Regional Round-Up: Malaysia Q3 2024

Ramping Up of Competition Law Activity in Malaysia

Competition and Merger Guidelines for Courier Services Sector

Although there is no economy-wide merger regime in Malaysia, certain sectors are subject to merger controls. While it is commonly known that the telecommunications and aviation sectors are subject to sectoral merger controls, a lesser-known fact is that the Postal Services Act 2012 (“PSA“) similarly prohibits a PSA licensee from engaging in conduct which has the purpose of substantially lessening competition (“SLC“) in the postal market (which includes courier services) (“SLC Prohibition“). Mergers and acquisitions in the courier services sector are types of conduct which could result in a breach of the SLC Prohibition.

On 30 September 2024, the Malaysian Communications and Multimedia Commission (“MCMC“) released the following guidelines:

  1. Guidelines on Dominant Position (Postal Services Industry), which sets out MCMC’s approach in determining the relevant markets and assessing dominance; and
  2. Guidelines on Substantial Lessening of Competition (Postal Services Industry), which sets out MCMC’s approach in assessing SLC.

MCMC acknowledges that the courier services sector is very competitive, and competition for last-mile delivery is intense with approximately 105 licensees as of August 2024. The sector is therefore likely to see some consolidation. Thus, the publication of the guidelines is timely in anticipation of the forthcoming merger activities. 

MCMC recognises that while not all mergers or acquisitions will raise competition concerns, such competition concerns may arise if the merger or acquisition lessens competition by reducing or weakening the competitive constraints in a market or reduces the incentives for competitive rivalry.

Additionally, other anti-competitive practices prohibited by the SLC Prohibition include predatorial pricing, the adoption of foreclosure strategies, and exclusive dealing. The PSA also prohibits PSA licensees from entering into collusive agreements, i.e. agreements concerning rate fixing, market sharing, boycotting of another competitor, and tying or linking arrangements.

MyCC’s Latest Enforcement Activities

The Malaysia Competition Commission (“MyCC“) has continued its enforcement focus on hardcore cartel conduct, especially on bid-rigging arrangements in public procurement. MyCC has, in the past six months, issued the following final/proposed decisions for infringements of the prohibition against anti-competitive agreements under section 4 of the Competition Act:

No.

Date of Decision

Decision Type

Infringement

Subject Matter

Number of Implicated Enterprises

1.

23 Apr 2024

Proposed

Bid-rigging

Public Works Department and Department of Drainage and Irrigation tenders

8

2.

5 Sep 2024

Final

Bid-rigging

Ministry of Defence tenders

7

3.

10 Sep 2024

Proposed

Bid-rigging

Perbadanan Putrajaya tenders

3

4.

30 Sep 2024

Proposed

Price-fixing

Umrah travel services

81

Coming into Force of the Cyber Security Act 2024

The Cyber Security Act 2024 (“CSA“) came into force on 26 August 2024.

Four new subsidiary regulations, which were issued to complement and operationalise the CSA, are briefly described below:

  1. Cyber Security (Period for Cyber Security Risk Assessment and Audit) Regulations 2024: Generally require an entity designated as a national critical information infrastructure entity (“NCII entity“) under the CSA to conduct: (i) cyber security risk assessments at least annually; and (ii) cyber security audits at least biennially.
  2. Cyber Security (Notification of Cyber Security Incident) Regulations 2024: Prescribe the timeline, form and manner for NCII entities to notify the Chief Executive of the National Cyber Security Agency (“NACSA“) and the relevant NCII sector lead of cyber security incidents. In these instances, the regulations generally require the concerned NCII entity to make: (i) an initial notification within six hours from the time the incident becomes known; and (ii) a subsequent notification within fourteen days from the initial notification.
  3. Cyber Security (Licensing of Cyber Security Service Provider) Regulations 2024: Clarify the scope of cyber security services which are subject to licensing requirements under the CSA, namely: (i) managed security operation centre monitoring services; and (ii) penetration testing services.
  4. Cyber Security (Compounding of Offences) Regulations 2024: Prescribe five compoundable offences under the CSA, e.g. failure to conduct or submit reports of cyber security risk assessments and audits.

NACSA, which is responsible for overseeing the implementation of the CSA, has also issued new directives detailing specific requirements in the following areas: (i) manner of making cyber security incident notifications; (ii) process for cyber security service provider licence applications; (iii) manner of appointment of NCII entities and NCII sector leads; (iv) implementation of cyber security baseline self-assessment for NCII entities; and (v) implementation of risk assessments for NCII entities.  

All NCII entities and licensable cyber security service providers must familiarise themselves with these developments to avoid falling foul of the CSA, its subsidiary regulations and instruments. For more information regarding these developments to the CSA, please see our Legal Update here and our upcoming legal updates.

Amendments to the Personal Data Protection Act 2010

On 31 July 2024, the Malaysian Parliament passed the Personal Data Protection (Amendment) Bill 2024 (“Amendment Bill“), which will introduce key amendments to the Personal Data Protection Act 2010 (“PDPA“) including:

  1. changing the term “data users” to “data controllers”;
  2. recognising the increased importance of biometric data by amending the definition of “sensitive personal data” to include biometric data such as fingerprint scans;
  3. increasing the maximum penalty for breaches of any personal data protection principles to RM1 million or imprisonment of up to three years, or both;
  4. directly regulating all “data processors” under section 9 of the PDPA and requiring them to comply with the same security requirements that “data controllers” are subject to;
  5. requiring all “data controllers” and “data processors” to appoint a Data Protection Officer (“DPO“), with a guideline on DPOs expected to be issued soon;
  6. requiring data breaches that meet a certain threshold to be reported to the Personal Data Protection Commissioner and to affected data subjects, with a Guideline on Data Breach Notifications to be issued soon;
  7. introducing a new right to data portability, which will be supplemented by the upcoming Guideline on Data Portability; and
  8. removing the country whitelist for cross-border data transfers, and further clarifying the transfer mechanisms through the upcoming issuance of the Guideline on Cross-Border Data Transfers.

On 17 October 2024, the Amendment Bill has received royal assent and was published in the Federal Gazette as the  Personal Data Protection (Amendment) Act 2024 (“Amendment Act”). However, the Amendment Act has not yet come into force. It will take effect on a later date to be appointed by Digital Minister Gobind Singh. There is a possibility that different provisions of the Amendment Act may come into force on different dates.  

The gazettement of the Amendment Act indicates that its official enforcement is forthcoming. It is therefore recommended that businesses start taking steps to review their internal data protection policies and practices to ensure compliance with the new changes introduced by the Amendment Act.

For more information about the key changes introduced by the Amendment Act as well as ancillary upcoming developments related to the PDPA, please refer to our Legal Update  here.

High Court Emphasises Importance of Safeguards in Discovery Application for Computing Devices

In the recent decision in Bentley Systems, Incorporated v PUSB Engineering Sdn Bhd [2024] MLJU 2048, the High Court dismissed Bentley’s discovery application on, amongst others, the ground that Bentley failed to provide safeguards and protocols in handling the documents sought to be disclosed.

Bentley, a software company, sued PUSB for copyright infringement, alleging unauthorised use of its computer software in over 10 computers. After numerous applications and with the trial date approaching, Bentley filed a discovery application to access PUSB’s computing devices and related documents.

Bentley argued that the discovery of PUSB’s devices and records was necessary to confirm the extent of copyright infringement. PUSB contended that Bentley’s discovery request was overly broad, unsupported by sufficient legal grounds, and amounted to a fishing expedition.

The High Court dismissed Bentley’s application for discovery and ruled that Bentley had not established sufficient reasons for unrestricted access to PUSB’s computing devices. With regards to the discovery sought vis-à-vis the PUSB’s computing devices, the High Court noted that it was, in substance, akin to an Anton Pillar order without providing the usual safeguards which include but are not limited to the following:

  1. Supervising Solicitors: To oversee the process and ensure fairness;
  2. IT Experts: To handle the technical tasks like data imaging and extraction;
  3. Protocols for Possession: Clear steps for collecting the computing devices;
  4. Data Imaging and Extraction: Guidelines to properly download and extract relevant data;
  5. Preserving Integrity: Measures to maintain the integrity of the devices and data;
  6. Limiting Disclosure: Protocol for limiting disclosure of information disclosed;
  7. Protecting Confidentiality: Safeguards for confidential and privileged data;
  8. Avoiding Irrelevant Data: Ensuring unrelated data is not extracted or disclosed; and
  9. Presenting Evidence: Proper protocols to present the data as evidence in court.

This case underscores the importance of timely and specific discovery applications in copyright infringement lawsuits, particularly when seeking the disclosure of devices and information contained therein. Discovery cannot be used as a fishing expedition for evidence, and applicants must propose appropriate protocols to safeguard the rights of the opposing party.

Significant Upcoming Amendments to Malaysia's Arbitration Act 2005

In July 2024, the Malaysian Parliament passed the Arbitration (Amendment) Bill 2024 (“Bill“), which is expected to become law once it is published in the Federal Gazette. The Bill introduces notable revisions to the Arbitration Act 2005 (“Act“), aimed at enhancing Malaysia’s role in the global arbitration scene.

Key changes include:

  1. Applicable Law to Arbitration Agreement

The Bill sets a default rule where, in the absence of an agreed choice of law, the law of the seat governs the arbitration agreement. This resolves the longstanding debate about whether the law of the seat or the law of the underlying contract applies when no choice is specified by parties.

  1. Automatic Recognition of Awards

Arbitral awards from Malaysia or “Foreign States” (i.e. member States of the New York Convention 1958) will be automatically recognised without requiring a formal enforcement application at the High Court.

  1. Introduction of the President of the Asian International Arbitration Centre (“AIAC”) Court of Arbitration

The Bill replaces the term “Director of the Asian International Arbitration Centre” with “President”, who will now assume responsibilities previously held by the Director, reflecting AIAC’s recent institutional reforms and the establishment of the AIAC Court of Arbitration.

  1. Digital Signatures

The Bill allows digital and electronic signatures on arbitral awards, modernising the Act to align with current business practices. This change eliminates the need for exchanging physically signed awards, which saves time and costs, while improving the efficiency of the arbitral process.

  1. Third-Party Funding

Third-party funding is now formally recognised. This allows parties to fund arbitrations through third parties, provided the third-party funding complies with public policy considerations. When a third-party funding agreement is in place, the funded party must inform the opposing party and the arbitral tribunal about the existence of the agreement and the identity of the third-party funder.

The English High Court Decision in Euronav Shipping NV v Black Swan Petroleum DMCC [2024] EWHC 896 (Comm): The Principle of Comity between Malaysia and the United Kingdom

In 2023, Euronav Shipping NV (“Defendant“) applied for the Malaysian court proceedings initiated by Black Swan Petroleum DMCC (“Plaintiff“) to be stayed pending reference of the dispute to arbitration under section 10(1) of the Arbitration Act 2005, and for the Plaintiff’s Writ and Warrant of Arrest to be struck out and/or set aside.

In dismissing the application, the Malaysian High Court reiterated the trite position that a stay of proceedings pending reference to arbitration ought not be granted where the applicant has voluntarily submitted to the court’s jurisdiction. The Defendant, in filing a single application to stay proceedings and to strike out and/or set aside the above, was deemed to have submitted to the jurisdiction of the High Court of Malaysia. The Defendant’s appeal against this decision is currently pending (“Appeal“).

Thereafter, the Plaintiff successfully applied for an anti-arbitration injunction before the Malaysian High Court to preclude the Defendant from pursuing arbitration proceedings in London pending disposal of the Appeal.

Two days before the Plaintiff’s application for the anti-arbitration injunction was set to be heard by the Malaysian High Court, the Defendant applied to the English High Court for an order that the Plaintiff be restrained from pursuing its anti-arbitration application in Malaysia and/or from seeking to prevent the Defendant from pursuing its claims against the Plaintiff otherwise than in the London arbitration proceedings. The English High Court was satisfied that the Defendant met the threshold test for the granting of an anti-suit injunction but exercised its discretion to adjourn the application, with liberty to the Defendant to restore the application following determination of the Appeal for the following reasons:

  1. The granting of the order(s) would infringe the principle of comity between the two jurisdictions by effectively circumventing the order granted by the Malaysian High Court.
  2. It was vexatious and oppressive for the Defendant to seek the order(s) from the English High Court after having voluntarily submitted to the jurisdiction of the Malaysian High Court over the subject matter of the dispute.
  3. The granting of the order(s) would result in duplicative proceedings in Malaysia and in the London arbitration proceedings.
  4. The Defendant had delayed in filing its application before the English High Court.
  5. The dismissal of the application altogether was deemed inappropriate in light of the Defendant’s pending appeal in Malaysia.

Please note that whilst the information in this Update is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as a substitute for specific professional advice

CONTACTS

Partner
+60 3 2273 1919 /+60 3 2267 2699
Malaysia,
Partner, Head of Technology, Media & Telecommunications and Data Privacy & Protection
T +603 2273 1919
Malaysia,
Partner, Head of Dispute Resolution, Co-Head of Restructuring & Insolvency
+603 2273 1919 / +603 2267 2626
Malaysia,
Partner, Head of Antitrust & Competition, Co-Head of Capital Markets
+603 2273 1919 / +603 2267 2647
Malaysia,
Partner
+601 7362 3459 / +603 2267 2669
Malaysia,
Partner, Head of Sustainability
T +60 3 2273 1919 / +60 3 2267 2729
Malaysia,
Partner
+603 2273 1919 / +603 2267 2616
Malaysia,
Partner, Head of Projects & Infrastructure, Energy & Natural Resources
+60 3 2273 1919
Malaysia,

Country

EXPERTISE

Share