In a recent article, The Cybersecurity of Gen-AI and LLMs: Current Issues and Concerns, the Cyber Security Agency of Singapore provides helpful commentary on the security and privacy challenges associated with generative artificial intelligence and large language models. The article outlines issues such as accidental data leaks, vulnerabilities in AI-generated code and potential misuse of AI by malicious actors, before providing recommendations on the steps that technology companies can take to address these concerns.

The Cyber Security Agency (CSA) has just released Guidelines on Securing AI Systems (“Guidelines”) and a Companion Guide on Securing AI Systems (“Companion Guide”).
The Guidelines advocate for a “secure by design” and “secure by default” approach, addressing both existing cybersecurity threats and emerging risks, such as adversarial machine learning. The aim is to provide system owners with principles for raising awareness and implementing security controls throughout the AI lifecycle.
The Companion Guide is an open-collaboration resource, and while not mandatory, it offers guidance on useful measures and controls informed by industry best practices, academic insights and resources such as the MITRE ATLAS database and OWASP Top 10 for Machine Learning and Generative AI.

The Singapore Parliament has passed the Cybersecurity (Amendment) Bill (“Bill”) amending the Cybersecurity Act 2018 (“Act”). The Act, which formerly only regulated Critical Information Infrastructure (CII), has been expanded significantly to cover a wider range of entities. Reporting obligations have been expanded. Finally, the penalty regime has also been revised, and the Cybersecurity Agency of Singapore may now issue civil penalties in place of criminal penalties, with the maximum quantum of penalties significantly increased to up to 10% of the annual turnover of the entity in Singapore.

On 2 April 2024, the Cyber Security Agency of Singapore issued its closing note to the Public Consultation on the Cybersecurity (Amendment) Bill (“Bill”). The Public Consultation on the draft Bill was held from 15 December 2023 to 15 January 2024. The CSA First Reading of the Bill took place on 3 April 2024. The Second Reading of the Bill is slated to take place on 7 May 2024.

The Ministry of Sustainability and the Environment (MSE) and the National Environmental Agency (NEA) set out the Eligibility Criteria under the International Carbon Credit Framework as part of Singapore’s efforts to achieve net-zero emissions by 2050.

The Monetary Singapore Authority of Singapore (MAS) and Infocomm Media Authority (IMDA) published a joint consultation paper, which sets out a Shared Responsibility Framework (SRF) allocating losses arising from scams among financial institutions (FIs), telecommunication operators (telcos) and consumers.
Under the proposed SRF, FIs and telcos will have to fulfill their respective anti-scam duties. Failure to do so may result in the FIs and telcos making payouts to scam victims for certain types of phishing scams.

The Intellectual Property Office of Singapore and the Accounting and Corporate Regulatory Authority have unveiled the Intangibles Disclosure Framework, a new framework to disclose and communicate the value of intangible assets, as part of the Singapore IP Strategy 2030.

On 31 July 2023, the Smart Nation and Digital Government Office published the fourth annual update on the government’s personal data protection efforts, detailing the government’s measures to strengthen the public sector data security regime between 1 April 2022 and 31 March 2023.

In conjunction with the presidential election on 1 September 2023, the Elections Department (ELD) has updated its “Advisory Guidelines on the Application of the Personal Data Protection Act to Election Activities” on 28 July 2023.
Separately, on 31 July 2023, the ELD issued an advisory to candidates and political parties on potential cyberthreats and the corresponding preventive measures.

On 18 July 2023, the PDPC issued two public consultation papers, seeking views on: (a) the proposed clarifications on how the PDPA applies to the collection and use of personal data to develop and deploy artificial intelligence (AI) systems that embed machine learning models used to make decisions, recommendations or predictions; and (b) the proposed Advisory Guidelines on the PDPA for children’s personal data, covering issues such as obtaining children’s consent, using children’s personal data and according higher standards of protection to children’s personal data.