Overview
The Computer Crimes Act 1997 (Act 563) was one of Malaysia's earliest pieces of cyber legislation — enacted as part of the MSC Malaysia cyber law framework to provide a legal basis for prosecuting computer-related offences. It was among the first such laws in Asia, reflecting Malaysia's ambition to establish itself as a credible, legally sound destination for technology investment under the Multimedia Super Corridor programme.
The Act addresses offences relating to unauthorised access to computer material, unauthorised access with intent to commit further offences, unauthorised modification of computer contents, and the wrongful communication of access codes. It has been applied in cases ranging from hacking and corporate espionage to more recent social media and cybersecurity-related prosecutions.
One of Asia's First Cyber Crime Laws
When the Computer Crimes Act was enacted in 1997, very few countries in the Asia-Pacific region had comprehensive computer crime legislation on the books. Malaysia's early action in this space was a direct result of the MSC Malaysia initiative — specifically the Bill of Guarantees commitment to becoming a regional leader in intellectual property protection and cyber laws.
Important Legal Notice
This page is a public reference resource only and does not constitute legal advice. For matters involving the Computer Crimes Act, consult a qualified Malaysian advocate and solicitor. For the authoritative text of the Act, refer to the Attorney General's Chambers of Malaysia.
Key Offences Under the Act
The Computer Crimes Act 1997 establishes five principal categories of offence, each targeting a different form of computer-related misconduct.
Unauthorised Access to Computer Material
The foundational offence — criminalising any intentional access to a computer without authorisation or in excess of authorised access. Applies regardless of whether any data is actually obtained or any damage caused.
Fine up to RM 50,000 or imprisonment up to 5 years or bothUnauthorised Access with Intent to Commit or Facilitate Commission of Further Offence
An aggravated form of the Section 3 offence — where the unauthorised access is accompanied by intent to commit a further offence such as fraud, theft, or extortion. The severity of the further intended offence is taken into account in sentencing.
Fine up to RM 150,000 or imprisonment up to 10 years or bothUnauthorised Modification of Computer Contents
Criminalises any unauthorised modification of the contents of a computer — covering data deletion, corruption, addition, or alteration. This section is the primary provision used in cases involving malware, ransomware, and destructive cyber attacks.
Fine up to RM 100,000 or imprisonment up to 7 years or bothWrongful Communication of Access Codes
Targets the sharing or communication of passwords, access codes, or other means of access to a computer without authorisation — addressing the increasingly common scenario where insider threats or credential theft facilitates computer crimes.
Fine up to RM 25,000 or imprisonment up to 3 years or bothAbetment and Attempts
Extends criminal liability to those who abet or attempt the commission of any of the above offences — ensuring that those who assist, facilitate, or attempt computer crimes can be prosecuted even where the primary offence is not completed.
Same penalties as the principal offenceJurisdiction and Territorial Scope
One of the notable features of the Computer Crimes Act is its broad jurisdictional reach. The Act applies to offences committed in Malaysia and — significantly — to offences committed outside Malaysia where the computer, program, or data involved is located in Malaysia at the time of the offence. This extraterritorial provision reflects the borderless nature of cybercrime and was prescient in anticipating the global reach of computer-related offending.
The Act also applies regardless of whether the accused is a Malaysian citizen — meaning foreign nationals who commit computer crimes targeting Malaysian systems can be prosecuted under the Act if they are present in Malaysia or extradited.
Relation to Other Cyber Laws
The Computer Crimes Act 1997 operates alongside Malaysia's other cyber laws as part of the comprehensive MSC Malaysia legal framework. It works in conjunction with the Communications and Multimedia Act 1998 — which covers content and communications offences — and the Digital Signature Act 1997, which governs the authentication of digital transactions.
In practice, many cyber prosecutions in Malaysia involve charges under both the Computer Crimes Act and the CMA — with the former covering the access or modification offence and the latter covering any communications-related conduct, particularly where social media or online platforms are involved.
The Act in the MSC Malaysia Context
The Computer Crimes Act was one of the five core cyber laws enacted under the MSC Malaysia initiative — alongside the Communications and Multimedia Act 1998, the Digital Signature Act 1997, the Telemedicine Act 1997, and the Copyright (Amendment) Act 1997. Together, these laws fulfilled MSC Malaysia's Bill of Guarantees commitment to becoming a regional leader in cyber law — providing the legal certainty that global technology companies required before establishing operations in the Multimedia Super Corridor.
The Act's enactment in 1997, a full year before the CMA, demonstrated Malaysia's proactive approach to building the legal infrastructure for the digital economy — one of the key factors that distinguished the MSC from comparable initiatives in the region at the time.
Current Legal Reference
The authoritative text of the Computer Crimes Act 1997 (Act 563) is maintained by the Attorney General's Chambers of Malaysia. For current enforcement guidance and recent case law, consult the AGC's e-Federal Gazette at agc.gov.my or seek independent legal advice from a qualified Malaysian practitioner.