On May 7, the Parliament of Singapore passed the Cybersecurity (Amendment) Act 2024 (“Act”) to amend the Cybersecurity Act 2018, introducing new categories of regulated entities to better reflect key entities that face potentially detrimental threats by malicious actors and other provisions related to Critical Information Infrastructure (CII). The amendments are the first revision to Singapore’s Cybersecurity Act, marking a significant milestone in Singapore’s efforts to bolster its cybersecurity and resiliency in the face of emerging risks and technological advancements.
The Act increases the responsibilities of CII owners, including new incident reporting requirements, and expands the regulatory oversight of the Cybersecurity Agency (CSA) to cover systems of temporary cybersecurity concern (STCC). This category encompasses entities where successful cyber-attacks could significantly harm Singapore’s defense, foreign relations, economy, public order, public safety, or public health (e.g., critical vaccine distribution support systems during pandemics). The Act also introduces two new classes of regulated entities, foundational digital infrastructure (e.g., data centers) and entities of special cybersecurity interest (e.g., autonomous universities), that will be subject to lighter-touch regulations. A full list of designated entities has not been publicly disclosed to mitigate attacks from malicious actors.
Join the Council to continue reading this article
Enhance your business impact in Southeast Asia: Become a member of the US-ASEAN Business Council and tap into a network of possibilities.
Free Related Articles
