Cybersecurity—Singapore—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—Singapore—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—Singapore—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in Singapore published as part of the Lexology Getting the Deal Through series by Law Business Research (published: February 2020).

Authors: Drew & Napier LLC—Lim Chong Kin

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

The primary cybersecurity legislation in Singapore is the Cybersecurity Act 2018 (No. 9 of 2018) (Cybersecurity Act). The Cybersecurity Act came into effect on 31 August 2018, with the exception of Part 5 (sections 24 to 35) and the Second Schedule which concern the licensing of cybersecurity service providers. Subsidiary legislation includes the Cybersecurity (Critical Information Infrastructure) Regulations 2018 and Cybersecurity (Confidential Treatment of Information) Regulations 2018.

The Cybersecurity Act:

  1. creates a framework for the protection of designated critical information infrastructure (CII) against cybersecurity threats;

  2. provides for the appointment of the Commissioner of Cybersecurity (Commissioner) and other officers for the administration of the Cybersecurity Act;

  3. authorises the taking of measures to prevent, manage and respond to cybersecurity threats and incidents in Singapore; and

  4. establishes a licensing framework for providers of licensable cybersecurity services in Singapore, specifically, managed security operations centre monitoring services and penetration testing services.

Under the Cybersecurity Act, the Commissioner is empowered to issue codes of practice and standards of performance to ensure the cybersecurity of CII. Pursuant to these powers, the Commissioner

Popular documents