Singapore: Cyber Security Authority (CSA) opened public consultation on updated licensing framework for cybersecurity service providers

On 22 September 2025, the Cyber Security Agency of Singapore (CSA) opened a public consultation on proposed updates to the Licensing Framework for Cybersecurity Service Providers until 21 October 2025. The proposal would introduce mandatory Cyber Trust Mark (CTM) certification for licensed cybersecurity service providers, extend licence validity from 2 years to 5 years, and simplify notification obligations for licensees. The proposal would also recognise ISO/IEC 27001 as an equivalent certification to CTM and initially proposes requiring Data Protection Trustmark certification for certain licensed services. The consultation seeks feedback from industry stakeholders before CSA finalises the revised licensing conditions.