Laws & RegulationsSingapore Cybersecurity Act
In Forcecross-sectorAct 9 of 2018; Act 6 of 2024
Cybersecurity Act 2018 (as amended by Cybersecurity (Amendment) Act 2024)
Also known as: Singapore Cybersecurity Act
Singapore's Cybersecurity Act establishes the legal framework for protecting critical information infrastructure and regulating cybersecurity service providers. The 2024 amendments expanded the Act to cover systems of temporary cybersecurity concern, major cybersecurity incidents, and providers of foundational digital infrastructure services.
Jurisdiction
Singapore
Regulator
Cyber Security Agency of Singapore
Effective
8/31/2018
Sector
cross-sector
Full Text / Summary
The Act has three main components: (1) CII Protection — designation of CII, obligations on CII owners (codes of practice, audits, incident reporting, exercises); (2) Cybersecurity Service Provider Licensing — licensing regime for penetration testing and managed security operations center services; (3) 2024 Amendments — new provisions for systems of temporary cybersecurity concern (STCC), major cybersecurity incidents, and providers of foundational digital infrastructure (FDI). The 2024 amendments came into force in October 2025 and introduced a more flexible regulatory framework that can be applied to emerging cybersecurity risks.