A Shared Future? Economic Security Challenges from Malaysia–China Economic Cooperation and Data Center Development

Amid escalating US-China geopolitical tech competition and the rapid restructuring of global supply chains, AI data centers have emerged as a new focal point for national security and industrial competitiveness.

A new research report by the DSET Economic Security Research Program, authored by Non-Resident Fellow Chris Chih-Hua Tseng and Policy Analyst Jin Chian Seer, analyzes the deepening economic and technological influence China is exerting on Malaysia through strategic investments. The report examines how Malaysia and Singapore are leveraging their geographic advantages to attract rapid deployment from both Chinese and Western data center operators, and analyzes the potential economic security risks through four distinct data center development models.

The study also proposes how democratic nations can establish more rigorous regulations and cooperative frameworks to safeguard national security while advancing industrial interests amid rapidly growing AI demands.

China’s “Community of Shared Future” and FDI Influence 

The report uses Malaysian foreign investment data to illustrate how stable, year-on-year investment from China has deepened Beijing’s influence over Malaysia’s economic and technology policies.

For example, China pivoted its strategic footprint in the region and hosted the “Central Conference on Work Relating to the Periphery” in April, during which Xi Jinping emphasized the construction of a “community of shared future in the periphery.” Subsequently, China and Malaysia signed 31 Memorandums of Understanding (MOUs) in May to strengthen cooperation in areas such as the “Two Countries, Twin Parks” industrial zones, emerging technology R&D, and the digital economy.

While these investments align with Malaysia’s own industrial upgrading goals, such as the “New Industrial Master Plan 2030” and “Malaysia Madani” policies, the report highlights a key distinction: unlike Western capital, which often fluctuates with the market, the stable inflow of Chinese direct investment over the last five years is exerting a more long-term impact on Malaysia’s economy.

The report argues that China is leveraging this influence to utilize Malaysia as a channel to bypass Western blockades, deepen R&D, acquire global talent, circumvent regulations, and expand the market for Chinese technological applications.

Southeast Asia as a New AI Infrastructure Hub 

The DSET report inventories the data center computing capacity and the proportion of Chinese capital involvement across three key locations: Singapore, Klang Valley, and the emerging hub of Johor. Explore the full data center map and data on our interactive dashboard: https://sedc.dset.tw/ 

Singapore remains the region’s core hub due to its dense submarine cable network and mature financial and tech industries. Though new permits have slowed due to land and energy constraints, its accumulated capacity still leads Southeast Asia.

In Malaysia, Klang Valley is an established data center hotspot. Joining the ranks is Johor, the new data center hub—whose rising status was facilitated by a partnership with its close neighbor Singapore. Accordingly, the Johor-Singapore Special Economic Zone (JS-SEZ), with the added advantage of cheap land and power costs, has made Johor a top destination for data center investment. The report reveals that Johor’s existing data center capacity now exceeds that of the Klang Valley, with Chinese-backed operators accounting for over half (58.4%) of this capacity.

Geopolitical Risks and the “Bamboo Network” 

The report, which focuses on high performance data centers required for AI training and inference, notes that the “non-aligned” stance of Singapore and Malaysia has paved the way for them to become a “third place” for US and Chinese firms to diversify risk.

However, this trend introduces significant economic security risks:

1. Export Control Loopholes: Sales of high-end GPUs to China, which are restricted by U.S. export controls, have risen significantly in Singapore and Malaysia. This suggests the region may be becoming a “gray zone” for export controls. Overseas data center deployments can conceal Chinese capital and allow it to partner with local firms, creating loopholes in the export control regime.
2. The “Bamboo Network”: A series of overseas Chinese business networks, known as the “Bamboo Network,” enables Chinese firms to rapidly penetrate local economic structures. Examples include the YTL Group’s joint venture with China-based GDS to deploy NVIDIA Blackwell servers, and the Kuok Group’s K2 Strategic, whose management maintains close ties to Chinese officials. These relationships serve as a crucial bridge for the rapid deployment of Chinese capital.

Four Data Center Risk Models 

To help governments assess these new threats, the report classifies data centers into four models based on the degree of supply chain control and the potential for regulatory evasion:

1. Greenfield: Independently developed and operated by a single foreign entity, offering the highest degree of control.
2. Joint Venture: Established by two or more companies. Risks arise from information asymmetry and differing levels of access.
3. Hybrid Cloud: Cross-border models combining local hardware with external cloud services, which can easily become regulatory loopholes.
4. Colocation: Facilities shared by multiple clients, offering the weakest control and posing the highest difficulty for auditing and vetting.

This framework provides a concrete typology for a layered risk assessment of potential infiltration and transshipment risks.

Policy Recommendations: Building a “Trusted AI Infrastructure Alliance” 

The report concludes by calling on democratic nations to establish a verifiable, trusted AI infrastructure network and engage in more strategic AI diplomacy with non-aligned countries.

Key recommendations include:

1. Establishing Rules for Verifying Data Centers and Determining Their Access to GPUs and Computing Power
   • Establish a “Trusted AI Infrastructure Whitelist Program” that requires operators to disclose ownership structures, hardware supply chains, and compute density.
   • Define a “Safe Compute Density Threshold (CDI)” to quantify high-performance GPU density.
   • Expand Critical Infrastructure Protection (CIP) to Overseas Data Centers with U.S. Involvement.
2. Strengthening the Capacity for Investigating and Prosecuting Indirect Transfers through Unlisted Foreign Entities
   • Require “High-Performance Compute Use Declarations (HPC-UD).”
   • Expand “Verifiable Compute Chip Tagging (VCCT)” to enable global traceability.
   • Strengthen customs to synergize inspections on high-end SSDs.
3. Launch the “AI Infrastructure Partnership Framework 2.0”
   • Redesign the cooperation model between the U.S. and Southeast Asian allies centered on AI infrastructure, which would close the effectiveness gap of the Indo-Pacific Economic Framework (IPEF).
   • Encourage Southeast Asian partners who comply with U.S. technology export regulations to share advanced technologies and standards, establishing a “Trusted AI Supply Chain Ecosystem.”
   • Use “technology dividends” as an incentive to guide non-aligned nations toward the democratic camp’s value-oriented development through cooperative upgrades and regulatory alignment.

In summary, the DSET report proposes a multi-layered strategy that combines technical security (chip tracking and compute regulation) with a governance framework (cross-border standards and whitelisting) to build a trust-based AI infrastructure system amid heightened geopolitical competition.