Published
Budget 2026 just turned on a 50% additional tax deduction for accredited AI and cybersecurity training at Malaysian MSMEs — meaning every ringgit you spend on qualifying upskilling deducts at 150% against assessable income. Selangor's tech corridors are the first wave. Here's how to qualify, what to claim, and what to track in Duitful so the deduction survives an LHDN audit.
150% deductibility
Effective deductibility on accredited AI & cybersecurity training for Malaysian MSMEs (100% standard + 50% additional)
Operational under Budget 2026 mandates from this week. Selangor's tech corridors — Cyberjaya, Shah Alam, Subang Hi-Tech — are the headline targets, but the deduction applies nationwide if the SME meets MSME criteria.
A 50% additional deduction means for every RM 1,000 of qualifying training spend, your assessable income drops by RM 1,500. At a 17% SME tax rate on the first RM 600k of chargeable income, that's a real RM 255 in tax saved per RM 1,000 spent — RM 85 of which comes from the additional deduction itself.
Eligible (most likely)
Not eligible (most likely)
The MSME definition follows SME Corp's published thresholds. Manufacturing has a higher revenue ceiling than services. Most Selangor tech founders running <100 staff with revenue under RM 50m on the services side will qualify comfortably; check the current SME Corp circular for the exact thresholds for your sector before claiming.
Tuition, registration, certification fees for accredited AI and cybersecurity courses. Accreditation can come from HRD Corp registered providers, MDEC-recognised programmes, or vendor certifications recognised under Budget 2026's qualifying schedule. Keep the official accreditation reference number on the receipt or invoice.
Industry certs that anchor the training — AWS, Azure, Google Cloud, OffSec OSCP, ISC2 CISSP, CompTIA Security+, vendor-specific AI certs (NVIDIA, Databricks, etc.). Accredited under the same Budget 2026 schedule.
Required textbooks, lab fees, sandbox access, training-only software licences. The "training only" qualifier matters — your day-to-day SaaS bill is not training spend even if it has an AI module.
Where the training itself qualifies and is residential or out-of-state. Per-diems and standard accommodation rates only — no first-class flights, no five-star hotels. Apply the same reasonableness test LHDN applies to general business travel.
Create a category called Training · AI 2026 (or similar — be consistent). Tag every related expense to it. Don't split across Training, Software, and Travel — you want one number at filing time.
For each entry, write the accredited provider's name and accreditation reference (HRD Corp / MDEC / vendor) in the description. Your accountant or LHDN reviewer can verify accreditation in 30 seconds without asking you for paperwork.
If your SME has >5 employees being trained, add the employee name in the description (Faiz · OffSec OSCP, Aishwarya · AWS AI). At LHDN audit, the question "who actually did this training and was it relevant to their role" is the most common challenge — having it answerable in one report saves the back-and-forth.
Keep on file (digital)
Add to your CP3 / Form C workings
For broader SME and freelancer expense hygiene, the SME / freelancer expense tracker guide is the operational baseline. This deduction layers on top of clean books, not on top of receipts in a shoebox.
A consultant building you a chatbot is project services, not training. It deducts at 100% as normal opex but does not get the additional 50%. Don't let a vendor mislabel project work as "training" on the invoice — the LHDN auditor will reclassify it back, and they'll question the rest of the file.
A YouTube series, a "$199 ChatGPT mastery" sale on Udemy, or random Twitter-promoted bootcamps without accreditation under the Budget 2026 schedule do not qualify. They may still be useful — just not for the additional 50%.
HRD Corp levy reimbursement and the additional 50% deduction operate on different mechanisms. You cannot double-count the same expense. Your accountant will know how to optimise across both — but the optimisation usually means choosing one path per training, not both.
Yes, provided the founder is properly on payroll (PCB deductions filed, EPF/SOCSO contributions made), the company is the entity bearing the training cost, and the training is relevant to the founder's role in running the business. Ad-hoc reimbursements without a proper employment structure won't survive scrutiny.
Potentially yes — provided the provider is recognised under the Budget 2026 accreditation schedule. Many international cybersecurity certifications (SANS, OffSec, ISC2) are explicitly recognised. Verify the specific course is on the accredited list before booking.
Yes. Training spent in YA 2026 deducts in YA 2026, including the additional 50%. Don't try to defer or stack across years — you'll trigger questions and lose the simplicity advantage.
Hardware is capital expenditure, not training. It deducts via standard capital allowances on its own depreciation schedule. The additional 50% is for training spend specifically. Don't try to bundle.
HRD Corp publishes its registered training providers (search by course code). MDEC publishes its digital-skills programme list. Specific Budget 2026 accreditation references should appear in the provider's invoice; if they don't, ask. Without an accreditation reference, the claim is high-risk.
Course fees, exam fees, accommodation, materials. All eligible if accredited; all need a clean paper trail. Tag them under `Training · AI 2026` in Duitful so your accountant pulls one report at filing time. Free to start, RM 19.90 one-time for Pro.
Open Duitful →