E06 How Data Centres Are Approved in Malaysia

Key Takeaways

  • Data centre approval in Malaysia is not a single process but a sequence of statutory submissions handled by different authorities and professional roles.
  • Key decision points are distributed across investment approval (MIDA/MITI ecosystem), planning permission (state and local authorities), utility allocation (TNB, water operators, MCMC), and building control (local authorities via PSP).
  • Licensed professionals—such as the Principal Submitting Person (PSP)—play a central role in translating regulatory requirements into formal submissions.
  • Utilities and technical agencies often function as capacity gatekeepers rather than traditional “approving authorities.”
  • Many project delays or constraints arise not from planning rejection, but from infrastructure capacity, technical compliance, or submission sequencing issues.
  • Understanding the approval mechanism requires distinguishing between policy approval, planning permission, technical clearance, and completion certification (CCC).

The Common Misconception: “One Approval Means It Is Approved”

When a data centre project is announced in Malaysia, public attention often focuses on a single assumption:

“It has been approved by the government.”

In practice, there is no single “approval” that authorises a data centre to proceed from concept to operation.

Instead, approval is distributed across multiple statutory and administrative layers:

  • Investment facilitation and coordination (e.g., MITI and MIDA)
  • Land use planning approval (State Authority and local planning authority)
  • Technical infrastructure approvals (Tenaga Nasional Berhad, water operators, MCMC)
  • Environmental clearance (Department of Environment Malaysia)
  • Fire and safety approval (Bomba Malaysia)
  • Building plan approval and completion certification (Local Authority via PSP)

Each authority is not duplicating the same decision. Each is exercising a different statutory mandate.

MDCO Insight: A data centre is not “approved once.” It is progressively enabled through multiple statutory gates, each controlled by a different authority.

Why So Many Authorities Are Involved

Data centres combine multiple regulated domains in a single facility:

  • High-voltage electrical infrastructure
  • Industrial cooling and mechanical systems
  • Telecommunications interconnection
  • Large-scale land development
  • Continuous 24/7 critical operations
  • Significant environmental and resource demand

No single Malaysian agency is mandated to regulate all these dimensions.

Instead, governance is functionally divided by statute:

  • Electricity → Energy Commission + TNB system operator role
  • Environment → DOE under Environmental Quality Act 1974 (Act 127)
  • Planning → State planning authorities under Town and Country Planning Act 1976 (Act 172)
  • Building control → Local Authorities under Uniform Building By-Laws
  • Telecommunications → MCMC under Communications and Multimedia Act 1998 (Act 588)
  • Occupational safety → DOSH under OSHA 1994 (Act 514)

This fragmentation is intentional. It reflects how modern regulatory systems separate risk categories into specialist institutions.

MDCO Insight: The approval ecosystem is fragmented because the risks it governs are fundamentally different in nature.

Layer One: Investment Approval and Strategic Facilitation (MIDA / MITI Ecosystem)

The first formal layer in many Malaysian data centre projects is not planning—it is investment coordination.

At this stage, developers engage with:

  • MITI
  • MIDA
  • State economic planning units (SEPU / Invest agencies)

This layer focuses on:

  • Strategic economic value
  • Foreign direct investment (FDI) alignment
  • Technology transfer potential
  • Job creation
  • Export-oriented digital infrastructure
  • National digital economy objectives

In recent years, Malaysia has introduced more structured coordination mechanisms, including the Data Centre Task Force (DCTF), which brings together multiple ministries, utilities, and regulators to evaluate strategic alignment.

At this stage, decisions are typically non-permitting in nature.
They do not replace planning approval but shape whether a project is encouraged, supported, or coordinated.

MDCO Insight: Investment approval is not a building permit—it is a national-level economic alignment process.

Layer Two: Land Use Planning Approval (State Authority + Local Planning Authority)

Once investment feasibility is broadly supported, the project enters the statutory planning system.

This involves:

  • State Authority (land matters)
  • Local Planning Authority under Act 172
  • Technical advisory inputs from agencies such as DOE, TNB, JKR, and others

The core legal question is:

“Is this the appropriate land use for this location?”

Planning decisions evaluate:

  • Zoning compliance (industrial vs sensitive uses)
  • Compatibility with surrounding land use
  • Traffic impact and access roads
  • Flood risk and environmental sensitivity
  • Infrastructure readiness
  • Strategic development plans under local structure plans

At this stage, the role of planning authorities is not merely administrative. They act as spatial decision-makers, determining whether the development fits within long-term land use policy.

MDCO Insight: Planning approval determines not only whether a data centre can be built, but also where its long-term external impacts will be located.

Layer Three: Utility Capacity Allocation (TNB, Water Operators, MCMC)

Even with planning approval, a data centre cannot operate without infrastructure allocation.

This layer is often decisive in Malaysia.

Key entities include:

  • Tenaga Nasional Berhad (electricity connection and grid capacity)
  • State water operators (water allocation and supply constraints)
  • MCMC and licensed network operators (fibre connectivity)

Unlike planning approval, utility allocation is capacity-based rather than entitlement-based.

Key considerations include:

  • Available grid capacity at substations
  • Transmission constraints (132kV / 275kV systems)
  • Water supply reliability and drought resilience
  • Fibre route redundancy and network resilience
  • Long-term demand forecasting

In practice, utilities may not “approve” or “reject” in a legal sense. Instead, they determine:

  • Connection feasibility
  • Queue position
  • Upgrade requirements
  • Lead time and cost implications

MDCO Insight: Utility allocation is often the real constraint layer—not planning approval.

Layer Four: Environmental Review (DOE and Related Agencies)

Environmental oversight is governed primarily under the Environmental Quality Act 1974 and administered by:

  • Department of Environment Malaysia

Depending on project scale and classification, requirements may include:

  • Environmental Impact Assessment (EIA)
  • Noise impact assessment
  • Air emission controls
  • Water discharge and usage management
  • Waste handling requirements
  • Pollution prevention measures

Importantly, environmental review does not operate in isolation. It is often influenced by:

  • Planning conditions
  • Utility infrastructure design
  • Cooling system selection
  • Generator usage strategy
  • Site sensitivity (urban vs industrial zones)

This creates a feedback loop between engineering design and environmental compliance.

MDCO Insight: Environmental outcomes are shaped as much by engineering design decisions as by regulatory approval conditions.

Layer Five: Fire Safety and Emergency Response Approval (Bomba Malaysia)

Fire safety is one of the most critical statutory approval layers in any data centre development.

The primary authority is:

  • Bomba Malaysia

Fire safety approval is not limited to building design review. It extends across:

  • Conceptual fire strategy (submitted by fire engineers or SP)
  • Layout approval for suppression systems
  • Hazard classification (especially generators and fuel storage)
  • Access routes for emergency response
  • Fire compartmentation and detection systems
  • Commissioning and testing of fire systems

In modern data centres, fire safety design is highly integrated with operational resilience. For example:

  • Gas suppression systems must avoid damaging IT equipment
  • Battery energy storage systems require specialised risk assessment
  • Generator farms introduce fuel and ignition risk considerations

Bomba’s role is therefore both preventive and operational, ensuring that high-density electrical environments remain safely controllable under emergency conditions.

MDCO Insight: Fire safety approval is not a formality—it is a design-shaping constraint that directly influences architectural and mechanical engineering decisions.

Layer Six: Building Plan Approval (Local Authority + PSP System)

Building plan approval represents the formal consolidation point where multiple technical submissions are integrated into a single statutory approval package.

This stage is administered by:

  • Local Authorities (PBT – Pihak Berkuasa Tempatan)
  • Supported by the Principal Submitting Person (PSP) system

The PSP is typically a registered architect or professional engineer, depending on the scope of submission under Malaysian building laws.

The PSP is responsible for:

  • Coordinating all technical submissions
  • Ensuring compliance with Uniform Building By-Laws (UBBL)

The PSP integrate inputs from:

  • Structural engineers
  • Electrical engineers
  • Mechanical engineers
  • Fire protection engineers
  • Telecommunications designers

The PSP submit consolidated drawings and documentation to the local authority

At this stage, the local authority acts less as a technical designer and more as a statutory verifier and integrator, ensuring that all agency inputs (DOE, Bomba, TNB, JKR, etc.) are properly reflected in the approved design.

MDCO Insight: The PSP system functions as the “translation layer” between multi-agency technical requirements and a single buildable design.

Layer Seven: Construction Compliance and Site Inspections

Once building plan approval is granted, construction may proceed—but under continuous statutory oversight.

Key mechanisms include:

  • Site inspections by local authority officers
  • Compliance checks against approved drawings
  • Engineering certification during construction stages
  • Safety supervision under DOSH requirements
  • Utility inspection and connection approvals (TNB, water, telecoms)

Construction is not a standalone phase. It is a regulated execution environment, where deviations from approved plans can trigger:

  • Stop-work orders
  • Re-submission requirements
  • Technical redesigns
  • Compliance rectification measures

In data centre projects, construction compliance is particularly strict due to:

  • High electrical loads
  • Complex mechanical systems
  • Safety-critical commissioning requirements
  • Integration with external utility infrastructure

MDCO Insight: Construction approval is not permission to build freely—it is permission to build within tightly defined statutory and technical boundaries.

Layer Eight: Testing, Commissioning, and Utility Integration

Before operational use, a data centre must undergo extensive testing and commissioning processes.

This involves coordination between:

  • PSP and commissioning engineers
  • Local authorities
  • Utility providers (TNB, water, fibre operators)
  • Fire safety authorities (Bomba)

Key verification areas include:

  • Electrical load testing and redundancy validation
  • Generator testing and fuel system verification
  • Cooling system performance validation
  • Fire suppression system activation tests
  • Network connectivity and redundancy checks

Utilities play a particularly important role at this stage because:

  • Electrical energisation is conditional on compliance certification
  • Fibre connectivity depends on network readiness
  • Water supply activation depends on system integrity checks

This stage represents a transition from construction to operational readiness.

MDCO Insight: Commissioning is where theoretical design assumptions are tested against real operational and utility constraints.

Layer Nine: Completion Certification (CCC System)

The final statutory milestone before operations begin is the Certificate of Completion and Compliance (CCC).

Under the Malaysian system, CCC is issued by the PSP (not the local authority), but based on full compliance certification.

The PSP must confirm:

  • All building works comply with approved plans
  • All technical conditions from authorities have been satisfied
  • All statutory inspections have been completed
  • Utility connections are verified and operational
  • Fire safety systems are certified and functional

Authorities such as:

  • Local Authorities
  • Bomba Malaysia
  • DOE
  • TNB and other utilities

must have completed their respective clearance processes prior to CCC issuance.

CCC therefore represents a professional legal declaration of compliance, backed by multi-agency verification.

MDCO Insight: CCC is not a single approval—it is the final consolidation of multiple statutory compliance confirmations.

How the System Actually Works: A Distributed Responsibility Model

The Malaysian data centre approval ecosystem does not operate as a linear chain of command.

Instead, it functions as a distributed responsibility model, where:

  • MIDA / MITI ecosystem → economic alignment
  • State authorities → land and planning control
  • Local authorities → building integration and CCC oversight
  • Utilities → capacity allocation and infrastructure gating
  • DOE → environmental protection enforcement
  • Bomba → fire and life safety assurance
  • PSP → technical integration and statutory certification

Each entity holds partial authority over a specific domain, and no single organisation has full control over the entire lifecycle.

This structure ensures:

  • Specialisation of expertise
  • Separation of regulatory functions
  • Multiple safeguards across risk domains

But it also creates:

  • Coordination complexity
  • Sequencing dependencies
  • Potential delays due to cross-agency alignment
  • Information asymmetry between stakeholders

MDCO Insight: The approval system is not designed for simplicity—it is designed for distributed risk governance.

Interdependencies, Tensions, and Synergies Across the System

While each institution has a distinct statutory role, their decisions are deeply interconnected.

Key Synergies

  • DOE environmental requirements often align with energy-efficient design standards
  • TNB grid planning aligns with national digital infrastructure expansion goals
  • MIDA investment facilitation supports long-term infrastructure development
  • Bomba fire safety requirements improve operational resilience
  • PSP integration ensures coherence across engineering disciplines

Key Tensions

  • Planning approval may conflict with utility capacity constraints
  • Environmental constraints may affect cooling system design choices
  • Speed of investment approval may conflict with detailed infrastructure readiness
  • Fire safety requirements may increase design complexity and cost
  • Utility expansion timelines may lag behind project demand

Structural Reality

These tensions are not system failures. They are structural outcomes of:

  • Different statutory mandates
  • Different risk definitions
  • Different time horizons
  • Different accountability structures

The Malaysian system manages these tensions through sequencing, conditional approvals, and professional certification (PSP/CCC mechanism) rather than centralised decision-making.

MDCO Insight: The effectiveness of the approval ecosystem depends less on eliminating tension and more on managing interdependencies across institutions.

The Observatory Perspective

Public discussions about data centre approvals often focus on outcomes. Was the project approved? Which authority approved it? Why was it allowed to proceed? These are reasonable questions, but they reveal only the final outcome of a much longer and more structured process.

As this article has shown, there is no single authority responsible for approving a modern data centre in Malaysia. Instead, responsibility is distributed across a network of institutions, each exercising powers defined by legislation and each accountable for a different aspect of the public interest. Investment agencies assess strategic and economic value. Planning authorities determine whether a development is appropriate for its proposed location. Utilities evaluate whether essential infrastructure can support the project. Environmental regulators oversee environmental protection. Fire and occupational safety authorities focus on life safety and operational risks. Throughout this process, licensed professionals such as the Principal Submitting Person (PSP) coordinate technical submissions and assume professional responsibility for compliance with statutory requirements.

This distributed model reflects a broader principle of public governance. Complex infrastructure projects create multiple categories of risk, and those risks are managed by institutions with specialised expertise rather than by a single decision-maker. No individual agency possesses complete authority because no single agency is responsible for every aspect of a data centre’s development or operation.

Understanding this institutional architecture also helps explain why data centre approvals can appear slow, complicated, or fragmented. What may seem like multiple layers of bureaucracy are often multiple layers of accountability. Each authority must satisfy itself that the project complies with the legislation it administers before the next stage can proceed. The approval process is therefore not designed simply to facilitate development, nor solely to prevent it. Its purpose is to ensure that different public interests are considered through the appropriate statutory mechanisms.

At the same time, the approval system does not eliminate trade-offs. A project may satisfy statutory requirements while still generating debate over issues such as electricity demand, water use, noise, carbon emissions, or local community impacts. Conversely, concerns raised by communities may relate to matters that fall outside the legal jurisdiction of any single approving authority. Recognising these distinctions is important because it helps separate questions of statutory compliance from broader discussions about public policy, sustainability, and social expectations.

This distinction is particularly relevant as Malaysia’s data centre industry continues to evolve. New technologies, changing sustainability expectations, increasing electricity demand, and national digital economy ambitions will continue to influence both regulatory practice and public expectations. Approval mechanisms that are appropriate today may themselves evolve as governments, regulators, industry, and society respond to new opportunities and emerging challenges.

One of the objectives of the Malaysia Data Centre Observatory (MDCO) is to improve understanding of these institutional relationships. By explaining who performs each statutory role, how different approvals fit together, and why responsibilities are distributed across multiple authorities, MDCO seeks to reduce information asymmetry and promote more informed public discussion. Transparency does not remove difficult trade-offs, nor does it guarantee agreement, but it provides a stronger foundation for evidence-based dialogue, better governance, and more effective decision-making.

**Selected References

1. Malaysia Investment, Policy and Coordination Framework

  • MIDA: Investment facilitation, licensing coordination, and strategic industrial approvals. https://www.mida.gov.my/
  • MITI: National investment policy, industrial development strategy, and trade governance. https://www.miti.gov.my/
  • Data Centre Task Force (Malaysia): Multi-agency coordination mechanism for data centre development governance. (policy announcements typically published under MITI ecosystem)https://www.miti.gov.my/

2. Planning, Land Use and Local Authority Framework

  • PLANMalaysia: National planning standards, guidelines, and development policy coordination. https://www.planmalaysia.gov.my/
  • Town and Country Planning Act 1976 (Act 172): Primary legislation governing land use planning and development control in Malaysia. https://lom.agc.gov.my/ (Attorney General’s Chambers of Malaysia legal portal)
  • Local Authorities (PBT – Pihak Berkuasa Tempatan): Building plan approval, CCC coordination, and local development control (varies by jurisdiction; reference via respective municipal websites)

3. Utilities and Infrastructure Governance

  • Tenaga Nasional Berhad: Electricity transmission, distribution, and grid connection requirements. https://www.tnb.com.my/
  • Energy Commission of Malaysia (Suruhanjaya Tenaga): Electricity supply regulation, licensing, and technical oversight. https://www.st.gov.my/
  • National Water Services Commission (SPAN): Water services regulation and infrastructure oversight. https://www.span.gov.my/
  • MCMC: Telecommunications infrastructure regulation and licensing. https://www.mcmc.gov.my/

4. Environmental Regulation and Safety Governance

  • Department of Environment Malaysia: Environmental Impact Assessment (EIA), pollution control, and environmental compliance. https://www.doe.gov.my/
  • Environmental Quality Act 1974: Core legal framework for environmental regulation in Malaysia. https://lom.agc.gov.my/
  • Bomba Malaysia: Fire safety certification, emergency response standards, and building fire approval. https://www.bomba.gov.my/
  • Department of Occupational Safety and Health (DOSH Malaysia): Workplace safety, industrial risk management, and occupational compliance. https://dosh.gov.my/en/

5. Building Control and Certification Framework

  • Uniform Building By-Laws (UBBL) 1984: Core technical framework for building design, submission, and compliance in Malaysia. https://lom.agc.gov.my/
  • Certificate of Completion and Compliance (CCC) System: Professional certification framework issued by Principal Submitting Person (PSP) under Malaysian building law. (Administered via Local Authorities and professional boards; reference via PBT portals)
  • Board of Architects Malaysia (LAM / PAM ecosystem): Professional regulation of architects acting as PSP. https://www.lam.gov.my/
  • Board of Engineers Malaysia (BEM): Professional engineering regulation and PSP authorisation for engineering submissions. https://www.bem.org.my/

Citation

Malaysia Data Centre Observatory (MDCO). How Data Centres Are Approved in Malaysia? MDCO Explain Series No. E06 (Version 1.0, July 2026).

MDCO Note

This article forms part of the Malaysia Data Centre Observatory (MDCO) Explain Series, which aims to improve public understanding of data centre development through evidence-based, accessible and balanced analysis. It is intended for educational and informational purposes only and does not constitute legal, engineering, planning, environmental or professional advice.

Malaysia’s rapidly evolving data centre ecosystem includes facilities developed, owned or operated by organisations such as AirTrunk, Amazon Web Services (AWS), Bridge Data Centres, DayOne, EdgeConneX, Google, K2 Data Centres, Microsoft, NTT Global Data Centers, Princeton Digital Group (PDG), ST Telemedia Global Data Centres (STT GDC), STACK Infrastructure, Vantage Data Centers, YTL Data Centre Park and many others. MDCO is independent of these organisations, as well as governments, regulators, utilities and advocacy groups. Its role is to facilitate transparency, structured understanding and equal access to information by presenting publicly verifiable evidence, relevant context and multiple stakeholder perspectives. MDCO does not endorse, oppose or advocate for any particular organisation, project or policy position.

Similar Posts