Malaysia's Proposed Social Media Ban for Children: How It Compares with Australia and Singapore

Malaysia plans to ban children under 16 (“Under-16s”) from having social media accounts beginning in 2026. The proposal, part of a wider Online Safety Act expected to start on 1 January 2026, foreshadows the implementation of electronic know‑your‑customer ("eKYC") checks with official IDs. Malaysia is studying overseas models, especially Australia's regime starting in December 2025, and wants platforms ready for eKYC in 2026. Singapore has taken a different approach by regulating app stores through a Code of Practice (effective 31 March 2025) focused on age checks and reducing harmful content.

This Legal Update outlines the key features, shows where the approaches align or differ, and sets out practical steps for platforms and app stores.

Malaysia's Proposal: Clear Age Rule and ID‑based Checks

Malaysia's Cabinet has approved raising the minimum age for social media accounts to 16, aiming to implement in 2026.

Two key points have been raised:

• Bright-line rule: Under-16s would not be allowed to have social media accounts.
• eKYC verification: The government has indicated that platforms are expected to verify age using official IDs (MyKad, passports, MyDigital ID) at the point of registration.

This signals a preference for high‑certainty, document‑based age checks. Malaysia has said it will watch Australia's rollout to align with best practice while using its local ID systems.

Australia's Framework: "Reasonable Steps," Flexible Methods, and Strong Penalties

Australia's Social Media Minimum Age law sets 16 as the minimum age for social media accounts, with obligations starting on 10 December 2025. Platforms must take reasonable steps to stop under‑16s from having accounts. The rules focus on social interaction features and exclude certain categories by regulation.

The key elements are as follows:

• Principles-based approach: Guidance from the eSafety Commissioner ("eSafety") calls for layered, proportionate age checks, detection and deactivation of underage accounts, and controls to reduce circumvention, all with reliability, privacy and transparency. Platforms should track effectiveness and improve over time.
• Flexible methods: Platforms can use ID verification, age estimation (e.g., facial analysis) and inference (behavioral signals), with caution near age 16. If government ID is offered, a reasonable alternative must also be provided; ID cannot be the only option.
• Enforcement: Civil penalties can be severe (up to 150,000 penalty units for companies, around A$ 49.5 million). eSafety has several strong powers, including information requests, infringement notices, injunctions, and public statements. Privacy oversight sits with the Office of the Australian Information Commissioner.
• Broader system: The law links to Basic Online Safety Expectations, industry codes and content safety schemes to address serious harms. Overall, Australia sets a uniform age, requires reasonable steps, and backs this with guidance, privacy rules and penalties.

Singapore's Code for App Distribution Services: Regulating the Gateway

Promulgated under the Broadcasting Act, Singapore's Code of Practice for Online Safety – App Distribution Services (the "Code") took effect on 31 March 2025. Rather than setting a universal social media age limit, it regulates app stores such as the Apple App Store, Google Play, Huawei AppGallery, Microsoft Store, and Samsung Galaxy Store.

Core obligation imposed on app stores are as follows:

• Age assurance: App stores must establish a user's age or age range with reasonable accuracy, or submit rollout plans to the Info-communications Media Development Authority ("IMDA") if not yet implemented. Methods may include AI facial analysis, machine learning, or verified identification sources (digital ID, payment instruments), subject to compliance with Singapore's Personal Data Protection Act and guidance published by the Personal Data Protection Commission regarding data minimisation and children's data.
• Content moderation and stricter child standards: App stores must review apps before release, detect and remove child sexual exploitation and terrorism content (including grooming and recruitment), and publish clear content guidelines covering harmful categories. Stricter standards apply to content accessible by children.
• Reporting and accountability: App stores must offer effective reporting channels, act quickly on reports (especially for serious harms), and publish annual online safety reports. Non‑compliance can lead to sanctions, including blocking of the app store.

Singapore's model uses app stores to restrict access to age-inappropriate apps and to strengthen safety earlier in the user journey. While it does not set a 16+ rule for all social media, it enforces age ratings and age checks at the store level. Singapore has also said it is studying bans similar to Australia's.

Comparative View: Common Goals, Different Tools

All three systems aim to reduce risks to children and hold platforms accountable. They differ in how they do this:

• Age rule vs "reasonable steps": Malaysia and Australia set a minimum age of 16. Australia requires "reasonable steps" with layered checks and privacy. Malaysia leans towards mandatory eKYC. Singapore does not set a universal social media age, but requires app stores to enforce age ratings and checks.
• Privacy and methods: Australia bans ID-only verification and demands reasonable alternatives and privacy safeguards. Singapore ties age checks to PDPA principles with IMDA oversight. Malaysia's ID focus suggests high-certainty checks, but it will need alternatives, minimisation and strong security, plus ways to challenge errors.
• Scope: Australia regulates social media services directly and uses industry codes that also touch app stores. Singapore regulates app stores with detailed duties. Malaysia currently focuses on social media platforms.
• Enforcement: Australia backs rules with large penalties and strong powers. Singapore can sanction or block app stores. Malaysia's enforcement details are not yet public, but eKYC supports clear audit trails at sign-up.
• Circumvention: Australia stresses controls like liveness checks, device/behavior signals and multi-factor authentication. Singapore requires proactive detection and fast removal of the worst content and related activities. Malaysia's eKYC will deter casual sign-ups but needs extra measures against account sharing, spoofing and ID fraud, and easy appeal routes.
• User experience: Australia encourages clear, kind deactivation of under-16 accounts, with data download and reactivation at 16. Singapore pushes parental tools, default-restrictive settings and transparency. Malaysia should provide clear guidance for transitions and support.

Practical Implications and Outlook for Malaysia

Across Malaysia, Australia and Singapore, platforms should expect to: use robust age checks, find and deactivate underage accounts, stop re-registration, and report results. App stores face upstream duties to assess age, control harmful content and publish transparency reports.

Malaysia will likely use document-based checks, but the regional trend is towards layered systems (verification, estimation, inference) with privacy safeguards, alternatives to government ID and human review. Platforms should also plan clear, compassionate transitions for under-16s (including data portability and reactivation at 16) and invest in anti-circumvention measures, while aligning interfaces, parental tools and transparency with local rules such as Singapore's app store Code.

Looking ahead, Malaysia's strong 16+ rule and eKYC provide a high-certainty baseline. The framework would be stronger if it also offered layered age assurance, defined alternatives to ID, and clear rules on data minimisation, security, retention and appeals. Guidance on transition pathways and child-friendly communications would help ensure fairness. Malaysia could also add app store gateway regulation, similar to Singapore's Code, to reduce exposure to harmful content. Finally, coordination with regional and international standards—including Australia's guidance and emerging ISO age assurance frameworks—would make implementation smoother and more consistent across markets.