Singapore and Germany Sign Mutual Recognition Arrangement on Cybersecurity Labels for Consumer Smart Products

Published on 20 Oct 2022



The Cyber Security Agency of Singapore (CSA) and Germany’s Federal Office for Information Security (BSI) will sign a Mutual Recognition Arrangement (MRA) on the cybersecurity labels to be issued by both countries today.

2. CSA’s Cybersecurity Labelling Scheme (CLS) is the first multi-level labelling scheme in the Asia Pacific region.  Under the scheme, smart devices will be rated according to their levels of cybersecurity provisions, from Level 1 to Level 4. Under the MRA, smart consumer products issued with Germany’s IT Security Label and Singapore’s Cybersecurity Label will be mutually recognised in either country. Products issued with BSI’s label will be recognised by CSA to have fulfilled CLS Level 2 requirements, while products with CLS Levels 2 and above will be recognised by BSI.

3. The mutual recognition of cybersecurity labels will apply to devices intended for use by consumers such as smart cameras, smart televisions, smart speakers, smart toys, smart garden and household robots, gateways and hubs for home automation, health trackers, smart lighting, smart plug (smart power socket) and smart thermostats.

4. For a start, the MRA will not cover some products such as Smart Door Locks, Fire/Gas/Water detectors1, and general computing devices such as computers, smartphones or tablets, which are designed to run any applications without a predefined purpose. CSA and BSI will progressively work towards recognising more product categories under the scope of the MRA.

5. Germany is the second country after Finland to formalise the mutual recognition of national cybersecurity labels with Singapore. At SICW 2021, CSA signed its first Memorandum Of Understanding (MOU) with the Transport and Communications Agency of Finland (Traficom). Consumer IoT products with Finland's Cybersecurity Label will be recognised as having met CLS Level 3 requirements, and vice versa2.

6. Manufacturers of smart consumer devices will benefit from these agreements as they save costs and time on duplicated testing and gain improved access to new markets. Companies that have benefited from the Singapore-Finland’s MOU include Signify, Polar and ASUS.  The first CLS Level 3 labels under the MoU were awarded to eight products from Signify's smart lighting system and Polar Electro's multi-sport watches3. The first Traficom's cybersecurity labels under the MoU were awarded to seven products from ASUS’s Wi-Fi 6 routers4.

7. As of October 2022, more than 200 products – ranging from routers to smart lighting to smart cameras – have been awarded the CLS label.

1 The list of product types is not exhaustive
2 Both CSA's and Traficom's labels are based on the same standard, ETSI EN 303 645.
3 The products from Signify and Polar Electro are Philips Hue Starter kit and Hue Bridge, and Polar Grit X, Polar Grit X pro, Polar Vantage V2, Polar Vantage M2, Polar Ignite 2 and Polar Unite
4 The products from ASUS are RT-AX88U, GT-AX11000, RT-AX82U, TUF-AX5400, TUF-AX3000, RT-AX58U and ZenWiFI XD6




About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions, and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit


About the Federal Office for Information Security (BSI)

The BSI, formed in 1991 as part of the Federal Ministry of the Interior, is the federal cyber security agency and the chief architect of secure digitalisation in Germany. Its objective is the secure use of information and communication technology in government, economy and civil society as well as the protection of critical infrastructure in particular. The IT-Security Labels is one of many means to improve IT security awareness within the German society. BSI meets the global challenge of information security by actively participating in international bodies and targeting bilateral and multilateral cooperations with other countries. For more information, please visit





Report a Cybersecurity Incident

SingCERT encourages the reporting of cybersecurity incidents as it enables us to better understand the scope and nature of cyber incidents in Singapore. This will enable us to issue alerts or advisories on relevant threats, and assist a broader range of individuals and organisations.
Report Incident