In short
In a joint response to a public discussion board letter, the Financial Authority of Singapore (MAS) and the Cyber Safety Company of Singapore (CSA) introduced that they’re contemplating requiring distributors to acquire nationwide cybersecurity certifications, particularly the Cyber Necessities or Cyber Belief mark, earlier than they are often licensed or bid for presidency contracts involving entry to delicate knowledge or techniques.
This transfer follows a current knowledge breach involving a third-party vendor and underscores the rising regulatory give attention to third-party cybersecurity dangers.
The joint assertion by the MAS and CSA, printed on 21 April 2025, was issued in response to a discussion board letter in The Straits Instances that raised considerations about third-party cybersecurity vulnerabilities.
Of their response, the MAS and CSA acknowledged the significance of extending cybersecurity requirements past a corporation’s inside techniques to incorporate its third-party service suppliers. They reiterated that monetary establishments are already anticipated to implement stringent controls over distributors dealing with buyer knowledge and to usually assess the adequacy of those controls.
Extra considerably, the businesses revealed that they’re assessing the potential for making the CSA’s Cyber Necessities or Cyber Belief mark a compulsory requirement for distributors in search of to be licensed or to take part in authorities procurement processes involving delicate knowledge or techniques.
These marks are a part of Singapore’s nationwide cybersecurity certification framework:
- Cyber Necessities Mark: Designed primarily for small and medium enterprises (SMEs), this certification outlines baseline cybersecurity measures that organizations ought to implement to guard in opposition to frequent threats and improve digital resilience, in the important thing areas of cloud safety, operational know-how safety and AI safety.
- Cyber Belief Mark: Aimed toward organizations with extra intensive digitalized enterprise operations which can be prone to have greater danger ranges, this certification entails a extra complete evaluation of cybersecurity practices, governance and danger administration.
Attaining the Cyber Necessities or Cyber Belief mark demonstrates a corporation’s dedication to sturdy cybersecurity practices, enhancing its fame and belief amongst prospects.
The businesses additionally highlighted assist schemes to assist organizations meet these requirements. As an example, CSA’s Chief Info Safety Officer-as-a-Service program presents as much as 70% co-funding for eligible SMEs to implement cybersecurity measures aligned with the Cyber Necessities Mark.
The businesses emphasised that each one organizations, together with distributors, should take a proactive method to cybersecurity, particularly when entrusted with delicate knowledge or entry to essential techniques.
This initiative is a part of a broader effort by the CSA and sectoral regulators just like the MAS to boost cybersecurity requirements throughout the ecosystem.
If the MAS and CSA finally require distributors to acquire the Cyber Necessities or Cyber Belief mark as a situation for licensing or bidding for presidency contracts involving delicate knowledge, this is able to symbolize a major shift from voluntary to necessary certification.
Whereas there haven’t been any additional bulletins relating to implementation, companies ought to start assessing their readiness to acquire the related certifications.
Total, this announcement is in keeping with Singapore’s broader technique to strengthen digital belief and resilience. It additionally exhibits that provide chain cybersecurity is “high of thoughts” for regulators, and demonstrates their rising give attention to the cybersecurity posture of distributors and repair suppliers.
* * * * *
For additional data and to debate what this improvement would possibly imply for you, please get in contact together with your common Baker McKenzie contact.
© 2025 Baker & McKenzie. Wong & Leow. All rights reserved. Baker & McKenzie. Wong & Leow is integrated with restricted legal responsibility and is a member agency of Baker & McKenzie Worldwide, a worldwide legislation agency with member legislation corporations around the globe. In accordance with the frequent terminology utilized in skilled service organizations, reference to a “principal” means an individual who’s a associate, or equal, in such a legislation agency. Equally, reference to an “workplace” means an workplace of any such legislation agency. This will likely qualify as “Lawyer Promoting” requiring discover in some jurisdictions. Prior outcomes don’t assure the same consequence.
In short
In a joint response to a public discussion board letter, the Financial Authority of Singapore (MAS) and the Cyber Safety Company of Singapore (CSA) introduced that they’re contemplating requiring distributors to acquire nationwide cybersecurity certifications, particularly the Cyber Necessities or Cyber Belief mark, earlier than they are often licensed or bid for presidency contracts involving entry to delicate knowledge or techniques.
This transfer follows a current knowledge breach involving a third-party vendor and underscores the rising regulatory give attention to third-party cybersecurity dangers.
The joint assertion by the MAS and CSA, printed on 21 April 2025, was issued in response to a discussion board letter in The Straits Instances that raised considerations about third-party cybersecurity vulnerabilities.
Of their response, the MAS and CSA acknowledged the significance of extending cybersecurity requirements past a corporation’s inside techniques to incorporate its third-party service suppliers. They reiterated that monetary establishments are already anticipated to implement stringent controls over distributors dealing with buyer knowledge and to usually assess the adequacy of those controls.
Extra considerably, the businesses revealed that they’re assessing the potential for making the CSA’s Cyber Necessities or Cyber Belief mark a compulsory requirement for distributors in search of to be licensed or to take part in authorities procurement processes involving delicate knowledge or techniques.
These marks are a part of Singapore’s nationwide cybersecurity certification framework:
- Cyber Necessities Mark: Designed primarily for small and medium enterprises (SMEs), this certification outlines baseline cybersecurity measures that organizations ought to implement to guard in opposition to frequent threats and improve digital resilience, in the important thing areas of cloud safety, operational know-how safety and AI safety.
- Cyber Belief Mark: Aimed toward organizations with extra intensive digitalized enterprise operations which can be prone to have greater danger ranges, this certification entails a extra complete evaluation of cybersecurity practices, governance and danger administration.
Attaining the Cyber Necessities or Cyber Belief mark demonstrates a corporation’s dedication to sturdy cybersecurity practices, enhancing its fame and belief amongst prospects.
The businesses additionally highlighted assist schemes to assist organizations meet these requirements. As an example, CSA’s Chief Info Safety Officer-as-a-Service program presents as much as 70% co-funding for eligible SMEs to implement cybersecurity measures aligned with the Cyber Necessities Mark.
The businesses emphasised that each one organizations, together with distributors, should take a proactive method to cybersecurity, particularly when entrusted with delicate knowledge or entry to essential techniques.
This initiative is a part of a broader effort by the CSA and sectoral regulators just like the MAS to boost cybersecurity requirements throughout the ecosystem.
If the MAS and CSA finally require distributors to acquire the Cyber Necessities or Cyber Belief mark as a situation for licensing or bidding for presidency contracts involving delicate knowledge, this is able to symbolize a major shift from voluntary to necessary certification.
Whereas there haven’t been any additional bulletins relating to implementation, companies ought to start assessing their readiness to acquire the related certifications.
Total, this announcement is in keeping with Singapore’s broader technique to strengthen digital belief and resilience. It additionally exhibits that provide chain cybersecurity is “high of thoughts” for regulators, and demonstrates their rising give attention to the cybersecurity posture of distributors and repair suppliers.
* * * * *
For additional data and to debate what this improvement would possibly imply for you, please get in contact together with your common Baker McKenzie contact.
© 2025 Baker & McKenzie. Wong & Leow. All rights reserved. Baker & McKenzie. Wong & Leow is integrated with restricted legal responsibility and is a member agency of Baker & McKenzie Worldwide, a worldwide legislation agency with member legislation corporations around the globe. In accordance with the frequent terminology utilized in skilled service organizations, reference to a “principal” means an individual who’s a associate, or equal, in such a legislation agency. Equally, reference to an “workplace” means an workplace of any such legislation agency. This will likely qualify as “Lawyer Promoting” requiring discover in some jurisdictions. Prior outcomes don’t assure the same consequence.
