Search for:
Cybersecurity, Data and Tech

Singapore: New Online Safety Code of Practice for App Distribution Services launched by IMDA

By , , , and 6 Mins Read

In brief

The Infocomm Media Development Authority (IMDA) has launched a Code of Practice for Online Safety for App Distribution Services (ADSs) (“Code“), which requires designated ADSs to implement system-level measures to reduce the risk of exposure to harmful content for users, particularly for children.

The Code will take effect starting 31 March 2025.

In more detail

Designated ADSs

Recognising that ADSs are marketplaces for online content, the IMDA has included ADSs as another type of online communication services under the Broadcasting Act for regulation, which will allow the IMDA to direct ADSs to disable access by Singapore users to egregious content on their services.

ADSs that are designated under the Broadcasting Act will have to meet enhanced standards of online user safety, particularly for children, and curb the spread of harmful content on their services. This includes the distribution or online storage of harmful content on apps made available on their services. The list of designated ADSs can be found here (“Designated ADSs“).

Obligations under the Code

The Code complements the Code of Practice for Online Safety, which took effect on 18 July 2023 and is targeted at designated social media services.

The Code specifies six categories of harmful content, which are identical to the categories of harmful content listed in the Code of Practice for Online Safety: sexual content; violent content; suicide and self-harm content; cyberbullying content; content endangering public health; and content facilitating vice and organised crime.

The obligations of Designated ADSs under the Code include but are not limited to the following:

  1. User safety
    1. Measures for all users: Putting reasonable and proactive measures in place to do the following: (i) minimise ADS users’ access or exposure to harmful content on the ADS (e.g., content guidelines, standards; content moderation; proactive detection and removal); and (ii) mitigate the impact on ADS users that may arise from the propagation of harmful content on the ADS.
    2. Measures for children: The Code specifies that ADSs should also put a set of measures in place that are appropriate for children. Stricter standards must, at least, apply to certain categories of harmful content (e.g., sexual content; violent content; suicide and self-harm content; cyberbullying content). Children should also not be targeted to receive content on the ADS that the ADS provider is reasonably aware to be detrimental to children’s physical or mental well-being. Where ADSs do not restrict access by children, children must also be provided with differentiated accounts, with robust tools to minimise access or exposure to or mitigate the impact of harmful content.
    3. Age assurance measures: ADSs must also have age assurance systems and processes in place to establish the age or age range of a user with reasonable accuracy. We elaborate further below.
    4. Measures for apps with user-generated content (UGC) functionality: Unless an ADS explicitly disallows the distribution or storage of apps with UGC functionality, the ADS must ensure that the providers of those apps have content moderation measures to detect, assess and remove harmful content, as well as an in-app channel for users to report harmful and inappropriate content. ADSs must also take appropriate action against app providers that fail to resolve user reports in accordance with the ADS’ policies.
  2. User reporting and resolution
    1. Users must be able to report harmful and inappropriate content on ADSs. Reporting and resolution mechanisms must be effective, transparent, easy to access and easy to use.
    2. Reports must be assessed and acted upon in a timely and diligent manner proportionate to the severity or imminence of the potential harm, especially for content and activity relating to child sexual exploitation and abuse material and terrorism.
  3. Accountability
    1. ADS users must have access to clear and easily comprehensible information that enables them to assess the level of safety measures afforded by ADS providers and make informed choices.
    2. ADS providers must submit to the IMDA annual online safety reports to be published on the IMDA’s website, which must include certain types of information as specified in the Code (e.g., actions taken by the ADS provider in response to reports made by ADS users in Singapore).

Age assurance measures

In particular, the Code introduces age assurance requirements for Designated ADSs, which refer to systems or processes to establish a person’s age or age range, including age estimation and age verification. This is in line with the approach adopted by various governments and regulators worldwide, to ensure that online services are age-appropriate and tailored to children.

The IMDA has indicated that it intends to engage Designated ADSs in the coming months on the implementation of age assurance measures.

Designated ADSs will also be required to submit an implementation plan to the IMDA detailing how it intends to comply with the age assurance requirements (including timelines for implementation). For a start, the IMDA has stated that Designated ADSs are expected to prevent children from accessing its highest age-rated apps (e.g., 18+).

The implementation plan and timeline are subject to the IMDA’s agreement.

Non-compliance with the Code

If the IMDA is satisfied that a Designated ADS has failed to satisfy its duty to take all reasonably practicable steps to comply with the Code, the IMDA may do the following: (a) order the defaulting Designated ADS to pay a financial penalty of any amount the IMDA thinks fit (up to a maximum of SGD 1 million); or (b) direct the defaulting Designated ADS to take any steps, whether in or outside Singapore, and within a specified time, that may be necessary to remedy the failure. A defaulting Designated ADS that does not comply with a direction shall be guilty of an offence and liable on conviction to a fine of up to SGD 1 million, and in the case of a continuing offence, to a further fine of up to SGD 100,000 for every day (or part of) that the offence continues after conviction.

* * * * *

For further information and to discuss what this Code might mean for you, please get in touch with your usual Baker McKenzie contact.

* * * * *

LOGO_Wong&Leow_Singapore

© 2025 Baker & McKenzie. Wong & Leow. All rights reserved. Baker & McKenzie. Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “principal” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Categories:
Tags:
Author

Andy Leck is the head of the Intellectual Property and Technology (IPTech) Practice Group and a member of the Dispute Resolution Practice Group in Singapore. He is a core member of Baker McKenzie's regional IP practice and also leads the Myanmar IP Practice Group. Andy is recognised by reputable global industry and legal publications as a leader in his field. He was named on "The A-List: Singapore's Top 100 lawyers" by Asia Business Law Journal 2018. In addition, Chambers Asia Pacific notes that Andy is "a well-known IP practitioner who is highlighted for his record of handling major trade mark litigation, as well as commercial exploitation of IP rights in the media and technology sectors. He's been in the industry for a long time and has always been held in high regard. He is known to be very fair and is someone you would like to be in the trenches with you during negotiations." Furthermore, Asian Legal Business acknowledges Andy as a leading practitioner in his field and notes that he “always gives good, quick advice, [is] client-focused and has strong technical knowledge for his areas of practice.” Andy was appointed by the Intellectual Property Office of Singapore (IPOS) as an IP Adjudicator to hear disputes at IPOS for a two-year term from April 2021. He has been an appointed member of the Singapore Copyright Tribunal since May 2010 and a mediator with the WIPO Arbitration and Mediation Center. He is also appointed as a Notary Public & Commissioner for Oaths in Singapore. He previously served on the International Trademark Association’s Board of Directors and was a member of the executive committee.

Author

Ren Jun Lim is a principal with Baker McKenzie Wong & Leow. He represents local and international clients in both contentious and non-contentious intellectual property matters. He also advises on a full range of healthcare, as well as consumer goods-related legal and regulatory issues. Ren Jun co-leads Baker McKenzie Wong & Leow's Healthcare as well as Consumer Goods & Retail industry groups. He sits on the Law Society of Singapore IP Committee and on the Executive Committee of the Association of Information Security Professionals. He is also a member of the Vaccines Working Group, Singapore Association of Pharmaceutical Industries, a member of the International Trademark Association, as well as a member of the Regulatory Affairs Professionals Association. Ren Jun is ranked in the Silver tier for Individuals: Enforcement and Litigation and Individuals: Prosecution and Strategy, and a recommended lawyer for Individuals: Transactions by WTR 1000, 2020. He is also listed in Asia IP's Best 50 IP Expert, 2020, recognised as a Rising Star by Managing IP: IP Stars, 2019 and one of Singapore's 70 most influential lawyers aged 40 and under by Singapore Business Review, 2016. Ren Jun was acknowledged by WTR 1000 as a "trademark connoisseur who boasts supplementary knowledge of regulatory issues in the consumer products industry." He was also commended by clients for being "very responsive to enquiries and with a keen eye for detail, he is extremely hands-on. His meticulous and in-depth approach to strategising is key to the excellent outcomes we enjoy."

Author

Ken Chia is a member of the Firm’s IP Tech, International Commercial & Trade and Competition Practice Groups. He is regularly ranked as a leading TMT and competition lawyer by top legal directories, including Chambers Asia Pacific and Legal 500 Asia Pacific. Ken is an IAPP Certified International Privacy Professional (FIP, CIPP(A), CIPT, CIPM) and a fellow of the Chartered Institute of Arbitrators and the Singapore Institute of Arbitrators.

Author

Sanil is a local principal in the Intellectual Property & Technology Practice Group in Baker McKenzie Wong & Leow. Sanil is qualified in both Singapore and Australia, and is a Certified Information Privacy Professional (CIPP/A) by the International Association of Privacy Professionals. Sanil is recognized as a Rising Star by both Legal 500 Asia Pacific in the Intellectual Property: Local Firms category as well as by IP Stars for his advisory work in the IP space. Sanil is also recommended by World Trademark Review 1000 for IP enforcement, litigation, prosecution and strategy.

Author

Daryl Seetoh is a local principal in the Intellectual Property & Technology (IPTech) practice group at Baker McKenzie Wong & Leow. He is a qualified lawyer in Singapore, and is a member of the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional for Asia (CIPP/Asia), an IAPP Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional for Europe (CIPP/E). Daryl has previously worked at Baker McKenzie’s San Francisco office and has also been seconded to financial institution and technology multinational clients.

Related Posts