Get ready for game-changing amendments to Singapore’s Cyber Security Act

Significant amendments to the Singapore Cyber Security Act have been proposed in a draft bill released by the Cyber Security Agency of Singapore (CSA). The changes aim to strengthen the regulatory approach to critical information infrastructure (CII) and extend the regulatory scope of the CS Act to include other entities beyond CII owners. Under the proposed changes, Part 3A of the CS Act would allow providers of essential services to use computing vendors in the delivery of services. However, the responsibility for cybersecurity would remain with the service providers. The draft bill also seeks to regulate major providers of foundational digital infrastructure, entities of special cybersecurity interest, and owners of systems of temporary cybersecurity concern. The proposed amendments would increase regulatory oversight, introduce stricter cybersecurity standards, enhance incident reporting requirements, and lead to increased scrutiny of supply chains. The public consultation period for the draft bill concluded on January 15, 2024.