Singapore: Obligation for auditors of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification enters into force

Obligation for auditors of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification enters into force

On 31 December 2026, the window for compliance with the Cyber Security Agency (CSA) obligation directing Critical Information Infrastructure Auditors to have obtained the Cyber Trust Mark (CTM) Level 5 certification ends. This mandate, announced dur…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

infrastructure provider: internet and telecom services, ML and AI development, infrastructure provider: cloud computing, storage and databases, infrastructure provider: network hardware and equipment, infrastructure provider: other

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2026-03-02

adopted

On 2 March 2026, the Cyber Security Agency (CSA) adopted a requirement for Critical Information Inf…

2026-12-31

in force

On 31 December 2026, the window for compliance with the Cyber Security Agency (CSA) obligation dire…

2027-12-31

in force

On 31 December 2027, the window for compliance with the Cyber Security Agency (CSA) obligation dire…

Description

Obligation for auditors of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification enters into force

Scope

Complete timeline of this policy change