
Knowledge Highlights 8 September 2025
Pursuant to the Cybersecurity Act 2018 (Commencement) Notification 2022, Part 5 of and the Second Schedule to the Cybersecurity Act 2018 (“Act”) became operative from 11 April 2022 to establish a licensing framework for cybersecurity service providers (“CSPs”). The Cybersecurity (Cybersecurity Service Providers) Regulations 2022 and the Cybersecurity (Composition of Offences) Regulations 2022 also became operative from 11 April 2022.
On 11 April 2022, the Cyber Security Agency of Singapore (“CSA”) set up the Cybersecurity Services Regulation Office (“CSRO”) to administer the licensing framework and facilitate liaisons with the industry and wider public on all licensing-related matters.
CSA has issued a press release on its website www.csa.gov.sg about the new licensing framework for cybersecurity service providers and the CSRO.
Key features
Set out below are the key features of the licensing framework for CSPs:
Further information about the licensing framework, including prescribed forms, guides and Frequently Asked Questions (FAQs) are available on the CSRO website csro.gov.sg.
Background
While most of the provisions of the Act came into force on 31 August 2018, the operational date for the licensing framework under Part 5 of the Act was deferred to allow for further study and consultation to enhance its practicability for CSPs. For further information, please refer to our article titled “Cybersecurity Act 2018 operative from 31 August 2018 to protect critical information infrastructure against cybersecurity threats”.
From 20 September 2021 to 18 October 2021, CSA conducted a public consultation to seek feedback on the proposed licence conditions and draft subsidiary legislation in relation to the licensing framework for CSPs. The public consultation was covered in our article titled “CSA consults on licensing framework for cybersecurity service providers under Cybersecurity Act: Proposed licence conditions and regulations”. More details on the feedback received and the resulting key revisions made to the licensing framework can be found in the industry consultation closing note.