top of page
  • Writer's pictureRajvin Singh Gill

E-Commerce: The Malaysian Legal Framework

Setting the scene

The Covid-19 lockdowns caused a significant surge in the e-commerce sector, leading to the normalization of using the internet for business promotion and online sales. Nevertheless, online businesses should understand the different rules that govern the industry, including requirements for registration, advertising, and handling client data. Failure to comply with these regulations may result in penalties from the relevant authorities. In this article, we will discuss the laws and regulations pertaining to the e-commerce industry in Malaysia, and how they safeguard consumers' rights and regulate online businesses.

What is E-Commerce?

E-commerce refers to the process of buying and selling goods or services using the internet. It can be classified into four main business models, which include:

Business to Consumer (B2C): In this model, businesses sell their products or services directly to individual consumers. For instance, Netflix provides subscribers with access to a wide range of movies and TV shows for a fee.

Business to Business (B2B): Here, businesses sell products or services to other businesses. For example, provides an online platform where other businesses can sell their products to consumers.

Consumer to Consumer (C2C): This model involves consumers reselling products or services to other consumers. Online platforms like eBay or Carousell allow individuals to sell used items to other individuals.

Consumer to Business (C2B): In this model, consumers provide goods or services to businesses or organizations. For instance, online influencers promote businesses and advertise products in exchange for payments or other benefits.

Registering a Business

Individuals and legal entities can both engage in online businesses, with legal entities needing to register with the Companies Commission of Malaysia (CCM). Vendors can choose to register their business as a business entity, company, or limited liability partnership (LLP), each having its own pros and cons.

Under Section 5 of the Registration of Businesses Act 1956, all businesses must be registered with the CCM, including those involved in e-commerce transactions. The Act's definition of 'business' is broad and covers all forms of trade, commerce, profession, craftsmanship, or any other activity for the purpose of profit. However, it excludes charitable undertakings, occupations specified in the Act, and any office or employment.

The CCM has issued guidelines for registering new businesses, including sole proprietorships or partnerships under the Registration of Businesses Act 1956. The owner or partner must be a Malaysian citizen or permanent resident who is 18 years old or older.

Online corporate merchants who conduct cross-border businesses from another country are not required to establish a local entity in Malaysia.

Laws governing online vendors and consumers

In e-commerce transactions, it is crucial to ensure that all elements of a legally binding contract are met, such as offer, acceptance, consideration, and intention to create legal relations. The Electronic Commerce Act 2006 recognizes the formation of valid electronic contracts that are enforceable against the contracting parties. Although electronic signatures are not mandatory, they are recognized and can facilitate the creation of electronic contracts.

The Consumer Protection Act 1999 safeguards the rights of e-commerce consumers, including protection against false representations, baiting of prices, and the right to gifts if advertised. The Act also requires that the purchased product is of acceptable quality and fit for its purpose. The Act prohibits sellers from entering into a sales contract that is unfair to the consumer.

Additionally, the Consumer Protection (Electronic Trade Transactions) Regulations 2012 mandates that sellers provide sufficient and accurate information to customers. The disclosure of information includes the name of the business, email address, telephone number, description of goods and services, total price, method of payment, and terms and conditions, including estimated delivery time

How are Advertisements regulated?

All online content advertised in Malaysia must comply with the Communications and Multimedia Act 1998 and the Malaysian Communications and Multimedia Content Code ("Content Code").

Under Section 211 of the Communications and Multimedia Act 1998, any content that is indecent, obscene, false, menacing, or offensive with the intent to annoy, abuse, threaten, or harass any person is prohibited.

The Content Code provides guidelines and procedures for responsible content creation and consumption across all digital media platforms. The Content Code is enforced by Malaysia's Communications and Multimedia Content Forum ("Content Forum"). Part 3 of the Content Code provides various regulations regarding advertisements, such as prohibiting advertisements that contain offensive or indecent content, or material related to cigarettes, tobacco, gambling, pornography, and slimming products.

In recent years, the Content Forum has been proposing amendments to the Content Code to keep up with the rapidly changing e-commerce landscape. The Content Forum issued a public consultation paper in September 2021 proposing amendments to the Content Code, which were incorporated into the Content Code 2022 and became effective on May 30, 2022.

The key changes in the Content Code 2022 include: (i)protecting the rights of persons with disabilities in content production; and (ii) widening the scope of "advertisement" to include online marketplace operators and others involved in producing and transmitting advertisements, such as online influencers and content creators.

Online influencers who receive payment to endorse products must disclose it to the public to ensure that marketing or promotional material is not used to mislead consumers.

The Content Code 2022 also imposes stricter standards on advertisers' claims to enhance accountability for claims, testimonials, and endorsements made in advertisements. Advertisers are required to hold substantiation for any testimonials used in advertisements, which should be capable of scrutiny if and when requested.

Data Protection and Privacy

The privacy of e-consumers and the processing of their personal data is a significant concern. In Malaysia, the Personal Data and Protection Act 2010 regulates the processing of personal data in commercial transactions. When people use online platforms, they often share personal information such as their name, address, identity card number, mobile number, email address, and credit card details.

The processing of personal data is allowed as long as the individual whose data is being processed (Data Subject) has given their consent. The General Principle outlined in Section 6(1) of the Personal Data and Protection Act 2010 supports this by stating that a Data User cannot process personal data (other than sensitive personal data) without the Data Subject's consent.

The Data User is required to provide written notification to the Data Subject, informing them of the processing of their data, the purpose for which it is being collected and processed, the Data Subject's right to access and modify the data, the third parties to whom the data may be disclosed, and whether it is mandatory or voluntary for the Data Subject to provide the data. This notification must be provided in Bahasa Malaysia, English, and any other applicable language to ensure that the Data Subject understands.



When making purchases online, consumers usually have to pay through online payment platforms. The most popular payment method is Financial Process Exchange (FPX), which is an internet-based payment method that allows users to use their bank login information to transfer money directly from their bank account to the merchant's account. As long as the user has an account with any of the participating FPX banks, they can use the FPX platform to make payments online without needing to register.


Electronic money or e-money is a type of payment method commonly used in online transactions, where funds are stored electronically in an e-wallet.

In Malaysia, e-money is widely used, with a total of 1.87 billion transactions valued at RM45.2 billion reported from January to November 2021. E-wallets like GrabPay, ShopeePay, and Touch n Go eWallet are popular options for making e-money transactions in Malaysia.

The Financial Services Act 2013 is the governing law for e-money in Malaysia. As per Section 11 of the act, any designated payment instruments, including e-money, need to be approved by Bank Negara Malaysia (BNM) before issuing them. The issuer of e-money, also known as EMI, is liable for the payment obligation and assumes the responsibility for the e-money issued. Before 2005, only banks were permitted to issue e-money, but this rule changed, and after obtaining approval from BNM, non-banks are now allowed to issue electronic money.

Summing it up

Malaysia-based e-commerce businesses must adhere to various regulations and guidelines related to registration, advertising, data protection, and payment methods. It is important for business owners to comply with these laws to establish credibility and trust with their e-consumers.


bottom of page