The EU Artificial Intelligence Act has been progressively taking effect since 2025, with the biggest tranche of obligations for high-risk AI systems becoming enforceable in August 2026. If your Malaysian business builds software, exports products, or serves European customers, this law may already apply to you.
Most Malaysian business owners we talk to assume this is a European problem. It's not. The EU AI Act has extraterritorial reach. It applies to any company whose AI systems are used within the EU, no matter where that company is based.
Who needs to comply with the EU AI Act?
Any company that places an AI system on the EU market or puts one into service there must comply. That includes providers (who develop AI systems), deployers (who use them), and importers or distributors who bring AI products into the EU.
If you build software with AI features for an EU-based client, or your SaaS product has users in Europe, or your AI components feed into a supply chain that reaches the EU, the Act likely covers you.
Fines for non-compliance can reach €15 million or 3% of global annual turnover. For prohibited AI practices, they're even steeper: up to €35 million or 7% of global turnover, whichever is higher.
What does the EU AI Act mean for businesses?
The Act sorts AI systems into four risk tiers:
| Risk level | Examples | What's required |
|---|---|---|
| Unacceptable (banned) | Social scoring, manipulative AI, real-time public biometric surveillance | Prohibited entirely |
| High risk | AI in hiring, credit scoring, healthcare, education, law enforcement | Risk assessments, data governance, human oversight, documentation |
| Limited risk | Chatbots, AI-generated content | Must disclose AI involvement |
| Minimal risk | Spam filters, AI-powered games, general business tools | No extra rules |
Most Malaysian tech companies building standard business software land in the limited or minimal categories. But if you build anything that touches hiring decisions, credit assessments, or healthcare recommendations for EU clients, you're in high-risk territory. That means risk assessments, data governance plans, human oversight requirements, and detailed documentation.
Which Malaysian sectors are affected?
Malaysian exporters in electronics, medical devices, and automotive are already feeling this. The Edge Malaysia reported that leading exporters are seeing more EU requests for AI-readiness documentation.
It goes beyond manufacturing though. If your company provides AI-powered SaaS tools, chatbots, or automated decision-making systems to EU users, this applies to you too.
Our take: treat this as an opportunity
Most legal analysis we've read focuses on the cost and hassle of compliance. Fair enough. But there's a bigger picture.
Malaysia's National Guidelines on AI Governance and Ethics are voluntary for now. Countries tend to follow the EU's lead on regulation though. Remember GDPR and how it shaped data protection laws worldwide, including Malaysia's PDPA amendments? We expect ASEAN countries to adopt similar AI frameworks within a few years.
Getting ahead of this now means you won't scramble when local regulations arrive. It also gives you an edge with clients who care about responsible AI, and that group is growing fast.
At Gotchaa Lab, when we build AI solutions for clients, we already build in transparency and documentation practices that line up with these requirements. Not because anyone's making us. It just makes the software better, and clients who work across borders notice.
What to do right now
-
Map your AI exposure. List every AI feature in your products and services. Which ones touch EU users or feed into an EU supply chain?
-
Check your risk level. The European Commission has a compliance checker that tells you where your systems fall.
-
Start documenting. Even in the minimal risk category, writing down how your AI systems work, what data they use, and who oversees them puts you ahead of most companies.
Don't panic. But don't sit on this either.
Thinking about how AI regulations affect your software? Let's chat. We'll give you a straight answer on what applies to your business and what doesn't.
This article is for informational purposes and does not constitute legal advice. For specific compliance guidance, consult a qualified legal professional familiar with the EU AI Act.
References
- EU AI Act Compliance Checker - European Commission
- Asean exporters need AI-readiness before EU AI Act takes effect - The Edge Malaysia
- EU AI Act: Key Compliance Steps For Malaysian AI Exporters - Mondaq
- We can't ignore EU's AI Act - The Star
- EU Artificial Intelligence Act: Implications For Malaysian Businesses - NZ Chambers
