Singapore: Info-Communications Media Development Authority adopted Personal Data Protection (Amendment) Regulations 2026

On 26 February 2026, the Info-Communications Media Development Authority adopted the Personal Data Protection (Amendment) Regulations 2026. The Amendment modifies the Personal Data Protection Regulations 2021, specifically regulation 12(2), to expand the scope of recognised certifications that satisfy the requirement for legally enforceable obligations when transferring personal data outside Singapore. The 2026 amendment adds the Global Privacy Recognition for Processors System and the Global Cross-Border Privacy Rules System to the list of recognised certifications. Specifically, for recipients acting as data intermediaries, the list now includes the Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processors System, the APEC Cross-Border Privacy Rules System, the Global Privacy Recognition for Processors System, and the Global Cross-Border Privacy Rules System. For other recipients, the recognised certifications are the APEC Cross-Border Privacy Rules System, with the new addition of the Global Cross-Border Privacy Rules System. The aim of the policy is to facilitate secure international data flows by aligning local requirements with global privacy frameworks. The Regulations entered into force on 2 March 2026.