How Singapore’s Cybersecurity Act and CSA guidance shape AI use for critical-infrastructure operators and the security controls every business should consider.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
Singapore’s Cybersecurity Act mainly governs critical-infrastructure operators, but its requirements — and CSA’s guidance — shape how any business should secure AI. Here is what applies.
| Item | Detail |
|---|---|
| Law | Cybersecurity Act 2018 (CSA) |
| Covers | Critical Information Infrastructure (CII) in vital sectors |
| 2024 amendments | Key parts in force 31 October 2025 |
| For others | CSA AI-security guidance is advisory |
What the Cybersecurity Act covers
The Cybersecurity Act 2018, administered by the Cyber Security Agency of Singapore (CSA), regulates Critical Information Infrastructure (CII) in vital sectors such as energy, healthcare and transport. The Cybersecurity (Amendment) Act 2024 brought key provisions into force on 31 October 2025 (updated CII rules and new Systems of Temporary Cybersecurity Concern); some parts remain pending.
What it means for AI
If you operate CII, AI systems touching it fall within your cybersecurity obligations. For everyone else, CSA also issues advisory AI-security guidance (for example on securing AI systems) — not binding, but a sensible baseline given that AI pipelines are an attack surface.
Securing AI in practice
Apply strong access controls, secure prompt logs and vector stores, monitor for misuse, and prefer auditable, self-hostable architectures for sensitive workloads. osFoundry’s managed cloud pins data to the US, EU or Japan — it does not currently offer a Singapore managed region (its nearest managed region is Japan). For data that must stay in Singapore, the honest path is self-hosting osFoundry (BYO Cloud) inside a Singapore cloud region such as AWS Asia Pacific (Singapore) ap-southeast-1, Microsoft Azure Southeast Asia (Singapore) or Google Cloud asia-southeast1 (Singapore), or running models locally on-device.
Where dgm fits
dgm is an independent integration partner that helps Singapore businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.