Malaysia wants to be AI-ready by 2030. First, it has to own its digital future

Malaysia is striving to become an artificial intelligence (AI) nation by 2030. Much of that ambition runs through global tech partnerships in cloud platforms, AI models and infrastructure built and managed elsewhere.

But as agencies lean on external providers to move faster, the question is whether speed compromises sovereignty.

According to a study done by IBM in 2026, 80 per cent of CEOs surveyed in the country now say AI sovereignty is essential to their strategy.

Governments around the world share the same concern of risk losing control over the data, workloads, and decisions running on the external AI infrastructure.

For IBM Malaysia’s Country General Manager and Technology Leader, Dickson Woo, digital sovereignty isn’t choosing between dependency and going it alone.

“Sovereignty is not defined by who provides the technology — it's defined by who remains in control," he says.

He asserts the tech vendor’s role in providing open and flexible platforms that enable customers to leverage the best tech, while maintaining control of their most critical assets.

More than where data sits

According to Woo, digital sovereignty is no longer limited to data residency, but about ensuring security, resilience, trust and control in an AI era.

“We see it as the ability for organisations to leverage technology on their own terms — maintaining control, transparency, and choice while continuing to innovate at speed,” he says.

This distinction is key for government agencies.

While the former answers to where sensitive citizen data sits, sovereignty answers who can act on this data and under what governance terms when AI starts making decisions with it.

To leverage the best of global tech while retaining sovereignty, Woo highlights that private vendors have a duty to build and contribute to open ecosystems that do not lock government agencies into one stack.

In practice for IBM, digital sovereignty is designed into the tech from the outset, including through open standards, hybrid-by-design architectures, deployment flexibility across cloud, on-premises and air-gapped environments, as well as built-in AI governance.

He cites IBM Sovereign Core, an architecture built on an open-source foundation, which allows agencies to innovate with AI while maintaining control, resilience and trust.

"Success will be measured not by how fast AI is adopted, but by how sustainably and securely it is scaled,” says Woo.

He adds that the focus of governments today should be on building capabilities, governance, and tech choices that prevent dependency while enabling access to the best innovations.

Sovereignty can't be bolted on later

Sovereignty debates can sound abstract next to the daily grind of public service delivery, but Woo grounds it on data quality, which is something that agencies can work on more concretely.

IBM’s study found that a third of Malaysian CEOs cite poorly integrated data as one of the biggest barriers to innovation.

In the government, this may show up as fragmented services, inconsistent reporting, and slower policy decisions. Public officers end up spending more time reconciling data than acting on it.

“If decision-makers cannot trace where data comes from, understand its quality, or trust its accuracy, the value of AI is significantly diminished," he cautions.

The fix, he says, needs to be architectural, not bolted in the processes. IBM's approach rests on three pillars, namely technical, data, and operational sovereignty, built in before an agency runs their workloads on it.

The alternative is governments discovering control gaps only after AI is embedded in critical systems, and the fixes become slower and more expensive. 

Quantum as both a risk and opportunity

IBM’s study has found that slightly more than half (53 per cent) of Malaysian CEOs have identified quantum use cases and the business value it creates.

As quantum capabilities mature, attackers can begin to harvest sensitive data encrypted today and decrypt it later, which is also known in security circles as “harvest now, decrypt later,” he notes.

For governments, citizen records, national security information, and critical infrastructure data need to stay secure for years, even when today's encryption fail.

“Preparing for post-quantum cryptography is not about responding to a future threat—it's about protecting today's data against tomorrow's capabilities,” says Woo, adding that IBM is investing in Malaysia's quantum capabilities and skills development to help close that gap.

Concluding the interview, he says that the agencies that get to Malaysia’s 2030 AI nation ambitions won’t be the ones that move the quickest, but the ones that built control into the foundation.

 “By maintaining control over critical data and systems while leveraging AI at scale, the public sector can accelerate responsible AI adoption, strengthen public trust, and advance Malaysia's vision of becoming an AI-driven nation by 2030,” he notes.
 

IBM Malaysia and GovInsider are hosting a roundtable event for Malaysian public sector officials titled “Powering Digital Sovereignty in Malaysia with Data and AI” on July 14, 2026, at Putrajaya, Malaysia. You can click here to find out more >>>