Singapore: Cyber Security Agency adopted obligation for owners and auditors of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification

Cyber Security Agency adopted obligation for owners and auditors of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification

On 2 March 2026, the Cyber Security Agency (CSA) adopted a requirement for Critical Information Infrastructure Owners (CIIOs) and CII auditors to obtain the Cyber Trust Mark (CTM) Level 5 certification. The mandate aims to establish a consistent nat…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

infrastructure provider: internet and telecom services, ML and AI development, infrastructure provider: cloud computing, storage and databases, infrastructure provider: network hardware and equipment, infrastructure provider: other

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2026-03-02

adopted

On 2 March 2026, the Cyber Security Agency (CSA) adopted a requirement for Critical Information Inf…

2026-12-31

in force

On 31 December 2026, the window for compliance with the Cyber Security Agency (CSA) obligation dire…

2027-12-31

in force

On 31 December 2027, the window for compliance with the Cyber Security Agency (CSA) obligation dire…

Description

Cyber Security Agency adopted obligation for owners and auditors of critical information infrastructure to obtain Cyber Trust Mark Level 5 certification

Scope

Complete timeline of this policy change