In a statement, it said the legislation was enacted to enhance the nation’s cybersecurity by providing for:

• The establishment of the national cybersecurity committee;
• The duties and powers of the chief executive of the National Cyber Security Agency (Nacsa);
• The functions and responsibilities of the head of the national critical information infrastructure (NCII) sector and NCII entities;
• The management of cybersecurity threats and incidents affecting the NCII;
• The regulation of cybersecurity service providers through licensing; and
• The making of provisions for related matters.

The PMO said the Act aims to enhance the nation’s cybersecurity of NCII through compliance with specific measures, standards, and processes in managing cybersecurity threats.

Digital minister Gobind Singh Deo told the Dewan Negara in April that NCII encompasses government, banking and finance, transport, defence and national security, as well as information, communication, and digital sectors, which if targeted could cripple the government.

Also listed are healthcare service, water supply and waste management, energy, agriculture and farming, industry and trade, as well as the science, technology, and innovation sectors.

Included in the Act are a number of regulations governing cybersecurity and NCII, mandating regular risk assessment and audits.

Additionally, NCII authorised persons must notify the national cyber coordination and command centre system (NC4 System) of any cybersecurity incidents.

The bill was passed by the Dewan Rakyat on March 27. The Act received the royal assent from the Yang di-Pertuan Agong, Sultan Ibrahim, on June 18 and was gazetted on June 26.

Subsequently, Prime Minister Anwar Ibrahim set today as the date of the Act’s enforcement.