Technology M&A 2025

SINGAPORE Law and Practice Contributed by: Terence Quek, Benjamin Cheong, Hoon Chi Tern and Favian Tan, Rajah & Tann Singapore

Disclosure Restrictions Furthermore, any disclosure of information during the due diligence process by the target company would be subject to the disclosure restrictions set out in the Listing Manual of the Singapore Exchange Securities Trading Limited (SGX-ST) (the “Listing Manual”) and a target company’s continuing disclosure requirements. The target company would also have to ensure that this did not raise insider dealing concerns under the Securities and Futures Act. However, price-sensitive information (including forward- looking statements or projections) will not typi- cally be produced as part of the due diligence exercise – unless the target company is willing to disclose such information publicly prior to the completion of the transaction in question. Sharing of Information If there is a competing bid, the Takeover Code requires that any information given to one bid- der must be provided equally and promptly to any other bona fide bidder, if the other bidder requests such information. 9.2 Data Privacy The data protection laws of Singapore (com- prising the Personal Data Protection Act 2012 (PDPA) and other industry-specific regulatory frameworks such as the Banking Act 1970 of Singapore and the Insurance Act 1966 of Sin- gapore) generally prohibit the disclosure of per- sonal data without consent. However, the PDPA contains an exception that allows for disclosure of personal data solely for purposes related to a business asset transaction. This so-called “busi- ness asset transaction” exception is defined widely to include both share and business/ asset acquisitions and mergers and amalgama- tions; nonetheless, it is subject to limitations and imposes certain obligations on both the potential buyer and seller.

It is worth noting that the maximum financial pen- alties for data breaches by organisations have been increased with effect from 1 October 2022. An organisation whose annual turnover in Singa- pore exceeds SGD10 million now faces fines of up to 10% of its annual turnover in Singapore – or, in any other case, up to SGD1 million. Given that organisations could face such substantial penalties, it is crucial that they ensure compli- ance with data protection laws when conducting due diligence. On 18 July 2022, the Personal Data Protection Commission launched the Guide on Personal Data Protection Considerations for Blockchain Design to help organisations with blockchain adoption, setting out principles and considera- tions on complying with the PDPA when deploy- ing blockchain applications that process per- sonal data. In October 2022, the Singapore Exchange Regu- lation (SGX RegCo) published the Cyber Incident Response Guide to provide guidance on the best practices, which are pertinent to helping issu- ers listed on the Singapore Exchange Securities Trading Limited as well as the SGX members strengthen their cyber-risk management strate- gies and practices. The Guide aims to set out considerations and good practices for compa- nies to refer to in preparing and operationalising their own cyber incident response plans, and to adapt these considerations and good practices as necessary to meet their own requirements. In March 2024, the Personal Data Protection Commission published the Advisory Guidelines on Use of Personal Data in AI Recommendation and Decisions Systems, the purpose of which is to clarify how the PDPA applies to the col- lection and use of personal data by organisa- tions to develop and deploy systems that embed

313 CHAMBERS.COM

Powered by