Malaysia's legal landscape is evolving rapidly to accommodate the growing influence of blockchain technology and digital assets across multiple sectors. As these technologies mature from experimental applications to practical business solutions, legal practitioners are grappling with novel questions that intersect traditional law with cutting-edge innovation.

In this insightful Q&A, Justin Yap, Partner at Jonathan, Yuo & Teh, shares his expertise on three pivotal areas where blockchain technology is reshaping Malaysian legal practice. Drawing from extensive experience advising clients on technology implementation and regulatory compliance, Justin addresses how smart contracts can revolutionize construction project workflows while remaining compatible with Malaysia's CIPAA 2012 framework, examines the current state of cryptocurrency regulation in Malaysia compared to regional approaches, and explores how dispute resolution mechanisms are adapting to handle the unique challenges posed by digital assets.

These responses offer valuable perspectives on the practical realities of implementing blockchain solutions in regulated industries, navigating Malaysia's crypto regulatory environment, and preparing for dispute resolution in an increasingly digital world. The insights reflect real-world challenges and solutions that legal practitioners, business operators, and technology innovators encounter when working at the intersection of law and blockchain technology in Malaysia's dynamic regulatory environment.

Question 1: Blockchain Applications in Construction and Infrastructure Projects

I am of the view that smart contracts and permissioned blockchains can streamline the friction points that routinely drive construction disputes such as progress certification, disputed variations, retention sums, extension of time applications/entitlement and final accounts. If it is properly designed, they create a tamper-evident, timestamped record of who did what and when, such as Architect’s Instructions, Interim Payment Certificates (“IPC”), site diaries etc. This will definitely reduce factual disputes about entitlement dates, quantum, and measurement, and it helps cash move on time.

Malaysia’s CIPAA 2012 is a statutory adjudication regime which exists to “pay now, argue later,” delivering a fast, enforceable adjudication decision to keep cash moving on projects, with rights preserved for later arbitration or litigation.

In a blockchain-enabled workflow, the most valuable pattern is milestone-linked payment logic that “listens” to off-chain events already embedded in Malaysian practice such as:

a) an IPC issued by the Architect,

b) a variation order valuation by the Quantity Surveyor (“QS”), or

c) a Certificate of Practical Completion recorded for commencement of the Defective Liability Period

This workflow can schedule payments strictly in line with the contract. Crucially, the code must be “CIPAA-aware”  “Pay-when-paid” or back-to-back payment provisions are void under section 35, so triggers should be anchored to valid certifications or dates rather than to upstream receipts. A permissioned ledger among the Employer, Main Contractor, the Architect, QS, and key personnels can also harmonise evidence for a Payment Claim and Payment Response under CIPAA 2012, and later for arbitration or court, without replacing the underlying contract machinery.

On privacy, keep personal and sensitive data off-chain and store it securely off-chain, while using the blockchain for hashes and audit trails. Most projects keep actual money movement on normal bank rails. The blockchain provides evidence and workflow, not a new currency. Finally, make the contract explicit about electronic records and signatures, and say clearly that the ledger entries, time-stamps and system logs will be accepted as evidence if a dispute later goes to adjudication, arbitration or court proceedings.

Question 2: Malaysia's Crypto Regulatory Landscape and Regional Compliance

We are glad that Malaysia’s approach has settled into a workable model. Since 2019, certain digital assets are treated as securities for capital-markets purposes. The Securities Commission regulates Digital Asset Exchanges and issues rules for token offerings and custody. Operators face the usual compliance expectations around governance and anti-money-laundering, and banks increasingly expect “travel rule”-style counterparty checks before providing accounts. There is no crypto-specific capital gains tax, but revenue-type activity can be taxable, so proper accounting and documentation still matter.

Around the region, the styles differ. Singapore licenses “digital payment token” services, is strict on consumer protection, and has a formal stablecoin framework. Indonesia shifted supervision to its financial regulator in 2025, bringing crypto closer to mainstream financial oversight. Thailand has tightened rules around yield and unlicensed offshore platforms. The Philippines licenses virtual asset service providers and has stepped up enforcement. Vietnam still prohibits crypto as a means of payment but is moving toward a clearer framework through new laws.

From my experience, the practical challenges usually begin with defining the scope of a client’s activities so that they do not inadvertently fall within the licensing perimeter for exchanges or custodians, unless that is the intended path. Gaining reliable banking access is another significant obstacle, as local banks expect mature anti-money laundering frameworks, detailed transaction monitoring and swift responses to regulatory queries before they are willing to provide accounts. Compliance with Malaysia’s Personal Data Protection Act 2010 adds further complexity, particularly in managing where personal data is stored and how it is transferred across borders. Tax and accounting considerations also play an important role, from deciding how digital assets should be valued to ensuring that client funds and company assets are clearly segregated. Marketing and promotional activities must be handled carefully, as yield-style products and retail promotions attract heightened regulatory scrutiny.

To navigate these issues, many businesses adopt a structure that separates regulated activities from technology services. For example, a Malaysian operating company handles local staff, compliance and engagement with banks and regulators, while licensed partners provide the on- and off-ramps. Products are designed to remain non-custodial wherever possible, with robust policies around AML, data and tax. For cross-border operations, companies typically rely on geo-fencing, country-specific terms of service and, where necessary, separate entities in different jurisdictions, allowing them to respect local rules while still operating across the Southeast Asian market. This layered approach provides flexibility to scale regionally while keeping regulators, banks and auditors confident in the business model.

Question 3: Dispute Resolution in the Digital Asset Era

Malaysian courts and arbitral institutions are gradually adapting to the realities of digital asset disputes, but the process is far from straightforward. The courts have already shown a willingness to recognise cryptocurrencies as a form of property capable of being the subject of proprietary remedies, and in certain cases have granted freezing orders to preserve assets where clear tracing was available. Conversely, where evidence or proprietary foundation is weak, courts have refused freezing orders, underscoring the need for clear tracing and proper pleadings.

At the same time, the volatile nature of digital assets, the pseudonymity of counterparties, and the speed with which assets can be transferred across borders all make enforcement more challenging than in conventional disputes. The application of traditional legal frameworks often exposes gaps: for example, how to characterise a breach of a smart contract when the code executes automatically; how to attribute liability for lost private keys, protocol forks or failed oracles; or how to value damages when token prices fluctuate sharply within hours.

In arbitration, institutions such as the Asian International Arbitration Centre have modernised their rules to allow for emergency relief and fast-track proceedings, which are particularly useful when urgent interim orders are required in digital asset cases. Beyond that, specialised rules such as the UKJT Digital Dispute Resolution Rules are beginning to be adopted and influence how parties draft their dispute resolution clauses, offering procedures tailored to the blockchain context while still enabling awards to be recognised and enforced under established frameworks.

Ultimately, the key lies in careful drafting at the contract stage. Clear governing law and forum clauses, pre-agreed methods for valuing assets at the time of breach, and express provisions on the evidential status of on-chain records all help reduce uncertainty. For example, parties can draft and implement provisions that specify how on-chain data, signature schemes, outputs, and exchange logs will be authoritative evidence. As the market matures, we can expect to see a blend of traditional litigation, institutional arbitration and bespoke digital dispute mechanisms working side by side to provide parties with workable and enforceable outcomes in the crypto space.

Want to contribute to our Q&A series? If you're a legal expert in the web3/AI space and would like to share your expertise by joining our Q&A series, please reach out to hi@databirdjournal.com