Team size:   Two

What are the most significant cases, projects or transactions that you and/or your legal team have recently been involved in?

One of the most significant projects this year was our collaboration with YTL AI Labs on the potential integration of ILMU, Malaysia’s first homegrown large language model (LLM), into our connected mobility platform. While ILMU is not our product, our legal team played a key role in evaluating and guiding the legal and ethical implications of embedding generative AI into a smart vehicle setting. This involved advising on data privacy, user consent, IP protection, and safety risks — all in an environment where regulations are still evolving. We also participated in an internal knowledge-sharing session with the National AI Office (NAIO), which helped us align our internal approach with national direction on AI governance.

Another major undertaking was the landmark cross-border partnership between ACO Tech, Bridge Alliance (Singapore), and TMAP Mobility (South Korea), focused on delivering connected vehicle services across Asia. I personally led the legal side of this deal, which involved coordinating regulatory and commercial inputs across three jurisdictions. We designed a scalable legal framework that would not only support the current arrangement but be ready to accommodate future partners and territories without renegotiating the structure from scratch. These types of regional projects are usually handled by much larger legal departments — but in our case, we managed it in-house, with just two people.

On a broader scale, we’ve also been handling legal work to support the Proton Group’s wider smart vehicle strategy, which includes hardware flows from Thailand, deployment in Malaysia, commercial expansion into Singapore, and data handling compliance in China. Each of these markets has vastly different regulatory landscapes, and we’ve provided end-to-end legal support, including contract review, cross-border compliance planning, and localisation of legal documentation — all done internally.

How do you approach managing legal aspects during periods of instability or crisis to ensure the organisation’s resilience? 

When dealing with instability or unexpected risk – whether regulatory, commercial, or reputational – my approach is built on two key principles: prioritise clarity, and stay close to the business. I believe the legal team’s role in a crisis isn’t just to manage fallout, but to help the business make fast, informed decisions while keeping risk under control. That means:

Translating uncertainty into practical action – for example, identifying immediate legal implications of regulatory changes or contract risks

Being visible and available – rather than waiting to be looped in, I proactively offer guidance, often stepping into operational meetings to provide direct input

Keeping documentation and processes tight – during uncertain times, clarity in contracts, approval flows, and escalation procedures becomes even more critical

Engaging early – we don’t wait until something becomes a legal issue. We track early signals (whether from product changes or partner feedback) and position legal as a problem-solving partner

For example, during regional regulatory laws and practice in China (i.e. the FX exchange), I worked with internal sales and finance teams to map out potential business impacts, adjusted contract structures accordingly, and provided updated guidance to business users – ensuring we are in compliance while meeting the business goal. That proactive mindset makes us not only legally sound but also operationally resilient.

What strategies do you employ to ensure the successful digital transformation of a legal department while maintaining compliance with your country’s data protection laws? 

Digital transformation for us has been less about buying “legal tech” and more about solving the day-to-day friction points between legal and business – without ever losing sight of our obligations under the data protection laws and other regional data rules.

One practical move we made was shifting all legal approvals – from contract vetting to advisory requests – into a centralised request system, built on top of our existing business process platform. It wasn’t a flashy legal software purchase, but it worked because it fit how our teams already operated. We layered in access controls, approval logs, and document routing to ensure traceability and security, all mapped against internal SOPs.

For signatures, we adopted a group-wide e-signature protocol that respects both Malaysia’s Digital Signature Act and local signing practices in other markets (like China and Thailand, where additional layers are sometimes still required). The challenge wasn’t the tech – it was getting people to trust it. So, we ran internal awareness briefings, issued a practical guide, and embedded compliance touchpoints into workflows (e.g. flagging when NDAs or cross-border contracts need extra scrutiny).

Importantly, we’ve stayed away from “quick wins” that create downstream risks. For example, when experimenting with contract automation templates, we paused rollout until we could confirm where data was stored, who had access, and whether our contract metadata might reveal sensitive commercial strategies if mishandled.

Instead of relying on IT to handle all this, I personally took the lead in mapping data flows, reviewing third-party service agreements, and updating our internal clause bank to reflect digital-specific risks. The goal was never just speed – it was building systems the business would actually use and trust, while quietly ensuring that nothing we implement today becomes a compliance headache tomorrow.

What do you think are the most important attributes for a modern in-house counsel to possess? 

For me, three qualities stand out – and I try to live them daily:

Context over caution. A modern in-house counsel can’t afford to be the “no” person. You need to understand where the business is headed – commercially, technically, and culturally – and tailor your advice accordingly. Sometimes that means being comfortable with ambiguity and helping teams move forward even when there isn’t perfect clarity.

Curiosity backed by humility. The legal landscape – especially around AI, data, and cross-border compliance – is changing so fast that nobody has all the answers. I’ve learned that staying curious, asking “dumb” questions, and talking to engineers, product managers, or even regulators help you spot risks and opportunities early. I’m not afraid to admit when I need to research something – but I always come back with a clear, actionable answer.

Influence without ego. As a two-person legal team, we don’t have time to write 10-page memos or argue over theory. The job is to influence decisions in rooms where legal isn’t always the loudest voice. That means building trust, being consistent, and showing stakeholders that legal is there to help them succeed – not slow them down.

Being in-house today means blending legal discipline with real-world impact. If you can listen well, act quickly, and guide without dominating, you’ll earn a seat at the table – and more importantly, you’ll stay there.