Key provisions detailed in the Cybersecurity (Amendment) Act, which was passed in Parliament on 7 May 2024, have commenced from 31 October 2025. These provisions relate to the updating of existing regulations related to Critical Information Infrastructure (“CII“) and the expansion of the Cyber Security Agency of Singapore’s (“CSA“) oversight to cover new classes of regulated entities, such as Systems of Temporary Cybersecurity Concern (“STCCs“).
Amendments to the Regulation of Provider-Owned CIIs
Given the increasing reliance of CII owners on virtual computers and systems in the provision of essential services, the Commissioner of Cybersecurity has been provided with the regulatory powers to designate such systems as CIIs to ensure that they meet the necessary requirements under the Cybersecurity Act.
The amendments also expand the cybersecurity incident reporting requirements to include incidents suspected of being caused by Advanced Persistent Threats, and incidents that result in a disruption of essential services for non-interconnected systems under the CII owner’s control. CII owners will need to report such incidents to CSA within two hours of becoming aware of such an occurrence.
Expansion of CSA’s Oversight to STCCs
STCCs are computer systems that may be of higher cybersecurity risk due to temporary events or situations. The amendments allow CSA to designate such computers or computer systems which are located wholly or partly in Singapore as an STCC for a limited period specified by the Commissioner, on the basis that there could be high risks to their cybersecurity which could be detrimental to Singapore’s national interests. STCC owners will be required to undertake cybersecurity measures and to report cybersecurity incidents affecting their STCCs during the limited period specified by the Commissioner.
Click on the following links for more information:
- CSA Press Release titled “Provisions in the Cybersecurity (Amendment) Act to Come into Force on 31 October 2025” (available on the CSA website at csa.gov.sg)
- Rajah & Tann Singapore April 2024 Legal Update titled “Singapore’s Cybersecurity Regime Set to Undergo Update – Cybersecurity (Amendment) Act Introduced in Parliament“
Disclaimer
Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.
The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.
Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.
