SINGAPORE Law and Practice Contributed by: Lim Chong Kin, David N Alfred, Albert Pichlmaier and Goh Boon Yeow, Drew & Napier LLC
complexity of their respective sectors to advise and assist the Commissioner on the co-ordina - tion of cybersecurity efforts. Under the Cybersecurity Act, the Commission - er’s functions and duties include, but are not limited to: • advising the Singapore government or any other public authority on cybersecurity mat - ters; • monitoring and responding to cybersecurity threats, whether such cybersecurity threats occur in or outside Singapore; • identifying and designating computer sys - tems as CII in essential sectors, and regulat - ing owners of CII; • establishing cybersecurity codes of practice and standards of performance for implemen - tation by owners of CII; • developing and promoting the cybersecurity services industry in Singapore; and • licensing and establishing standards in rela - tion to CSPs. In general, the Cybersecurity Act (as it currently stands) applies to any computer or computer system located wholly or partly in Singapore which may be designated as CII. When the upcoming amendments to the Cybersecurity Act take effect, such CII can also involve any computer or computer system, whether they be physical or virtual. The Commissioner may confer such a designation when they are sat - isfied that the computer or computer systems are necessary for the continuous delivery of an essential service, and the loss or compromise of such systems will have a debilitating effect on the availability of the essential service in Sin - gapore.
The Cybersecurity Services Regulation Office was set up within the CSA in 2022 to adminis - ter the licensing framework of CSPs under the Cybersecurity Act, responding to the industry’s queries and feedback, and sharing of resources on licensable cybersecurity services. Currently, the Singapore government has gazet - ted a list of 11 sectors in which there may be essential services (ie, services which are essen - tial to national security, defence, foreign rela - tions, the economy, public health, public safety or the public order of Singapore). The 11 sec - tors include: energy; info-communications; media; water; healthcare; banking and finance; security and emergency services; aviation; land transport; maritime; and services relating to the functioning of the government. The Commissioner has broad powers to inves - tigate and prevent cybersecurity threats or inci - dents, including making requests for information to be provided or, in serious cases, direct reme - dial measures to be taken by any person (includ - ing those who are not owners of CII). Personal Data Protection Commission The Personal Data Protection Commission (PDPC) is Singapore’s data protection author - ity. The PDPC, which is under the purview of the MDDI, was established in January 2013 and tasked with enforcing and administering the PDPA. With effect from 1 October 2016, the PDPC was merged into the then newly formed IMDA and IMDA was designated as the PDPC. The PDPC is led by the Commissioner for Per - sonal Data Protection. The PDPA broadly applies to private sector organisations, whether or not formed or recog - nised under the laws of Singapore or resident or having an office or a place of business in Singa -
229 CHAMBERS.COM
Powered by FlippingBook