KUALA LUMPUR, May 30 — The use of MyDigital ID as an age verification method to prevent those under the age of 16 from opening social media accounts will help safeguard user data against cyber threats and prevent sensitive information from being harvested by technology companies.
National Cyber Security Agency (NACSA) chief executive officer Megat Zuhairy Megat Tajuddin said the government’s identity verification system acts as a secure barrier, ensuring that platforms do not have access to user’s underlying personal details.
Addressing data privacy concerns, he said the system eliminates the need for users to share sensitive information across multiple social media platforms, which are often targeted by hackers.
"MyDigital ID does not require users to submit or store physical ID copies, nor does it store biometric data such as fingerprints or facial images.
"Instead, it verifies users against official records held by the National Registration Department (NRD) to ensure that sensitive data remains within a secure and trusted government system," he told Bernama.
Megat Zuhairy explained that from a cybersecurity perspective, this approach significantly reduces the risk of data exposure by creating a single, secure verification layer.
He said social media platforms would only receive the necessary confirmation, such as whether a user meets the age requirement, without gaining access to specific personal particulars.
"The objective is clear: to enable verification without expanding the attack surface. By limiting data sharing, avoiding duplication, and centralising verification within a secure national system, we can protect children online without compromising privacy," he said.
He assured that the government enforces strict data retention policies to protect users.
"Personal data is retained only for as long as necessary and in accordance with legal requirements, with safeguards in place to prevent misuse, unauthorised access, or unnecessary storage," he added.
Megat Zuhairy said verifying users through physical MyKad checks combined with live facial recognition via MyDigital ID is far more secure than using a false email address, significantly raising the barrier for teenagers attempting to bypass the rules.
He acknowledged that determined teenagers may still attempt to find loopholes, but said the government is strengthening its legal framework.
He said the upcoming Cybercrime Bill is expected to introduce specific offences related to the misuse of digital identity services, including the unauthorised disclosure of passwords or the act of supplying another person’s digital identity credentials.
"This is important as it reinforces accountability and ensures that the misuse of digital identity can be effectively addressed under the law," he said.
Describing Malaysia’s move to introduce the age limit as a step in the right direction, Megat Zuhairy noted that the country is not acting in isolation, but is part of a wider global shift to better protect young users from harmful content, cyberbullying, and online exploitation.
Social media users will be required to provide official government-issued identification for age verification following the implementation of two new codes under the Online Safety Act (ONSA) by the Malaysian Communications and Multimedia Commission (MCMC), effective June 1.
Under the Children’s Protection Code (CPC) and the Risk Mitigation Code (RMC), acceptable methods for verification include the use of MyDigital ID or the submission of identity cards and passports to prevent those under 16 from opening social media accounts.
