PDPA & PDPC AI Agent Procurement Guide (2026)
guideUpdated 14 min read
PDPA and PDPC AI agent procurement guide for MY/SG teams: data residency, DPA clauses, vendor due diligence, breach notices, and rollout paths.

Last verified: 2026-05-11. Regulatory guidance is based on published legislation and regulatory guidance documents cited inline. This is general information, not legal advice — engage a qualified data protection officer or legal counsel for advice specific to your situation.
By Frankie C. · Senior Market Researcher, Mindber. Tracks 500+ AI/SaaS tools across SEA markets via the Mindber Innovation Index methodology, covering MY/SG/ID/PH/TH compliance contexts.
Buying an AI agent in 2026 is fast. Getting legal to sign off takes six weeks.
In Malaysia and Singapore — the two SEA markets with the most mature AI adoption and the most active regulatory enforcement — procurement of AI agents sits at the intersection of three overlapping regimes: Malaysia's PDPA 2010, Singapore's PDPA 2012 administered by PDPC, and rapidly evolving AI-specific guidance from both regulators. Add vendor supply chains that route through the US, EU, and China, and you have a procurement process that can stall for six weeks even for a twenty-dollar-a-month tool.
This guide is for the person in the room who actually has to unblock that stall — typically an ops lead, IT security officer, or founder acting as their own DPO. We cover the six questions every legal team asks, the data residency grid for the most common AI agents, the DPA clauses that matter (and the ones that usually don't), and a decision matrix so you can scope the compliance overhead before you sign.
All AI tools referenced in this guide are tracked in real time on Mindber's AI agents category and the rankings page.
Quick answer: PDPA/PDPC AI agent procurement
MY/SG teams should approve a cloud AI agent only after they know what data enters the tool, where that data is processed, whether a DPA covers every sub-processor, and how deletion plus breach notification work. Local-first agents such as Claude Cowork reduce the transfer surface for file-heavy work, while cloud agents such as Manus need stricter data classification and enterprise terms before personal data enters the sandbox. Use this guide as the legal-readiness layer, then compare product fit in the Mindber AI agents category.
Why AI procurement is different from SaaS procurement
Traditional SaaS procurement for tools like CRMs or project managers involves data processed at rest in a defined region. You get a DPA, confirm the data center location, and move on. AI agents change three things that make this harder.
First, execution is non-deterministic. When you send data to a cloud AI agent, you are not just storing it — you are processing it in real time through a model that may sub-sample, summarise, and write derivative outputs. Under data minimisation principles in both MY and SG PDPA, you need a lawful basis not just for storage but for each processing activity.
Second, sub-processors multiply fast. A single AI agent SaaS might route your prompts through the primary LLM vendor (e.g. Anthropic, OpenAI, or Baidu), a vector database provider, a logging and observability layer, and cloud infrastructure. Each is a sub-processor. Your DPA needs to either name them explicitly or give you the right to object when the list changes.
Third, output data is new data. If an AI agent synthesises your internal documents into a report, that report is a new data object. Who owns it? Can the vendor use it for model training? The answers vary by vendor and are frequently buried in ToS addenda that most procurement teams never read.
The IMDA Singapore AI Governance Framework and the Malaysian MyDIGITAL AI ethics initiative both acknowledge these complexities, but neither has issued binding sector-specific AI procurement rules as of 2026-05-06. The operative law remains the PDPA frameworks.
The six questions every legal team asks
These are the questions your legal team will ask — or should ask — before approving any cloud AI agent. The answers determine the compliance overhead and whether a DPA can be executed in days or months.
1. Where does the data physically go?
Every cloud AI agent processes your data in a data center somewhere. The question is which jurisdiction — and whether that jurisdiction has an adequacy finding or equivalent protection under MY/SG PDPA.
Key data center locations and their compliance implications:
- US East / US West (AWS, GCP, Azure): No adequacy finding under MY PDPA. Transfer requires a contractual basis (DPA with cross-border transfer clauses) and a transfer impact assessment if the data includes sensitive personal data.
- Singapore (AWS ap-southeast-1, GCP asia-southeast1): SG-to-SG transfers are domestic. MY-to-SG transfers require the same cross-border transfer mechanism as MY-to-US — Singapore has no blanket adequacy finding under Malaysian law.
- EU (Frankfurt, Ireland): EU GDPR applies to EU-resident data subjects; MY/SG PDPA applies to MY/SG data subjects regardless of where data is processed.
- China: High-risk for both MY and SG PDPA due to Chinese state access laws (DSL 2021, PIPL 2021). Very few enterprise legal teams will approve a China-routed AI agent for personal data.
2. What is the lawful basis for cross-border transfer?
Both Malaysia's PDPA 2010 and Singapore's PDPA 2012 require a lawful basis for transferring personal data outside the country (Malaysia's cross-border transfer regime was restructured by its 2024 amendment; Singapore's transfer-limitation obligation sits in the PDPA and its regulations). Confirm the exact current provisions with the regulator or your counsel before relying on them. The practical options are:
- Data processing agreement (DPA) with binding transfer clauses: Standard Contractual Clauses or equivalent. This is what most enterprise legal teams require.
- Consent of the data subject: Difficult to operationalise for bulk AI workloads. Works for single-subject one-off use cases.
- Necessity for contract performance: Narrow. Applies when the data subject is a party to a contract being executed — not a scalable basis for general AI workloads.
Most vendors will offer a DPA with SCCs or equivalent. The question is whether their DPA is complete (covers all sub-processors, names data center regions, specifies retention and deletion timelines, gives you a breach notification obligation of ≤72 hours).
3. Does the vendor train on your data?
This is the question founders skip. Default answers vary dramatically:
- Manus: Training use of task inputs is not explicitly excluded in the default free/standard tier ToS as of 2026-05-04 — verify before deploying personal data at scale.
- Claude Cowork / Anthropic: Anthropic's enterprise ToS explicitly excludes training on customer inputs. The Pro tier (consumer ToS) has a different default — request the enterprise DPA even if you are on Pro.
- ChatGPT Agent / OpenAI: Training opt-out available via the "Data Controls" setting; enterprise contracts exclude training by default.
The rule: always request the vendor's enterprise DPA and look for "we will not use your data to train models" as an explicit clause, not just the absence of a training statement.
4. Who are the sub-processors?
This is the DPA clause most procurement teams miss. A vendor's published sub-processor list should name every third party that processes your data and what they do. Common sub-processors include:
- Compute infrastructure: AWS, GCP, Azure (data center region matters here)
- LLM providers: Anthropic, OpenAI, Google DeepMind, Baidu (if the agent uses third-party models)
- Logging / observability: Datadog, Sentry, Honeycomb (may capture prompt content in error traces)
- Customer support tooling: Intercom, Zendesk (may capture content from support tickets that include prompt excerpts)
Your DPA should give you a right to object to new sub-processors within a defined window (30–60 days is standard). If a vendor cannot or will not disclose sub-processors, your DPO will reject the DPA and the procurement will stall.
5. What is the data retention and deletion policy?
PDPA MY and PDPA SG both require that personal data is not retained longer than necessary for the stated purpose. AI agents that cache intermediate states, embeddings, or task logs may retain data far longer than users expect.
Questions to ask:
- How long are task logs and intermediate outputs retained?
- Does a user's deletion request propagate to all sub-processors within a defined SLA?
- Are backups purged on the same schedule as production data?
6. Is there a breach notification commitment?
Both MY and SG PDPA require breach notification to regulators. Malaysia introduced a mandatory data-breach-notification obligation through its 2024 PDPA amendment (confirm the current commencement date and reporting window with the regulator); Singapore's notification obligation has been in force for several years. Your DPA with the AI vendor should include a commitment to notify you within 24–48 hours of a confirmed breach so you can meet your own regulatory notification window.
Data residency risk grid
This grid summarises the compliance risk level for the most-evaluated AI agents in the MY/SG enterprise market as of May 2026. This is a general assessment, not a legal opinion. Validate the current state against each vendor's DPA before deployment.
Higher = more compliance friction. Based on default data routing, published DPA availability, and sub-processor disclosure. Not a legal opinion.
China-hosted agents (generic)
10/10
Manus (Standard tier, no DPA)
8/10
ChatGPT Agent (OpenAI enterprise)
5/10
Manus (with executed DPA)
5/10
Claude API (Anthropic enterprise DPA)
4/10
Claude Cowork (local-first)
2/10
035810
Source: Mindber editorial assessment (1-10 scale, compliance friction). Based on publicly available DPAs and data processing addenda as of 2026-05-04. Not a benchmark or legal advice., May 4, 2026
Notes on scoring:
- Claude Cowork scores lowest because file content stays on device — only model context crosses to Anthropic's API. This materially reduces the cross-border transfer surface.
- Manus without a DPA scores high because the default standard-tier ToS does not include enterprise cross-border transfer clauses, sub-processor disclosure, or explicit training opt-out.
- China-hosted agents score 10 due to PRC state access laws that are incompatible with both MY and SG PDPA cross-border transfer requirements in the absence of additional safeguards.
Compliance posture comparison — Manus vs Claude Cowork
For teams actively choosing between these two agents, the compliance posture difference is the most consequential dimension. The full product comparison is at Manus vs Claude Cowork.
Cross-border transfer risk
Data routes to Manus cloud (SG/CN infrastructure). Requires DPA with cross-border clauses.
2/5
Sub-processor disclosure
Sub-processor list available on request; not always pre-published for standard tier.
3/5
Training opt-out (default)
Standard ToS does not explicitly exclude training use. Enterprise DPA required.
2/5
Breach notification SLA
Available in enterprise DPA; not guaranteed in standard tier.
3/5
Deletion / retention controls
Task logs retained 30 days by default; sandbox state may persist longer.
3/5
Cross-border transfer risk
Files stay on device; only model context (not raw files) sent to Anthropic API.
5/5
Sub-processor disclosure
Anthropic publishes a sub-processor list; enterprise DPA available on request.
4/5
Training opt-out (default)
Anthropic enterprise DPA explicitly excludes training. Pro consumer ToS differs — request enterprise terms.
4/5
Breach notification SLA
Enterprise DPA includes 48h notification commitment.
4/5
Deletion / retention controls
Conversation data deletion available via account settings; enterprise data retention SLAs in DPA.
4/5
Both tools have a path to compliance — but the path length is very different. Cowork's local-first architecture removes the entire cross-border transfer question for file content. Manus requires executing an enterprise DPA, reviewing the sub-processor list, and confirming data center region — a process that typically takes 3–6 weeks in a mid-size enterprise legal workflow.
Decision matrix — which tool is safe for which work
Procurement decision by work type
If data must stay local
Green-light Cowork
- NDA-bound client documents, financial records, healthcare data
- Personal data of MY/SG data subjects that cannot be transferred cross-border
- Work where even the model-context API call is acceptable (Anthropic is a US entity with SCC-capable DPA)
- Interactive file editing where sub-second feedback matters
If data is non-personal or DPA is executed
Green-light Manus
- Public web research, scraping publicly accessible sources
- Internal non-personal content (e.g. product specs, public market data)
- Scenarios where you have executed Manus enterprise DPA with sub-processor disclosure
- Async overnight workflows where data classification has been completed
If uncertain about data classification
Escalate to DPO
- Any personal data of customers, employees, or prospects
- Regulated data (healthcare, financial, legal — even if pseudonymised)
- Data sourced from EU data subjects (GDPR applies in parallel)
- Any AI agent you have not yet obtained a DPA for
The procurement checklist
Use this checklist before deploying any AI agent that processes personal data in a MY/SG enterprise context. A copy can be shared directly with your DPO or legal team.
Phase 1: Data classification (before you even open a trial account)
- Identify the data types the agent will process: personal data, sensitive personal data, non-personal data.
- For personal data: determine the nationality/residency of data subjects (MY, SG, EU, or mixed).
- For sensitive personal data (health, financial, biometric, political): apply heightened scrutiny — most cloud AI agents cannot be approved for sensitive personal data in a standard tier.
- Confirm whether any data subjects are minors (under 18 in MY, under 18 in SG — AI agents processing minors' data face additional restrictions).
Phase 2: Vendor due diligence
- Request the vendor's current Data Processing Addendum (DPA) or Data Processing Agreement.
- Confirm the DPA covers: cross-border transfer mechanism, sub-processor list, data retention schedule, deletion SLA, breach notification timeline (≤48h recommended).
- Review the sub-processor list: confirm no sub-processor routes data through a jurisdiction incompatible with your PDPA obligations.
- Ask explicitly: "Does this vendor use our inputs for model training?" Get the answer in writing.
- Check the vendor's published privacy notice against their DPA — inconsistencies are a red flag.
- Confirm the vendor's security certifications: SOC 2 Type II and ISO 27001 are the minimum bar for most enterprise DPOs.
Phase 3: Internal risk assessment
- Complete a Transfer Impact Assessment (TIA) for any cross-border transfer to a non-adequate country (US, CN, most ASEAN jurisdictions outside SG for MY law).
- Document the lawful basis for processing and transfer in your ROPA (Records of Processing Activities).
- Confirm your PDPA breach response procedure names this vendor and includes the vendor's breach notification SLA.
- Set a review date — AI agent DPAs change frequently; schedule an annual review minimum.
Phase 4: Deployment controls
- Restrict access to the AI agent to users whose data classification training is current.
- Implement data minimisation at the prompt level: do not paste full databases into AI agent prompts when a summary or anonymised subset will do.
- If using a cloud agent for personal data, confirm the agent interface does not cache content in browser localStorage or similar client-side storage that could persist after session end.
- Log all AI agent sessions that process personal data for audit trail purposes.
Cost of compliance vs cost of non-compliance
The enforcement risk is not hypothetical. The PDPC Singapore publishes its enforcement decisions, which include substantial financial penalties for data-protection failures involving third-party processors, and Malaysia's Personal Data Protection Department has stepped up enforcement following its 2024 amendment. Both regulators publish their decisions and guidance openly — check the current enforcement registers before assuming a given practice is low-risk.
Manus (enterprise DPA path)Cowork (local-first)
Vendor DPA negotiation
Manus (enterprise DPA path)
3 wks
Cowork (local-first)
1 wks
Transfer Impact Assessment
Manus (enterprise DPA path)
2 wks
Cowork (local-first)
0.5 wks
Sub-processor review
Manus (enterprise DPA path)
1 wks
Cowork (local-first)
0.5 wks
Internal ROPA update
Manus (enterprise DPA path)
0.5 wks
Cowork (local-first)
0.5 wks
Source: Mindber illustrative estimates based on typical enterprise legal timelines. Actual timelines vary by organisation size, DPO availability, and vendor responsiveness., May 4, 2026
These are illustrative — a lean startup with a responsive legal function can compress the Manus DPA path to two weeks. An enterprise with a formal procurement committee may take three months. The key variable is whether the vendor's DPA is pre-negotiated or whether your legal team needs to redline it.
Cowork's local-first posture does not eliminate legal review entirely — Anthropic's API call still crosses a border, so you still need a DPA for the model-inference layer. But the absence of a full cloud sandbox means the Transfer Impact Assessment is scoped only to model-context content (not full file content), which is materially easier to complete.
Tools Mindber tracks in this space
The AI agents category on Mindber tracks all major autonomous agents with weekly-updated compliance signals. The rankings page scores them on activity and functionality. Key product pages:
- Manus — cloud-first async agent with enterprise DPA path
- Claude Cowork — local-first desktop agent, Anthropic enterprise DPA
- Perplexity Comet — browser-based agent with different data routing. Keep it in the comparison shortlist, but do not approve it for personal data until its current processing terms are reviewed.
The Mindber scoring methodology documents how we assess privacy posture as part of the activity and functionality scores. Data sources used in scoring are listed on the data sources page. For concerns about data accuracy, see the disclaimer.
Related comparisons
If you are in procurement and evaluating specific tool pairs, these comparisons go deeper:
- Manus vs Claude Cowork (2026) — cloud async vs local-first: full breakdown including architecture, pricing, and SEA compliance fit
- Autonomous agents tag — all Mindber field reports on this category
For the full landscape of tools in this category, use the compare tool or browse the AI agents category.
Frequently asked questions
Does Malaysian PDPA apply if I'm using an AI agent on a US server?
Yes. Malaysian PDPA 2010 applies to data controllers and processors established in Malaysia or who process data in relation to Malaysian data subjects, regardless of where the processing infrastructure is located. If your organisation is based in Malaysia and you send employee or customer data to a US-hosted AI agent, the Act applies to you as the data controller.
Does Singapore's PDPA apply to AI agents?
Yes. Automated decision-making systems and AI tools that process personal data of Singapore residents fall within the scope of the PDPA 2012 — the obligations on data controllers (you) and data processors (the AI vendor) both apply. Singapore has also published advisory AI-governance guidance (via the PDPC and IMDA) that represents best-practice expectations rather than binding rules. Check the current PDPC/IMDA guidance for the latest position.
Is consent a valid legal basis for sending personal data to a cloud AI agent?
Technically yes, but practically difficult. Consent under both MY and SG PDPA must be informed, freely given, and specific to the processing activity. Getting valid consent from every data subject whose data you might paste into an AI agent prompt is operationally unworkable for most enterprise use cases. A DPA with contractual transfer clauses (SCCs or equivalent) is the preferred basis for routine processing.
What's the difference between a DPA and a Data Processing Agreement?
In this context, both refer to the contractual instrument between you (data controller) and the AI vendor (data processor). "DPA" is used for both "Data Processing Addendum" (a document added to an existing ToS) and "Data Processing Agreement" (a standalone contract). Either form is acceptable; what matters is the content — it must cover transfer mechanism, sub-processors, retention, deletion, and breach notification.
Can I use AI agents to process health data in Malaysia?
Health data is treated as sensitive personal data under the Malaysian PDPA, and processing it generally requires explicit consent or one of the narrow statutory exemptions (vital interests, medical treatment, etc.) — confirm the exact requirements with the regulator or counsel. For cloud AI agents you must also satisfy the cross-border transfer requirements for any transfer outside Malaysia. In practice, most organisations use local-first tools (like Claude Cowork) for health data to sidestep the cloud routing issue.
What does 'model training opt-out' mean and how do I get it?
When you send data to an AI model, the vendor may use that interaction to improve future versions of the model — this is called training on customer data. An enterprise DPA typically includes a clause stating the vendor will not use your inputs for training. To get this, request the vendor's enterprise or business DPA — the consumer ToS often does not include this clause. For Anthropic (Claude Cowork), this is included in the business plan terms. For other vendors, check explicitly.
How do I handle a breach notification if an AI vendor is compromised?
Under Malaysia's 2024 PDPA amendment and Singapore's PDPA 2012, you must notify the relevant commissioner of a notifiable breach within the statutory window — confirm the current deadline for each jurisdiction, as they differ. Your DPA with the AI vendor should require them to notify you within 24–48 hours so you have time to complete your own assessment and filing. If a vendor cannot commit to ≤48h breach notification in writing, treat that as a risk-acceptance decision that requires sign-off at CTO or DPO level.
Do I need separate DPAs for MY and SG if I operate in both countries?
You may need separate DPAs if your entities in Malaysia and Singapore are separate legal entities — the DPA is between your entity and the vendor, and each entity is separately subject to its local PDPA. In practice, many vendors offer a single DPA that covers both jurisdictions with a schedule covering the Malaysian and Singaporean cross-border transfer requirements. Ask the vendor explicitly whether their DPA covers both regimes.
Are there AI agents that are natively compliant with MY/SG PDPA?
No AI agent vendor is formally certified against either PDPA — there is no government-run certification scheme for AI tools as of 2026. What exists is a spectrum of compliance readiness: vendors who have executed SCCs, completed SOC 2 Type II, maintain a sub-processor list, and offer enterprise DPAs are at the compliant end of the spectrum. Vendors who do not publish a DPA or sub-processor list are at the non-compliant end. Claude Cowork and Manus with enterprise DPA are both in the compliant end when the full DPA path is completed.
What should I do if our legal team blocks all cloud AI agents?
This is more common than it should be, and often reflects a lack of familiarity with available safeguards rather than a principled objection. The most effective unblock is to bring a completed Transfer Impact Assessment and a pre-negotiated DPA from the vendor to the next legal review meeting. If the objection is to cloud routing categorically, local-first agents like Claude Cowork are the most productive alternative — they limit the compliance surface to the API inference call, which is typically easier for legal to approve. For fully air-gapped requirements, neither tool fits — look at self-hosted models (Ollama, LM Studio) as a separate track.
Sources & methodology
Sources & methodology
This guide cites primary regulatory sources for all legal claims. The compliance risk assessments are editorial judgments based on publicly available DPAs, ToS documents, and regulatory guidance — not legal opinions. Verify current vendor DPA terms directly before deployment.
- [1]Malaysia PDPA 2010 (Personal Data Protection Act 2010) + 2024 amendment — primary legislationPersonal Data Protection Department Malaysia (JPDP) — 2026-05-06
- [2]Singapore PDPA 2012 (Personal Data Protection Act 2012) and PDPC guidancePersonal Data Protection Commission Singapore — 2026-05-06
- [3]IMDA AI Governance Framework (Singapore)Infocomm Media Development Authority (IMDA) — 2026-05-06
- [4]Anthropic Privacy Policy and Data Processing AddendumAnthropic Privacy Center — 2026-05-04
- [5]Manus pricing and DPA availabilitymanus.im/pricing and manus.im/privacy — 2026-05-04
- [6]Malaysia 2024 PDPA amendment — introduced mandatory data-breach notification (confirm current commencement date and reporting window with the regulator)Personal Data Protection Department Malaysia (JPDP) — 2026-05-06
- [7]Compliance risk scores and procurement timeline estimatesMindber editorial assessment — subjective scoring based on publicly available DPAs and regulatory guidance. Not a benchmark or legal opinion. — 2026-05-04
Further reading on Mindber: See the full AI agents category for all tracked tools, the Mindber liveness methodology for how we assess vendor activity signals, and the editorial methodology for how compliance signals factor into scoring. Questions about data accuracy? Use the disclaimer and corrections workflow.
Share this article
Legal notice
This publication constitutes editorial commentary on publicly available information and does not constitute financial, legal, investment, or professional advice. Product names, trademarks, and registered trademarks referenced herein are the property of their respective owners; their appearance does not imply endorsement or affiliation. Mindber's analysis reflects editorial judgment based on public signals and is subject to change without notice. Scores are not buy, sell, or hold recommendations. No commercial relationship exists between Mindber and the vendors evaluated unless separately disclosed in writing. This publication is governed by the laws of Malaysia. Any dispute arising from or in connection with this publication shall be submitted to the exclusive jurisdiction of the courts of Malaysia.
AI-generated · This report was generated using AI language models trained on publicly available data. It reflects editorial analysis at the time of generation and is not the result of hands-on product testing, independent verification by a human analyst, or a commercial endorsement. All scores, assessments, and claims are derived from signals indexed by Mindber at generation time and are subject to change without notice. Mindber and its operators make no warranty of accuracy, completeness, or fitness for any commercial decision-making purpose. This report is for informational purposes only.