Insights

The Cyber Security Agency of Singapore (CSA) is currently in the process of introducing the first ever amendments to its Cybersecurity Act (CS Act) 2018 via the Cybersecurity (Amendment) Bill.  Through these Amendments, CSA is looking to account for advancements in Singapore’s technology and business landscape since 2018.  It is also hoping to holistically enhance the cybersecurity of not only the country’s critical information infrastructure (CII) but also other digital infrastructure important for Singapore’s economy.

C&M International’s Asia-based digital policy team joined an industry delegation last week at a key gathering to discuss Southeast Asia’s future digital economy. Singapore hosted the 4thASEAN Digital Ministers’ Meeting (ADGMIN) from 30 January to 02 February, 2024 under the theme “Building an Inclusive and Trusted Digital Ecosystem”. Josephine Teo, Singapore’s Minister for Communications and Information, chaired the meeting alongside her counterpart from Thailand, Prasert Jantararuangtong, Minister of Digital Economy and Society as the Vice Chair.

On January 29, 2024, the Department of Commerce released a proposed rule:  Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities, which solicits comments regarding a proposed  new set of regulations that would introduce significant new requirements for U.S.-based Infrastructure as a Service (IaaS) providers.  The proposed rule implements requirements from the January 2021 Executive Order Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities and part of the October 2023 Executive Order Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.  If Commerce implements the regulations as proposed, IaaS providers would be required to create a Customer Identification Program (CIP), ensure any foreign resellers maintain a CIP, track all customer identities, verify the identities of foreign customers, and report certain transactions implicating large AI models that could be used for malicious cyber-enabled activities.  The Department is soliciting comments on all aspects of the proposed rule by April 29, 2024.

Across the Asia-Pacific (APAC), the past year has brought defining developments for privacy and cybersecurity regulations in the region. A number of countries have implemented new or updated existing policy instruments—a testament to the growing relevance of a strong privacy and cybersecurity framework in the face of rapid global digital transformation. Topline 2023 changes and actions across APAC have included Vietnam’s Decree on Personal Data Protection; Bangladesh’s Cyber Security Act and draft Data Protection Act; amendments to Taiwan’s Cyber Security Management Act; and Indonesia’s Presidential Regulation Number 47 of 2023 on Cyber Crisis Management and National Cyber Security Strategy.

Since the November 2022 release of ChatGPT, generative AI has been a regulatory accelerator for governance of AI writ large. Individuals, organizations, industries, and governments across the world have grappled with the implications of AI, including how it is and could be regulated using existing and new legal frameworks. For example, since our December 2023 update: