For years, Malaysia’s innovation ecosystem has been celebrated for its creativity, diversity of talent and strong R&D output. But behind the scenes, many innovators quietly admit the same frustration: building the technology wasn’t the hardest part — getting it certified, protected, and bought was.

It’s a reality that rarely makes headlines. This year, MINDA 2025 (MySTI Interaction Day) set out to confront that reality head-on. Organised by the Malaysian Research Accelerator for Technology and Innovation (MRANTI) with support from the Ministry of Science, Technology and Innovation (MOSTI), the programme brought together innovators, regulators, certifiers and procurement bodies in one place — forming an unusually direct bridge between Malaysia’s creators and the decision-makers who determine whether a product can actually reach the market.

Across four sessions, MINDA 2025 revealed the complex forces that shape Malaysia’s innovation journey: compliance bottlenecks, IP pitfalls, documentation errors, procurement hurdles, and the continuous need to align technology with national governance frameworks.

This is how 2025’s cohort learned to turn ideas into market-ready solutions, and what it tells us about Malaysia’s future competitiveness.

When Technology Works, but Paperwork Doesn’t: The Compliance Reality

SESSION 1: From Prototype to Certification – Effective Compliance Pathways

The first session of MINDA 2025 immediately surfaced a truth that many Malaysian innovators face but rarely articulate: building a prototype is only half the journey. The other half, often longer, more complex, and far less glamorous, is navigating the compliance, safety and certification ecosystem that determines whether a product ever reaches the market.

Moderated by Ibnu Mohamed from MRANTI, the session brought together key regulatory and certification bodies including the Medical Device Authority (MDA), Standards and Industrial Research Institute of Malaysia (SIRIM), SIRIM QAS International, the National Pharmaceutical Regulatory Agency (NPRA), and CyberSecurity Malaysia. Their combined perspectives painted a clear picture of what it actually takes for Malaysian innovations to be approved, certified, and trusted.

What emerged was the same message echoed across multiple regulators: compliance must begin as early as R&D. Many innovators still assume that documentation, safety validation and regulatory checks come after the prototype is complete. In reality, early compliance decisions directly determine whether a product can move smoothly or painfully through the certification pipeline.

One recurring point was the importance of correctly identifying whether a product qualifies as a pharmaceutical or a medical device, as the two pathways require different evidence and regulatory actions. Pharmaceuticals demand proof of pharmacological or metabolic action, while medical devices do not. Misclassification at the beginning leads to months of repeated testing, reworking, and resubmission.

SIRIM highlighted another major stumbling block: incomplete documentation. Technical specifications, SOPs, and test reports form the backbone of certification, and many companies underestimate the level of detail required. Factory inspections often fail because processes are undocumented or poorly standardised. To support early-stage innovators, SIRIM introduced its Product Appraisal Scheme, designed specifically for pre-commercial companies needing structured guidance before formal certification.

NPRA reinforced that pharmaceutical evaluation prioritises quality, safety and efficacy—standards aligned with global benchmarks. Meanwhile, CyberSecurity Malaysia emphasised that digital health solutions, IoT devices, and software-driven products must now pass cybersecurity checks aligned with current legislation and national frameworks. As digital components become more common across sectors, cybersecurity compliance has effectively become a prerequisite for product approval.

Throughout the session, panellists reiterated that safety validation and risk classification are not optional extras. Medical devices, for instance, fall under risk classes A to D, from low to extreme-high risk, and this classification dictates the depth of assessment, documentation, and licensing needed. Innovators who understand their risk category early on move significantly faster through the system.

This shift toward early compliance was captured in a sharp reminder from Idamazura Idris of MDA:

“Safety evidence must be collected from the R&D phase to ensure a smooth application process.”

And with digital innovation accelerating, Wan Shafiuddin Zainudin from CyberSecurity Malaysia stressed a point increasingly relevant across industries:

“Cybersecurity compliance is not just about protecting data—it determines the approval of digital products.”

The session concluded with clarity: Innovators who embed compliance into their design and R&D processes will gain a strategic advantage, thus moving faster, avoiding rework, and strengthening trust.

Among the strongest takeaways was the need for complete, consistent documentation when submitting applications to MDA, SIRIM, NPRA and CyberSecurity Malaysia. Any gaps or inconsistencies slow down the entire process.

Overall, Session 1 made the journey from prototype to certification far less mysterious. Innovators walked away understanding the real expectations of regulators, the practical steps needed to accelerate approval, and the importance of aligning product development with compliance from day one.

This shift in mindset from inventing first to designing with compliance in mind marks the beginning of a more mature, market-ready Malaysian innovation ecosystem.