Legal Insight by HHQ

As organisations increasingly adopt AI and automated technologies to support decision-making, questions around transparency, accountability and individual rights are becoming more important than ever. What exactly is Automated Decision-Making and Profiling (ADMP)? How does it relate to AI? When does it become high risk, and when will it trigger a Data Protection Impact Assessment (DPIA)? In this second instalment of our PDPA Guidelines Series, our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, join host Zach Shaw to unpack the newly issued ADMP Guideline and discuss how organisations should assess the risks arising from AI-powered decision-making and profiling activities. 💡 From automated CV screening and insurance underwriting to AI-driven risk assessments, organisations must understand when ADMP may significantly affect individuals and the additional transparency obligations that may follow. 🔔 Don’t forget to like, subscribe and turn on notifications to stay updated with the latest episodes of The Legal Insight Podcast.

Following the release of the new Data Protection Impact Assessment (DPIA) Guidelines by the Department of Personal Data Protection, organisations are now expected to take a more structured and risk-based approach towards personal data processing. But what exactly is a DPIA, when is it required, and how should organisations approach it in practice? In this episode of The Legal Insight Podcast, our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, join host Zach Shaw to unpack the practical implications of the new DPIA Guidelines and what organisations should be paying attention to moving forward. 💡 As regulatory expectations continue to evolve, organisations will need to move beyond compliance on paper and focus on practical implementation, risk management and accountability in data governance. 🔔 Don’t forget to like, subscribe and turn on notifications to stay updated with the latest episodes of The Legal Insight Podcast.

In this Part 2 of our discussion on Corporate Liability under Section 17A of the MACC Act 2009, we move beyond the fundamentals and focus on what directors and senior management must do to protect their organisations from corporate liability. As enforcement under Section 17A continues to evolve, companies can now be held liable for corrupt acts committed by employees or associated persons. This makes governance, oversight and compliance more critical than ever. The discussion highlights the statutory defence of “adequate procedures” and why policies, trainings, monitoring and enforcement must go beyond paper compliance. We sit down again with: • Mr Ankit Sanghvi, Partner and Head of ESG at Halim Hong & Quek • Ms Cynthia Gabriel, founder of Cynthia Gabriel & Associates, and award-winning anti-corruption and human rights advocate Corporate liability is no longer just a legal risk. It is a call for stronger governance, accountability and integrity across organisations operating in Malaysia.

Following Part 1, where we explored the fundamentals of tokenised money, the focus now shifts to where real value can be unlocked and how financial institutions can position themselves within this evolving ecosystem. While the concept is gaining traction, the key question remains: where are the practical opportunities, and how can they be implemented? In this episode of The Legal Insight Podcast, our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, join host Zach Shaw to examine how tokenised money moves beyond theory into real-world application. In this discussion, we explore: ✅ Why cross-border payments and remittance are widely viewed as key use cases ✅ How tokenised money enables near real-time (T+0) settlement across jurisdictions ✅ The legal and regulatory considerations involved in cross-border transactions ✅ The growing role of digital asset custody and its importance in risk management ✅ How tokenisation extends into capital market products such as bonds and sukuk ✅ The role of regulatory sandboxes in shaping Malaysia’s future framework 💡 Tokenised money is not just about issuing tokens. It is about solving real inefficiencies in today’s financial system and supporting a more efficient and connected financial ecosystem. 🔔 Don’t forget to like, subscribe, and turn on notifications to stay updated with the latest episodes of The Legal Insight Podcast.

For decades, corruption was seen as a crime committed only by individuals inside a company. But with the introduction of Section 17A of the Malaysian Anti-Corruption Commission Act 2009, the landscape has shifted dramatically. Corporations themselves can now be held criminally liable for bribery. The only defence? Proving that “adequate procedures” were in place. This episode explores why Section 17A is a gamechanger for boards and directors by transforming anti-corruption from a compliance add-on into a survival imperative. We sit down with: • Mr Ankit Sanghvi, Partner and Head of ESG at Halim Hong & Quek • Ms Cynthia Gabriel, founder of Cynthia Gabriel & Associates, and award-winning anti-corruption and human rights advocate They unpack: • Why corporate liability under Section 17A changes the rules of the game in Malaysia’s anti-corruption landscape • How the TRUST principles provide a practical framework for boards to operationalize compliance and protect themselves against liability • What the Pristine Offshore case revealed about corporate vulnerability and why failure to anticipate bribery risks can trigger liability • Why directors and boards must recognize that Section 17A makes anti-corruption oversight a non-negotiable responsibility, with personal liability and reputational damage at stake. Expect clarity, candour and real talk about what Section 17A means for corporations, directors and future of governance in Malaysia.

As tokenized money gains momentum globally, Malaysia is beginning to lay the groundwork for its adoption through regulatory initiatives and industry experimentation. But what exactly is tokenized money, and why is it becoming such a critical topic for financial institutions and businesses today? In this episode of The Legal Insight Podcast, our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, join host Zach Shaw to break down the fundamentals of tokenized money and how the ecosystem is starting to take shape in Malaysia. In this discussion, we explore: ✅ What “tokenized money” really means in practical terms ✅ The differences between CBDCs, stablecoins, and tokenized deposits ✅ How Bank Negara Malaysia’s Digital Assets Innovation Hub (DAIH) is driving early adoption ✅ Real-world initiatives by financial institutions in Malaysia ✅ The broader ecosystem beyond token issuance, including infrastructure and services ✅ How blockchain-based systems differ from traditional payment infrastructure 💡 Tokenized money is not just about digital tokens. It is the foundation of a new financial ecosystem that could reshape payments, settlements, and cross-border transactions. 🔔 Don’t forget to like, subscribe, and turn on notifications to stay updated with the latest episodes of The Legal Insight Podcast.

As Malaysia’s Online Safety Act 2025 moves from theory to practice, the key question becomes: how does the law actually work on the ground? From platform responsibilities to user protection mechanisms, the Act introduces clear compliance obligations that reshape how digital service providers manage harmful content. In this episode of The Legal Insight Podcast, our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, join host Zach Shaw to break down how the Online Safety Act 2025 operates in practice and what organisations need to do to stay compliant. In this discussion, we explore: ✅ The obligation for platforms to publish user-facing safety guidelines ✅ How existing terms of use must evolve to meet transparency requirements ✅ The tools and settings platforms must provide to empower users ✅ The dual reporting mechanism, including direct reporting to MCMC ✅ How harmful content complaints are handled in practice ✅ Heightened protections and obligations relating to child users 💡 The Online Safety Act 2025 is not just a regulatory framework. It is a shift towards greater accountability, transparency, and user empowerment in Malaysia’s digital ecosystem. 🔔 Don’t forget to like, subscribe, and turn on notifications to stay updated with the latest episodes of The Legal Insight Podcast.

As digital platforms evolve and AI makes content creation faster and more accessible than ever, the challenge of regulating harmful online content has become increasingly urgent. Malaysia has taken a significant step forward with the Online Safety Act 2025, which came into force on 1 January 2026, introducing a new framework aimed at improving safety and accountability in the digital space. In this episode of The Legal Insight Podcast, our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, join host Zach Shaw to unpack the fundamentals of this landmark legislation and what it means for companies, platforms, and users.  In this discussion, we explore: ✅ What the Online Safety Act 2025 is designed to achieve ✅ How it fits within Malaysia’s broader technology law ecosystem alongside the Cybersecurity Act 2024 and PDPA ✅ Which platforms and service providers the law applies to ✅ The extraterritorial reach of the Act and how overseas tech companies can still fall within its scope ✅ What qualifies as “harmful content” under the legislation 💡 As Malaysia continues to strengthen its digital governance framework, understanding how these laws interact will be increasingly important for technology companies, legal teams, and policymakers.

DeFi does not have to live in the shadows of regulation. In this episode, we go behind the scenes of Malaysia’s first capital market regulatory sandbox cohort and explore how PeerHive became one of only six companies selected by the Securities Commission Malaysia. From governance and recovery frameworks to investor protection and institutional trust, this conversation reveals what it really takes to build regulated, real-world DeFi. This is Part 2 of our CEO Exchange Series with PeerHive, where we unpack the regulatory, legal, and commercial realities behind taking a blockchain platform into a national sandbox. Join our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, together with host Zach Shaw and special guest Vincent Yeo, CEO & Co-Founder of PeerHive, as they discuss: ✅ What Malaysia’s SC Regulatory Sandbox is and why it matters ✅ Why PeerHive chose regulation over full decentralization ✅ How default recovery and governance change under a regulated DeFi model ✅ What the sandbox application and evaluation process actually looks like ✅ The real non-negotiables regulators look for in fintech innovation ✅ How regulatory alignment unlocks institutional trust and global capital 🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on the latest episodes.

Stablecoins are often talked about as the bridge between crypto and traditional finance. But what actually makes a stablecoin “stable”, and where do they realistically fit within Malaysia’s financial system today?   In this Part 2, we build on our previous discussion and zoom in on stablecoins, unpacking how they work, why regulators are cautious, and what risks issuers and users need to understand. This conversation follows Bank Negara Malaysia’s Discussion Paper on Asset Tokenisation and looks beyond the buzzwords to the legal and operational realities.   Join our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, together with host Zach Shaw, as they explore:   ✅ What stablecoins really are and how they differ from tokenized deposits and CBDCs ✅ Why “stability” depends on proper reserves, governance, and transparency ✅ Who can issue stablecoins and why this matters under Malaysian law ✅ Why stablecoins are unlikely to replace e-money, despite popular assumptions ✅ Where stablecoins may play a meaningful role, especially in on chain transactions ✅ The key legal, regulatory, and technology risks issuers cannot ignore   💡 This episode makes one thing clear. Stablecoins are not about replacing e-wallets or buying everyday items. Their real potential lies in supporting on chain activity and tokenized assets, but only if regulation, safeguards, and infrastructure evolve alongside the technology. This podcast is produced by HHQ's Business Development team. For speaking enquiries, visit https://hhq.com.my/podcast/

Stablecoins are often talked about as the bridge between crypto and traditional finance. But what actually makes a stablecoin “stable”, and where do they realistically fit within Malaysia’s financial system today? In this Part 2, we build on our previous discussion and zoom in on stablecoins, unpacking how they work, why regulators are cautious, and what risks issuers and users need to understand. This conversation follows Bank Negara Malaysia’s Discussion Paper on Asset Tokenisation and looks beyond the buzzwords to the legal and operational realities. Join our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, together with host Zach Shaw, as they explore: ✅ What stablecoins really are and how they differ from tokenized deposits and CBDCs ✅ Why “stability” depends on proper reserves, governance, and transparency ✅ Who can issue stablecoins and why this matters under Malaysian law ✅ Why stablecoins are unlikely to replace e-money, despite popular assumptions ✅ Where stablecoins may play a meaningful role, especially in on chain transactions ✅ The key legal, regulatory, and technology risks issuers cannot ignore 💡 This episode makes one thing clear. Stablecoins are not about replacing e-wallets or buying everyday items. Their real potential lies in supporting on chain activity and tokenized assets, but only if regulation, safeguards, and infrastructure evolve alongside the technology. This podcast is produced by HHQ's Business Development team. For speaking enquiries, visit https://hhq.com.my/podcast/

As Malaysia moves beyond cash and e-money, a new form of value is beginning to take shape. Tokenized money is emerging as the next evolution in how funds move across systems, institutions, and borders. Grab a coffee and join this episode of The Legal Insight Podcast as we explore how blockchain-native money could reshape payment infrastructure, settlement processes, and the future of banking, following Bank Negara Malaysia’s Discussion Paper on Asset Tokenisation. Join our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, together with host Zach Shaw, as they unpack: ✅ What tokenized money really means in practical terms ✅ Why CBDCs and tokenized deposits are suddenly on every regulator’s agenda ✅ How tokenized deposits could transform settlement speed and cross border transfers ✅ The legal and structural differences between CBDCs and tokenized deposits ✅ Who should be paying attention now, from banks and large corporates to policymakers and technology providers 💡 This episode makes clear why tokenized money is not about crypto speculation. It is about the future foundations of the financial system, where money becomes programmable, faster to move, and more transparent 🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on the latest episodes. This podcast is produced by HHQ's Business Development team. For speaking enquiries, visit https://hhq.com.my/podcast/

After introducing Malaysia’s new framework for Social Exchange Platforms in Part 1, this episode takes a closer look at who can raise funds and how those funds must be managed under this regulated structure. Join our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, together with host Zach Shaw, as they break down: ✅ Who is eligible to raise funds through a Social Exchange Platform ✅ The strict limits on how raised funds can be used ✅ Why at least 80% of proceeds must go directly to the intended cause ✅ How transparency and reporting build stronger public trust 💡 Whether you lead a non-profit or advise one, this episode offers practical insights into what compliance really means and how this framework is setting a new benchmark for integrity in social fundraising. 🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on future episodes. This podcast is produced by HHQ's Business Development team. For speaking enquiries, visit https://hhq.com.my/podcast/

The Securities Commission Malaysia has introduced groundbreaking guidelines that set a new benchmark for how non-profits can raise funds transparently and responsibly. Grab a coffee and join this episode of The Legal Insight Podcast as we explore how this new framework is transforming how charity, technology, and governance intersect. In today’s episode, our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, return with host Zach Shaw to explore:   ✅ What a “social exchange platform” really is ✅ How it bridges fintech innovation with social impact ✅ The key registration and compliance requirements for operators ✅ How the framework builds public trust and transparency for donors   💡 Whether you’re a non-profit leader, fintech founder, or policy watcher, this episode offers valuable insights into Malaysia’s next step in impact-driven regulation. This podcast is produced by HHQ's Business Development team. For speaking enquiries, visit https://hhq.com.my/podcast/

In the final episode of The Malaysia PDPA Authority Series, we wrap up our exclusive discussion with Prof. Dr. Mohd Nazri bin Kama, former Personal Data Protection Commissioner of Malaysia. This conversation goes straight to the heart of one of today’s biggest compliance challenges: data breach notifications. What really happens when a breach occurs? When do you have to notify the PDPC and affected individuals? And what are the risks if you don’t? Here’s what you’ll take away: • Why data breach incidents in Malaysia are rising sharply • The exact situations where notification is legally required • The consequences of failing to act, from fines to prison terms • How the PDPC actually monitors breaches, including on the dark web • A practical step-by-step guide for managing a data breach response This podcast is produced by HHQ's Business Development team. For speaking enquiries, visit https://hhq.com.my/podcast/ Schedule a free DPO consultation call here: https://hhq.com.my/dpo/

In this second installment of The Malaysia PDPA Authority Series, we continue our exclusive conversation with Prof. Dr. Mohd Nazri bin Kama, former Personal Data Protection Commissioner of Malaysia. This episode takes a close look at the mandatory appointment of Data Protection Officers (DPOs). We explore what the law really requires, why companies should not treat it as a tick-box exercise, and how to make the right appointment for long-term compliance. Expect clarity, context, and real talk about: • The real purpose of the DPO as the “internal compass” for compliance • Why appointing the wrong DPO could expose companies to liability • The six key competencies every DPO must have • Outsourcing, training, or hiring — which model works best for your company This podcast is produced by HHQ's Business Development team. For speaking enquiries, visit https://hhq.com.my/podcast/ Schedule a free DPO consultation call here: https://hhq.com.my/dpo/

The PDPA has changed—and so has the tone of enforcement.   In this first episode of The Malaysia PDPA Authority Series, we sit down with Prof. Dr. Mohd Nazri bin Kama, former Personal Data Protection Commissioner of Malaysia, to understand what the 2024 PDPA Amendments really mean for businesses, legal practitioners, and the future of privacy in Malaysia.   Expect clarity, context, and real talk about: • Why the PDPA is no longer a “paper tiger” • The top enforcement priorities for 2024 • How companies can finally get their compliance journey started • Practical steps for building a privacy-first culture

The conversation continues. The Securities Commission Malaysia is exploring tokenisation—what are the trade-offs?   In Part 2 of our special series on the SC’s consultation paper, we examine the legal, technical, and operational considerations around tokenised capital market products.   In this episode, Technology Practice Group Partners Ong Johnson and Khai Yi Lo are joined by Derrick Leong, Head of Legal and Compliance at IX Swap, with Zach Shaw hosting, to discuss:     • The rationale for dual record-keeping and its impact on blockchain solutions   • Key compliance considerations for issuers and registered market operators   • Enhanced disclosure requirements and SME readiness   • GTRM compliance: necessary safeguard or excessive burden?   • Next steps for Malaysia’s tokenisation roadmap   Whether you’re a legal advisor, regulator, or digital-asset entrepreneur, this episode offers a balanced look at the regulatory framework shaping Malaysia’s tokenisation journey. 🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on the latest episodes.

Tokenisation isn’t coming. It’s here. And the Securities Commission Malaysia wants your views.   Grab a snack and tune into this mega-episode of The Legal Insight Podcast, where we explore the SC’s public consultation paper on tokenised capital market products and what it means for fintech, legal, and investment players across the country.   In today’s episode, our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, return with special guest Derrick Leong, Head of Legal and Compliance at IX Swap, hosted by Zach Shaw, to unpack:   ✅ What tokenisation really means (yes, with Lego analogies) ✅ Digital twin tokens vs. native tokens and why it matters ✅ The SC’s phased approach, is it wise or too cautious? ✅ Public vs. private chains and the battle of transparency vs. control ✅ Why dual compliance could slow Malaysia’s fintech growth   💡 Whether you’re a legal counsel, regulator, or crypto founder, this is the regulatory debate you can’t miss.   🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on the latest episodes.

The “Wild West” days are over. Malaysia’s consumer credit space is going legit — and fast. In this Part 2 of our deep dive into the Consumer Credit Bill 2025, we go beyond the basics and into the practical challenges facing Buy Now Pay Later (BNPL) providers and other fintech players. In this episode of the HHQ Legal Insight Podcast, our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, join host Zach Shaw to answer the tough questions: ✅ What happens if you operate BNPL without a licence? ✅ What is the actual licensing process — and how strict is it? ✅ Can startups survive the financial and regulatory hurdles? ✅ What are the “fit and proper” tests for business owners? ✅ Can you buy a BNPL business — or transfer a licence? ✅ How should existing operators start preparing today? 💡 If you're in fintech, compliance, or credit services — this episode is your survival guide. 🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on our latest episodes.

Fintech is growing up — and so are the regulations. Join us on The Legal Insight Podcast today as we unpack the Consumer Credit Bill 2025 — a game-changing law that’s about to reshape Malaysia’s consumer credit landscape. In this episode of the The Legal Insight Podcast by HHQ, join our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, alongside host Zach Shaw, as they dive into: ✅ What the Bill actually regulates — from BNPL to factoring & leasing ✅ How the Bill draws the line between legal & illegal credit businesses ✅ Why unlicensed operations could face RM5 million fines or jail time ✅ Practical distinctions between BNPL vs. factoring vs. leasing ✅ Why this law signals fintech’s shift from grey area to compliance era 💡 If you’re running or advising a fintech or credit business — this episode is your compliance wake-up call. 🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on our latest episodes.

With the latest amendments to Malaysia’s Personal Data Protection Act 2024, organizations are now legally required to report qualifying data breaches within 72 hours of discovery—or risk non-compliance. In this episode of the HHQ Legal Insight Podcast, join our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, alongside host Zach Shaw, as they dive into: ✅ What triggers a mandatory data breach notification under the PDPA ✅ The meaning of “significant harm” and how to assess it ✅ DPO’s role in managing incidents and reporting to the Commissioner ✅ 72-hour response timeline – what to do and how to act fast ✅ Practical actions companies must take in the first hours after a breach ✅ Notifying affected data subjects and managing reputational risk. If you’re responsible for compliance, legal risk, or cybersecurity, this episode is a must-listen. 💬 𝐍𝐞𝐞𝐝 𝐡𝐞𝐥𝐩 𝐧𝐚𝐯𝐢𝐠𝐚𝐭𝐢𝐧𝐠 𝐝𝐚𝐭𝐚 𝐛𝐫𝐞𝐚𝐜𝐡 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞? Schedule a free consultation with our Technology Practice Group

In this episode of the Legal Insight Podcast, we dive into the critical requirements around appointing a Data Protection Officer (DPO) under Malaysia’s Personal Data Protection (Amendment) Act 2024. Schedule a free consultation at https://hhq.com.my/DPO Join Zach Shaw, along with Ong Johnson and Lo Khai Yi, Partners of HHQ’s Technology Practice Group, as they unpack: • What exactly a DPO does and why the role is crucial. • Who needs to appoint a DPO under the new thresholds. • The pros and cons of appointing an internal vs outsourced DPO. • Key qualifications, skills, and responsibilities every DPO should meet. • Consequences of non-compliance with DPO appointment obligations. Whether you’re running a growing business or managing compliance for a large organization, this episode offers practical guidance on strengthening your data governance framework before the 1 June 2025 compliance deadline. 🎧 Stay tuned for Part 2 where we explore Data Breach Notification Obligations! 📌 Need help navigating Malaysia’s evolving data protection landscape? Reach out to our Technology Practice Group for a free DPO consultation.

In this episode, we continue our deep dive into the Personal Data Protection (Amendment) Act 2024 and what it means for businesses in Malaysia. Our guests, Ong Johnson, Head of the Technology Practice Group, and Lo Khai Yi, Co-Head of the Technology Practice Group at HHQ, break down: ✅ The three-stage rollout of the amendments 📅 ✅ What companies need to do to stay compliant 🏢 ✅ The introduction of Data Protection Officers (DPOs) – who needs one, what they do, and whether outsourcing is an option 🔍 ✅ The mandatory data breach notification requirement and its impact ⚠️ ✅ The right to data portability and how it gives individuals more control over their personal data 🔄 If you haven’t checked out Part 1, we highly recommend listening to that first! 💬 Got questions? Drop them in the comments or tune in for our upcoming webinar, where we’ll answer the most pressing queries. Follow Johnson & Khai Yi on LinkedIn for real-time updates on legal and regulatory changes. And don’t forget to subscribe to stay ahead of the latest legal insights! 🎧

In this episode, we take a deep dive into Malaysia's latest Personal Data Protection (Amendment) Act 2024, a landmark legal reform that promises to strengthen data security and privacy rights in Malaysia. But the real question is—is this a game-changer in data protection, or just a paper tiger with no real bite? Our experts, Johnson and Khai Yi from HHQ’s Technology Practice Group, analyze the key changes, their enforceability, and whether businesses should expect real regulatory shifts or just more red tape. With regulators promising tougher enforcement, is this the turning point for data security in Malaysia, or just another legislative update with little practical impact?  Tune in now to uncover insights behind Malaysia’s latest data protection reforms.

In this episode, we dive deep into the critical topic of Cyber Security Incident Notification. What exactly qualifies as a cyber security incident? How should organizations respond when faced with one? Join us as we unpack the legal definitions, key triggers, and regulatory requirements under the Cyber Security Act. We’ll explore the meaning behind terms like “jeopardize” and “adversely affect,” and discuss real-world implications for businesses navigating today’s complex digital landscape. Whether you’re a legal professional, business leader, or tech enthusiast, this episode offers valuable insights into managing cyber risks effectively. 🎧 Listen now and stay informed on the latest in cybersecurity law in Malaysia.

In episode 13 of The Legal Insight Podcast, we unpack the pivotal licensing requirements introduced by the Cyber Security Act 2024 and their implications for service providers. Joined by the experts from HHQ's Technology Practice Group—Ong Johnson, Lo Khai Yi, and Nicole—we cover: 🔒 Who Needs a License? Key criteria for Managed Security Operation Centre Monitoring Services and Penetration Testing Services. 📜 Application Process & Timeline: Deadlines, grace periods, and documentation tips. ⚖️ Compliance & Penalties: Avoid fines up to RM500,000 and 10-year imprisonment. 🌐 Impact on Foreign Providers: Operating in Malaysia under the new framework. Don’t miss out on this essential guide for navigating the legal landscape of cybersecurity services. Whether you're a provider, a business leader, or part of a corporate group, this episode has actionable insights for you.

In episode 12 of The Legal Insight Podcast, we dive deep into the European Union Artificial Intelligence Act (EU AI Act) with insights from Ong Johnson and Lo Khai Yi, heads of HHQ’s Technology Practice Group. Discover the implications of the Act's prohibited AI practices and how they impact innovation and compliance. From Manipulative and Exploitative AI Systems to Social Scoring and Biometric Categorisation, we break down the Act's regulations, their rationale, and what businesses must do to navigate them. 🎙 Key Highlights: The ethics and risks behind Manipulative and Exploitative AI. Social Scoring AI Systems: Where dystopia meets regulation. Consequences of non-compliance: Fines and global enforcement. Practical steps for companies to audit, adapt, and align with the EU AI Act. Tune in to explore how this groundbreaking legislation reshapes the intersection of AI, ethics, and compliance.

In Episode 11 of The Legal Insight Podcast, we’re diving deep into the European Union’s groundbreaking Artificial Intelligence Act, set to reshape AI regulation across industries. Join hosts Ong Johnson and Lo Khai Yi, Technology Practice Group leaders at HHQ, as they unpack what this new legislation means for companies operating in the EU and beyond - from a Malaysian perspective. We’ll explore the Act’s risk-based approach, the classification of high-risk AI systems, and the impact of prohibited AI practices, offering a comprehensive guide to understanding compliance obligations. From practical steps for risk management to data governance, this episode is packed with insights for legal teams, compliance officers, and AI developers alike who are navigating this new regulatory landscape. Tune in to learn how the EU AI Act will influence innovation, ethics, and business operations in the age of artificial intelligence. Johnson, Head of Technology Practice Group, HHQ Khai Yi, Co-Head of Technology Practice Group, HHQ

In Episode 10, we continue with Part 2 of diving into DeFi, NFTs, and central bank digital currencies (CBDC) with a special guest, Derrick Leong: Johnson, Head of Technology Practice Group, HHQ Khai Yi, Co-Head of Technology Practice Group, HHQ Special Guest: Derrick Leong, Head of Legal & Compliance at IX Swap—the pioneering DeFi platform enabling the trading of real-world assets (RWA) through licensed custodians and broker-dealers. IX Swap’s mission is to democratize access to private market investments and tackle illiquidity using blockchain technology like Automated Market Making (AMM), liquidity pools, and DeFi.

In Episode 9, we begin a two-part series diving into digital assets, real-world asset tokenization, and evolving regulations with a special guest, Derrick Leong: Johnson, Head of Technology Practice Group, HHQ Khai Yi, Co-Head of Technology Practice Group, HHQ Special Guest: Derrick Leong, Head of Legal & Compliance at IX Swap—the pioneering DeFi platform enabling the trading of real-world assets (RWA) through licensed custodians and broker-dealers. IX Swap’s mission is to democratize access to private market investments and tackle illiquidity using blockchain technology like Automated Market Making (AMM), liquidity pools, and DeFi. In Part 1, we explore fractional ownership, tokenization trends, and the regulatory landscape. Stay tuned for Episode 10 (Part 2), where we dive deeper into DeFi and its future.

In this episode, Ong Johnson, Lo Khai Yi, and Zach Shaw continue the second part of our series on Malaysia's newly gazetted Cyber Security Act 2024. We delve into the obligations for National Critical Information Infrastructure (NCII) entities and the repercussions of non-compliance, offering actionable guidance on how these developments may affect your business. Discover the steps you can take to ensure compliance and stay ahead in Malaysia's rapidly evolving cybersecurity landscape. Related reading: https://hhq.com.my/posts/cyber-security-bill-2024-decoded-5-key-insights-for-strategic-compliance/ 

In this episode, Ong Johnson, Lo Khai Yi, and Zach Shaw begin a two-part series on the Cyber Security Act 2024 in Malaysia. We explore the Act's introduction of national critical information infrastructure (NCII) and the new licensing requirements for cybersecurity service providers. Learn how these changes could impact your business and what steps you should take to ensure compliance. Tune in for valuable insights into Malaysia's evolving cybersecurity landscape. Related reading: https://hhq.com.my/posts/cyber-security-bill-2024-decoded-5-key-insights-for-strategic-compliance/ 

In this episode, Ong Johnson, Lo Khai Yi, and Zach Shaw dive into the transformative world of blockchain technology, focusing on the emerging trend of Real-World Assets (RWAs) tokenization. As blockchain adoption accelerates globally—especially with the recent U.S. approval of Spot Bitcoin ETFs—many companies remain hesitant to embrace this technology. We explore the reasons behind this hesitation and demystify the concept of RWAs tokenization, highlighting its profound implications for businesses across sectors. Tune in to learn how to navigate the regulatory landscape and harness the power of tokenized assets. Related reading: https://hhq.com.my/posts/real-world-assets-in-blockchain-why-companies-should-pay-attention/ 

Today's discussion surrounds the Air Canada case surrounding AI chatbot hallucinations. The conversation seeks to explore the issues surrounding the legal risks of deploying AI Chatbots, and the best practices for managing those potential implications.   Related reading: https://hhq.com.my/posts/air-canada-case-exposes-ai-chatbot-hallucination-risks-a-mitigation-guide-for-general-counsel/

Today's discussion is titled 'Licensing of Data for AI Model Training'. The conversation seeks to explore the issues surrounding the method of which AI companies source for data to train AI models, and how content creators/data providers can work with AI companies to create a win-win situation in this growing industry.

Today's discussion covers insights from our recent article titled 'Exploring the Legal Implications of AI as Inventors: UK Patent Law Perspective'. The conversation seeks to clarify the position of the law on whether AI can be named as an inventor under a patent application. Related reading: https://hhq.com.my/posts/exploring-the-legal-implications-of-ai-as-inventors-uk-patent-law-perspective/

Today's discussion covers insights from our recent article titled 'Whether AI-Generated Work Could Be Protected by Copyright Law'. The article explores the rights of creators to the output produced by Generative AI systems (non-human-authors) such as ChatGPT, Stable Diffusion, DALL-E, and Midjourney. Related reading: https://hhq.com.my/posts/whether-ai-generated-work-could-be-protected-by-copyright-law/

Today's discussion covers insights from our recent article titled 'Addressing Copyright Infringement and Challenges in AI Training'. The article highlights the potential risks of copyright infringement when training AI, and how companies can manage those risks while remaining competitive.    Related reading: https://hhq.com.my/posts/addressing-copyright-infringement-and-challenges-in-ai-training/