Singapore: Cyber Security Agency announced revision of mandatory cybersecurity requirements for routers

On 2 March 2026, the Cyber Security Agency of Singapore (CSA) announced a revision of the mandatory cybersecurity requirements for residential routers under the Cybersecurity Labelling Scheme (CLS), raising the requirement from Level 1 to Level 2. The policy applies to manufacturers of residential routers sold in Singapore. Under the revised requirements, routers must implement additional security measures, including secure communications, secure storage of sensitive data, and stronger authentication mechanisms, in addition to existing Level 1 measures such as unique default passwords, vulnerability management, and software updates. The update reflects efforts to address cybersecurity risks affecting home network devices.