Providers of managed security operations centre monitoring services and penetration testing services, collectively referred to as licensable cybersecurity services (LCS), should note that Part 5 of (and the Second Schedule to) the Cybersecurity Act 2018 will enter into force on 11 April 2022, implemented by the Cybersecurity (Cybersecurity Service Providers) Regulations 2022. To assist LCS providers in applying for the required licenses, the Cybersecurity Services Regulation Office has published an online collection of resources including application guides and a licensee information package.

The Infocomm Media Development Authority and the Economic Development Board will pilot a Call for Application to construct three new data centres, after lifting a moratorium on new data centre projects in place since 2019. In line with Singapore’s climate change commitments, permits will only be granted for proposed data centres that meet a stringent set of energy efficiency criteria.

The Ministry of Communications and Information announced plans to build a digitally secure, economically vibrant, and socially stable Singapore during the Committee of Supply 2022 debate on 4 March 2022.
The new initiatives will enhance the cyber resilience of Critical Information Infrastructure (CII) sectors and better secure Singapore’s cyberspace. Of particular note, the Cyber Security Agency of Singapore (CSA) will update and expand the Cybersecurity Act to also cover virtual assets (such as cloud-hosted systems), foundational digital infrastructure and key digital services.

Following the Government’s announcement on the increase in the Goods and Services Tax (GST) rate starting 1 January 2023, the Committee Against Profiteering (CAP) has been reconvened. The CAP will guard against companies unjustifiably raising prices on the pretext of the increased GST rate and address concerns from consumers regarding such unjustified price increases under the guise of the GST hike.

On 23 February 2022, the Singapore Food Authority (SFA) published a media release in relation to a recall of Delissimo Saveur Creme Brulee ice cream products from France, following a notification by the European Commission Rapid Alert System for Food and Feed that the products contain a pesticide, ethylene oxide.

On 4 February 2022, the Dubai International Financial Centre Office of the Commissioner of Data Protection announced that the commissioner issued an adequacy decision recognising, among others, Singapore’s Personal Data Protection Act for safe data transfers from the DIFC. This is a welcome development as it facilitates cross-border personal data transfers from the DIFC to Singapore, which can in turn strengthen business ties between the two territories.

A company was charged with manufacturing more than 430,000 three-ply surgical masks between October 2020 and April 2021 without a valid manufacturer’s licence. The company, which indicated on its website that it locally manufactures “medical grade surgical masks”, is set to plead guilty to the charges.

The Singapore Association of Pharmaceutical Industries Code of Conduct was amended to provide clearer guidelines on the offering of educational materials and items of medical utility to Healthcare Professionals, and the initiation of donations to charitable organisations or institutions.

On 10 January 2022, the Singapore Ministry of Communications and Information responded to a parliamentary question on measures that ensure companies in Singapore engage third- and fourth-party IT vendors that are licensed and certified by the MCI. The Singapore government has put in place trustmark certifications to help companies better identify IT vendors with strong data and cyber security practices to minimise the risk of data breaches and leaks. Further cybersecurity trustmarks are under development by the Cyber Security Agency of Singapore.

On 10 January 2022, the Singapore Ministry of Communications and Information responded to a parliamentary question relating to the number of cases of unauthorised sales of consumers’ personal data that have been investigated over the last five years, and how many of those cases were successfully prosecuted by the Personal Data Protection Commission.