Singapore

Singapore

Guidance on compliance with laws, regulations, and regulatory requirements in Singapore

Guidance on compliance with laws, regulations, and regulatory requirements in Singapore

Common Problems

Common Problems

Is Huawei Cloud available to individuals, enterprises, or institutions operating in Singapore?

Huawei Cloud has been launched in Singapore. Individuals, enterprises, and organizations can register local accounts on the Huawei Cloud International website and purchase cloud services. Applicable laws and regulatory requirements must be complied with during the use of cloud services.

What laws, regulations, and regulatory requirements on privacy protection require special attention in Singapore?

Singapore established Personal Data Protection Act (PDPA) on October 15, 2012, which went into effect on July 2, 2014. Singapore Personal Data Protection Commission is responsible for the supervision and implementation of this Act. PDPA generally regulates organizations' collection, use, and disclosure of personal data, safeguards individuals' rights to protect their personal data, and recognizes organizations' need to collect, use, and disclose personal data for legitimate purposes. HUAWEI CLOUD Compliance with Singapore PDPA describes the services provided by Huawei Cloud for Singapore PDPA compliance and how we will help you comply with PDPA requirements.

What laws, regulations, and regulatory requirements on cyber security require special attention in Singapore?

The Parliament of Singapore is the national institution of the Republic of Singapore organized according to the principle of separation of legislative, executive and judicial powers. It is responsible for enacting laws, performing oversight through scrutiny and questioning of government actions and policies, as well as reviewing the state's financial conditions.

The Cyber Security Agency of Singapore (CSA), established in 2015, is responsible for coordinating cybersecurity matters across government agencies, overseeing Singapore's cybersecurity policies and cybersecurity industry. CSA aims to safeguard Singapore's cyberspace, support national security, and promote the digital economy.

The Infocomm Media Development Authority (IMDA) is responsible for developing and regulating Singapore's infocommunications and media sectors, with the mission of fostering growth in the digital economy and media industry.

The Information Technology Standards Committee (ITSC) is responsible for developing standards where international or industry standards are lacking, and recommending the adoption of international standards as Singapore Standards. ITSC aims to establish and promote Singapore Standards to meet national infocommunications needs and innovation requirements.

 

To regulate the use of CII and consolidate and improve national cyber security, The Parliament of Singapore, the CSA, the IMDA, and the ITSC have released a series of cybersecurity regulations:

 

-       Cybersecurity ACT: Issued by the Singapore Parliament on 5 February 2018, and combined with the Cybersecurity (Amendment) Act issued on 5 July 2024 to form the latest cybersecurity legislation. The Act establishes the legal framework for national cybersecurity oversight and maintenance. The Act mandates or authorizes measures to prevent, manage, and respond to cybersecurity threats and incidents, while regulating owners of Critical Information Infrastructure, Systems of Temporary Cybersecurity Concern, Entities of Special Cybersecurity Interest, designated providers responsible for third-party-owned critical information infrastructure, Major Foundational Digital Infrastructure Service Providers, and related matters.

-       Computer Misuse Act: The Act was enacted by the Parliament of Singapore on August 30, 1993, and updated on February 8, 2024. It stipulates measures to protect computers from unauthorized access or modification, prevent the misuse of national digital identity services, and address related matters.

-       Cybersecurity Code of Practice for CII: issued by CSA on 4 July 2022, serves as a supporting guideline to the Cybersecurity Act. Developed by CSA, this technical standard and operational guide aims to provide specific cybersecurity requirements for Critical Information Infrastructure (CII) owners, including risk assessment, incident reporting, security audits, and defensive measures.

-       Incident Response Checklist: Issued by CSA on 11 April 2021, is structured around the IPDRR (Identify, Protect, Detect, Respond, Recover) framework developed by the U.S. National Institute of Standards and Technology (NIST), designed to guide organizations in preparing for, responding to, and recovering from cyber incidents.

-       Advisory Guideline on Resilience and Security of Data Centers: issued by IMDA on 25 February 2025, provides a framework for data center operators to establish a robust Business Continuity Management System (BCMS) aimed at minimizing service disruptions and ensuring high availability for customers. The guidelines include developing business continuity policies, establishing risk control processes, implementing continuous improvement mechanisms, and specifying protective measures against cybersecurity risks.

-       Advisory Guideline on Resilience and Security of Cloud Services: issued by IMDA on 25 February 2025, covers seven categories of measures to enhance cloud service security and resilience. The guidelines recommend measures for cloud service providers in areas including security testing, user access control, proper data governance, and disaster recovery planning.

-       TR 62: 2018 Guidelines for Cloud Outage Incident Response: issued by ITSC on 20 April 2018, reinforce Singapore's implementation requirements for business continuity management and disaster recovery planning by standardizing response procedures for cloud service outage incidents. They aim to improve transparency, trust and resilience of cloud service providers in the Smart Nation, focusing on cloud outages directly caused by infrastructure/system failures and environmental issues (such as floods and fires), while specifically excluding cybersecurity threats and malicious acts.

The Huawei Cloud white paper, Huawei Cloud User Guide to Cyber Security Regulations & Guidelines in Singapore, describes how Huawei Cloud can help you meet cybersecurity regulatory requirements in Singapore.

What are the applicable laws, regulations, and regulatory requirements for financial institutions using Huawei Cloud?

Financial regulators in Singapore include the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS). MAS is the central bank of Singapore and main regulatory body of the financial industry. It is responsible for the supervision and management of all financial industries in Singapore, including banking, insurance, and capital market intermediaries.


To standardize the use of the information technology in the financial industry, MAS and ABS have released a series of regulatory requirements, guidelines, and notices. These requirements address risk management, outsourcing management, and cloud computing implementation of financial institutions in Singapore. The related regulatory requirements and guidelines include:


• MAS Guidelines on Outsourcing(Bank)


• MAS Technology Risk Management Guidelines


• MAS Notice on Cyber Hygiene


• ABS Guidelines on Control Objectives and Procedures for Outsourced Service Providers


• ABS Cloud Computing Implementation Guide


• MAS Notice 658 Management of Outsourced Relevant Services for Banks


• MAS Notice 1121 Management of Outsourced Relevant Services for Merchant Banks

These requirements and guidelines cover the areas of board and senior management responsibility, risk assessment, assessment of service providers, outsourcing agreements, confidentiality and security, business continuity management, and monitoring, auditing and inspection of outsourcing arrangements.


HUAWEI CLOUD Compliance with Singapore Financial Services Regulations & Guidelines describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry in Singapore.

How are Huawei Cloud and I each responsible for security compliance?

Huawei Cloud is committed to providing you with secure infrastructure and services that meet compliance requirements. Each service has built-in security functions and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and service security provided by Huawei Cloud has been reviewed and approved by independent third-party authorities and has earned security certifications from numerous organizations.


When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.


In addition, your services need to meet the corresponding regulatory requirements. If you are under supervision of the MAS, you must submit proof of compliance with the outsourcing guidelines to the MAS.


You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.


For more security and compliance issues, contact us or your account manager.

What certifications has Huawei Cloud obtained in Singapore?

We have obtained the Singapore MTCS Level 3 certificate and the Outsourced Service Provider's Audit Report (OSPAR).


The Multi-Tier Cloud Security (MTCS) specification is a standard developed by the Singapore Information Technology Standards Committee. This standard requires cloud service providers (CSPs) to adopt sound risk management and security practices in cloud computing. We have earned MTSC level 3 certification, which has the most stringent requirements, for the Singapore region. This certifies that our technical security team and management processes in Singapore region are trustworthy and we can provide you with a secure, reliable, and stable cloud platform and services.


Outsourced Service Provider's Audit Report (OSPAR) is the audit framework required in the ABS Guidelines for Controlling the Objectives and Processes of Outsourcing Service Providers. Huawei Cloud has passed the OSPAR certification and is an outsourcing service provider that complies with ABS guidelines.

What other certifications can Huawei Cloud provide to help me comply with regulatory requirements of Singapore?

华为云致力于构建安全可信的云服务,并确保提供的基础设施和服务已通过独立第三方安全权威组织的测评以及安全认证机构的审核。


目前,华为云已通过了各种国际权威的认证和实践标准。以下列举部分:

• 安全相关:ISO 27001ISO 27017CSA STARPCI 3DSPCI DSSISO 27034以及NIST CSF 网络安全框架等;

• 隐私相关:ISO 27018ISO 27701BS 10012ISO 29151ISO 27799等;

• 除了以上认证,华为云还通过了国际公认的业务连续性管理体系标准ISO 22301、信息技术服务管理标准ISO/IEC 20000、全球通用的质量管理体系要求TL 9000 & ISO 9001SOC 1/2/3等认证。


您可以在合规中心的【合规认证全景图】查看华为云获取的更多认证(审计)。

Compliance Resources

Compliance Resources

Documents related to compliance with laws and regulations of Singapore. More documents are available fromResource Center.

Documents related to compliance with laws and regulations of Singapore. More documents are available fromResource Center.