On 19 February 2025, the Securities and Futures Commission (SFC) issued a regulatory roadmap for Hong Kong’s virtual asset market. Entitled “‘A-S-P-I-Re’ Roadmap for a Resilient Virtual Asset Ecosystem”, it sets out a five-pillar framework (Access, Safeguards, Products, Infrastructure, and Relationships) that is intended to serve as a strategic action plan for addressing emerging new priorities in the virtual asset space (e.g., managing liquidity fragmentation and ensuring investor protection across decentralized and centralized platforms) and, in the SFC’s words, “future-proof[ing] Hong Kong’s VA ecosystem”.

Digital transformation has become a priority for all major companies. This is being driven only further by the spread of artificial intelligence’s commercial use cases and ever-tightening data protection and cybersecurity regulations. However, procuring enterprise software (concerning both the development of custom-made software and “off-the-shelf” software developed for mass use) may give rise to various legal issues. Promptly identifying and addressing these issues can help prevent considerable legal and operational expenses, as well as other inconveniences.

Regulation (EU) 2022/2554, commonly known as the Digital Operational Resilience Act (DORA), represents a significant step forward in enhancing the digital resilience of the financial sector within the European Union. Adopted by the European Parliament and the Council on 14 December 2022, DORA aims to establish a comprehensive framework to ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats. The regulation entered into force on 17 January 2025, and applies directly across all EU member states.

The AI Act introduces a comprehensive legal framework for companies dealing with AI systems in the EU. From 2 February 2025, companies subject to the regulation must take steps to ensure AI literacy and ensure that no prohibited AI practices are used. Non-compliance could lead to substantial fines.

The Malaysian Communications and Multimedia Commission (MCMC) has announced that it is holding a public consultation on the draft Code of Conduct (Best Practice) for Internet Messaging Service Providers and Social Media Service Providers (“Draft Code of Conduct”).
The objective of the public consultation is to collect public opinion on the Draft Code of Conduct, which outlines the best practices for applications service provider class licence holders who offer Internet messaging and social media services in Malaysia to address harmful online content and other relevant conduct requirements.

On 19 July 2024, pursuant to the National Payment Systems Act, the Bangko Sentral ng Pilipinas (BSP; Philippine Central Bank) issued Circular No. 1198, Series of 2024 on the Regulatory Framework for Merchant Payment Acceptance Activities (MPAA). The regulatory framework aims to establish standards and best practices to safeguard customer funds and protect merchants’ rights when dealing with operators of payment systems (OPS) engaged in MPAA.
BSP Circular No. 1198 took effect on 8 August 2024, 15 days after the circular’s publication in a newspaper of general circulation.

The Malaysian Communications and Multimedia Commission (“MCMC”) has announced its intention to introduce a new licensing regime for social media services and internet messaging services on 1 August 2024, with enforcement effective from 1 January 2025 onwards.

Under the current licensing framework, social media services and internet messaging services are exempted from the licensing requirement under the Communications and Multimedia Act 1998 (“CMA”) pursuant to the Communications and Multimedia (Licensing) (Exemption) Order 2000.