PETALING JAYA: Age checks on social media would remain toothless unless anchored
to a strong national digital identity system, experts say.
Malaysian Cyber Consumer Association president Siraj Jalil said methods such as
date-of-birth forms or platform-level screening are easily bypassed by tech-savvy children.
Instead, he called for a “layered age assurance by design” model tied to the government’s MyDigital ID framework.
“eKYC (electronic Know Your Customer) could help, but it must be combined with MyDigital ID under the National Cyber Security Agency. That way, age checks are linked to verified identity at the SIM card, device and digital account level, not just a form field,” he told theSun.
He added that artificial intelligence
(AI)-based facial recognition could act as an extra filter, if built with privacy safeguards.
He also said other countries have moved in this direction. The UK’s Online Safety Act 2023 mandates age verification for high-risk platforms. France uses an anonymous system that confirms only age status. Germany and Italy rely on eID cards with embedded chips, while Australia is testing a layered mix of official documents, AI estimation and behavioural signals.
“These examples show national frameworks are more effective than leaving enforcement to private platforms.”
He said while no system is foolproof, the aim should be to raise barriers, not chase perfection.
“Children would still try to bypass restrictions. That is why relying on a single mechanism will not work. The goal is to reduce risks and limit underage access, not achieve zero bypass.”
However, he cautioned against sacrificing privacy.
“If account-linking or sensitive data sharing is forced, it raises major risks of leaks and misuse. MyDigital ID should be the root of trust. With tokenisation, platforms only get a verified age status, not full personal details, balancing privacy with compliance.”
Siraj said the right balance rests on three pillars: protecting children from harmful content, safeguarding privacy and keeping platforms fair and accessible.
International Islamic University Malaysia deputy legal adviser Dr Sonny Zulhuda agreed, adding that Malaysia cannot delay strengthening its digital identity framework.
He described fake accounts and mismanaged identities as critical cybersecurity weaknesses.
“Our digital infrastructure has grown, but cybersecurity remains a non-negotiable prerequisite. The World Economic Forum ranks misinformation and disinformation as the top global threats for the next two years. Identity theft and fraud are gateways for both.”
He also said Malaysia has the legal foundations through the amended Personal Data Protection Act 2010, the Cyber Security Act 2024 and the Data Sharing Act 2025.
“The Data Sharing Act is crucial to synchronise systems such as MyDigital ID and MyKad. Digital identity is now a matter of national security and resilience.”
