On 15 December 2023, the Cybersecurity Agency of Singapore (CSA) released the draft Cybersecurity (Amendment) Bill. This Bill is an update of The Cybersecurity Act 2018, which sets out the legal framework to oversee national cybersecurity in Singapore. The press release and the draft can be accessed via this link.
Given significant changes in the technological landscape since the Act was introduced in 2018, the Cybersecurity (Amendment) Bill seeks to enhance Singapore’s cybersecurity regime and tackle the emerging challenges in cyberspace.
The significance of the update is that the Bill will widen its scope to cover computer systems beyond Critical Information Infrastructures (CII). The new types of entities to be regulated include provider and non-provider-owned CII, Foundation Digital Infrastructure (FDI), Entities of Special Cybersecurity Interests (ESCI), and Systems of Temporary Cybersecurity Concern (STCC). Under this Act, regulated entities will be required to follow various obligations, such as adhering to cybersecurity standards of practice, reporting cybersecurity incidents to CSA, and complying with directions issued by the Commissioner of Cybersecurity.
Access Partnership and the Data Governance Practice is closely tracking cybersecurity and cybercrime-related developments around the world. If you would like more information on the state of cybersecurity and other related regulatory developments in cybersecurity, please get in touch with Christy Tsang at [email protected] or Lim May-Ann at [email protected].