THE Government’s move to introduce MyDigital ID as a mandatory age verification mechanism for social media users is being positioned as a major cybersecurity safeguard designed to protect children online while preserving personal privacy.
National Cyber Security Agency (NACSA) chief executive officer Dr Megat Zuhairy Megat Tajuddin said the digital identity framework would enable platforms to verify whether users meet minimum age requirements without granting access to sensitive personal information, thereby reducing the risk of data breaches, identity theft and cyber exploitation.
The initiative forms part of wider efforts to prevent children under the age of 16 from opening social media accounts under new regulatory requirements scheduled to take effect from 1 June.
According to Megat Zuhairy, concerns that age verification could expose users to additional privacy risks are misplaced because MyDigital ID has been specifically designed to limit the sharing of personal data.
"MyDigital ID does not require users to submit or store physical ID copies, nor does it store biometric data such as fingerprints or facial images.
"Instead, it verifies users against official records held by the National Registration Department (NRD) to ensure that sensitive data remains within a secure and trusted government system," Bernama quoted him saying today.
He explained that the system acts as a secure intermediary between users and social media platforms, providing only the information necessary to verify eligibility while preventing companies from harvesting additional personal details.
Unlike conventional registration methods that often require users to upload identification documents or repeatedly disclose personal information, MyDigital ID centralises verification through a protected government-controlled infrastructure.
Megat Zuhairy said this approach significantly reduces the overall cyber risk profile by minimising data duplication and limiting the number of locations where sensitive information is stored.
"The objective is clear: to enable verification without expanding the attack surface. By limiting data sharing, avoiding duplication, and centralising verification within a secure national system, we can protect children online without compromising privacy," he said.
He added that government agencies are subject to strict data management and retention requirements designed to ensure personal information is neither stored unnecessarily nor accessed without authorisation.
"Personal data is retained only for as long as necessary and in accordance with legal requirements, with safeguards in place to prevent misuse, unauthorised access, or unnecessary storage," he added.
Authorities also believe the system will make it substantially harder for underage users to circumvent social media restrictions.
Megat Zuhairy noted that verification through physical identity documents combined with live facial recognition checks provides a significantly higher level of assurance than traditional email-based registration systems, which can easily be manipulated.
While acknowledging that some determined users may still attempt to bypass the controls, he said the government is strengthening the legal framework to address misuse of digital identity systems.
He revealed that the forthcoming Cybercrime Bill is expected to introduce specific offences covering the misuse of digital identity credentials, including the unauthorised sharing of passwords and the provision of another individual's digital identity for fraudulent purposes.
"This is important as it reinforces accountability and ensures that the misuse of digital identity can be effectively addressed under the law," he said.
He described Malaysia's decision to introduce stricter age verification requirements as part of a broader international trend aimed at enhancing child protection in the digital environment.
He added governments worldwide are increasingly seeking stronger safeguards against cyberbullying, harmful online content, digital exploitation and other threats facing young internet users.
The new requirements will be implemented through the Children's Protection Code and Risk Mitigation Code introduced under the Online Safety Act, overseen by the Malaysian Communications and Multimedia Commission.
Under the framework, social media users will be required to verify their age using MyDigital ID or official government-issued identification documents such as identity cards or passports before access can be granted.
The policy marks one of Malaysia's most significant online safety initiatives to date, reflecting the government's efforts to balance digital participation, cybersecurity and privacy protection while strengthening safeguards for children in an increasingly connected world. - May 30, 2026
.JPG.JPG)
