Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction
1.1 Net Onboard Sdn Bhd is committed to full compliance with Malaysian laws, industry regulations, and international best practices to ensure ethical business conduct, legal risk mitigation, and regulatory adherence.
1.2 This Regulatory Compliance & Legal Risk Policy outlines the frameworks, obligations, and enforcement mechanisms applicable to our cloud computing, managed IT, cybersecurity, and digital solutions services.
1.3 This policy aligns with:
– Malaysia’s Communications and Multimedia Act (CMA) 1998
– Malaysia’s Personal Data Protection Act (PDPA) 2010
– Sales and Service Tax (SST) Act 2018
– Anti-Money Laundering Act (AMLA) 2001
– Competition Act 2010
– ISO 27001 & NIST Cybersecurity Standards
1.4 By using Net Onboard’s services, you acknowledge and agree to comply with this Regulatory Compliance & Legal Risk Policy.

2. Compliance Framework & Legal Obligations
2.1 Compliance Objectives:
– To uphold legal and regulatory standards for cloud computing and IT services.
– To prevent legal risks related to data protection, taxation, anti-fraud, and competition laws.
– To ensure business operations are ethical, transparent, and legally sound.
2.2 Regulatory Bodies & Reporting Obligations:
Net Onboard complies with the regulations set by:
– Malaysian Communications and Multimedia Commission (MCMC) – Oversees digital service compliance.
– Bank Negara Malaysia (BNM) – Regulates financial transactions, fraud prevention, and AMLA compliance.
– Royal Malaysian Customs Department – Administers SST compliance.
– Personal Data Protection Commissioner (JPDP) – Enforces data protection laws.

3. Data Protection & Privacy Compliance
3.1 Personal Data Protection Act (PDPA) 2010 Compliance:
– All personal and corporate data is processed in compliance with PDPA 2010.
– Explicit consent is required before collecting or processing personal data.
– Users have the right to access, correct, or delete their personal data.
3.2 Data Sovereignty & Storage:
– Personal data is stored in Malaysia unless international transfer is necessary for service fulfillment.
– Cross-border data transfers are subject to the Cross-Border Data Transfer Policy.

4. Anti-Money Laundering & Financial Compliance
4.1 Compliance with AMLA 2001:
– Transactions are monitored for unusual patterns (e.g., rapid high-value transactions).
– Know Your Customer (KYC) verification is required for high-risk transactions.
– Suspicious transactions will be reported to Bank Negara Malaysia (BNM).
4.2 Sales & Service Tax (SST) Compliance:
– All taxable services are subject to 8% SST under the Sales and Service Tax (SST) Act 2018.
– Customers will receive tax invoices for all applicable charges.

5. Competition & Fair Business Practices
5.1 Adherence to the Competition Act 2010:
– Net Onboard does not engage in anti-competitive practices, price fixing, or market monopolization.
– Third-party partnerships and vendor agreements are conducted fairly and transparently.
5.2 Intellectual Property & Copyright Compliance:
– Users must not host, distribute, or promote pirated software, counterfeit goods, or copyright-infringing materials.
– Net Onboard enforces strict IP protection measures under the Intellectual Property (IP) & Copyright Policy.

6. Cybersecurity & IT Risk Compliance
6.1 ISO 27001 & NIST Cybersecurity Compliance:
– All IT systems are secured using ISO 27001-compliant security controls.
– Regular penetration testing, vulnerability assessments, and security monitoring are conducted.
– Users must adhere to the Acceptable Use Policy (AUP) and Cybersecurity Policy.
6.2 Incident Response & Breach Notification:
– In the event of a data breach, affected users will be notified within 72 hours, as per PDPA & GDPR.
– Security incidents are managed under the Incident Response Policy.

7. Legal Risk Mitigation Strategies
7.1 Contractual Safeguards:
– All business engagements are governed by legally binding contracts.
– Liability limitations and dispute resolution clauses are incorporated into customer agreements.
7.2 Compliance Audits & Monitoring:
– Net Onboard conducts internal audits to identify and mitigate compliance risks.
– Regulatory updates are monitored, and policies are adjusted accordingly.
7.3 Legal & Regulatory Training:
– Employees undergo mandatory training on data protection, AMLA, and cybersecurity compliance.
– Key compliance personnel are designated to oversee risk management processes.

8. Enforcement & Penalties for Non-Compliance
8.1 Violations of this Policy May Result In:
– Warnings or compliance notices for minor infractions.
– Suspension or termination of services for serious breaches.
– Legal action if violations involve fraud, regulatory breaches, or cybersecurity threats.
8.2 Regulatory Reporting Obligations:
– Serious legal violations will be reported to the appropriate Malaysian authorities.

9. Governing Law & Dispute Resolution
9.1 This policy is governed by the laws of Malaysia.
9.2 Any disputes related to regulatory compliance or legal risks will be resolved through negotiation and mediation before arbitration or litigation.

10. Amendments & Updates
10.1 Net Onboard reserves the right to update this Regulatory Compliance & Legal Risk Policy at any time.
10.2 Users will be notified of any material changes via email or system notifications.
For compliance-related inquiries, contact [email protected].