Singapore: Cybersecurity (Systems of Temporary Cybersecurity Concern) Regulations entered into force

On 31 October 2025, the Cybersecurity (Systems of Temporary Cybersecurity Concern) Regulations 2025 entered into force. The Regulations establish requirements for issuing notices to obtain information under section 17A(2)to determine whether a computer or computer system meets the criteria of a system of temporary cybersecurity concern. The Regulations set obligations for owners of such systems to provide detailed information under section 17D(1), including information on system design, configuration, components, physical and virtual locations of computing resources, interconnected systems, data processed, responsible cybersecurity contacts, and outsourced service providers. The Regulations also mandate reporting of prescribed cybersecurity incidents under section 17F(1). Prescribed incidents include unauthorised access, malicious code installation, unauthorised interception of communications, and denial-of-service attacks. The Regulations set deadlines for reporting. An initial incident notification must be submitted within 2 hours of awareness. A supplementary report is required within 72 hours, and a final report within 30 days. All reports must use the prescribed forms available on the Cyber Security Agency of Singapore’s website.