The Singapore Parliament has passed the Cybersecurity (Amendment) Bill (“Bill”) amending the Cybersecurity Act 2018 (“Act”). The Act, which formerly only regulated Critical Information Infrastructure (CII), has been expanded significantly to cover a wider range of entities. Reporting obligations have been expanded. Finally, the penalty regime has also been revised, and the Cybersecurity Agency of Singapore may now issue civil penalties in place of criminal penalties, with the maximum quantum of penalties significantly increased to up to 10% of the annual turnover of the entity in Singapore.

On 10 May 2024, the Health Sciences Authority issued an update on products found and reported by overseas regulators to contain potent ingredients prohibited in such products and which may lead to side effects.

The Health Sciences Authority (HSA) adopts different forensic classifications, with varying degrees of access controls, for therapeutic products in Singapore. In May 2024, the HSA issued an update on the reclassification of certain medicines, which would consequently affect the level of access controls that are required. Companies engaging in the distribution or sale of such reclassified medicines in Singapore should ensure that their distribution and sale processes account for the different levels of restrictions that would apply following this reclassification of medicines.

On 2 April 2024, the Cyber Security Agency of Singapore issued its closing note to the Public Consultation on the Cybersecurity (Amendment) Bill (“Bill”). The Public Consultation on the draft Bill was held from 15 December 2023 to 15 January 2024. The CSA First Reading of the Bill took place on 3 April 2024. The Second Reading of the Bill is slated to take place on 7 May 2024.

On 28 March 2024, the Health Sciences Authority released updates to the registration of therapeutic products as part of its continued efforts to improve regulatory efficiency and enhance clarity in the regulatory requirements and processes.

On 8 April 2024, the Health Sciences Authority issued an update on products found and reported by overseas regulators to contain potent ingredients that are prohibited and may lead to side effects.

From governments to private investors, big pharma to biotechs, organizations inside and outside the region are reimagining healthcare and life sciences to improve access, outcomes and affordability. This requires capital investment, collaboration and change at levels rarely seen before. In our digital campaign, we explore this dynamic through two main themes and identify six key market opportunities.

The Personal Data Protection Commission (PDPC) has issued the finalized Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems (“Guidelines”). These Guidelines provide guidance on the use of personal data during three stages of AI system implementation: development, deployment (business-to-consumers) and procurement (business-to-business). In particular, the Guidelines clarify and elaborate on the application of the Consent Obligation and Notification Obligation, and their exceptions, under the Personal Data Protection Act (PDPA) to the use of personal data in AI systems.

The Competition and Consumer Commission of Singapore commenced an investigation under the Consumer Protection (Fair Trading) Act 2003 (CPFTA) against a water filtration system supplier (“Supplier”) for unfair practices between September 2021 and November 2023.
The Supplier was found to be making false claims about its sales kit, misleading promotion listings, and misleading claims on the health benefits of alkaline or filtered water, from its website and social media pages.

The Ministry of Communications and Information has announced that the inter-agency Taskforce on the Resilience and Security of Digital Infrastructure and Services is studying the introduction of a Digital Infrastructure Act (DIA). The DIA builds on the Cybersecurity Act and aims to enhance the resilience and security of the digital infrastructure in Singapore. The scope of the DIA goes beyond cybersecurity and touches on other risks that may affect resilience.