Singapore: Amendments to the Computer Misuse Act 1993

Latest developments

On 9 May 2023, the Singapore Parliament passed the Computer Misuse (Amendment) Act 2023, which is intended to prevent abuse of the Singpass national digital identity by establishing new offences relating to Singpass credentials.

The new law will take effect on a date to be notified subsequently.

Summary

Singpass is the national digital identity service operated by the Singapore government, and used by Singapore residents to access and transact with all government services online.
Businesses can also integrate their online services with Singpass through the use of APIs, to improve their customers’ user experience and offer greater functionalities. For example, businesses can enable their customers to use Singpass as a means of logging in, verifying their details, signing documents and filling in forms automatically by pulling relevant data from government databases, which can streamline and speed up customer onboarding and KYC processes.

The new law is intended to address the concerns about the abuse of Singpass credentials, particularly against the backdrop of an emerging trend where Singpass users give away their Singpass credentials (usually for money), which are then used by criminals to perform online transactions such as registering companies, opening bank accounts and signing up for new phones lines to perpetrate unlawful activities such as scams.

It amends the Computer Misuse Act 1993 to establish two new offences:

• Disclosing a user’s own Singpass credentials to facilitate an offence: it will be an offence for a Singpass user to disclose his/her Singpass access code or password, or provide any other means of access to his/her Singpass account, if the user knows or has reasonable grounds to believe that the purpose of the disclosure is to commit or facilitate the commission of an offence.
  
  This offence is aimed at Singpass users who sell or provide their credentials to criminal syndicates to facilitate criminal conduct; and

• Obtaining or dealing in Singpass credentials to facilitate criminal activities: it will be an offence for any person to obtain, retain, supply, offer to supply, transmit or make available another person’s Singpass credentials to commit or facilitate the commission of any offence.
  
  This offence is aimed at criminals who purchase Singpass credentials and syndicates who engage in trading of Singpass credentials.

How could it be relevant for you?

Notwithstanding the new law which is intended to prevent the abuse of Singpass accounts, businesses whose online services are integrated with Singpass may wish to consider taking steps to protect their services from misuse.

Next steps

The amendments to the Computer Misuse Act 1993 have yet to come into effect at this time, and are expected to be brought into force in due course.

*Information is accurate up to 27 November 2023