Singapore: Health Information Bill (Bill No. 20/2025) including cybersecurity regulation was introduced to Parliament

On 5 November 2025, the Government of Singapore introduced the Health Information Bill (Bill No. 20/2025) in Parliament, establishing the Health Information Act 2025 to regulate cybersecurity measures in systems processing health information. The Bill sets up a framework setting out the conditions under which healthcare providers would have to contribute health data to a national electronic records system. It would mandate data and cybersecurity requirements ensuring the confidentiality, integrity, and availability of data, such as implementing technical and organisational safeguards, adopting incident management processes, and maintaining assessment and notification procedures for cybersecurity incidents and data breaches. Enforcement powers include ministerial directions, inspections, and sanctions, such as imprisonment and penalties of up to SGD 1 million.