AI Governance Bill To Anchor Accountability on Humans and Organisations, Says Gobind

Digital Minister Gobind Singh Deo has clarified that Malaysia's forthcoming Artificial Intelligence Governance Bill will establish a clear chain of responsibility, ensuring that the humans and organisations developing, deploying, and operating AI systems bear full accountability for any harms or risks they generate. Unlike humans, who possess both legal standing and moral agency within the law, artificial intelligence systems lack these attributes, making it legally impossible to hold the technology itself responsible for failures or misuse. This fundamental distinction shaped the government's approach to the legislation, which Gobind outlined during parliamentary debate on June 24.

The accountability principle constitutes a cornerstone of the bill's architecture, driven by the accelerating integration of AI into everyday Malaysian life across government agencies, private enterprises, and consumer-facing services. As these systems become embedded in critical decision-making processes—from loan approvals and healthcare diagnostics to law enforcement and public administration—the absence of clear legal responsibility creates significant gaps in public protection. Gobind emphasised that placing accountability squarely on human actors and their organisations represents the most practical and enforceable approach to governance, particularly in a jurisdiction where traditional legal frameworks continue to evolve.

The government has adopted a lifecycle-based accountability framework that recognises AI risks do not materialise at a single point in time. A system deemed safe during initial development can become hazardous following modification, relocation to different operational contexts, integration with other systems, or deployment among user groups not originally envisioned by its creators. This comprehensive view reflects international best practices and acknowledges the complex trajectory of modern AI deployment, where seemingly minor alterations can trigger unexpected consequences. By extending accountability across the entire lifecycle—from conception through eventual decommissioning—the bill seeks to capture responsibility at each stage where decisions and actions directly influence system behaviour and outcomes.

Gobind stressed that the AI Governance Bill functions as a horizontal framework designed to complement rather than displace existing sectoral regulations and specialist legislation. Malaysia's established legal architecture already addresses specific domains through dedicated laws governing consumer protection, intellectual property, financial services, healthcare, and data privacy. The new bill will not supersede these frameworks but rather provide overarching governance principles that apply across sectors, while allowing specialised regulators to maintain their domain expertise and enforcement authority. This layered approach avoids duplicative regulation whilst establishing consistent accountability standards.

Where AI-related incidents cross into criminal conduct, consumer harm, intellectual property violations, or matters falling within specific sectoral jurisdiction, existing legal mechanisms and regulatory bodies will retain their full operational authority. The government deliberately positioned the bill to fill governance gaps without creating regulatory confusion or redundancy. This coordinated structure allows Malaysia to develop AI policy coherence whilst respecting the specialised knowledge and statutory powers of sector-specific agencies from the central bank to the Health Ministry.

Crucially, Gobind clarified that the government does not intend to regulate AI-generated content or directly police algorithmic outputs, a distinction that underscores Malaysia's commitment to avoiding state censorship of technology. Instead, the bill emphasises governance mechanisms designed to prevent risks from materialising in the first place. This preventative orientation contrasts with reactive approaches that attempt to police content after generation, instead focusing on the systems, processes, and oversight structures that influence how AI systems function before they reach users or make consequential decisions.

Among the mechanisms under consideration is a mandatory AI incident reporting regime that would require developers and operators to disclose system failures, unexpected behaviours, or incidents causing public harm. Such transparency enables regulatory authorities to assess risk severity, implement corrective measures, and identify patterns across multiple incidents that might indicate systemic weaknesses or emerging threats. Aggregated incident data could also inform policy evolution, allowing the government to adjust governance approaches as the technology and its applications mature. Early warning systems of this type have proven effective in aviation, pharmaceuticals, and other high-stakes domains.

The government is also exploring an AI regulatory sandbox—a controlled testing environment where developers, industry practitioners, and regulatory agencies can collaboratively evaluate AI systems before wider public deployment. Rather than imposing rigid pre-deployment approval requirements that might stifle innovation, sandboxes permit real-world testing under specified conditions with built-in safeguards. This approach allows Malaysia to balance the competitive imperative of rapid technological adoption against the public interest in system reliability and safety. Southeast Asian competitors including Singapore have successfully implemented similar mechanisms.

Gobind characterised the bill as a balanced legal framework that seeks simultaneously to enable safe, responsible, and reliable AI development whilst strengthening Malaysia's position in the digital economy. The government intends to support technological innovation and research that generates competitive advantages within the region whilst instituting protective barriers against foreseeable harms. This dual mandate reflects recognition that excessive regulation could drive AI development and investment toward more permissive jurisdictions, undermining Malaysia's capacity to build indigenous AI capabilities and retain talent.

The emphasis on protecting public interests and strengthening accountability throughout the AI lifecycle indicates the government's acknowledgement that early clarity on responsibility and governance prevents more contentious regulatory battles later. As AI systems expand into sensitive domains—criminal justice, employment decisions, financial access, medical treatment—the absence of transparent accountability frameworks risks eroding public trust in both the technology and regulatory institutions. Malaysia's approach attempts to establish legitimacy through clarity about who bears responsibility when systems fail.

Gobind's parliamentary response to Khoo Poay Tiong's question about public legal assurance underscores growing public anxiety about AI-related harms in Malaysia and regionally. Citizens increasingly encounter algorithmic decisions affecting their lives without understanding how these systems work or whom to hold accountable when they malfunction. The bill represents a direct response to these legitimate concerns about accountability gaps. By establishing clear lines of responsibility and governance mechanisms, the legislation seeks to transform AI from an opaque technological domain into a regulated activity subject to transparent accountability standards comparable to other powerful technologies.