The Carbon Capture, Utilization and Storage Bill 2025 has been passed by the Dewan Negara and is, at the time of issuance of this client alert, pending Royal Assent. Once the Royal Assent has been provided, the Carbon Capture, Utilization and Storage Act 2025 will be enacted (CCUSA). The CCUSA establishes a robust legal and regulatory framework for CCUS cycle from carbon dioxide capture, transportation, utilization, and storage.
The proposed notification thresholds remain essentially unchanged from those released by Treasury in October 2024. The draft forms include short form and long form versions, with the short form version intended to provide a simplified process for acquisitions that are unlikely to raise competition concerns. However, in draft guidance, the ACCC has indicated it will set the bar quite low for when a long form notification is required.
The Infocomm Media Development Authority of Singapore (IMDA) is launching two initiatives, the generative AI (GenAI) Playbook and the GenAI Navigator, to make artificial intelligence (AI) more accessible to Singapore businesses and to increase its adoption locally.
On 21 February 2025, the Ministry of Labor released the revised “Guidelines for Preventing Illegal Harm While Performing Duties (4th Edition).” The revised guidelines emphasize the establishment of an investigation team within three days for suspected illegal harm incidents, with specific team compositions based on organization size. The scope has been expanded to include personnel supervised by workplace managers, applying the same guidelines as for employees. The 4th edition also specifies potential workplace harm behaviors, including violence, bullying, sexual harassment, and discrimination, with examples of workplace bullying such as unrealistic work goals and excessive or trivial task assignments.
The Malaysian Personal Data Protection Department recently published three public consultation papers to gather feedback on proposed guidelines on (i) data protection impact assessments, (ii) data protection by design and (iii) automated decision-making and profiling. The guidelines are part of a set of seven guidelines that are being (and have been) developed to complement the Personal Data Protection Act 2010 (PDPA), as announced by Digital Minister Gobind Singh Deo in January last year.
On 19 March 2025, Hong Kong’s Legislative Council enacted the Protection of Critical Infrastructures (Computer Systems) Bill, which was gazetted as the Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653) on 28 March 2025. The Ordinance, which is set to take effect on 1 January 2026, aims to enhance cybersecurity standards in relation to the providers of essential services in eight sectors deemed crucial to the normal functioning of the society, namely energy, information technology, banking and financial services, air transport, land transport, maritime transport, healthcare services, and telecommunications and broadcasting services, as well as critical societal or economic activities (such as those managing major sports and performance venues, as well as research and development parks) in Hong Kong.
On 11 March 2025, the Insurance Commission (IC) and the National Privacy Commission (NPC) issued Joint Advisory No. 2025-001 (“Joint Advisory”), or Considerations on the Use of Privacy Enhancing Technologies (PETs) in the Insurance Industry.
The Joint Advisory values the adoption of PETs in the insurance industry, which may supplement existing privacy-preserving practices to mitigate data privacy risks and ensure protection of personal data processed by personal information controllers (PICs) and personal information processors (PIPs).
The Infocomm Media Development Authority (IMDA) has released a new set of advisory guidelines (Advisory Guidelines) aimed at enhancing the resilience and security of cloud services and data centers in Singapore. These Advisory Guidelines are part of Singapore’s broader digital infrastructure strategy and reflect growing emphasis on the systemic importance of digital services and infrastructure to both the economy and daily life.
On 19 February 2025, the Securities and Futures Commission (SFC) issued a regulatory roadmap for Hong Kong’s virtual asset market. Entitled “‘A-S-P-I-Re’ Roadmap for a Resilient Virtual Asset Ecosystem”, it sets out a five-pillar framework (Access, Safeguards, Products, Infrastructure, and Relationships) that is intended to serve as a strategic action plan for addressing emerging new priorities in the virtual asset space (e.g., managing liquidity fragmentation and ensuring investor protection across decentralized and centralized platforms) and, in the SFC’s words, “future-proof[ing] Hong Kong’s VA ecosystem”.
ASIC has released a draft regulatory guide alongside a consultation paper intended to help providers of Buy Now Pay Later services understand the modified responsible lending obligations and requirements.