It takes a digital village to make the Online Safety Act work

How do we build a safer digital environment without losing sight of access, trust and the social value of being connected?

By   JOANNE B. Y. LIM
02 Jun 2026 02:58pm
ON June1, 2026, Malaysia’s Online Safety Act (ONSA) 2025 moves into a new phase with the Child Protection Code (CPC) and the Risk Mitigation Code (RMC) coming into effect. It is an important moment for Malaysia’s digital ecosystem, but it should not be read only as a regulatory crackdown or a technical compliance exercise. Photo for illustration purposes only.
ON June1, 2026, Malaysia’s Online Safety Act (ONSA) 2025 moves into a new phase with the Child Protection Code (CPC) and the Risk Mitigation Code (RMC) coming into effect. It is an important moment for Malaysia’s digital ecosystem, but it should not be read only as a regulatory crackdown or a technical compliance exercise. Photo for illustration purposes only.

ON June 1, 2026, Malaysia’s Online Safety Act (ONSA) 2025 moves into a new phase with the Child Protection Code (CPC) and the Risk Mitigation Code (RMC) coming into effect. It is an important moment for Malaysia’s digital ecosystem, but it should not be read only as a regulatory crackdown or a technical compliance exercise.

The more important question is how we build a safer digital environment without losing sight of access, trust and the social value of being connected.

As someone who works on digital media, AI, and co-created digital health interventions such as Jiwa Ibu and MyPlantAI, I see the new codes as part of a wider shift towards digital care. The codes can set expectations, and platforms can build safer systems, but families, schools and communities remain central to how children learn judgement, responsibility and care in digital spaces.

The Online Safety Act will not succeed if we treat it only as a question of compliance, platform design, or age verification. It will succeed only if we understand online safety as a shared culture of care: one that begins with regulation, is supported by platforms, but must ultimately be lived at home, in schools and within communities.

The new gateway to digital platforms

The most visible change will be at the point of access. For large licensed social media services, account registration can no longer depend simply on a user typing in a date of birth and clicking through.

Under the CPC, children under 16 are restricted from opening or owning social media accounts on platforms with more than eight million users in Malaysia. This means platforms will need to introduce more reliable forms of age verification or age assurance.

In practice, this may involve government-issued records such as MyKad, passports, or birth certificates, electronic identity checks, or other age-assurance methods accepted within the regulatory framework.

What matters is that these systems are designed with privacy, proportionality and data minimisation in mind. If age verification becomes a new point of data vulnerability, public trust will quickly erode. Platforms will therefore need to be very clear about what information is collected, what is not collected, how long it is kept and when it is deleted.

This is why the shift should not be treated as a simple “login problem”. It changes the relationship between users, platforms and the state. The internet is becoming a more age-aware environment and that can be valuable if it is implemented carefully. But safety cannot come at the cost of excessive data collection or ambiguous decision-making.

Why outcomes-based regulation matters

One strength of the new framework is its outcomes-based approach. Rather than prescribing a single technical solution, the codes set out the safety outcomes expected of service providers. These include restricting under-16 account ownership, reducing children’s exposure to harmful and exploitative content, strengthening reporting and moderation systems, and mitigating risks such as scams, cyberbullying and manipulated content.

This flexibility is important because digital platforms change faster than legislation. A rule that is too specific can become outdated almost immediately. An outcomes-based model gives platforms room to develop solutions that fit their systems, while still holding them accountable for the safety outcomes they are expected to deliver.

At the same time, flexibility must not become vagueness. The success of the framework will depend on clear guidance, transparent reporting and an ongoing feedback loop between the regulator, platforms, civil society, educators, parents and young users themselves. If a verification measure proves confusing, exclusionary, or easy to bypass, the response should not be defensive. It should be corrected, improved and communicated clearly.

Practical risks: privacy, access and bypassing controls

The first practical challenge is data security. Because multiple platforms may need to verify age, many users will be asked to share sensitive identity or age-related information across different services. Families will want reassurance that this information is not being stored unnecessarily, repurposed for commercial profiling or exposed through weak data practices.

The second challenge is access. Not every user experiences digital systems in the same way. Some may not have easy access to documentation, some may share devices within a household and others may struggle with verification processes that assume a particular level of digital literacy. Good regulation needs to protect children without making digital participation unnecessarily difficult for legitimate users.

The third challenge is circumvention. Platforms must also contend with “adult account bypass”: children using an older family member’s profile to skirt restrictions or impersonating an older user by entering a false year of birth.

This is where online safety becomes more complex than a technical tick-box. Age checks may need to be supported by parental tools, reporting pathways, digital literacy and proportionate risk signals. But these systems must be carefully calibrated so that child protection does not slide into excessive surveillance or unnecessarily disrupt the everyday experience of adult users.

Not locking the gates, but building capability

It is also important not to pretend that platforms are starting from zero. Many already offer family-safety tools, privacy settings, parental controls and digital literacy resources. The value of the ONSA framework is that it can raise the baseline across the industry, so that child safety is not treated as an optional feature or a matter of individual parental vigilance alone.

At the same time, regulation should not demonise digital platforms. Online spaces have enabled economic opportunity, learning, creativity and civic participation. In Malaysia, we have seen how a single online post can surface issues that might otherwise remain invisible, from rural connectivity to environmental knowledge and community mobilisation. The point is not to lock the digital gates, but to help children and families navigate them with greater confidence.

This is where digital literacy becomes just as important as digital restriction. Children need to understand why certain spaces are not designed for them, how algorithms shape what they see, how scams and grooming behaviours work and how to ask for help without fear of punishment. Parents and guardians, meanwhile, need support that does not assume they have unlimited time, technical knowledge, or emotional capacity.

Online safety as relational care

Ultimately, online safety is not only a technical problem to be solved by code. It is a relational problem that has to be nurtured through collective care. Technology reflects human intent. A platform can turn on a filter. A government can enforce an age checkpoint. But these mechanisms only manage the environment. They do not, on their own, cultivate judgement.

This is where what I have described as a Digital Media Ecovillage (DMEV) becomes useful. A safe digital environment must be co-produced by the state, platforms, families, schools, civil society and communities. Each has a role to play. The state sets the framework. Platforms build safer systems. Communities translate safety into everyday practices of care, dialogue, and accountability.

The real test of the Online Safety Act is not whether platforms can build better gates. It is whether Malaysia can build a more mature digital culture around those gates. Children do not become responsible digital citizens simply because a system blocks them at the point of entry. They learn through guidance, conversation, trust, and the everyday presence of adults who are willing to walk with them through the digital world.

For the modern Malaysian family, already stretched by work, school, caregivin  and social pressures, the new framework should not be presented as another burden of digital policing. It should be understood as a support structure.

The state and platforms may build the outer safeguards, but the deeper work of raising a digitally mature generation still happens in the spaces that code cannot reach: around the dining table, during shared screen time, in classrooms, and in the small conversations where children learn how to make sense of what they encounter online.

The Online Safety Act will only work if we treat it not as the end of responsibility, but as the beginning of a wider culture of digital care. It takes more than a law, and more than a platform policy, to keep children safe online. It takes a digital village.

Professor Joanne B. Y. Lim is Professor of Digital Media, Communication, and Cultural Studies, and Dean of the Faculty of Arts and Social Sciences, University of Nottingham Malaysia. The views expressed in this article are the author's own and do not necessarily reflect those of Sinar Daily.

Download Sinar Daily application.Click Here!

Online Safety Act
Online Safety Act 2025
ONSA
SOCIAL MEDIA

More Like This
JDT will host FIFA Club World Cup champions Chelsea on Aug 11 at the Sultan Ibrahim Stadium. Photo: Edited via Canva
JDT will host FIFA Club World Cup champions Chelsea on Aug 11 at the Sultan Ibrahim Stadium. Photo: Edited via Canva
COMMENTARY Chelsea, JDT and the reality behind the hype: Can the Southern Tigers trouble The Blues?
By WAN AHMAD ATARMIZI
02 Jun 2026 03:08pm
Malaysia’s football kings against an underperforming European giant.
Malaysia’s proposed under-16 social media restriction is increasingly viewed as a necessary response to rising online risks for children. Photo: Edited via Canva
Malaysia’s proposed under-16 social media restriction is increasingly viewed as a necessary response to rising online risks for children. Photo: Edited via Canva
COMMENTARY A new era for Malaysia's teens as social media rules tighten
By TASNIM LOKMAN
02 Jun 2026 12:33pm
For some, it may feel like the end of an era. For others, it represents a long-awaited step towards better online protection.
BERNAMA FILE PIX
BERNAMA FILE PIX
COMMENTARY Coalition in power, competition at the polls
By FAUZIAH ISMAIL
29 May 2026 02:31pm
Umno’s solo direction raises questions about trust, but not necessarily betrayal.
Muslim pilgrims gather on Mount Arafat, also known as Jabal al-Rahma (Mount of Mercy), southeast of the Saudi holy city of Mecca, on Arafat Day. AFP FILE PIX
Muslim pilgrims gather on Mount Arafat, also known as Jabal al-Rahma (Mount of Mercy), southeast of the Saudi holy city of Mecca, on Arafat Day. AFP FILE PIX
COMMENTARY Hajj at Arafah: Where faith meets physical limits
By FAUZIAH ISMAIL
26 May 2026 09:44am
Between devotion and endurance, stricter health checks reflect a painful but necessary shift — from who can afford the pilgrimage to who can safely complete it.