DSET Releases Report on Data Centers in Singapore and Malaysia, Highlighting China’s Overseas AI Expansion to Circumvent Export Controls

The Research Institute for Democracy, Society and Emerging Technology (DSET) released a new report on January 8 warning that Singapore and Malaysia are rapidly becoming critical “gray zones” enabling China to bypass U.S. export controls and expand its offshore AI computing capacity.

The report, “A Shared Future? Economic Security Challenges from Malaysia–China Economic Cooperation and Data Center Development,” argues that the two countries’ strategically ambiguous geopolitical positioning—combined with rapid data center expansion—has created structural loopholes in the current export control regime. DSET stresses that without closer international coordination, these loopholes risk undermining global efforts to regulate advanced AI and semiconductor supply chains.

The findings were presented by the report’s authors, Chris Chih-Hua Tseng, Non-Resident Fellow, and Jin Chian Seer, Policy Analyst at DSET’s Economic Security Research Program, with commentary from Elaine Huang of CommonWealth Magazine and Ting-Fang Cheng, Chief Technology Correspondent at Nikkei Asia.

Tseng highlighted that China’s stock of foreign direct investment (FDI) in Malaysia has now surpassed that of Western economies and continues to grow steadily. In parallel, Malaysia and China have signed multiple memoranda of understanding covering AI and the digital economy. Tseng warned that Malaysia is increasingly positioned as a strategic testing ground for Chinese technology deployment and standards-setting beyond China’s borders.

Jin emphasized that Chinese firms have leveraged long-standing ethnic Chinese business networks—the so-called “bamboo network”—to collaborate with politically connected and well-established Malaysian companies. These partnerships provide legally compliant and locally normalized platforms for the movement of Chinese capital, technology, and talent, allowing deep market penetration with relatively low public and regulatory scrutiny.

The report identifies four primary pathways through which Chinese companies circumvent U.S. semiconductor export controls to obtain advanced computing power:

• Shadow Greenfield investments conducted through shell entities;
• Joint ventures with local partners;
• Colocation arrangements, in which Chinese clients lease rack space, power, and connectivity while maintaining control over servers; and
• Hybrid Cloud architectures that allow Chinese data and AI models to be processed in overseas data centers and transmitted back to China—without physically transferring export-controlled chips.

DSET also mapped 178 data centers across Singapore and Malaysia, finding that Johor, near the Singapore–Malaysia border, has emerged as a major hub for China-linked facilities. Data centers associated with China account for nearly 60 percent of Johor’s operational capacity, approximately 242 megawatts, often operating through joint ventures or service-leasing structures that obscure actual control.

Elaine Huang described Singapore and Johor as forming an “AI-neutral corridor,” with Singapore serving as a headquarters and connectivity hub while Johor absorbs large-scale computing demand. While commercially efficient, she warned that this dual-city model has also become a gray channel for evading chip export controls, underscoring the need for hardware-level governance to track advanced semiconductor flows.

Ting-Fang Cheng noted that Malaysia’s accommodating posture toward China is largely driven by economic pragmatism. She added that the volatility and frequent revisions of U.S. export control policies have complicated efforts to align partners behind stricter enforcement. Cheng also cautioned that rapid data center expansion in Johor has begun to expose environmental risks, particularly water stress.

During the discussion, DSET researchers argued that Compute-as-a-Service (CaaS) has emerged as a major loophole in export controls, allowing Chinese firms to access advanced computing via third-country cloud providers. Tseng observed that recent cases, including NVIDIA’s H200, illustrate a shift in U.S. policy from hardware-based thresholds toward outcome-based assessments—raising enforcement complexity.

DSET calls on the United States and its partners to strengthen long-arm jurisdiction over corporate compliance and to establish a corporate “whitelist” mechanism that prioritizes cooperation over coercion. Such an approach, the report argues, could prevent non-aligned countries like Malaysia from being pushed into deeper technological dependence on China.

The institute also noted that similar patterns of overseas data center deployment have been observed in countries such as the United Arab Emirates and Mexico, signaling a broader global challenge to AI export control regimes.