July 16, 2026

Malaysia’s digital regulations and the VC question

  • A new Oxford Economics study says Malaysia’s digital regulations are pushing up startup costs and denting venture capital.
  • The study was commissioned by an industry coalition, and the headline RM792 million figure is a projection, not a forecast.

Malaysia’s digital regulations have become a fixed line item in startup budgets, and a new study argues they are starting to show up in places founders care about more: the venture capital they raise. The reportDigital Regulations and the Startup Ecosystem in Malaysia, was produced by Oxford Economics and released this month. Its most quoted figure is a warning.

If Malaysia shifts to a more restrictive regulatory path, modelling estimates that venture capital could fall by 26% between 2026 and 2035, roughly RM792 million per year, with about 22,000 fewer startup jobs supported by 2035. Two things are worth holding in mind before that number travels. It was commissioned by Digital Prosperity Asia (DPA), an advocacy coalition whose secretariat is run by the public-affairs firms Access Partnership and APCO Worldwide, and whose consistent line is that digital rules should stay light-touch and data should move freely across borders.

And the RM792 million is a modelled scenario, not a forecast, one the authors themselves call “a major change of direction” from what they describe as Malaysia’s current “broadly enabling” approach. A separate, lighter-touch scenario in the same model would instead lift VC by 6%.

What Malaysia’s digital regulations are costing startups

Set the projection aside, and the survey underneath it is the more grounded part. Drawing on 500 ecosystem participants, 350 startups, 100 venture capital firms and 50 incubators, polled between January and February 2026, the study finds compliance has become structural rather than occasional.

Some 88% of startups report operational constraints from digital regulations, 23% of them major or severe; 81% say the rules have raised their compliance costs, with a majority now spending more than 5% of operating costs on compliance and 39% of those spending above 15%. That money comes from somewhere.

Two-thirds (67%) of startups say funds are being pulled from research and development toward compliance, and 57% report slower product development or longer time-to-market. The squeeze is sharpest in hiring: 74% cite rising costs for compliance, cybersecurity and data-governance skills, while 43% struggle to bring in foreign technical talent and 47% to hold on to local expertise. Asked what worries them most, startups point first to data governance (36%), then cybersecurity (27%) and AI (20%).

For investors, the issue is less cost than uncertainty. Some 63% of startups say regulation makes capital harder to raise; 73% of VCs say it clouds their expected returns. Under a stricter regime, the share of startups expecting more investment falls from 47% to 27%. “Uncertainty is the biggest challenge,” Wing Vasiksiri, a partner at the venture firm Analog Ventures, says in the report. “If rules are clear, you can model the costs, but ambiguity makes it much harder to build and scale.”

A study with a point of view

None of that means the coalition’s conclusion follows. The report is careful to say its argument is “not less regulation, but better-designed regulation”, and its own evidence complicates the cost story. Just over half of startups (53%) say the rules have increased customer trust in their products, a benefit the report notes is real but uneven.

Malaysia’s move to align its data-protection law with Europe’s GDPR, often filed under compliance burden, is also what lets local startups sell into markets that demand those standards. Where the study is on firmer ground is coherence. Malaysia’s Personal Data Protection Act was amended in 2024 and 2025 to add breach notification, data-protection officers and portability, while the Cyber Security Act 2024 sits under a separate regulator, the national cyber agency NACSA.

As the report notes, a single incident can trigger parallel reporting to two authorities on different timelines, friction that has little to do with how strict the rules are and everything to do with how they fit together. That question is about to get harder. The Online Safety Act’s risk-mitigation code took effect on June 1, 2026, and Malaysia’s first AI Governance Bill went to Cabinet in June and opened for public consultation in July.

The Malaysia findings are one slice of a wider Oxford Economics study that also covers India and South Korea, where governments are wrestling with the same balance. The fair reading is that both the warning and the interest behind it are real. Malaysia is building a digital economy and tightening the rules around it at the same time, and the friction that creates for startups is genuine.

But the RM792 million headline belongs to a scenario the country has not chosen, written for a group that would prefer it never does. The more useful question the study raises is the quieter one: not whether to regulate, but whether Malaysia can make its rules line up.

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.

TNG – Latest News & Reviews