The Cybersecurity Bill establishes a legal framework for the prevention and management of cyber incidents in Singapore, with an emphasis on the proactive protection of Critical Information Infrastructure (CII) against cyber-attacks.


The Bill requires CII owners and operators to take responsibility for securing their systems and networks. This includes complying with policies and standards, conducting audits and risk assessments, and reporting cybersecurity incidents. CII owners and operators will also be required to participate in cybersecurity exercises to ensure their readiness in managing cyber incidents.


The Bill also facilitates the sharing of cybersecurity information with and by CSA. Recognising that cybersecurity breaches will happen despite our best efforts, the Bill empowers CSA and sector regulators to work closely with affected parties to expeditiously resolve cybersecurity incidents and recover from disruptions.


Several rounds of closed-door consultations were held with key stakeholders, including sector regulators, CII stakeholders and industry players during the drafting process. On 10 July 2017, the proposed Bill was released for public consultation for six weeks. 92 submissions were received. During this period, CSA participated in dialogues with industry organisations and cybersecurity professionals to address queries on the Bill.


Taking into account the feedback received, the Bill was further refined before it was introduced to Parliament on 8 January 2018. It was passed in Parliament on 5 February 2018.


You can access the Cybersecurity Bill on Singapore Statutes Online.