Malaysia's standards machinery for connected devices is quietly getting more ambitious. The Malaysian Technical Standards Forum Bhd (MTSFB) — the industry forum designated by regulator MCMC to draft the country's communications technical codes — has opened a draft Internet of Things – Functional Safety Requirements technical code for public comment, with submissions closing 6 June 2026. It comes out of MTSFB's Security, Trust and Privacy working group (WG6), which also has an IoT – Security Management (First Revision) and an AI Cybersecurity Architecture Requirements code moving through its pipeline.
The draft's defining feature is what it does not do: rather than invent a Malaysia-specific safety rulebook, it anchors itself to two established international references. It aligns with IEC 61508, the International Electrotechnical Commission's foundational standard on the Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems, which defines a four-tier scale of Safety Integrity Levels (SIL 1–4) and a full safety lifecycle. And it leans on ITU-T Recommendation Y.4806, Security capabilities supporting safety of the Internet of things, approved by ITU-T Study Group 20 in November 2017. On those foundations the draft reportedly recommends secure over-the-air (OTA) software updates, fail-safe software mechanisms, and secure data flows for connected devices.
The case for codifying functional safety
The strongest argument for this code is straightforward and worth stating plainly. IoT is no longer confined to smart bulbs and fitness trackers; it increasingly governs systems where a software fault becomes a physical hazard — industrial automation, transport, building management, and medical devices. ITU-T Y.4806 was itself written in the shadow of the TRITON attack on industrial safety controllers, a concrete demonstration that a cyber intrusion can defeat the very systems meant to keep a plant from exploding. In that world, treating "security" and "safety" as separate disciplines is a category error. A device that cannot receive a patch, or that fails in an unpredictable state, is not merely insecure — it is dangerous. A common, internationally legible baseline for OTA updatability and fail-safe behaviour is a reasonable public-interest goal, and Malaysia is right to take it seriously.
What the draft actually asks for
The recommended controls map cleanly onto problems regulators worldwide have already identified. Secure OTA updates address the single most common failure in the installed base — devices that ship and are never patched again. Fail-safe software mechanisms borrow IEC 61508's core principle that a safety-related system "must work correctly or fail in a predictable (safe) way." Secure data flows extend the confidentiality and integrity assumptions of Malaysia's existing IoT codes into the safety domain.
This is layering, not a cold start. WG6 has built out a stack over several years: IoT – Security Management (TC G013:2018), IoT – Application Security Requirements (G031:2021), IoT – Device Security Requirements (G045:2024), and IoT – Privacy Requirements (G056:2025). A functional-safety code slots into that architecture as the layer that says: when a connected device can hurt someone, security controls must serve safety outcomes, graded against SIL 1–4 rather than applied uniformly. Crucially, IEC 61508 is risk-tiered by design — it does not demand SIL 4 redundancy of a smart thermostat. A code that inherits that proportionality is far better than a one-size rulebook.
The proportionality question
Here is where Malaysia's choices over the next year matter more than the text itself. MTSFB technical codes are developed by industry and then registered by MCMC under the Communications and Multimedia Act 1998. Registration is the hinge: a voluntary reference document can, once registered, become an effective compliance expectation enforced by the regulator. The instinct to align with IEC 61508 and ITU-T Y.4806 is exactly right — global interoperability lowers cost, lets Malaysian manufacturers sell into export markets without re-engineering, and avoids the trap of a bespoke national standard that fragments the market. But that benefit evaporates if the code drifts from the international baselines it cites, or if registration converts a sensible engineering reference into a rigid, prescriptive mandate before the market has matured.
Three risks deserve attention during the comment window. First, scope creep: functional-safety obligations belong on devices with genuine physical-harm potential, not on every connected gadget. The draft should keep that boundary sharp. Second, SME burden: full IEC 61508 conformity assessment is expensive, and Malaysia's IoT sector — projected to grow at a double-digit annual rate through the decade — is heavy with smaller integrators. A code that demands heavyweight certification regardless of risk class will simply push them toward grey-market imports. Third, version lock-in: international standards evolve, and a registered code that freezes a 2017 recommendation in regulatory amber ages badly.
What good looks like
The proportionate path is visible from here. Keep the code voluntary or, at most, mandatory only for clearly safety-critical device classes. Preserve the SIL-graded, risk-based structure so obligations scale with hazard, not with the mere fact of connectivity. Reference international standards dynamically rather than transcribing a snapshot. And use the comment period as genuine consultation — the value of an industry-led forum like MTSFB is precisely that the people who build and ship devices get to flag where a control is unworkable before it hardens into a registered code.
Malaysia is making a smart structural bet: that the answer to insecure connected devices is convergence on global safety standards, not regulatory improvisation. The bet pays off only if the country resists the temptation to gold-plate it. Stakeholders have until 6 June to make that case.