SINGAPORE Law and Practice Contributed by: Lim Chong Kin, David N Alfred, Albert Pichlmaier and Goh Boon Yeow, Drew & Napier LLC
comply with, please refer to 1.2 Cybersecurity Laws , 1.3 Cybersecurity Regulators and 2.2 Critical Infrastructure Cybersecurity Require- ments . While there are no express cybersecurity obliga - tions relating to AI in Singapore at the time of writing, a number of voluntary frameworks and guidelines have been published relating to the development and use of AI. The second edition of the Model AI Framework was published by the PDPC on 21 January 2020. The framework sets out the common definitions and principles relating to the responsible use of AI generally, making practical recommendations that organisations can readily adopt to deploy AI responsibly. On 30 May 2024, the Model AI Governance Framework for Generative AI, which sets out a systematic and balanced approach to address generative AI concerns while facilitating inno - vation, was published by IMDA and AI Verify Foundation. In particular, the framework recom - mends that generative AI developers adapt the “security-by-design” concept, which involves designing security into every phase of the sys - tems development life cycle of an AI, to fit the specific characteristics of generative AI. New security safeguards which the framework rec - ommends be developed include input filters, which are moderation tools designed to detect unsafe prompts, and digital forensics tools, which can be used to investigate digital data to reconstruct cybersecurity incidents stemming from a generative AI model. The framework also makes recommendations with regard to incident reporting. As part of an overall proactive security approach, AI soft - ware product owners should adopt vulnerability
reporting before incidents happen. After inci - dents happen, organisations need internal pro - cesses to report the incident for timely notifica - tion and remediation. Depending on the impact of the incident and how extensively AI was involved, organisations should consider notify - ing both the public as well as the government. On 15 October 2024, the CSA published the Guidelines and Companion Guide on Securing AI Systems. The Guidelines address potential security risks through the AI lifecycle, and help to protect AI systems against traditional cyber - security risks such as supply chain attacks, and novel risks such as adversarial machine learn - ing. On the other hand, the companion guide offers practical security control measures that system owners may consider in implementing these guidelines. Key recommendations include taking a lifecycle approach to consider security risks and beginning with a risk assessment. Lastly, the Engaging with Artificial Intelligence guide, which was published on 25 January 2024 by the Australian Signals Directorate’s Australian Cyber Security Centre in conjunction with the CSA and 13 other international agencies, also provides organisations with guidance on how to use AI systems securely. The guide summarises some important threats related to AI systems and prompts organisations to consider steps they can take to engage with AI while manag - ing risk. The document provides cybersecurity mitigations to assist organisations that use self- hosted and/or third-party hosted AI systems. 6.3 Cybersecurity in the Healthcare Sector While there are no specific cybersecurity obli - gations pertaining to the healthcare sector, the healthcare sector has been gazetted as one of 11 sectors providing essential services. As such,
242 CHAMBERS.COM
Powered by FlippingBook