The national cloud computing policy of Malaysia

August 2025

View the original document

Strategies and Action Plans

Author: Ministry of Digital

The National Cloud Computing Policy (NCCP) of Malaysia, published by the Ministry of Digital in 2025, establishes a comprehensive framework to guide the country’s cloud adoption and position Malaysia as a regional digital hub by 2030. Below is a detailed breakdown of the policy:

Strategic vision and objectives

The policy aims to transform Malaysia into a global cloud leader by creating a secure, scalable, and sustainable cloud ecosystem. Its vision is to position Malaysia as the leading global cloud hub, while its mission is to drive nationwide digital transformation through secure and innovative cloud adoption.
Key objectives include:

  • Enhancing public service efficiency and innovation through cloud-based services.
  • Driving economic competitiveness by fostering private sector innovation, attracting investment, and enabling SMEs to leverage cloud technologies.
  • Strengthening data security and public trust through robust privacy, sovereignty, and ethical safeguards.
  • Promoting digital inclusivity, ensuring equitable access to cloud services across all socio-economic groups.

Alignment with national strategies

The NCCP complements Malaysia’s broader digital strategies, including:

  • MyDIGITAL and the Malaysia Digital Economy Blueprint, driving inclusive economic growth through digital adoption.
  • The National Fourth Industrial Revolution (4IR) Policy, supporting advanced technologies like AI, IoT, and big data.
  • NIMP 2030, focusing on sustainable industrial competitiveness.
  • Malaysia Cyber Security Strategy (MCSS), ensuring robust cybersecurity frameworks underpinning cloud adoption.

Five core pillars of the policy

The NCCP is built on five interrelated pillars, each operationalised through detailed ‘cloud stacks’ with specific initiatives:

1. Enhance: public sector transformation

  • Establish a centralised government cloud infrastructure for efficient service delivery.
  • Deploy citizen-centric digital services, improving inclusivity and accessibility.
  • Implement a cloud-native framework using microservices, containers, and serverless computing.
  • Adopt transparent procurement processes with performance-based Service Level Agreements (SLAs).

2. Nurture: private sector growth

  • Foster a vibrant cloud ecosystem to attract foreign investments and empower SMEs.
  • Promote public-private partnerships (PPPs) to co-develop secure and cost-effective solutions.
  • Support local cloud providers and system integrators through incentives and skills-building.
  • Advance R&D partnerships between academia and industry.
  • Establish sovereign cloud infrastructure to ensure data sovereignty and compliance with local laws.

3. Secure: data protection and privacy

  • Implement Zero Trust frameworks and advanced encryption.
  • Enforce strict protocols for breach notifications, incident response, and disaster recovery.
  • Uphold data sovereignty by ensuring sensitive information remains within Malaysia or is securely encrypted when stored abroad.
  • Guarantee data portability rights, enabling users to move data seamlessly and securely.

4. Include: digital inclusivity

  • Expand cloud infrastructure to underserved and rural areas.
  • Provide affordable cloud-based solutions for healthcare, education, and essential services.
  • Promote digital literacy and skills development, especially among marginalised groups.

5. Sustain: environmental sustainability

  • Encourage green data centres powered by renewable energy.
  • Set environmental standards for cloud operations, focusing on reduced emissions and sustainable construction.
  • Develop energy-efficient hosting and connectivity practices to lower Malaysia’s digital carbon footprint.

Governance, laws, and compliance

The NCCP establishes a strong regulatory foundation:

  • Personal Data Protection Act 2010 (PDPA) ensures compliance with data privacy standards.
  • Cyber Security Act 2024 safeguards national critical infrastructure.
  • Data Sharing Act 2025 governs inter-agency data exchange.
  • CSPs must align with international standards, including GDPR for cross-border data transfers.
  • A data classification framework sets security requirements for different sensitivity tiers, from public to highly confidential data.

A whole-of-nation governance model assigns roles to the public sector, private sector, and citizens, supported by collaboration with international cloud service providers and local innovation hubs.

Tracking progress and feedback

The policy is a living document, designed for adaptability:

  • Biennial reviews assess performance against benchmarks such as cloud adoption rates, service efficiency, environmental impact, and economic gains.
  • Stakeholder feedback via forums, surveys, and consultations informs iterative updates.
  • Interim adjustments accommodate emerging technologies and regulatory developments.

Key takeaways

  • Establishes Malaysia as a regional and global cloud hub by 2030.
  • Prioritises data sovereignty, security, and trust while encouraging private innovation.
  • Promotes digital inclusivity and green infrastructure.
  • Positions cloud computing as a foundation for Malaysia’s wider digital economy ambitions.