Singapore: Personal Data Protection (Amendment) Regulations 2026 entered into force

On 2 March 2026, the Personal Data Protection (Amendment) Regulations 2026 entered into force. The Amendment modifies the Personal Data Protection Regulations 2021, specifically regulation 12(2), to expand the scope of recognised certifications that satisfy the requirement for legally enforceable obligations when transferring personal data outside Singapore. The 2026 amendment adds the Global Privacy Recognition for Processors System and the Global Cross-Border Privacy Rules System to the list of recognised certifications. Specifically, for recipients acting as data intermediaries, the list now includes the Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processors System, the APEC Cross-Border Privacy Rules System, the Global Privacy Recognition for Processors System, and the Global Cross-Border Privacy Rules System. For other recipients, the recognised certifications are the APEC Cross-Border Privacy Rules System, with the new addition of the Global Cross-Border Privacy Rules System. These regulations were made on 26 February 2026 and published in the Subsidiary Legislation Supplement on 27 February 2026. The aim of the policy is to facilitate secure international data flows by aligning local requirements with global privacy frameworks.