Vendors who provide two types of cybersecurity services in Singapore must now apply for a licence to continue doing so.
According to reports, they have up to 6 months to do so, or they will have to stop providing such services if they don’t want to risk a jail sentence or a fine.
Companies that provide penetration testing and managed security operations centre (SOC) monitoring services, in particular, will need a licence to operate in Singapore.
According to the Cyber Security Authority (CSA) Singapore, these include organisations and individuals directly involved in such services, third-party vendors who support these companies, and resellers of licensable cybersecurity services.
The licence structure, which goes into effect on April 11, is based on the country’s Cybersecurity Act and aims to better protect consumers’ interests, according to the industry regulator.
It also helped to raise the standards and reputation of service providers over time.
The two service categories were chosen as a starting point for the licensing regime, according to the CSA, because suppliers of these services have extensive access to their customers’ ICT systems and sensitive data.
Because these services were widely available and utilised, the authorities warned that they had the potential to have a major impact on the overall cybersecurity picture.
Existing vendors who provide any or both of the service categories have until October 11 this year to apply for a licence. Those who do not do so in a timely manner will be forced to stop offering the service until a licence is secured.
However, service providers who applied for a licence within six months of the deadline would be allowed to continue providing the licensable service until the application was approved.
After October 11 anyone who provides licensable services without a licence faces a fine of up to SG$50,000 or a prison sentence of up to two years or both.
Individuals will be charged SG$500 for their licence, while enterprises will be charged SG$1,000. Each licence would have a two-year validity period.
For applications received within the first year, before April 11, 2023, the CSA announced there would be a one-time fee waiver of 50%.
To oversee the licensing system and facilitate communications between the industry and the general public on all licensing-related topics, the Cybersecurity Services Regulation Office was established.
Its tasks include enforcing and maintaining licensing processes, as well as offering public resources on licensable cybersecurity services, such as a list of licensees.
Cybersecurity is a very sensitive matter and many nations have introduced different measures to manage cyberspace. Recently, India’s Minister of State for Electronics and IT, Rajeev Chandrasekhar said the Digital India Act, which will be a new policy for the country’s digital ecosystem and cyberspace, will be unveiled soon by the government.
He said that cyberspace is currently governed by the IT Act, a 22-year-old piece of legislation and that a more modern Act was needed.
Read all the Latest News , Breaking News and IPL 2022 Live Updates here.