Asia's cyber future: control, code and the new legal frontier
By any measure, Asia is no longer just catching up in cybersecurity—it's redefining what the legal future of the digital world might look like. That future, though, is anything but cohesive.
As nations in the region push ahead with ambitious digital transformations, they're also rewriting the rules of online conduct, each in their own style, driven by distinct political pressures and national objectives.
The urgency is not abstract. In the first three months of 2025, the region accounted for nearly half of global data breaches. Not a typo—43%. And the attacks aren't just increasing in number. They're sharper and more systemic.
Intrusions jumped by over 100% compared to the same period last year. Across capitals from Dhaka to Seoul, lawmakers are racing to catch up—not just with criminals but with each other.
What's emerging is not a unified playbook but a clash of legal imaginations. Some are focusing on digital sovereignty. Others on AI accountability. Few agree on definitions. Fewer still on enforcement.
However, taken together, the shifts underway across Asia offer a revealing glimpse into how different societies are navigating the risks and promises of the digital age.
Bangladesh may have surprised even its critics when it tore up its controversial 2023 cyber law this May and replaced it with something far more rights-oriented. The new ordinance doesn't just add some civil liberty language to old rules. It treats internet access as a civic entitlement—a radical departure for the region.
At the heart of the reform are three major shifts. First, it directly tackles AI-generated abuse, criminalizing the use of deepfakes and synthetic media for harassment and disinformation. It goes beyond regional peers by including politically manipulative content in its net. Second, platforms now have 72 hours to take down flagged content.
Notably, protections for journalists were written in, shielding reportage from takedown demands. Third, district-level cyber tribunals have been empowered to clear a backlog of tens of thousands of cases—an administrative nightmare that had previously gummed up the justice system.
Still, all is not settled. One provision bans online content deemed hateful to religion but offers no clear guidance on what that means in practice. Platform moderators are now caught between local enforcement and vague standards—a legal ambiguity that recalls similar tensions in Pakistan.
In January, Pakistan passed amendments that created a new Digital Rights Protection Authority designed to oversee—and in many ways, control—online speech. The law grants the body broad authority to block content considered harmful to 'national cohesion,' a term that raises eyebrows for its vagueness.
Yet it also breaks new ground. Companies are now required to publish the accuracy rates of their AI moderation tools, a move that has not been attempted anywhere else. And under the new data rules, foreign platforms must localize data for Pakistani users—a mandate that's putting them on a collision course with multinational cloud providers.
But the most debated feature is the financial penalty. Anyone found spreading 'fake news' faces a steep fine—just over $7,000. Since the law passed, a majority of journalists surveyed have reported pulling their punches. The chill is real.
India's approach in 2025 has been a study in contrasts. On paper, the country has strengthened its central cybersecurity apparatus. CERT-In now requires organizations to report breaches within six hours, especially in sectors like finance. It's one of the fastest mandates in the world.
Yet enforcement is uneven. While the Reserve Bank has pushed ahead with sophisticated monitoring requirements for fintechs, the Health Ministry is behind schedule by over a year on medical cybersecurity guidelines.
The result is a patchwork: some sectors are under constant surveillance while others are barely regulated at all. This fragmentation risks creating blind spots where threats can hide in plain sight.
Singapore remains the gold standard for rule-based digital governance. Its recent amendments extend protection to temporary critical infrastructure—like cloud systems used during elections—and demand rigorous annual security audits. Vendors working with state systems must now sign binding cybersecurity clauses. There's even a mandate for AI-powered stress testing of defenses.
That's one end of the spectrum. On the other, countries like Vietnam continue to allow the market to set its own pace. A striking 78% of Vietnamese fintech firms still lack formal breach response protocols. The legal inertia there stands in contrast to regional initiatives trying to foster a more unified cybersecurity front.
ASEAN, to its credit, is experimenting with shared threat intelligence and harmonized reporting formats. The effort has improved regional ransomware tracking, though not without friction. Malaysia's insistence on strict data localization laws, for example, makes real-time threat sharing harder than it should be.
Japan's 2025 data protection amendments have tried to strike a balance. On one hand, they reduce the burden on certified companies by extending breach reporting deadlines. On the other, they push forward on AI and biometric oversight.
New rules require audits for facial recognition systems in public spaces. At the same time, Japan has greenlit the use of personal data for AI model training without prior consent—a controversial, but calculated bet to stay ahead in the generative AI race.
South Korea, meanwhile, is shaping the frontier. Its AI Framework Act, set to roll out later this year, introduces mandatory algorithmic impact assessments for public systems with large user bases. Political content generated by AI must be watermarked.
Financial institutions are now on the clock to adopt quantum-proof encryption before 2027. These are not just technical tweaks; they're policy bets on how the future will unfold.
Then there's China. Its revised Cybersecurity Law doubles down on surveillance and state control. New provisions restrict biometric data collection—no gait analysis or keystroke tracking without official approval.
The definition of 'critical data' has expanded to include electric vehicle systems and smart grids. Fines for repeat violations can now hit 5% of global revenue, and they apply retroactively. Compliance, especially for foreign firms, is becoming a labyrinth.
Beneath all these laws lies a deeper issue: people. Or rather, the shortage of them. Asia faces a cybersecurity talent gap that's now over three million people.
In India, there's one chief security officer for every 12,000 companies. In Indonesia, more than half of new hires don't understand basic encryption. Singapore has started subsidizing AI security certifications, and it's helping, but slowly.
Legal bottlenecks are also slowing down cross-border enforcement. Mutual legal assistance requests between ASEAN nations and China often take more than a year. Standards on cryptocurrency tracing vary wildly. South Korea allows AI-based forensic evidence; Indonesia doesn't even recognize it.
Three themes are beginning to dominate: the regional race to regulate AI, the mismatch in incident response timelines and the outsourcing boom that's turning cybersecurity into a service industry. Roughly 40% of ASEAN firms now rely on offshore security operations teams—many of them in India or Israel.
Where does it all go from here? Much depends on whether countries can align on legal frameworks for AI accountability, quantum-era encryption, and cross-border evidence sharing.
Talks are already underway. Vietnam and Indonesia are preparing new cybersecurity bills for later this year. What they choose to emphasize—or ignore—will shape the next phase.
The legal battles of this digital era won't be fought in courtrooms alone. They'll be written into contracts, baked into software and hashed out between regulators and engineers. And increasingly, Asia is where that future is being drafted—in multiple languages and under wildly different philosophies of control.
Md. Ibrahim Khalilullah is a law student and vice president of the Bangladesh Law Alliance (BLA).
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
South China Morning Post
2 days ago
- South China Morning Post
US venture capital firms visit China to study its AI scene as DeepSeek rekindles interest
Joshua Kushner's Thrive Capital and investment firm Capital Group have in recent months visited China to learn about its artificial intelligence (AI) industry, joining a growing number of US investors rekindling interest in the country after DeepSeek's advances stunned Silicon Valley. Advertisement Senior people at Thrive met companies and funds in China to discuss AI, people familiar with their visit to the country said. Kushner did not join the delegation, one of the people said, asking to remain anonymous discussing a private event. At the same time, Capital Group – one of the world's largest funds – dispatched senior executives to China to find out more about the AI scene, the people said. Joshua Kushner, the brother of US President Donald Trump's son-in-law Jared Kushner, seen with his wife Karlie Kloss. Photo: Invision/AP The outreach underscores tentative but mounting interest in a once-overlooked Chinese AI industry that is getting reassessed since DeepSeek proved a home-grown firm can design a platform on par with the likes of OpenAI and Anthropic.
HKFP
3 days ago
- HKFP
Taiwan chip giant TSMC forecasts record profit in 2025 on soaring AI demand
Taiwanese chip titan TSMC said Tuesday that it expected to see record earnings this year as it increased semiconductor production capacity to meet soaring demand for AI technology. Taiwan Semiconductor Manufacturing Company is the world's largest contract chipmaker and counts Nvidia and Apple among its clients. While US tariffs have had 'some' indirect impact on the firm, chairman and chief executive CC Wei said the artificial intelligence business would remain 'very strong'. 'Our revenue and profit this year will set new historical highs,' he told the company's annual shareholders meeting. With AI demand 'very high', the company was trying to 'increase production capacity to satisfy our customers', Wei said. But he denied reports that the company was planning to build factories in the Middle East. TSMC has been under pressure for years to move more of its production away from Taiwan, where the bulk of its fabrication plants are located, amid worries about China. Beijing claims the island is part of its territory and has threatened to use force to bring it under its control. The chip firm has in recent years broken ground for plants in the United States, Europe and Japan. Bloomberg News, citing unnamed sources, reported last week that it was considering building an advanced facility in the United Arab Emirates. 'I think rumours are really flying everywhere,' Wei said. TSMC last month reported sales of NT$349.6 billion (US$11.6 billion) for April, a rise of 48.1 percent from a year earlier and up 22.2 percent from March. The surge came after US President Donald Trump's global tariff blitz spurred companies to stock up, owing to fears that higher levies were in the pipeline. Wei told shareholders that TSMC's business 'may be affected' if tariffs force up prices and demand for chips falls, but he added: 'Our business will still be very good.' 'I am not afraid of anything, I am only afraid that the world economy will decline,' he added. TSMC has been in the crosshairs of Trump, who has accused Taiwan of stealing the US chip industry. There had been hopes TSMC's plan to invest an additional US$100 billion in the United States would shield Taiwan from new tariffs. Trump still imposed a 32 percent duty on imports from the island as part of his sweeping tariffs — which were later paused for 90 days — but excluded semiconductors. Washington has launched 'national security' probes into the sector, which could pave the way for levies on chips and chipmaking equipment.
South China Morning Post
3 days ago
- South China Morning Post
Malaysia's AI speed trap plan sparks anger, critics say deadly lorry crashes more pressing
Malaysia 's plan to use artificial intelligence to fine speeding drivers has drawn public ire, with critics accusing the government of prioritising revenue collection over road safety while ignoring the country's deadly record of lorry-related accidents. The government's proposed Automated Awareness Safety System (Awas) would calculate a vehicle's average speed by tracking the time taken to travel between tollgates. Those found exceeding the speed limit would be issued an automatic fine of up to 300 ringgit (US$70), without any human oversight. The transport ministry had scheduled two pilot tests on accident-prone highways in June but has since paused the roll-out, a ministry spokesman told This Week in Asia on Tuesday. Still, public anger has not subsided, with many Malaysians saying the plan would unfairly penalise drivers while allowing larger – and more dangerous – road safety threats to persist. 01:45 Asean leaders sign Kuala Lumpur Declaration as Malaysian PM warns of 'unsettled' international order Asean leaders sign Kuala Lumpur Declaration as Malaysian PM warns of 'unsettled' international order 'There are so many other useful things that MoT can do, but they choose to carry out ridiculous things like this,' read a Facebook comment on a post discussing the speed trap system, referring to the Ministry of Transport by its acronym. 'Do they understand that accident statistics involving lorries are alarming? No solution in sight only burdening the people.'
