ASEAN, poised to become the world’s 4th largest economy by 2030, is experiencing a digital boom. With an estimated 125,000 new internet users joining daily, it is the fastest-growing digital market globally. These users are not just browsing, but are actively engaged in data-intensive activities like gaming, eCommerce, and mobile business. As a result, monthly data usage is projected to soar from 9.2 GB per user in 2020 to 28.9 GB per user by 2025, according to the World Economic Forum. Businesses and governments are further fuelling this transformation by embracing Cloud, AI, and digitisation.
Investments in data centre capacity across Southeast Asia are estimated to grow at a staggering pace to meet this growing demand for data. While large hyperscale facilities are currently handling much of the data needs, edge computing – a distributed model placing data centres closer to users – is fast becoming crucial in supporting tomorrow’s low-latency applications and services.
The Big & the Small: The Evolving Data Centre Landscape
As technology pushes boundaries with applications like augmented reality, telesurgery, and autonomous vehicles, the demand for ultra-low latency response times is skyrocketing. Consider driverless cars, which generate a staggering 5 TB of data per hour and rely heavily on real-time processing for split-second decisions. This is where edge data centres come in. Unlike hyperscale data centres, edge data centres are strategically positioned closer to users and devices, minimising data travel distances and enabling near-instantaneous responses; and are typically smaller with a capacity ranging from 500 KW to 2 MW. In comparison, large data centres have a capacity of more than 80MW.
While edge data centres are gaining traction, cloud-based hyperscalers such as AWS, Microsoft Azure, and Google Cloud remain a dominant force in the Southeast Asian data centre landscape. These facilities require substantial capital investment – for instance, it took almost USD 1 billion to build Meta’s 150 MW hyperscale facility in Singapore – but offer immense processing power and scalability. While hyperscalers have the resources to build their own data centres in edge locations or emerging markets, they often opt for colocation facilities to familiarise themselves with local markets, build out operations, and take a “wait and see” approach before committing significant investments in the new market.
The growth of data centres in Southeast Asia – whether edge, cloud, hyperscale, or colocation – can be attributed to a range of factors. The region’s rapidly expanding digital economy and increasing internet penetration are the prime reasons behind the demand for data storage and processing capabilities. Additionally, stringent data sovereignty regulations in many Southeast Asian countries require the presence of local data centres to ensure compliance with data protection laws. Indonesia’s Personal Data Protection Law, for instance, allows personal data to be transferred outside of the country only where certain stringent security measures are fulfilled. Finally, the rising adoption of cloud services is also fuelling the need for onshore data centres to support cloud infrastructure and services.
Notable Regional Data Centre Hubs
Singapore. Singapore imposed a moratorium on new data centre developments between 2019 to 2022 due to concerns over energy consumption and sustainability. However, the city-state has recently relaxed this ban and announced a pilot scheme allowing companies to bid for permission to develop new facilities.
In 2023, the Singapore Economic Development Board (EDB) and the Infocomm Media Development Authority (IMDA) provisionally awarded around 80 MW of new capacity to four data centre operators: Equinix, GDS, Microsoft, and a consortium of AirTrunk and ByteDance (TikTok’s parent company). Singapore boasts a formidable digital infrastructure with 100 data centres, 1,195 cloud service providers, and 22 network fabrics. Its robust network, supported by 24 submarine cables, has made it a global cloud connectivity leader, hosting major players like AWS, Azure, IBM Softlayer, and Google Cloud.
Aware of the high energy consumption of data centres, Singapore has taken a proactive stance towards green data centre practices. A collaborative effort between the IMDA, government agencies, and industries led to the development of a “Green Data Centre Standard“. This framework guides organisations in improving data centre energy efficiency, leveraging the established ISO 50001 standard with customisations for Singapore’s context. The standard defines key performance metrics for tracking progress and includes best practices for design and operation. By prioritising green data centres, Singapore strives to reconcile its digital ambitions with environmental responsibility, solidifying its position as a leading Asian data centre hub.
Malaysia. Initiatives like MyGovCloud and the Digital Economy Blueprint are driving Malaysia’s public sector towards cloud-based solutions, aiming for 80% use of cloud storage. Tenaga Nasional Berhad also established a “green lane” for data centres, solidifying Malaysia’s commitment to environmentally responsible solutions and streamlined operations. Some of the big companies already operating include NTT Data Centers, Bridge Data Centers and Equinix.
The district of Kulai in Johor has emerged as a hotspot for data centre activity, attracting major players like Nvidia and AirTrunk. Conditional approvals have been granted to industry giants like AWS, Microsoft, Google, and Telekom Malaysia to build hyperscale data centres, aimed at making the country a leading hub for cloud services in the region. AWS also announced a new AWS Region in the country that will meet the high demand for cloud services in Malaysia.
Indonesia. With over 200 million internet users, Indonesia boasts one of the world’s largest online populations. This expanding internet economy is leading to a spike in the demand for data centre services. The Indonesian government has also implemented policies, including tax incentives and a national data centre roadmap, to stimulate growth in this sector.
Microsoft, for instance, is set to open its first regional data centre in Thailand and has also announced plans to invest USD 1.7 billion in cloud and AI infrastructure in Indonesia. The government also plans to operate 40 MW of national data centres across West Java, Batam, East Kalimantan, and East Nusa Tenggara by 2026.
Thailand. Remote work and increasing online services have led to a data centre boom, with major industry players racing to meet Thailand’s soaring data demands.
In 2021, Singapore’s ST Telemedia Global Data Centres launched its first 20 MW hyperscale facility in Bangkok. Soon after, AWS announced a USD 5 billion investment plan to bolster its cloud capacity in Thailand and the region over the next 15 years. Heavyweights like TCC Technology Group, CAT Telecom, and True Internet Data Centre are also fortifying their data centre footprints to capitalise on this explosive growth. Microsoft is also set to open its first regional data centre in the country.
Conclusion
Southeast Asia’s booming data centre market presents a goldmine of opportunity for tech investment and innovation. However, navigating this lucrative landscape requires careful consideration of legal hurdles. Data protection regulations, cross-border data transfer restrictions, and local policies all pose challenges for investors. Beyond legal complexities, infrastructure development needs and investment considerations must also be addressed. Despite these challenges, the potential rewards for companies that can navigate them are substantial.
The Malaysia Digital Economy Corporation (MDEC) has estimated that the country’s Digital Economy is worth USD3 trillion. Several initiatives have been introduced to promote the vision of a Digital Economy including: creating the Malaysia Tech Entrepreneur Programme (MTEP) aimed at tech founders who want to make Malaysia their base; the Malaysia Innovation Policy Council for industry collaboration on digital technology initiatives and streamlining policy/regulatory issues to support innovation; and the National eCommerce Roadmap aimed at small and medium enterprises (SMEs) to promote cross-border eCommerce.
Data Protection Laws for a Digital Economy
However, any country that aspires to be a Digital Economy, must have robust data protection laws that safeguards its citizens’ data. Malaysia’s Personal Data Protection Act 2010 (PDPA), was passed by the Malaysian Parliament in 2010 and came into force in late 2013. While the PDPA does provide guidelines for personal data protection to some extent, in light of technological advances, newer laws such as GDPR that are shaping the industry, and to keep up with the aspirations of creating a Digital Economy, there is a need for more comprehensive privacy laws.
“Growing the Digital Economy is a key agenda for Malaysia and a revised PDPA is a key component in ensuring trust and transparency,” says Shamir Amanullah, Principal Advisor Ecosystm. “The increasing and complex use of data and the proliferation of devices pose serious challenges which the data protection laws have to address. The recent US Federal Trade Commission’s hefty fines on Facebook and Equifax highlight the need to protect data of consumers and businesses alike.”
The PDPA is clearly a work in progress where while fast-growing areas such as electronic marketing and online privacy are mentioned in the act, there are no specific provisions to deal with breaches in these areas.
Updating the PDPA
In the last few years, Malaysia has realised that the PDPA fails to cover some areas. As an example, it does not take into consideration the proliferation of biometric data. The national ID card (MyKad) stores data using biometrics (thumbprints) and there is a clear rise in use of facial recognition technology in the country. Grab partnered with the Ministry of Transport last year, to use facial recognition technology to protect their drivers.
Malaysia is committed to their Digital Economy vision and is looking to update the PDPA, to make it more appropriate for contemporary needs and technology. The Government is consulting its citizens on possible ways to improve the PDPA. Between 14-28 February, the public can provide feedback on their thoughts and requirements on data privacy, through the Ministry of Communications and Multimedia’s web portal.
Some of the areas that have been found lacking and where feedback is being sought are expanding applications of the PDPA to data processors, making it compulsory to notify data breaches and simplifying cross-border personal data transfer.
Speaking about the areas that are likely to be addressed, Amanullah notes, “The review of the PDPA and the ongoing public consultation will deliberate extending the PDPA to non-commercial transactions. The existing PDPA does not cover non-commercial transactions involving charities, religious activities and even social media. The EU, Japan and – closer home – the Philippines have data protection acts which regulate both commercial and non-commercial transactions.”
Malaysia’s Communications & Multimedia Minister, Gobind Singh Deo, has from the start spoken about the need to update and bring the PDPA up to speed. “The goal of the Digital Economy is to take Malaysian enterprises beyond the country to Southeast Asian and global markets,” says Amanullah. “The EU GDPR is recognised as a leading global framework for data protection and is set to play a big role in the revised PDPA, to ensure that Malaysian companies adhere to the same data protection standards as global organisations.”
“The appointment of Data Protection Officers will be a major move to ensure that companies that hold sensitive private data have the necessary skills, processes and technology in place to comply with data protection laws.”
