Shaping the Digital Future: Regulatory Updates from Singapore

In the last part of our 6-part series on Tech Governance in Southeast Asia for 2024, Keith Detros and Hamizah Myra from Tech For Good Institute dive into Singapore’s tech governance landscape for the first half of 2024.

Interested to read the full summary of our Tech Regulation insights across Southeast Asia? Subscribe to our mailing list here.

By Keith Detros, Programme Manager, Tech For Good Institute and Hamizah Myra, Programme Assistant, Tech For Good Institute

Singapore’s pragmatic and forward-looking approach to tech regulation has driven its digital economy to grow at an estimated annual rate of 12.9% since 2017—a growth rate that outpaces the broader economy and brings the digital economy’s contribution to over 17% of GDP in 2022. This rapid expansion aligns with increased technology adoption among its population as it rose from 74% in 2018 to 94% in 2022. During this period, the technology adoption intensity, which refers to the average number of digital technologies used per firm, also climbed from 1.7 to 2.1. Additionally, Singapore’s well-developed physical and digital infrastructure, skilled digital talent pool, and substantial Intellectual Property (IP) framework have created an ecosystem primed for sustained growth.

Nevertheless, this growth also brings new challenges such as the exponential rise in scam and fraud cases, cybercrime incidents, and misinformation threats. Between January to June 2024, the number of scam and cybercrime cases went up by 18% to 28,751, compared to 24,367 cases during the same time in 2023. The loss from the scams cases increased by 24.6% and amounted to at least $385.6 million. With 74.2% of scam victims in the first half of 2024 being youths, young adults and adults aged below 50, being digitally native does not necessarily reduce the risk of falling prey to the increasingly sophisticated cybercrimes.

With Singapore’s digital economy projected to reach USD 30 billion by 2025, fostering responsible innovation and mitigating risks has become paramount for sustaining this growth trajectory. Reflecting this commitment, Singapore’s regulatory bodies have evolved their governance structures and continued to adapt policies  throughout early to mid-2024 to address the needs of a dynamic digital society and respond to rapidly shifting digital economy trends.


The Evolving Regulator’s Landscape 

At the helm of these changes is the historic transition of leadership, with Lawrence Wong ascending as Singapore’s fourth Prime Minister in May 2024, following Lee Hsien Loong’s 19-year tenure. PM Wong’s vision for Singapore’s digital economy – anchored in interconnectedness, trust, and inclusivity – has been clear from his past statements. This includes his address at AsiaTech 2023 as Deputy Prime Minister where he addressed the need for a digital economy that benefits all segments of society. His commitment to this vision is reflected  in the February 2024 Budget, where he announced a $1 billion investment over the next five years to support the refreshed National AI Strategy (NAIS 2.0) that is set to position Singapore as a global leader in artificial intelligence (AI). At his swearing-in-ceremony, PM Wong reiterated the importance of keeping Singapore and its citizens at the forefront of tech advancement.

At the ministerial level, the rebranding of the Ministry of Communications and Information (MCI) to the Ministry of Digital Development and Information (MDDI) in July 2024 marks a key shift in Singapore’s tech regulatory landscape, following the merger with the Smart Nation and MCI’s Digital Government Group in October 2023. This rebranding reflects a growing emphasis on digital development across the whole-of-government and maintains the ministry’s role in overseeing information policy, media development, and public communications while leading digital initiatives across the economic, social, and government sectors. Complementing these changes is the appointment of Rahayu Mahzam as Minister of State for MDDI, while retaining her portfolio in the Ministry of Health. Her dual role, coupled with her background in health policy and legal matters, signals a digital governance approach that recognises the increasingly interconnected nature of digital transformation across sectors. This positioning could prove particularly significant as Singapore navigates the evolving landscape of digital healthcare and technology-enabled service delivery.


The Evolving Tech Policy Landscape

As emerging technologies reshape industries globally, Singapore has updated and introduced key policies to balance innovation with public safety. These measures focus on areas like artificial intelligence, cybersecurity, consumer protection, and data privacy, ensuring the country remains a competitive and secure tech hub while safeguarding its citizens and businesses.

Key policies and strategies have been revised to address evolving challenges and opportunities:

  • Cybersecurity (Amendment) Bill No. 15/2024: Passed in May 2024, the Cybersecurity (Amendment) Bill addresses rising cybersecurity challenges, particularly those linked to cloud computing and supply chain vulnerabilities. The amendments expand the scope of the Cybersecurity Act 2018 (CS Act), which originally focused on critical information infrastructure (CII), to include Systems of Temporary Cybersecurity Concern (STCC), Entities of Special Cybersecurity Interest (ESCI), and providers of Foundational Digital Infrastructure Services (FDIS). The Bill empowers the Cyber Security Agency of Singapore (CSA) to inspect CII, enforce mandatory incident reporting requirements for CII owners, request compliance documentation, and impose civil penalties for specific contraventions, with fines reaching up to 10% of annual turnover or SGD $500,000.
  • Computer Misuse (Amendment) Act 2023: Effective from 8 February 2024, the Computer Misuse (Amendment) Act expands the scope of the Computer Misuse Act 1993 to address scams, the movement of criminal proceeds, and the misuse of the national digital identity service, Singpass. The amendments empower the Singapore Police Force to deter money mules and protect citizens and businesses relying on Singpass. Users who knowingly disclose their Singpass credentials to facilitate an offence may face fines of up to $10,000, imprisonment for up to three years, or both. Obtaining or dealing in Singpass credentials unlawfully is also an offence, with penalties including fines up to $10,000 and imprisonment for up to three years for a first offence, and up to $20,000 or five years’ imprisonment for subsequent offences.
  • Personal Data Protection Act (PDPA) Advisory Guidelines: Updated by the Personal Data Protection Commission (PDPC) to address emerging challenges, these guidelines provide a framework for protecting personal data in the evolving digital environment. The Advisory Guidelines for Children’s Personal Data ensure responsible data processing, including consent, data protection, and compliance for organisations whose products or services are accessed by children (18 or under). The Advisory Guidelines on AI Recommendation and Decision Systems address the use of personal data in AI systems, ensuring PDPA compliance. These guidelines apply to organisations using personal data for AI development and emphasise data minimisation, pseudonymisation, and transparency. While non-binding, both sets of guidelines encourage organisations to implement robust legal, technical, and procedural controls.
  • National AI Strategy 2.0: Singapore’s National AI Strategy 2.0 (NAIS 2.0), launched in December 2023, aims to establish AI as essential for national growth and global competitiveness. With a vision of “AI for the Public Good,” the strategy focuses on Excellence in addressing global challenges like health and climate change, and Empowerment to equip individuals and businesses with AI skills. NAIS 2.0 is structured around ten enablers and three systems to drive innovation, exemplified by initiatives like Project Pensieve for dementia detection and SELENA+ for eye condition analysis, shaping Singapore’s AI future
  • Payment Services (Amendment) Regulations 2024: Effective from 4 April 2024, these regulations broaden the scope of Payment Services Act 2019 as regulated by the Monetary Authority of Singapore (MAS). These amendments enhance user protection for digital payment token (DPT) services, focusing on safeguarding customer assets, transparency, and risk management. They cover custodial services, DPT transactions, and cross-border money transfers. Payment institutions offering these services will now fall under MAS regulation. Transitional provisions are in place for entities currently operating under the new scope, requiring notifications and licence applications within six months.
  • Payment Services (Amendment) Act 2021 (Saving and Transitional Provisions) Regulations 2024: Also effective from 4 April 2024, these regulations focus on the transition of previously unregulated payment services, such as domestic and cross-border money transfers, and digital payment tokens, into a structured regulatory framework. The regulations mandate that entities which were exempt from licensing previously must notify the MAS, submit licence applications, and provide attestation reports to confirm their compliance with Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) requirements. These steps ensure that the sector adheres to international financial standards and safeguards.

Additionally, several new initiatives have been introduced to tackle the challenges posed by rapidly advancing technologies.

  • Online Criminal Harms Act (OCHA) 2023: OCHA, which came into full effect on 24 June 2024, regulates online communication and e-commerce platforms to protect Singaporean users from criminal activities. The Competent Authority, within the Singapore Police Force, is authorised to issue Codes of Practice (COPs) and Implementation Directives. These compel online service providers and platforms to implement systems that proactively detect and disrupt scams, limit exposure to criminal content, and enforce tailored anti-scam measures. This regulatory framework addresses scams and malicious cyber activities impacting users in Singapore.
  • Digital Enterprise Blueprint (DEB): Launched on 29 May 2024, the DEB aims to support over 50,000 SMEs in Singapore over the next five years. It focuses on four key areas: empowering SMEs to adopt AI technologies, accelerating the use of cloud and integrated solutions for scalability, improving cyber resilience, and promoting workforce upskilling. The DEB fosters innovation and productivity while addressing the evolving tech landscape and increasing cyber threats. Through partnerships with tech giants like Amazon Web Services, Microsoft, and Google, the government aims to build a robust digital economy, helping SMEs thrive in an AI-driven world.
  • Shared Responsibility Framework (SRF): Implemented in the first half of 2024, the SRF encourages collaboration between businesses and consumers to combat digital scams. It mandates banks and telecom companies to adopt anti-scam measures and supports public education on safe online practices. By emphasising shared accountability, the SRF aims to reduce fraud and create a safer digital environment. It empowers consumers to take control of their online security by adopting tools such as the ScamShield app, while businesses are required to enhance their fraud detection and prevention systems. This joint effort strengthens the overall fight against scams in the digital space.
  • Digital Infrastructure Act (DIA): The DIA is currently under review by Singapore’s inter-agency Taskforce on the Resilience and Security of Digital Infrastructure and Services. The DIA aims to enhance the security and resilience of essential digital infrastructure across sectors such as banking, ride-hailing, and digital identities, with a focus on entities whose disruption could have significant societal and economic impacts. Complementing the Cybersecurity Act, the DIA expands the regulatory scope beyond cybersecurity to address a range of resilience risks within the digital ecosystem. The Taskforce aims to create a regulatory framework that balances risk mitigation with compliance costs, while supporting industry standards through both regulatory and non-regulatory guidance.
 

Moving forward    

Overall, Singapore has expanded its regulatory perimeter to address emerging gaps in its digital economy, responding to technological trends that had previously existed in regulatory grey areas.

This shift is evident in key amendments made to the Payment Services Act and OCHA. These reforms bring important sectors e-commerce platforms and digital payment tokens under regulatory scrutiny, addressing gaps in oversight despite their substantial economic impact. By expanding regulatory coverage, the measures aim to enhance accountability and protect consumers and the broader economy in these fast-evolving industries. The recent amendment to the Computer Misuse Act 2023 is also particularly telling of the growing centrality of national digital identity infrastructure like Singpass in daily transactions and its increasing vulnerability to sophisticated scams.

Moreover, the regulatory environment now emphasises stronger accountability and compliance measures across sectors. The Cybersecurity (Amendment) Bill, OCHA, and Payment Services Act collectively establish a more rigorous compliance ecosystem via stricter compliance requirements, enhanced penalties, and expanded reporting obligations. Perhaps most intriguingly, the Shared Responsibility Framework places some responsibility in the hands of businesses, with specific duties for financial institutions and telecommunication companies to combat phishing scams effectively. While these frameworks inevitably increase operational complexity, particularly in finance, digital payments, and cloud services, they catalyse the development of more proactive risk governance.

A particularly noteworthy development is the broadening conception of cybersecurity beyond conventional digital threats. Contemporary legislation reflects a more nuanced understanding of infrastructure resilience. The Cybersecurity (Amendment) Bill and forthcoming Digital Infrastructure Act (DIA) exemplify this evolution, addressing not just cyber threats but also systemic vulnerabilities including infrastructure misconfigurations and physical security dimensions.

The evolving regulatory landscape  demonstrates Singapore’s sophisticated grasp of digital governance complexities. These regulations serve multiple, interlinked objectives: they address market inefficiencies while preserving innovation incentives, manage emerging risks while encouraging technological experimentation, and protect public interests while maintaining market dynamism. This multifaceted approach reflects a nuanced regulatory philosophy that views oversight and innovation as complementary forces in building a resilient digital economy.

In establishing itself as a regulatory pioneer within ASEAN, Singapore exemplifies how effective digital governance requires more than mere regulatory updates. While regional neighbours are modernising their frameworks, Singapore’s approach suggests that successful digital transformation demands a carefully orchestrated balance between oversight and market freedom. Through initiatives like the ASEAN Digital Economy Framework Agreement (DEFA), Singapore’s regulatory innovations could help establish harmonised standards that reflect this balanced approach across Southeast Asia.

Download Report

Download Report

Latest Updates

Latest Updates​

Tag(s):

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Founding Executive Director

Dr Ming Tan is founding Executive Director for the Tech for Good Institute, a non-profit founded to catalyse research and collaboration on social, economic and policy trends accelerated by the digital economy in Southeast Asia. She is concurrently a Senior Fellow at the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide.  Her research interests lie at the intersection of technology, business and society, including sustainability and innovation.

 

Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore, which supports Singapore’s future growth as a global innovation hub for intellectual property creation, commercialisation and management. Prior to joining the public sector, she was Head of Stewardship of the COMO Group and the founding Executive Director of COMO Foundation, a grantmaker focused on gender equity that has served over 47 million women and girls since 2003.

 

As a company director, she lends brand and strategic guidance to several companies within the COMO Group. Ming also serves as a Council Member of the Council for Board Diversity, on the boards of COMO Foundation and Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

In the non-profit, educational and government spheres, Ming is a director of COMO Foundation and Singapore Network Information Centre (SGNIC) and chairs the Asia Advisory board for Swiss hospitality business and management school EHL. She also serves on  the Council for Board Diversity and the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

Ming was educated in Singapore, the United States, and England. She obtained her bachelor’s and master’s degrees from Stanford University and her doctorate from Oxford.