Skip to main content
Best News Website or Mobile Service
WAN-IFRA Digital Media Awards Worldwide
Best News Website or Mobile Service
Digital Media Awards Worldwide
Hamburger Menu




Singapore begins licensing cybersecurity service providers

Singapore begins licensing cybersecurity service providers

A person using a laptop. (File photo: AFP)

SINGAPORE: Singapore launched a new licensing framework for cybersecurity service providers on Monday (Apr 11), giving existing vendors six months to apply for a licence or cease providing such services.

The licensing framework aims to provide greater assurance of security and safety to consumers, said the Cybersecurity Agency of Singapore (CSA) in a press release on Monday.

It also aims to improve the standard of cybersecurity service providers and address the information asymmetry between consumers and service providers.

For a start, CSA will license two types of cybersecurity service providers - those providing penetration testing and managed security operations centre monitoring services. 

These two services were prioritised because vendors performing such services can have significant access into their clients’ computer systems and sensitive information, said the agency. 

In the event the access is abused, the client’s operations could be disrupted. 

"In addition, these services are already widely available and adopted in the market, and hence have the potential to cause significant impact on the overall cybersecurity landscape," said CSA.

Existing cybersecurity service providers will be given six months to apply for a licence. Those who do not apply for a licence by Oct 11 will have to cease the provision of licensable cybersecurity services.

However, once the application is made, the vendor may continue to provide its service until a decision on their licence application has been made, said CSA.

Anyone found guilty of engaging in the business of providing any licensable cybersecurity services to another person without a licence faces up to two year’s jail, a maximum fine of S$50,000, or both. 

Each licence is valid for two years, and costs S$500 for individuals and S$1,000 for businesses. 

A one-time 50 per cent waiver of the licence fees will be granted for all applications lodged before Apr 11, 2023.

The launch of the licensing framework comes after a four-week consultation process that ended in October last year. Industry feedback was sought on the proposed licence conditions and draft subsidiary legislation.

In all, 29 responses were received from both local and foreign industry players, as well as industry associations and members of the public.

The feedback was considered and taken into account when finalising the licensing framework, said CSA. 

"Overall, respondents were generally supportive of the licensing framework ... Nonetheless, there were some respondents who expressed concerns of licensing stifling innovation or creating a regulatory burden on licensees," said CSA.

The agency has also set up a Cybersecurity Services Regulation Office (CSRO) to administer the licensing framework and facilitate liaisons with the industry and wider public on all licensing-related matters. 

The CSRO will enforce the licensing framework and respond to queries and feedback from licencees and businesses. 

It will also develop and share resources on licensable cybersecurity services with consumers. More information on the licensing framework and CSRO are available on their website

Source: CNA/yb


Also worth reading