Duties of an Internet Service Provider in Malaysia

Communications and Multimedia Act 1998

 The relevant legislation in Malaysia regulating the communications and multimedia industry is the Communications and Multimedia Act 1998 (“the Act”). The Act has been enacted to promote national policy objectives for the communications and multimedia industry and to establish a licensing and regulatory framework in support of national policy objectives for the communications and multimedia industry.

The Malaysian Communications and Multimedia Commission (“MCMC”) was established by the Act as regulator for the converging communications and multimedia industry and charged with overseeing the new regulatory framework for the converging industries of telecommunications, broadcasting and on-line activities.


The Act requires various activities to be licensed and one of the roles of MCMC is to issues licences. Under the Act, there are four categories of licensable activities :


(1)               Network Facilities Providers – who are the owners of facilities such as satellite earth stations, broadband fibre optic cables, telecommunications lines and exchanges, radiocommunications transmission equipment, mobile communications base stations, and broadcasting transmission towers and equipment. They are the fundamental building block of the convergence model upon which network, applications and content services are provided.


(2)               Network Services Providers – who provide the basic connectivity and bandwidth to support a variety of applications. Network services enable connectivity or transport between different networks. A network service provider is typically also the owner of the network facilities. However, a connectivity service may be provided by a person using network facilities owned by another.


(3)               Applications Service Providers – who provide particular functions such as voice services, data services, content-based services, electronic commerce and other transmission services. Applications services are essentially the functions or capabilities, which are delivered to end-users.


(4)               Content Applications Service Providers – who are special subset of applications service providers including traditional broadcast services and newer services such as online publishing and information services.


According to the MCMC website at http://www.mcmc.gov.my/, Time dotcom Berhad is one of the licensed service providers for Applications Service Provider.

As the Act seeks to establish a regime of self-regulation by providing for the creation of industry forums, an industry body may be designated or appointed as an industry forum if the MCMC is satisfied that the criteria stipulated in Section 94 of the Act 1998 has been fulfilled.

The primary function of a designated industry forum would be to formulate and implement voluntary industry codes, which would serve as a guide for the industry to operate. The relevant codes may be developed on the forum’s own initiative or upon request by the MCMC.

In March 2001, the MCMC designated the Communications and Multimedia Content Forum of Malaysia (“CMCF”) as the Content Forum.

The CMCF governs content by self regulation in line with the Malaysian Communications and Multimedia Content Code (“Code”). The Code is a set of industry guidelines on the usage and/or dissemination of content for public consumption. The Code has now been officially registered with the MCMC with effect from 1 September 2004.

The Code can be downloaded at MCMC’s website at http://www.mcmc.gov.my.

The Constitution of the CMCF states that a Complaints Bureau be established under Article 8 of the Code to deal with complaints. The Bureau is empowered by the Council to impose sanctions on any member who is considered to have breached the Content Code.

However, the Bureau is not permitted to consider complaints if they concern matters that are the subject of legal proceedings, or if the Bureau decides it would be inappropriate.


Application of the Code

 The Code applies to all content made available in the content industry in the networked medium and as defined the Code and under the Act.

This Code also applies to all persons who provide a content applications service (“Content Application Service Providers”) and in particular but is not limited to:


(1)        Each member of the industry forum;

(2)        Each person who has submitted their agreement to the Forum that they will be bound by this Code; and

(3)       Each person whom the Commission has directed in accordance with Section 99 of the Act.


Under Section 100 of the Communications and Multimedia Act 1998 (“the Act”), a person who fails to comply with a direction of MCMC that the for person complies with any provision of a voluntary industry code shall be liable to pay to the MCMC a fine not exceeding two hundred thousand (200,000) ringgit.


The Code

The relevant part of the Code for the parties who provide online Content or those who provide access to online content through present and future technology is Part 5 of the Code. These parties include, but are not limited to:


(1)               Internet Access Service Providers;

(2)               Internet Content Hosts;

(3)               Online Content Developers;

(4)               Online Content Aggregators; and

(5)               Link Providers


(collectively referred as “Content Subject”)


Internet Service Provider falls under the definition of Internet Access Service Providers which is defined in paragraph 12.1 of Part 5 of the Code as a service provider who provides users with access to the Internet including (but not limited to) the World Wide Web.

The Code has provided that no Content Subjects shall knowingly provide prohibited content. The Code has classified ‘prohibited content’ into 9 categories namely:

(1)               Indecent Content

(2)               Obscene Content

(3)               Violence

(4)               Menacing Content

(5)               Bad language

(6)               False Content

(7)               Children’s Content

(8)               Family Values

(9)               People with Disabilities


Content is defined as any sound, text, still picture, moving picture or other audio-visual representation, tactile representation or any combination of the preceding which is capable of being created, manipulated, stored, retrieved or communicated electronically but does not include for the purpose of the Part 5 of the Code:

(1)        ordinary private and/or personal electronic mail other than bulk or spammed electronic mail;

(2)        content transmitted solely by facsimile, voice telephony, VOIP and which is intended for private consumption; or

(3)        content which is not accessible to the public whether freely, by payment of a fee or by registration, including (but not limited to) content made available by way of a closed Content Application Service or a limited Content Applications Service under Sections 207 and 209 of the Act respectively;


Appendix 2 of the Code provides that, apart from the Act, licensees under the Act may need to be aware of the following Acts of Parliament and are advised to have sufficient resources and expertise to ensure compliance where necessary.


(1)               Accountants Act 1967 (revised 1972)

(2)               Children & Young Persons (Employment) Act 1966 (Revised 1988)

(3)               Consumer Protection Act 1999

(4)               Copyright Act 1969

(5)               Defamation Act 1957

(6)               Dental Act 1971

(7)               Film (Censorship) Act 1952

(8)               Geneva Conventions Act 1962

(9)               Indecent Advertisements Act 1953

(10)           Internal Security Act 1960

(11)           Medicine (Advertisement and Sale) Act 1956

(12)           National Anthem Act 1968

(13)           Penal Code

(14)           Pesticides Act 1974

(15)           Poisons Ordinance 1952

(16)           Poisons (Sodium Arsenite) Ordinance 1949

(17)           Printing Presses and Publications Act 1984

(18)           Private Higher Educational Institutions Act 1996

(19)           Private Hospitals Act 1971

(20)           Sale of Drugs Act 1952 (Revised 1989)

(21)           Sale of Food Act 1983

(22)           Food Regulations 1985

(23)           Securities Industry Act 1983

(24)           Sedition Act 1948

(25)           Trade Description Act 1972

(26)           Trade Marks Act 1976

(27)           Women and Girls Protection Act 1973


Compliance of the Code as a legal defence

Section 98 of the Act provides that compliance with the Code is a legal defence. Section 98(2) of the Act provides that ‘compliance with a registered voluntary industry code shall be a defence against any prosecution, action or proceeding of any nature, whether in a court or otherwise, taken against a person (who is subject to the voluntary industry code) regarding a matter dealt with in that code’.

Notwithstanding the above, paragraph 6.4 of Part 2 of the Code states that all applicable Malaysian Laws including but not limited to sedition, pornography, defamation, protection of intellectual property and other related legislation are to be complied with.


Duties of Internet Access Service Provider under the Code

The Code has set out the guidelines to be followed by an Internet Access Service Provider (“IASP”) in Part 5 of the Code.

An IASP shall comply with and incorporate terms and conditions in the contracts and legal notices as to terms of use with subscribers of their services. This shall include the following terms:

(1)        Subscribers will comply with the requirements of Malaysian law including, but not limited to, the Code and shall not provide prohibited Content nor any Content in contravention of Malaysian law;

(2)        The IASP will have the right to withdraw access where a subscriber contravenes the above; and

(3)        The IASP shall have the right to block access to or remove such prohibited Content provided such blocking or removal is carried out in accordance with the complaints procedure contained in the Code.

The existence of the above-mentioned terms and conditions will be displayed on the IASP’s website in a manner and form easily accessible by its subscribers by way of a link or other similar methods.

The Code recognises the concept of innocent carrier. Code Subjects providing access to any Content but have neither control over the composition of such Content nor any knowledge of such Content is deemed an innocent carrier for the purposes of the Code. An innocent carrier is not responsible for the Content provided. Further, it is also a defence that access providers had adhered to the general measures provided by the Code.

However, once an IASP is notified by the Complaints Bureau that its user or subscriber is providing prohibited Content and the IASP is able to identify such subscriber the IASP will take the following steps:


(1)        Within a period of 2 working days from the time of notification, inform its subscriber to take down the prohibited Content.


(2)        Prescribe a period within which its subscriber is to remove the prohibited Content, ranging from 1 to 24 hours from the time of notification.


(3)        If the subscriber does not remove such prohibited Content within the prescribed period, the IASP shall be entitled to suspend or terminate the subscribers’ access account.


(collectively referred as “Notice and Take Down Procedure”)


However, paragraph 11 of Part 5 of the Code provides that IASPs are not required to undertake any of the following:


(1)        Provide rating systems for Online Content;

(2)       Block access by their users or subscribers to any material unless directed to do so by the Complaints Bureau acting in accordance with the complaints procedure set out in the Code;

(3)       Monitor the activities of users and subscribers; or

(4)       Retain data for investigation unless such retention of data is rightfully requested by the relevant authorities in accordance with Malaysian law.


Notwithstanding the above, the definition of ‘prohibited content’ does not include content which infringes other parties’ intellectual property or contains element of fraud. As such, the Notice and Take down procedure may not apply to such matters. We are of the view that the types of remedies available to the aggrieved party limited to the traditional remedies specified under their specific legislation.


Liability of Internet Application Service Provider in general

So far there have not been any reported cases on the liability of an IASP in Malaysia as a conduit that who passively allowed for the transmission of data. However, we may refer to the position in United Kingdom and the United States of America.


United Kingdom

We refer to the case of Godfrey v Demon Internet Ltd, QBD, [1999] 4 All ER 342. In the said case, Demon Internet Ltd, an Internet service provider offered a Usenet facility, enabling authors to publish material to readers worldwide. An unknown person made a posting in that newsgroup on an American service provider, and it reached Demon Internet Ltd’s server in England. The posting, which purported to be written by Godfrey, was a forgery and defamatory of Godfrey. Godfrey subsequently informed Demon Internet Ltd that the posting was a forgery, and asked it to remove the posting from its Usenet news server. However, Demon Internet Ltd failed to do so, and the posting remain on the server until its expiry. Godfrey brought proceedings for libel against Demon Internet Ltd.

In its defence, Demon Internet Ltd sought to rely, inter alia, on the defence provided by s 1(1) of the Defamation Act 1996, namely (a) that it was not the publisher of the statement complained of, (b) that it had taken reasonable care in relation to its publication, and (c) that it had not known, and had no reason to believe, that its action had caused or contributed to the publication of a defamatory statement. On Godfrey’s application to strike out that part of the defence, Demon Internet Ltd contended it had not published the defamatory posting and that there had been no publication within the meaning of s 1(1)(b) of the Act. Although s 1(2) and (3) provided a special definition of the word ‘publisher’ as used in s 1(1)(a), s 17 provided that the words ‘publication’ and ‘publish’ had the same meaning as in the general law of defamation. The issue therefore arose whether Demon Internet Ltd had published the posting within the common law meaning of the term.

The Court, in allowing Godfrey’s application, held that Demon Internet Ltd’s defence under Section 1 of the Defamation Act is hopeless and struck out Demon Internet Ltd’s defence.

However, recently in Bunt v Tilley and others [2006] 3 All ER 336, the Court struck out a claim by a Plaintiff against a number of internet service providers for defamation. The Plaintiff claimed that the said internet service provider published the defamatory words of the other defendant ‘via the services provided’ by the said internet service providers. The Court held, distinguishing the case of Godfrey v Demon Internet Ltd (Supra), that an internet service provider which performed no more than a passive role in facilitating postings on the internet could not be deemed to be a publisher at common law.  It was essential to demonstrate a degree of awareness or at least an assumption of general responsibility, such as had long been recognised in the context of editorial responsibility, in order to impose legal responsibility under the common law for the publication of words. Although it was not always necessary to be aware of defamatory content to be liable for defamatory publication, there had to be knowing involvement in the process of publication of the relevant words. It was not enough that a person had played merely a passive instrumental role in the process.


United States

In the United States of America, IASP has relied on 47 USC 230 of the American Telecommunications Act of 1996 as their defence. 47 USC 230 of the American Telecommunications Act of 1996 provides that:




(1)        TREATMENT OF PUBLISHER OR SPEAKER- No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.


 (2)       CIVIL LIABILITY- No provider or user of an interactive computer service shall be held liable on account of–


(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or


(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

47 USC 230 of the American Telecommunications Act of 1996 was applied in the cases ofKenneth M. Zeran v. America Online, Inc.; U.S. District Court, E.D. Virginia, 958 F.Supp. (1997).


In the American case of Kenneth M. Zeran v. America Online, Inc.; U.S. District Court, E.D. Virginia, 958 F.Supp. (1997), the Plaintiff initiated proceedings for defamation after an unknown America Online, Inc (AOL) subscriber made posting that the Plaintiff had for sale tasteless t-shirts regarding the bombing of the Alfred P.Murrah Building in Oklahoma City, and listed the contact details of the Plaintiff. In response, the Plaintiff received telephone complaints and death threats. The issue was whether an online service, website, or other interactive computer service, can be held liable for defamation made by third parties, where the defamed party has been injured by defamatory speech made by persons who post in an interactive computer service. The Supreme Court ruled against the Plaintiff and held that, applying 47 USC 230 of the American Telecommunications Act of 1996, held that no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. Applying this case to the position in Malaysia, the same may not apply to Malaysia as Malaysia does not have such provision to protect IASP.


However, the above 47 USC 230 of the American Telecommunications Act of 1996 has no effect on intellectual property law.


Liability of Internet Application Service Provider for Copyright infringement

As for the liability of IASP for the wrongdoings of a third party i.e. infringing materials, at the present, there has not been any explicit attempt by the legislators to clarify this position. In the United States of America, the Digital Millennium Copyright Act 1998 was enacted to exempt IASP from copyright liability if they take measures to take down the infringing materials from the internet. In the United Kingdom, the Copyright and Related Rights Regulations 2003 allow the grant of an injunction against a service provider, only in instances where the service provider has ‘actual knowledge’ of another person using their service to infringe copyright.

In this regard, in order to ascertain whether copyright subsists in the works, one must determine whether the works fall within one of the categories of works protected under the Copyright Act 1987 (“Copyright Act”). Section 7(1) of the Copyright Act sets out the categories of works which are eligible for copyright protection and it is worded in this way:


    7. Works eligible for copyright

   (1)     Subject to this section, the following works shall be eligible for copyright:

(a)        literary works;

(b)        musical works;

(c)        artistic works;

(d)        films;

(e)        sound recordings; and

(f)         broadcasts.


Upon determination whether the work in question is eligible for copyright, in order to determine whether there has been an infringement of copyright, we are of the view that we refer to Section 36 of the Copyright Act which provides:
36.  Infringements.


(1) Copyright is infringed by any person who does, or causes any other person to do, without the licence of the owner of the copyright, an act the doing of which is controlled by copyright under this Act.


  1. Section 13 of the Copyright Act provides for the following acts that is controlled by copyright,


(1)                           the reproduction in any material form;

(2)                           the communication to the public;

(3)                           the performance, showing or playing to the public;

(4)                           the distribution of copies to the public by sale or other transfer of ownership; and

(5)                           the commercial rental to the public,


of the whole work or a substantial part thereof, either in its original or derivative form.


Technically speaking, when an internet user posts a message through the internet, the said message will be transmitted through the IASP who will then in turn reproduce the said message to the intended recipient.

As such, passive IASP who is merely a conduit that who passively allowed for the transmission of data, may reproduce files and documents belonging to third parties that is controlled by copyright. In this regard, on the issue whether there is copyright infringement, we may refer to the definition of ‘causes any other person’ of Section 36 of the Copyright Act. The word ‘causes’ is not defined nor has been defined in the Malaysian Court.

Professor Dr. Khaw Lake Tee in her book “Copyright Law in Malaysia” (2nd Ed, 2001, Malayan Law Journal) at page 182 to 183, in defining ‘causes’ referred to the case of Dunia Muzik WEA Sdn Bhd v Koh Tay Eng [1989] 2 MLJ 356. Professor Dr. Khaw Lake Tee summarised Dunia Muzik WEA Sdn Bhd v Koh Tay Eng, at page 182 to 183 of “Copyright Law in Malaysia” (2ndEd, 2001, Malayan Law Journal) to the following:


In that case, the plaintiffs who were engaged in the making, production and publication of musical works and sound recordings, used the defendant for infringement of their copyright. It was alleged that the defendant had sold infringing copies of the plaintiffs’ sounds recordings and had therefore, inter alia, caused, enabled or assisted others to reproduce and to dispose off unlawfully the plaintiff’s works. Gunn J (as he then was) held that the plaintiffs have proved all the allegations made and were therefore entitled to an injunction, damages as well as delivery of the infringing copies. But although evidence was adduced to show that the defendant had sold infringing copies, there was nothing from the facts of the case to suggest that the defendant had made the infringing copies himself. The court could have thus meant that the defendant had ‘caused’ other to reproduce the infringing copies. There was also nothing in the facts to indicate the person involved in the actual reproduction were the servants or agents of the defendant. The court would seem to suggest that a person selling infringing copies could be held to have ‘caused’ copying of the work even though the act was done by a third party who was acting neither on the person’s behalf nor his instructions. In other words, the word ‘cause’ seemed to be used in the sense of ‘bringing about an effect or results’.


Further, in Saleha Hussin lwn. AB Wahid Nasir & Yang Lain [2004] 2 CLJ 204, the Court held that a television broadcasting company was liable for copyright infringement although they had no knowledge that the infringing work, a television program, had infringed the copyright of the Plaintiff. In the said case, the learned Judge, Abdul Hamid Mohamad HMP in his judgement, relied on the English case of Mansell v. Valley Printing Co.[1908] 2 Ch. 441 where the Court held that a person who infringed another person’s copyright is liable to the owner of the copyright although he is not guilty or had knowledge of the infringement.


Liability of Internet Application Service Provider for Fraud

To date, there have not been any reported cases on the liability of internet service providers for fraud in Malaysia. We have made extensive research on the position in the United Kingdom and the United States of America but our research did not yield any results.


  1. Fraud is defined in Clerk & Lindsell at page 1012 as “The tort involves a false representation made by the defendant, who knows it to be untrue, or who has no belief in its truth, or who is reckless as to its truth. If the defendant intended that the claimant should act in reliance on such representation and the claimant in fact does so, the defendant will be liable in deceit for the damage caused”

In order to prove fraud, the other party will have to show that there is a representation of a past or existing fact. The representation may be either express or implied from conduct. Representation implied by conduct is whereby a party conducts himself in a particular way with the purpose of fraudulently inducing another to believe in the existence of certain things which is contrary to the facts and to act upon the basis of its existence which causes the other party to suffer damages. Thus, there must be a deliberate concealment with the intention to defraud.

In the leading case of Derry v Peek (1889) 14 Appl. Cas.337, Lord Herschell laid down the essentials of fraud in the following proposition:


“First, in order to sustain an action of deceit, there must be proof of fraud and nothing short of that will suffice. Secondly, fraud is proved when it is shown that a false representation as been made (i) knowingly, (ii) without belief in its truth, or (iii) recklessly, careless whether it be true or false. Although I have treated the second and third as distinct cases, I think the third is but an instance of the second, for one who makes a statement under such circumstances can have no real belief in the truth of what he states. To prevent a false statement from being fraudulent, there must, I think, always be an honest belief in its truth”.

 In order to establish fraud, the state of mind of the Defendant as regards to his knowledge of the falsity or belief in the truth is essential in proving fraud. The representation must be untrue to the Defendant’s knowledge and made with the intent to deceive which is acted upon by the Plaintiff. Therefore, the Defendant may still be liable for fraud even if they did not obtain knowledge of the untruth of his statement until after it has been made and becomes aware of it before the Plaintiff acted upon it. For IASP, if their role is merely as a conduit to transmit information, we are of the view that they may not be liable for fraud if they do not know of such fraudulent statements.

However, if the IASP is aware of such statements and did not act accordingly when receiving a complaint of the same, the IASP may be subjected to legal action by aggrieved parties.



 Although the general legal duty of an IASP in Malaysia has been lined up in the Code, the Code does not provide for matters which are contentious. The Malaysian parliament has not enacted specific legislations to address the legal liability of an IASP unlike the United States of America.

In view of the uncertainty, certain IASP in Malaysia had taken steps to include exclusion clauses and also indemnity clauses against their subscribers in their service agreements.

Leave a Reply