In a recent article, The Cybersecurity of Gen-AI and LLMs: Current Issues and Concerns, the Cyber Security Agency of Singapore provides helpful commentary on the security and privacy challenges associated with generative artificial intelligence and large language models. The article outlines issues such as accidental data leaks, vulnerabilities in AI-generated code and potential misuse of AI by malicious actors, before providing recommendations on the steps that technology companies can take to address these concerns.

The Cyber Security Agency (CSA) has just released Guidelines on Securing AI Systems (“Guidelines”) and a Companion Guide on Securing AI Systems (“Companion Guide”).
The Guidelines advocate for a “secure by design” and “secure by default” approach, addressing both existing cybersecurity threats and emerging risks, such as adversarial machine learning. The aim is to provide system owners with principles for raising awareness and implementing security controls throughout the AI lifecycle.
The Companion Guide is an open-collaboration resource, and while not mandatory, it offers guidance on useful measures and controls informed by industry best practices, academic insights and resources such as the MITRE ATLAS database and OWASP Top 10 for Machine Learning and Generative AI.

Baker McKenzie’s Sanctions Blog published the alert titled Singapore Sanctions Measures Come Into Force on 17 March 2022. Read the article via the link here. Please also visit our Sanctions Blog for the most recent updates.

Singapore authorities have introduced measures to combat SMS-phishing scams. These measures include the anti-SMS spoofing registry.

Baker McKenzie’s Sanctions Blog published the alert titled Singapore provides details of export control & financial sanctions on Russia on 6 March 2022. Read the article via the link here. Please also visit our Sanctions Blog for the most recent updates.

Baker McKenzie’s Sanctions Blog published the alert titled “Singapore will impose sanctions on Russia, including export controls and certain bank transactions” on 28 February 2022. Read the article via the link here. Please also visit our Sanctions Blog for the most recent updates.

Singapore authorities are looking to address the recent spate of SMS-phishing scams targeting digital bank users through a variety of measures. The multi-stake holder approach involves government entities with responsibilities for the financial, telecommunications and home affairs sectors, as well as industry groups such as the Association of Banks in Singapore.

The Personal Data Protection Commission recently released new guidance, including an update to the Guide to Data Protection Practices for ICT Systems, a Handbook on How to Guard Against Common Types of Data Breaches, and Checklists to Guard Against Common Types of Data Breaches.

On 25 May 2021, the Singapore High Court provided long-awaited clarifications on the scope of private actions under the Personal Data Protection Act 2012 (PDPA). It was held that in order to succeed in a private action under the PDPA, the claimant must suffer loss or damage that falls within the common law heads of loss or damage (such as pecuniary loss, damage to property, and personal injury including psychiatric illness) directly as a result of contravention of certain PDPA provisions.

On 1 February 2021, certain sections of the Personal Data Protection (Amendment) Act 2020 came into effect as part of a phased implementation.

We had previously summarised in our earlier client alerts the changes proposed during the public consultation (“Consultation Paper”) on the Personal Data Protection (Amendment) Bill (“Bill”), as well as the salient differences between the Consultation Paper and the Bill that was introduced and read in the Singapore Parliament on 5 October 2020. The Bill has since been passed by Parliament on 2 November 2020 (“Act”) and the accompanying guidelines issued in draft form by the Personal Data Protection Commission (PDPC) on 20 November 2020, which we have summarised in another client alert, has since been integrated into the other guidelines issued by the PDPC.

In this client alert, we will further elaborate on some provisions of the Act that came into effect on 1 February 2021.