← Back to all briefings
Policy 5 min read Published Updated Credibility 92/100

Policy Briefing — Singapore readies Cybersecurity Act amendments for expanded sector oversight

Singapore’s Cyber Security Agency is finalising amendments to the Cybersecurity Act to cover more critical information infrastructure, introduce new licensing classes, and mandate reporting from key digital service providers.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: The Cyber Security Agency of Singapore (CSA) closed consultation in May 2024 on amendments to the Cybersecurity Act 2018. Draft legislation expected to reach Parliament in late 2024 would broaden critical information infrastructure (CII) designations, add a new class licensing regime, and extend reporting obligations to providers of essential digital services.

Proposed reforms

  • Expanded CII coverage. CSA plans to designate cloud infrastructure, data centres, and key digital utilities as CII, requiring risk assessments, incident reporting, and audit submissions.
  • Class licensing. A new licensing class for critical information infrastructure service providers would set baseline security controls, personnel vetting, and audit frequencies.
  • Digital service duties. Providers of managed security, SOC monitoring, and other essential digital services must notify CSA of significant cyber incidents and maintain service continuity plans.

Program actions

  • Scope assessment. Identify Singapore operations that could fall under expanded CII definitions and align asset inventories with CSA templates.
  • Licensing readiness. Prepare compliance documentation—incident runbooks, personnel vetting records, and third-party contracts—to meet new class licensing criteria.
  • Incident reporting drills. Test the ability to deliver preliminary incident reports within the proposed 2-hour notification window and follow-on updates within 24 hours.

Sources

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Singapore Cybersecurity Act
  • Critical information infrastructure
  • Licensing requirements
  • Incident reporting
Back to curated briefings