantial financial consequences if they do not comply with age-verification requirements mandated under the Online Safety Act 2025. Communications Minister Datuk Fahmi Fadzil made this declaration during parliamentary Question Time on June 24, revealing that the Malaysian Communications and Multimedia Commission (MCMC) holds enforcement powers that could result in penalties reaching RM10 million for non-compliant service providers.

The regulatory framework establishes a two-tiered penalty structure designed to encourage swift compliance. Under Section 39 of the legislation, licensed service providers that breach Part III requirements—which specifically govern age verification—can be subjected to financial penalties of up to RM10 million. This represents a significant deterrent for major technology companies that generate substantial revenue from Malaysian users. The scale of potential penalties reflects the government's determination to enforce protections for younger users on digital platforms, addressing growing concerns about children's exposure to inappropriate content and predatory behaviour online.

Beyond the primary penalty framework, the Act provides MCMC with additional enforcement mechanisms to compel compliance. Section 30 empowers the commission to issue written directives to service providers regarding their adherence to any provision within the legislation. Failure to comply with these directives constitutes a separate offence that can result in fines of up to RM1 million upon conviction, with courts able to impose additional penalties of RM100,000 for each consecutive day the violation continues after sentencing. This escalating penalty structure creates cumulative financial pressure on non-compliant platforms, potentially making extended violations extremely costly.

The government has not approached implementation hastily. Since January, authorities have engaged with social media companies through a regulatory sandbox initiative, conducting more than thirty engagement sessions on both collective and individual bases. These discussions have centred on practical mechanisms for verifying user ages and integrating compliance systems into existing platform architectures. The extended engagement period reflects acknowledgment that different platforms face distinct technical and operational challenges when implementing age verification at scale.

Communications Minister Fahmi acknowledged that each major platform contends with its own business constraints and technical obstacles. Rather than imposing a one-size-fits-all approach, the government has demonstrated flexibility during the consultation phase while maintaining firm expectations about deadline compliance. This balanced approach seeks to facilitate genuine cooperation rather than generate immediate conflict with technology companies that might otherwise challenge the regulations through legal proceedings.

Malaysia is not pioneering this regulatory approach in isolation. The minister noted that more than 25 countries worldwide have already implemented age-verification requirements through their own regulatory frameworks. This international precedent provides both legitimacy and practical guidance for Malaysia's implementation. Countries including the United Kingdom, Australia, and various European nations have developed diverse technical solutions ranging from document verification to age-estimation technologies, offering Malaysian regulators and platforms real-world examples of workable approaches.

The enforcement mechanism operates through a structured process. Licensed service providers that receive non-compliance notices from MCMC must either pay the prescribed penalty or submit detailed representations to the commission for consideration. This procedural element ensures that platforms have opportunity to contest findings or demonstrate compliance efforts before penalties become final. The representation process potentially allows companies to negotiate implementation timelines or propose alternative compliance measures that achieve regulatory objectives through different technical approaches.

For Malaysian consumers and digital rights advocates, these regulations address legitimate concerns about child safety online. Social media platforms have historically struggled to effectively prevent underage access to age-restricted content and communities. Age verification, while imperfect, represents a meaningful step toward reducing children's exposure to harmful material and limiting contact with predatory actors. The regulations also align with broader international trends toward protecting minors in digital environments, creating consistency for multinational platforms operating across multiple jurisdictions.

The Online Safety Act 2025 represents a significant expansion of Malaysia's digital regulatory landscape. By establishing enforceable age-verification obligations, the legislation signals the government's willingness to intervene directly in platform governance to advance public safety objectives. Technology companies must now treat Malaysian regulatory compliance as a material business consideration rather than a discretionary enhancement. The substantial penalty levels ensure that compliance costs represent genuine commercial imperatives rather than minor operational adjustments.

Implementation timelines remain crucial to understanding the practical impact of these regulations. Platforms must transition from existing systems—which typically rely on user self-reporting of age—to more robust verification mechanisms within government-specified deadlines. This transition requires investment in infrastructure, staff training, and potential disruption to user experience as platforms integrate additional verification steps into registration and login processes. The balance between security and user convenience will significantly influence how effectively the age-verification requirement achieves its protective objectives.

For regional players, these Malaysian regulations may serve as a template for age-verification policies across Southeast Asia. As other ASEAN nations develop their own digital safety legislation, Malaysia's framework—including its penalty structure and implementation approach—could influence regulatory approaches throughout the region. This potential ripple effect elevates the strategic importance of how Malaysian authorities implement and enforce these requirements, as successful implementation could strengthen the hand of child safety advocates across the region.