Reed Smith Client Alert

Singapore’s first ever standalone Cybersecurity Act 2018 (Act) commenced on August 31, 2018, except for the provisions on cybersecurity service providers.

The Cybersecurity (Critical Information Infrastructure) Regulations 2018 and the Cybersecurity (Confidential Treatment of Information) Regulations 2018 also came into effect on the same day.

Authors: Charmian Aw

Who in the maritime sector will be covered by the Act?

Singapore is a major international maritime hub that handles more than 130,000 vessels and 30 million containers each year. Hence, the maritime sector has been identified as a critical information infrastructure (CII) sector under the Act. CII refers to any computer or computer system located wholly or partly in Singapore that is designated as necessary for the continuous delivery of an essential service, which includes the following maritime services:

  • Monitoring and management of shipping traffic
  • Container terminal operations
  • General and bulk cargo terminal operations
  • Cruise and ferry passenger terminal operations
  • Pilotage, towage and water supply
  • Bunker supply
  • Salvage operations
  • Passenger ferry operations

Owners of CII that are designated by the Commissioner of Cybersecurity (Commissioner) need to comply with the Act.