On 1 March 2024, Singapore’s Ministry of Communications and Information introduced:[1] A examine might be launched to introduce new laws, the Digital Infrastructure Act (DIA), to strengthen the resilience and safety of Singapore’s key digital infrastructure and providers.
What does the present legislation cowl?
Why is a brand new DIA wanted?
Recent disruptions, together with a serious four-hour knowledge middle outage in October final 12 months, have led to widespread disruption of banking providers in Singapore. As these weren’t the results of a cyber-attack, the scope and influence of cybersecurity legislation in addressing this challenge would have been restricted. It was additionally famous that Singapore is a extremely digitalized financial system and society that depends closely on the resilience and safety of its digital infrastructure and providers. Against this evolving threat panorama and backdrop, Singapore is presently contemplating related measures deployed by different international locations, with DIA offering a variety of measures to be developed and adopted tailor-made to Singapore’s circumstances. It has been determined to kind a part of
What and who does DIA cowl?
Beyond cybersecurity dangers, DIA goals to deal with the broader digital resilience points confronted by digital infrastructure service suppliers. These vary from technical architectural misconfigurations to bodily hazards comparable to hearth, water leaks, and cooling system failures. The examine additionally identifies Singapore’s key digital infrastructure ecosystem gamers. Any disruption to those gamers may have systemic results on Singapore’s financial system and society. These might embody knowledge facilities and cloud providers that help the supply of digital providers and platforms extensively utilized in banking and funds, ride-hailing, and digital id.
What obligations does the DIA impose?
These obligations might embody primary resilience and safety requirements, in addition to incident reporting. However, Singapore is learning related frameworks adopted by different jurisdictions such because the EU, Germany and Australia, and can proceed to seek the advice of with business in growing proposals relating to these necessities, regulatory processes and steering. It’s a schedule.
If handed, the DIA could have a big influence not solely on the organizations immediately regulated below the DIA, but additionally on the broader ecosystem that depends on Singapore’s digital infrastructure, together with knowledge facilities and cloud suppliers that present services and products. will give. While the precise scope and scope of the DIA’s provisions and necessities isn’t but clear, firms ought to pay explicit consideration to digital resilience and contractual measures to guard in opposition to enterprise continuity dangers.
[1] https://www.mci.gov.sg/media-centre/press-releases/new-digital-infrastructor-act/
[2] https://sso.agc.gov.sg/Acts-Supp/9-2018/
[3] https://natlawreview.com/article/singapore-amend-cybersecurity-law