Companies providing cybersecurity services (“CSPs“) in Singapore will now have to obtain a licence for the provision of such services by 11 October 2022.

The licensing framework took effect from 11 April 2022.

The licensing framework is part of the Cybersecurity Act and aims to better safeguard customer interests as well as improve service provider standards. This framework is a continuation of the Singapore Government’s focus on cyber resilience and hardening of IT infrastructure, particularly in light of the recent rise in cyberattacks.

Overview of the licensing requirements

Any person engaging in the provision of licensable cybersecurity services without a licence after 11 October 2022 shall be liable on conviction to a fine not exceeding SGD 50,000 and/or to imprisonment for a term not exceeding 2 years.

Failure of a licensed CSP to comply with the licensing conditions may result in revocation or suspension of their licence, and/or a financial penalty of SGD 10,000 per contravention (not exceeding in the aggregate SGD 50,000).