Data centers could be classed as critical infrastructure under new legislation in Singapore

A long exposure photo of the Singapore skyline at night with people walking on a bridge in the foreground
(Image credit: Getty Images)

Data centers could be classed as critical infrastructure according to a recently published consultation paper in which the Cyber Security Agency of Singapore (CSA) proposed amendments to Singapore’s 2018 cyber security act.

The original act defined critical infrastructure as computer systems necessary for the “continuous delivery of an essential service”, citing examples such as energy, water, healthcare, and transport. 

In the proposed amendments, foundational digital infrastructure, including data center facilities located within Singapore, could be added to the list. This would have the potential to impact big name cloud companies like Google and AWS

The changes would also see the CSA commissioner take on a bigger role, giving them the final say on which computer systems are designated as critical infrastructure. Data centers would also be required to comply with the CSA commissioners requests. 

A global push toward data regulation 

Singapore isn’t the only country moving towards a new classification of data as critical infrastructure. 

The UK recently announced its own proposal to class data centers as critical infrastructure, with the Department for Science, Innovation, and Technology (DSIT) arguing that existing data regulations don't go far enough.


Safeguarding your data in a work-from-anywhere world whitepaper

(Image credit: Zscaler)

Securely enable cloud applications


Australia also expanded its definition of critical infrastructure in 2022, while Germany has been regulating data centers since 2016. 

“Since the Act was enacted, the cyber threat landscape and business environment have been continually changing” said the CSA.

“Singapore is now amongst one (sic) of the most digitally connected countries in the world,” it added.  “These developments have accelerated our connectivity, computing and data storage needs.  These bring about new considerations for cybersecurity.”

Stakeholders and members of the public can share their views on the proposed changes here, before the end of the consultation period on 15 January 2024. 

George Fitzmaurice
Staff Writer

George Fitzmaurice is a staff writer at ITPro, ChannelPro, and CloudPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.