§ 5 — Duties and functions of Commissioner

5.—(1) The Commissioner has the following duties and functions:(a)

to oversee and promote the cybersecurity of computers and computer systems in Singapore;

(b)

to advise the Government or any other public authority on national needs and policies in respect of cybersecurity matters generally;

(c)

to monitor cybersecurity threats, whether such cybersecurity threats occur in or outside Singapore;

(d)

to respond to cybersecurity incidents that threaten the national security, defence, economy, foreign relations, public health, public order or public safety, or any essential services, of Singapore, whether such cybersecurity incidents occur in or outside Singapore;

(e)

to identify and designate provider‑owned critical information infrastructure or systems of temporary cybersecurity concern, and to regulate owners of provider‑owned critical information infrastructure or systems of temporary cybersecurity concern with regard to the cybersecurity of the provider‑owned critical information infrastructure or systems of temporary cybersecurity concern;[Act 19 of 2024 wef 31/10/2025]

(ea)

to identify and designate designated providers responsible for third‑party‑owned critical information infrastructure, entities of special cybersecurity interest or major foundational digital infrastructure service providers, and to regulate those providers or entities with regard to the cybersecurity of the third‑party‑owned critical information infrastructure, system of special cybersecurity interest or major foundational digital infrastructure;[Act 19 of 2024 wef 31/10/2025]

(f)

to establish cybersecurity codes of practice and standards of performance for implementation by owners of provider‑owned critical information infrastructure or systems of temporary cybersecurity concern, or by designated providers responsible for third‑party‑owned critical information infrastructure, entities of special cybersecurity interest or major foundational digital infrastructure service providers;[Act 19 of 2024 wef 31/10/2025]

(g)

to represent the Government on cybersecurity issues internationally;

(h)

to cooperate with computer emergency response teams (CERTs) of other countries or territories on cybersecurity incidents;

(i)

to develop and promote the cybersecurity services industry in Singapore;

(j)

to license and establish standards in relation to cybersecurity service providers;

(k)

to establish standards within Singapore in relation to cybersecurity products or services, and the recommended level of cybersecurity of computer hardware or software, including certification or accreditation schemes or international certification schemes;[Act 19 of 2024 wef 31/10/2025]

(l)

to promote, develop, maintain and improve competencies and professional standards of persons working in the field of cybersecurity;

(m)

to support the advancement of technology, and research and development relating to cybersecurity;

(n)

to promote awareness of the need for and the importance of cybersecurity in Singapore;

(o)

to perform such other functions and discharge such other duties as may be conferred on the Commissioner under any other written law.[Act 19 of 2024 wef 31/10/2025]

(2) The office of the Commissioner is to be known as the Cyber Security Agency of Singapore.[Act 19 of 2024 wef 31/10/2025]

—(1) The Commissioner has the following duties and functions:(a)

to oversee and promote the cybersecurity of computers and computer systems in Singapore;

(b)

to advise the Government or any other public authority on national needs and policies in respect of cybersecurity matters generally;

(c)

to monitor cybersecurity threats, whether such cybersecurity threats occur in or outside Singapore;

(d)

to respond to cybersecurity incidents that threaten the national security, defence, economy, foreign relations, public health, public order or public safety, or any essential services, of Singapore, whether such cybersecurity incidents occur in or outside Singapore;

(e)

to identify and designate provider‑owned critical information infrastructure or systems of temporary cybersecurity concern, and to regulate owners of provider‑owned critical information infrastructure or systems of temporary cybersecurity concern with regard to the cybersecurity of the provider‑owned critical information infrastructure or systems of temporary cybersecurity concern;[Act 19 of 2024 wef 31/10/2025]

(ea)

to identify and designate designated providers responsible for third‑party‑owned critical information infrastructure, entities of special cybersecurity interest or major foundational digital infrastructure service providers, and to regulate those providers or entities with regard to the cybersecurity of the third‑party‑owned critical information infrastructure, system of special cybersecurity interest or major foundational digital infrastructure;[Act 19 of 2024 wef 31/10/2025]

(f)

to establish cybersecurity codes of practice and standards of performance for implementation by owners of provider‑owned critical information infrastructure or systems of temporary cybersecurity concern, or by designated providers responsible for third‑party‑owned critical information infrastructure, entities of special cybersecurity interest or major foundational digital infrastructure service providers;[Act 19 of 2024 wef 31/10/2025]

(g)

to represent the Government on cybersecurity issues internationally;

(h)

to cooperate with computer emergency response teams (CERTs) of other countries or territories on cybersecurity incidents;

(i)

to develop and promote the cybersecurity services industry in Singapore;

(j)

to license and establish standards in relation to cybersecurity service providers;

(k)

to establish standards within Singapore in relation to cybersecurity products or services, and the recommended level of cybersecurity of computer hardware or software, including certification or accreditation schemes or international certification schemes;[Act 19 of 2024 wef 31/10/2025]

(l)

to promote, develop, maintain and improve competencies and professional standards of persons working in the field of cybersecurity;

(m)

to support the advancement of technology, and research and development relating to cybersecurity;

(n)

to promote awareness of the need for and the importance of cybersecurity in Singapore;

(o)

to perform such other functions and discharge such other duties as may be conferred on the Commissioner under any other written law.[Act 19 of 2024 wef 31/10/2025]

(2) The office of the Commissioner is to be known as the Cyber Security Agency of Singapore.[Act 19 of 2024 wef 31/10/2025]