Conventus Law

Conventus Law

by

Artificial intelligence (“AI”) is increasingly used by businesses to automate processes, analyse data, and enhance decision-making across a wide range of industries. While AI technologies offer significant commercial benefits, they also raise important legal and regulatory considerations.

In Malaysia, although there is currently no single comprehensive law governing AI, businesses remain subject to existing legal frameworks relating to data protection, intellectual property, cybersecurity, and corporate governance, as well as emerging AI governance guidelines.

Organisations adopting AI must therefore carefully assess potential AI legal issues and ensure appropriate governance and compliance measures are in place. This article outlines key legal considerations of AI and the role of legal advisors in supporting responsible AI deployment.

The Emerging Regulatory Landscape for AI in Malaysia

National AI Governance Initiatives

Malaysia has taken early steps to establish governance frameworks for the responsible development and use of AI.

In September 2024, the Ministry of Science, Technology and Innovation launched the National Guidelines on Artificial Intelligence Governance and Ethics (“AIGE”), which aim to promote ethical and trustworthy AI adoption across industries.

Although the guidelines are not legally binding, they serve as an important reference framework for organisations deploying AI technologies.

The AIGE outlines seven core principles intended to guide responsible AI development and deployment:

  • Fairness
  • Reliability, Safety and Control
  • Privacy and Ssecurity
  • Inclusiveness
  • Transparency
  • Accountability
  • Pursuit of Human Benefit and Happiness

These principles are designed to reduce ethical risks, encourage transparency in AI decision-making, and ensure that AI systems operate in a manner consistent with societal and legal expectations.

For businesses adopting AI technologies, these governance guidelines represent an early signal of how laws regulating AI may evolve in the future.

AI Governance Bill

Malaysia is set to introduce its first dedicated AI Governance Bill which is intended to address AI risks comprehensively. The Bill is being developed through the National Artificial Intelligence Office (NAIO), and will be a risk-based model covering areas such as AI-related harm, incident reporting and ethical principles. It is reported that the Bill will introduce, among others, responsibilities for entities that develop or deploy AI systems, a governance framework spanning the full lifecycle of AI technology, and a mechanism for reporting AI-related incidents.

Key Legal Risks Arising from AI Use

While AI can enhance business efficiency, it may also introduce complex legal risks that organisations must proactively address.

Data Protection and Privacy Risks

Many AI systems rely on large datasets to train algorithms and generate predictive outputs. These datasets frequently contain personal information or commercially sensitive data.

In Malaysia, the Personal Data Protection Act 2010 (“PDPA”) governs the collection, processing, and disclosure of personal data in commercial transactions. Businesses deploying AI solutions must therefore ensure that data used for AI training and deployment complies with PDPA requirements.

Key risks include:

  • Use of personal data without proper consent
  • Processing personal data beyond the original purpose of collection
  • Insufficient safeguards to protect personal data, including sensitive personal data

Failure to comply with data protection laws may expose businesses to regulatory enforcement and reputational damage.

Intellectual Property and Ownership of AI Outputs

AI systems often generate content, designs, or analytical outputs based on underlying training data.

However, legal issues may arise regarding:

  • Ownership of AI-generated content
  • Potential infringement of third-party intellectual property rights
  • Licensing rights associated with training datasets

For example, generative AI tools trained on copyrighted materials may inadvertently produce outputs that resemble protected works. Businesses deploying such technologies should therefore evaluate whether their AI systems give rise to potential intellectual property risks.

These issues illustrate how AI and the law intersect with established intellectual property regimes.

Algorithmic Bias and Discrimination

AI systems can produce biased outcomes due to limitations in training data or flaws in algorithmic design.

This risk is particularly relevant when AI is used for decision-making processes such as:

  • Recruitment and hiring assessments
  • Credit risk evaluation
  • Customer profiling
  • Automated service delivery

If AI systems produce discriminatory outcomes, businesses may face legal exposure under anti-discrimination laws or consumer protection frameworks.

Responsible AI governance therefore requires organisations to assess whether automated systems may inadvertently create unfair or biased outcomes.

Contractual and Liability Risks

The use of AI in business processes may also raise questions of liability when AI-generated outputs result in financial or operational harm.

Examples include:

  • AI-generated financial advice leading to losses
  • Automated systems making inaccurate decisions
  • AI-driven analytics producing misleading information

In such cases, determining responsibility can be complex. Liability may potentially arise from:

  • Software developers
  • AI system providers
  • Business operators deploying the AI system

Clear contractual arrangements and risk allocation mechanisms are therefore essential when implementing AI technologies within commercial operations.

Governance and Risk Management in AI Deployment

Given the complexity of AI legal issues, businesses are increasingly adopting structured AI governance frameworks to manage risk.

AI Governance and Internal Policies

Effective AI governance typically involves the development of internal policies addressing issues such as:

  • Ethical AI deployment
  • Data governance and security
  • Transparency in algorithmic decision-making
  • Human oversight of automated systems

These governance measures align with the principles outlined in Malaysia’s AI governance guidelines, which emphasise accountability, transparency, and responsible AI development.

Organisations implementing AI solutions should therefore conduct regular risk assessments and establish internal review processes prior to deployment of AI technologies.

AI Risk Assessments and Compliance Monitoring

Businesses should also consider implementing structured AI risk assessments to evaluate potential legal and ethical implications.

Such assessments may include:

  • Evaluating the source and legality of training datasets
  • Testing AI models for bias or discriminatory outcomes
  • Assessing cybersecurity vulnerabilities
  • Monitoring ongoing system performance

Ongoing compliance monitoring helps organisations in identifying emerging legal risks before they escalate into regulatory or litigation issues.

Cross-Border Legal and Regulatory Considerations

Many AI technologies are developed and hosted by global technology providers. As a result, businesses deploying AI tools may inadvertently trigger cross-border regulatory considerations.

For example, organisations may rely on:

  • AI platforms hosted on foreign cloud infrastructure
  • Third-party AI service providers located outside Malaysia
  • Data processing activities conducted across multiple jurisdictions

These arrangements may raise legal issues relating to:

  • Cross-border data transfers
  • Jurisdictional compliance obligations
  • International regulatory frameworks governing AI

Businesses operating internationally must therefore ensure that AI deployment strategies comply not only with Malaysian laws but also with applicable foreign regulatory regimes.

The Role of AI Lawyers in Business Advisory

As AI technologies continue to evolve, organisations increasingly require specialised legal guidance to manage emerging risks.

A lawyer specialised in AI can assist businesses in addressing a wide range of AI legal issues, including:

AI Governance Framework Development

Assisting organisations in designing governance structures that align with emerging AI regulations and ethical guidelines.

Regulatory Compliance

Advising on the application of existing legal frameworks—such as data protection, consumer protection, and cybersecurity laws—to AI-driven business models.

Contractual Risk Management

Drafting and reviewing agreements with AI technology providers, including provisions relating to liability, intellectual property rights, and data protection obligations.

Risk Mitigation and Dispute Management

Where AI-related disputes arise, supporting  businesses in responding to regulatory investigations or managing litigation risks.

For organisations integrating AI into their operations, proactive legal advisory services are therefore essential to ensure responsible and sustainable AI deployment.

Conclusion

AI is transforming business operations but also introduces significant AI legal issues that organisations must manage carefully. In Malaysia, although comprehensive laws regulating AI have yet to be enacted, businesses remain subject to existing legal frameworks governing data protection, intellectual property, consumer protection, and corporate governance, alongside emerging AI governance guidelines.

Organisations adopting AI should implement appropriate governance measures, conduct legal risk assessments, and ensure compliance with applicable laws. 

Engaging experienced lawyers who specialised in AI can assist businesses in navigating AI and the law, strengthening compliance frameworks, and managing legal risks associated with AI deployment.

WRITTEN BY

For further information, please contact:

K. Shanti Mogan – Shearn Delamore & Co,
shanti@shearndelamore.com

Practice Areas

  • Arbitration & Mediation (Head)
  • Competition Law & Antitrust (Co-Head)
  • Dispute Resolution
  • Personal Data Protection & Privacy Laws
  • Regulatory Compliance & Enforcement

  • Technology, Media & Telco

Languages

  • English,
  • Malay,
  • Tamil

PRACTICE

Shanti has a broad commercial practice, representing clients in commercial litigation and arbitration, both domestic and international. She acts as counsel and arbitrator, and represents parties in arbitrations held domestically and internationally under the Rules of the KLRCA, SIAC, ICC and UNCITRAL. Her experience covers a wide range of disputes including banking, commercial and corporate, and technology related disputes.

She regularly acts for banks, regulatory bodies and corporations in relation to consumer protection, data protection and privacy, defamation, entertainment, multimedia and communications dispute matters.

Shanti also has experience in the area of competition and antitrust laws, and offers advisory services, compliance audits and legal representation in competition law investigations and disputes. Specific industries she has represented in her competition practice include the pharmaceutical, insurance, energy, travel, banking, automotive, entertainment and retail sectors.

Shanti advises on regulatory compliance and activities coming under the purview of various authorities including the Securities Commission, the Anti-Corruption Commission and the Communications and Multimedia Commission.

QUALIFICATIONS

  • LL.B (Hons), University of Bristol
  • LL.M (Hons), University of Malaya
  • Barrister-at-Law, Gray’s Inn
  • Advocate & Solicitor, High Court of Malaya

ADMISSIONS

  • England & Wales (1989)
  • Malaysia (1990)

PROFESSIONAL MEMBERSHIPS

  • Malaysian Bar
  • Fellow of the Chartered Institute of Arbitrators
  • Fellow of the Malaysian Institute of Arbitrators
  • Member of the Singapore international Arbitration Centre’s (SIAC) Court of Arbitration
  • Member of the Arbitration Sub-Committee of the Malaysian Bar Council
  • Member of the Arbitration Committee of the International Chamber of Commerce (ICC) Malaysia
  • Member of the Legal Affairs Committee of the Malaysian International Chamber of Commerce and Industry
  • Member of the Panel of Arbitrators of AIAC, SIAC and ICC (Malaysia)
  • International Bar Association (IBA)
  • Inter-Pacific Bar Association (IPBA)

    PUBLICATIONS

  • Exclusive contributor to the International Law Office’s Legal Newsletter on Arbitration, including the following:
  • Federal Court reinforces law that supervisory courts may review arbitral awards
  • High Court clarifies proceedings under Arbitration Act
  • Federal Court clarifies statutory rights granted by Advocates Ordinance
  • High Court gives effect to parties’ intention in the face of ambiguously drafted arbitration clause
  • Malaysian courts continue to give effect to arbitration agreements

AWARDS & RECOGNITION

  • Asialaw Leading Lawyers (2021) – “Notable practitioner” in Dispute Resolution
  • Chambers Asia-Pacific (2014 – 2020) – “Leaders in their Field” in Dispute Resolution
  • The Legal 500 Asia-Pacific (2010 – 2012, 2014, 2019 and 2020) – “Recommended Lawyer” in Dispute Resolution
  • Expert Guides (2018 and 2019) – “Leading Practitioner” in Commercial Arbitration and Women in Business Law

ARBITRATION EXPERIENCE INCLUDES:

  • Disputes involving the provision of a cellular blocking system valued at over RM250 million
  • Disputes involving payment for chilled water supplied by a district cooling plant where the sums involved exceed RM200 million
  • Disputes involving delay claims for a national infrastructure project
  • Disputes in a multimillion dollar ICC arbitration involving the designing, manufacturing and supplying of a steel manufacturing plant
  • Disputes involving a warehouse management and logistics coordination agreement
  • Disputes involving development agreements for digital electric vehicles.
  • Dispute involving an agreement for the development of an integrated tourist resort.
  • Dispute involving warranty claims for a car tracking system.
  • Disputes involving the provision of pharmaceutical supplies to a government concessionaire
  • Disputes involving the breach of marketing agreements in respect of the marketing of coal
  • Dispute involving the provision offshore services in respect a charter party.
  • Disputes involving the design and construction of residential homes for public servants
  • Disputes involving a contract for the supply of resources for an automated enforcement system
  • Disputes involving the breach of a distributorship agreement
  • Disputes involving a hotel management project
  • Disputes involving the development and supply of a digital broadcasting system
  • Disputes relating to a software licence agreement for the supply and implementation of a software trading system
  • Disputes arising from the provision of consultancy services for the procurement of oil and gas projects
  • Dispute involving a scholarship training programme
  • Joint venture disputes, breaches of training programmes, warranty disputes, sale of business, contracts for services
  • Disputes relating to a plantation company in respect of the sale of a plantation
  • Disputes involving a Privatisation Cum Development Agreement involving a Waterfront Project
  • Disputes in respect of a telecommunications joint venture
  • Enforcement/Setting Aside arbitral awards

Register for your monthly Asia legal updates from Conventus Law

Error: Contact form not found.

RELATED ARTICLES