Data exchange is breaking down siloes in Malaysia’s digital government
By Sol Gonzalez
MyGDX’s Project Manager, Aznul Nizam bin Nasir shares how the platform is advancing Malaysia’s digital government transformation by providing a secure and centralised hub for government data exchange across ministries and public agencies.

Session Towards MyGDX Readiness Series 5 held in June 2026. Image: MyGDX Gallery.
During Malaysia’s university admissions season, one government platform processed more than one million data verification requests per hour.
The platform, MyGDX (Malaysian Government Central Data Exchange) worked behind the scenes while the Ministry of Higher Education verified national examination results in real time for students applying through UPU Online, the centralised application portal to public institutions of higher learning.
This was one of the exercises that showed the reliability and scale of MyGDX, which was built to break down data siloes among public sector agencies and enable the exchange of data securely in real time.
While agencies retain autonomy and ownership, the data was securely integrated across agencies to enhance smooth delivery of government services.
This was different from before where Malaysian agencies built their own application programming interfaces (APIs) and data-sharing tools, each with different standards, rules, and governance.
The platform currently processes more than 184 million transactions, managed by the MyGDX Governing Authority (GA).
MyGDX received a Special Mention for the “Digital Government Award” at the Festival of Innovation Awards 2026.
Speaking with GovInsider, Jabatan Digital Negara (JDN), MyGDX, Project Manager, Aznul Nizam bin Nasir speaks shared more about how the platform has addressed the challenge of segmented data across public sector and its impact on advancing national ambitions for digital transformation.
Real impact
My GDX was guided by the Once-Only Principle, the idea that citizens and businesses shouldn't have to resubmit the same data to different government agencies, shared Aznul.
At the same time, agencies should be able to make faster and better decisions based on trusted data rather than manual verification, he added.
This was the case with the MyGov Malaysia mobile application and MyGovernment portal, where users could access integrated government services through a single digital platform.
“Instead of requiring citizens to repeatedly submit the same information, MyGDX enables authorised systems to retrieve trusted data directly from the source agency, creating a faster and more seamless user experience,” explained Aznul.
With citizen-facing initiatives such as the MyGov app, MyGDX operated as the secure back-end data exchange layer that enables inter-agency data sharing for MyGov services.
“Currently, the MyGov mobile application leverages 41 APIs through MyGDX,” Aznul added.
“This demonstrates how MyGDX is not only an enabling infrastructure layer, but also a foundational component supporting the delivery of end-to-end digital government services.”
Solving the fragmentation problem
Recognising that several public sector agencies still operated with legacy systems, MyGDX was designed to enable secure data sharing without requiring agencies to replace their existing systems.
“This flexibility is achieved by deploying an API Connector and a Security Server at each participating agency, which allows them to expose and consume data while preserving their existing applications,” explained Aznul, adding that MyGDX supports a variety of architectures from MyGovCloud, agency on-premises data centres, and private cloud deployments.
To ensure consistency across agencies, MyGDX has implemented the Public Sector Data Dictionary (DDSA) as the common metadata standard. This way agencies could use a shared vocabulary and common data definitions.
This harmonisation was enabled by centralised governance via the MyGDX GA. The GA manages Registry, Directory, Trust Service, and Monitoring, and establishes common policies, technical standards, and operational procedures for all participating agencies.
With over 400 live APIs, the platform continuously monitors API availability, performance, and security through its monitoring subsystem, while the registry, directory, and trust service provide centralised service discovery, trust management, and governance, explained Aznul.
Security and governance engineered in
Agencies that wish to get onboarded with MyGDX must first submit a participation form for the MyGDX team to assess their business and technical readiness, as well as data governance and security requirements.
Once an agency is approved for onboarding, the technical integration began by issuing digital certificates and installing MyGDX components at the agency, followed by API development, subscription and full API implementation, which is the last step.
To ensure that data was only accessed in authorised ways once an agency was on the platform, MyGDX enforced a point-to-point (P2P) communication model between he data consumer and the data provider, which means that data is never exposed publicly, Aznul shares.
This process was governed by a Public Key Infrastructure (PKI) managed by the MyGDX GA where digital certificates are used to verify the identity of participating agencies.
End-to-end encryption and digital signatures further protect all data exchanges so that only authorised systems can initiate and interpret data requests, Aznul explains.
“Breaking down data silos requires more than technology alone, it demands alignment across policy, governance, technical architecture, and organisational culture,” added Aznul.
Speaking on the governance front, he shared that the Akta Perkongsian Data 2025 (Akta 864) was the clear legal framework for data sharing.
“The Act strengthens accountability, clarifies authority, and establishes structured mechanisms for decision-making and oversight through national-level governance structures.
“This gives agencies greater confidence to share data within a controlled, lawful, and well-governed environment,” he explained.
The next step
The efforts to ensure interoperability and integration continues with the idea of a National Data Repository approach enabled by MyGDX, noted Aznul.
With this approach, data stays with agencies but becomes discoverable via a central catalogue (DDSA).
“This distributed but connected model ensures that data is not physically centralised, but logically unified for authorised and purpose-driven use cases,” said Aznul.
He added that moving away from siloed data ownership toward trusted data stewardship requires “confidence that data-sharing is governed, secure, and compliant with national legislation, such as Akta 864.
“It also reinforces the understanding that data is a national asset to be responsibly shared, not an isolated resource to be retained.”
Currently six states were already participating in MyGDX and two additional states were in the onboarding process, with future plans focussing on progressively onboarding more agencies, harmonising existing integrations, and expanding participation.
Aznul shared that ongoing efforts would continue to make MyGDX grow as a trusted national data exchange platform to make agency operations more seamless and improve citizen services.
-1783304403050.jpg)