Digital Policy Alert logo

Singapore: Cyber Trust Mark requirements in critical information infrastructure and cybersecurity industries

Progress

Current status
adopted
31 Dec 2027 in force
31 Dec 2026 in force
02 Mar 2026 adopted

Scope

Implementers
Singapore
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: internet and telecom services
ML and AI development
infrastructure provider: cloud computing, storage and databases
infrastructure provider: network hardware and equipment
infrastructure provider: other
Government Branch
executive
Government Body
other regulatory body
Implementation Level
national

Timeline of events

31 Dec 2027
in force

Obligation for owners of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification enters into force

On 31 December 2027, the window for compliance with the Cyber Security Agency (CSA) obligation directing Critical Information Infrastructure Owners (CIIOs) to have obtained the Cyber Trust Mark (CTM) Level 5 certification for non-CII systems ends. T…

Source
Event type order
Action type implementation
Government branch executive
Government body other regulatory body
31 Dec 2026
in force

Obligation for auditors of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification enters into force

On 31 December 2026, the window for compliance with the Cyber Security Agency (CSA) obligation directing Critical Information Infrastructure Auditors to have obtained the Cyber Trust Mark (CTM) Level 5 certification ends. This mandate, announced dur…

Source
Event type order
Action type implementation
Government branch executive
Government body other regulatory body
02 Mar 2026
adopted

Cyber Security Agency adopted obligation for owners and auditors of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification

On 2 March 2026, the Cyber Security Agency (CSA) adopted a requirement for Critical Information Infrastructure Owners (CIIOs) and CII auditors to obtain the Cyber Trust Mark (CTM) Level 5 certification. The mandate aims to establish a consistent nat…

Source
Event type order
Action type adoption
Government branch executive
Government body other regulatory body