Singapore Plans to Introduce New Digital Infrastructure Act

Written By

jeremy tan Module
Jeremy Tan

Partner
Singapore

I am dedicated to helping clients thrive in the digital era and I strive to deliver innovative legal solutions that align with my client's business objectives. I am the managing partner of our Singapore office and co-head Bird & Bird's International Privacy and Data Protection Group.

jiayi chan Module
Jia Yi Chan

Associate
Singapore

I am a technology, media and telecommunications lawyer based in Singapore. I advise a broad range of clients on legal, regulatory, and commercial issues across Asia-Pacific.

Key Takeaways

  • An inter-agency Taskforce on the Resilience and Security of Digital Infrastructure and Services (“Taskforce”), led by the Ministry of Communications and Information, has announced its plans to introduce a new Digital Infrastructure Act (“DIA”) to bolster the resilience and security of key digital infrastructure and services in Singapore.
  • The DIA will complement various other regulatory measures, including the upcoming amendments to the Cybersecurity Act 2018.
  • The DIA is being drafted at present and it is likely to have an impact on digital infrastructure and service providers (e.g. telecommunication service providers, cloud service providers and data centre operators).

Background

Singapore’s highly digitalised economy and society places heavy reliance on digital infrastructure and services. A recent spate of cyber outages and incidents in the banking and healthcare sectors[1][2] has caused disruptions in the delivery of digital services and negatively affected public confidence. The Taskforce was therefore formed on 4 January 2024 with the aim of maintaining public faith and assurance in digital infrastructure and services in Singapore, by proposing measures and guidelines to mitigate cybersecurity risks and enhance resiliency standards.

One new measure, which was announced on 1 March 2024, is the new DIA, which addresses a broad range of resilience risks faced by digital infrastructure and service providers. By holding these providers accountable and requiring them to comply with safety standards, the DIA aims to mitigate the risks of such service disruptions that could have profound economic and societal impacts.

What does the Act say?

The DIA is currently still being drafted. The Taskforce plans to draft the DIA with a broader scope than existing regulatory levers such as the Cybersecurity Act 2018 in order to tackle a wider range of risks encountered by digital infrastructure and service providers,[3] such as misconfigurations in cloud architecture and outages caused by fires, water leaks, and cooling system failures.

In drafting the DIA, the Taskforce will consider Singapore’s operating context and also draw inspiration from international developments. For instance, the European Union, Germany and Australia require regulated entities to report significant outages and cyber incidents to the authorities and also adhere to baseline resilience and security standards.[4] It appears likely that the DIA will follow this trend and include similar obligations.

Digital infrastructure and service providers, such as telecommunication service providers, cloud service providers and data centre operators, will be affected by the DIA if it is introduced.[5]

What’s Next?

The Taskforce will continue to seek input from industry players and other stakeholders while scoping and developing its proposals for the DIA.[6] Concurrently, the Taskforce is also exploring non-regulatory measures to supplement Singapore’s legal framework, such as offering guidance to digital infrastructure and service providers on the best practices for enhancing resilience and security in order to ensure business continuity.[7]

For more information on the new DIA, please refer to the full press release here.

If you have any questions or would like to discuss any issues, please do not hesitate to contact us.

This article is produced by our Singapore office, Bird & Bird ATMD LLP. It does not constitute legal advice and is intended to provide general information only. Information in this article is accurate as of 6 March 2024.

SIGN UP FOR OUR CONNECTED NEWSLETTER FOR A MONTHLY ROUND-UP FROM OUR REGULATORY & PUBLIC AFFAIRS TEAM.

[6] COS 2024: Speech by Minister Josephine Teo (smartnation.gov.sg)

[7] New Digital Infrastructure Act to enhance resilience & security of digital infrastructure & services (mci.gov.sg)

Latest insights

More Insights
featured image

Saudi Arabia: Qualified obligation on data controllers to register with Data Protection Authority

3 minutes Dec 03 2024

Read More
collection of files with coloured bulldog clips

Key digital takeaways from the hearings of incoming Commissioners

Dec 03 2024

Read More
Curiosity line teal background

ENISA Implementing Guidance on NIS2 security measures - draft for consultation

Dec 03 2024

Read More