Introduction
Social Media Influencer Marketing has become a powerful tool for businesses to engage with target audiences and shape consumer purchasing decisions. However, alongside these opportunities come legal and regulatory compliance obligations. This article highlights the key legal risks associated with influencer marketing in Malaysia and outlines practical considerations for businesses navigating this space.
Who is a Social Media Influencer?
The Malaysian Communications and Multimedia Content Code 2022 (“Content Code”) defines Social Media Influencer as:
“Any person(s) or group(s) who either on a personal capacity share their own independent opinions or are engaged and paid by Advertisers (either in cash or other consideration) to advertise products or services on their own social media channels because of their social media influence on Consumers.”
This definition is intentionally broad and captures:
- Individuals who are formally paid to promote products or services;
- Individuals who receive non-monetary benefits (e.g. free products, sponsored trips, event invitations); and
- Individuals who may appear to be giving “independent opinions” but are in fact engaged under a commercial arrangement.
In practice, this means:
- Even micro-influencers or occasional collaborators are regulated;
- One-off or casual posts can still trigger compliance obligations; and
- Businesses cannot avoid compliance obligations by structuring arrangements as “informal” or “free gift” collaborations.
Legal Considerations
While influencer marketing is a way for businesses to leverage influencers to encourage consumers to purchase products or services, there are certain risks that businesses should consider.
(a) Businesses are Presumed Liable for False or Misleading Advertisements
The Consumer Protection Act 1999 (“CPA”) is the main legislation protecting consumers from unfair, deceptive and misleading advertising practices, including those in the internet environment. Under Section 18 of the CPA, liability for misleading advertisements is presumed to lie with the person who, directly or indirectly, offers to supply goods or services or anybody on whose behalf the advertisement is made. Similarly, under Section 19 of the Trade Descriptions Act 2011 (“TDA”), advertisements (including those published online) must not contain false or misleading statements, and liability is likewise presumed to fall on the business.
Consequently, the businesses, rather than the influencers or advertising agencies, are presumed liable and bear the burden of proving that their conduct or representation in the advertisement were not misleading or deceptive. The burden shifts to the businesses to prove that a specific defence under the CPA can be relied upon. This significantly raises the compliance threshold for businesses engaging influencers.
(b) Disclosure Requirements
Part 3 of the Content Code makes it clear that influencers’ content such as product or service reviews, endorsements or testimonials made in exchange for payment in cash or any other reciprocal arrangement, constitutes an advertisement and must be disclosed. The phrase “other reciprocal arrangement” indicates that non-cash arrangements might also trigger the disclosure requirements. Businesses should also ensure that influencers comply with the specific disclosure formats prescribed under the Content Code for posts, videos and livestreams.
(c) Prohibition on Non-Bona Fide Endorsements:
The Content Code requires testimonials and endorsements to be genuine and relate to personal experience. Hence, businesses cannot use scripted or fabricated “user experiences” disguised as authentic reviews.
Interestingly, the amended Content Code 2022 recognises Virtual Influencers. “Virtual Influencer” refers to computer generated characters or avatars who have realistic characteristics, features, and personalities of humans, and behave in a similar manner as influencers. The Content Code requires that their use in advertisements be disclosed to consumers to prevent them from being misled into believing they are interacting with a real human being. It also prohibits advertisements based upon fictitious characters to give the impression that real people are involved. In that sense, Virtual Influencers are not allowed to make statements that they have experienced the products or services personally.
(d) Industry-Specific Regulations
Certain industries are subject to stricter advertising rules such as medicines and healthcare, food and supplements, financial and capital market products, etc.
For example, the Security Commission’s revised Guidance Note on the Provision of Investment Advice published on 18 July 2024 clarifies that sharing financial insights or recommendations that are likely to induce followers from buying or selling securities for commissions or rewards may amount to regulated investment advice. Influencers may unknowingly trigger licensing requirements and businesses engaging such influencers may be facilitating unlicensed regulated activity. Non-compliance carries severe penalties, including fines of up to RM10 million and/or imprisonment for up to 10 years. For more information, please read our previous article.
Businesses should therefore be aware that specific laws and regulations may apply to their industry. Influencer campaigns in regulated industries must be legally vetted before launch, not after.
Implications for Businesses
(a) Regulatory Penalties
Non-compliance may result in significant penalties, including:
- Up to RM250,000 (first offence) and RM500,000 (subsequent offences) under the CPA;
- Up to RM500,000 (first offence) and RM1,000,000 (subsequent offences) under the TDA;
- Enforcement actions under the Content Code, including written reprimand, removal of content and fines of up to RM50,000.
(b) Ongoing Monitoring Obligations
Given the presumption of liability, businesses should:
- Review and approve influencer content before publication;
- Confirm whether any specific laws or regulations govern advertising in their industry;
- Monitor posts after publication;
- Ensure disclosure requirements are met in accordance with the Content Code; and
- Act quickly to rectify any misleading or non-compliant content.
(c) Influencer / Ambassador Agreements
To mitigate risk, businesses should formalise arrangements through written agreements that include compliance clauses, disclosure obligations, content approval rights, indemnity clauses and other key protections. Given that influencer marketing largely relies on the personal brand, reputation and public image of the influencer, it is also important to include provisions regulating the influencer’s conduct.
Conclusion
Given that legal responsibility primarily lies with businesses, businesses must adopt a proactive compliance approach to mitigate exposure including proper contracting, content review processes and ongoing monitoring.
In an environment where authenticity drives engagement, legal compliance must operate alongside marketing strategy.
***
This article was written by Low Rui Thong (Associate) from Donovan & Ho’s corporate practice.
Our corporate practice group advises on corporate acquisitions, restructuring exercises, joint venture arrangements, shareholder agreements, employee share options and franchise businesses, Malaysia start-up founders and can assist with venture capital funds in Seed, Series A & B funding rounds. Feel free to contact us if you have any queries.
