Singapore: Obligation for owners of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification enters into force

Obligation for owners of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification enters into force

On 31 December 2027, the window for compliance with the Cyber Security Agency (CSA) obligation directing Critical Information Infrastructure Owners (CIIOs) to have obtained the Cyber Trust Mark (CTM) Level 5 certification for non-CII systems ends. T…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

infrastructure provider: internet and telecom services, ML and AI development, infrastructure provider: cloud computing, storage and databases, infrastructure provider: network hardware and equipment, infrastructure provider: other

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2026-03-02

adopted

On 2 March 2026, the Cyber Security Agency (CSA) adopted a requirement for Critical Information Inf…

2026-12-31

in force

On 31 December 2026, the window for compliance with the Cyber Security Agency (CSA) obligation dire…

2027-12-31

in force

On 31 December 2027, the window for compliance with the Cyber Security Agency (CSA) obligation dire…

Description

Obligation for owners of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification enters into force

Scope

Complete timeline of this policy change