Malaysia's Cyber Security Act 2024 imposes specific technical obligations on entities classified as CNII (Critical National Information Infrastructure) or CNII-adjacent. The 11 CNII sectors include: Government, Banking & Finance, Transportation, Defence & Security, Information & Communications, Energy, Water, Health, Food & Agriculture, Emergency Services, and Science & Technology. If your organisation serves or is part of any of these sectors, you are likely CNII-adjacent and must comply.