AI laws and regulation in Singapore

Medium.

There is currently no dedicated AI law in force in Singapore.

Singapore does not yet have a standalone, comprehensive AI statute. However, there are relevant laws that may govern AI-related activities:

• Personal Data Protection Act 2012 (PDPA): establishes obligations for collecting, using, disclosing or processing personal data, including broadly for AI use cases.
• Computer Misuse Act 1993: contains provisions addressing unauthorised access and computer misuse, including provisions to address unauthorised use of national identity credentials to combat scams (including AI scams) targeting such credentials.
• Copyright Act 2021: In the context of using copyright works to train AI models, a relevant exception / defence to copyright infringement in Singapore is, among other things, the computational data analysis exception which includes the use of images to train a computer program to recognize images.  
• Online Criminal Harms Act 2023: This Act, which aims to counter online criminal activity and protect against online harms, allows the Government to issue directions to online platforms to prevent potential scams to reach Singapore-based individuals, including scams facilitated by deepfakes.
• Health Products Act 2007: Medical devices that incorporate AI technology may be deemed as a ‘Software as a Medical Device’ or SaMD. Such software must be registered before being used.

Oversight of AI is shared across several bodies and is sector-specific. Some notable bodies include:

• The Infocomm Media Development Authority (IMDA) which drives AI governance strategy and frameworks across various sectors.
• The Personal Data Protection Commission (PDPC) which issues decisions relating to non-compliance the PDPA, including AI use cases.
• The Monetary Authority of Singapore (MAS) which regulates the use of AI in the financial sector.
• The Cyber Security Agency of Singapore (CSA) which provides cybersecurity guidance relating to AI.
• The Ministry of Health (MOH) and Health Sciences Authority (HSA) which monitor the use of AI-related applications in healthcare.
• The Tripartite Alliance for Fair and Progressive Employment Practices (TAFEP) which monitors the use of AI in workplace settings.

Yes.

• AI Verify, which is an open-source assessment framework that helps organisations test and evaluate AI systems against widely accepted principles of responsible AI.
• The Model AI Governance Framework and Model AI Governance Framework for Generative AI, both of which set out principles and recommended practices aimed at promoting the responsible, transparent, fair, and secure development and use of AI systems and/or generative AI.
• The National AI Strategy 2.0 (NAIS) which outlines Singapore’s national approach to investing in AI capabilities to maximise its benefits and mitigate concerns about potential misuse.
• The Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision systems provides non-binding legal guidance and recommendations on how organisations can use personal data to develop and deploy systems that embed machine learning models. While these Guidelines are not legally binding, pursuant to section 49 of the PDPA, they indicate the manner in which the Personal Data Protection Commission (PDPC) will interpret and apply the PDPA provisions.
• The Principles to Promote Fairness, Ethics, Accountability and Transparency in the Use of Artificial Intelligence and Data Analytics in Singapore’s Financial Sector (FEAT Principles) set out principles and recommended practices aimed at promoting the responsible, transparent, fair, and secure development and use of AI systems and/or generative AI. 
• The National AI Strategy 2.0 (NAIS) which outlines Singapore’s national approach to investing in AI capabilities to maximise its benefits and mitigate concerns about potential misuse.
• The Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision systems provides non-binding legal guidance and recommendations on how organisations can use personal data to develop and deploy systems that embed machine learning models. While these Guidelines are not legally binding, pursuant to section 49 of the PDPA, they indicate the manner in which the Personal Data Protection Commission (PDPC) will interpret and apply the PDPA provisions.
• The Principles to Promote Fairness, Ethics, Accountability and Transparency in the Use of Artificial Intelligence and Data Analytics in Singapore’s Financial Sector (FEAT Principles) set out principles on the responsible use of AI and data analytics.
• The Artificial Intelligence in Healthcare Guidelines which provide guidance for developing and implementation of AI in healthcare.
• The Guidelines on Securing AI Systems and Companion Guide on Securing AI Systems which assist organisation in managing cybersecurity risks when developing, deploying and operating AI systems.

Yes. Singapore’s AI legal and policy framework is strongly aligned with international standards and guidelines. For instance, IMDA explicitly states that AI Verify aligns with international AI standards from the EU, US and OECD. 

No formal AI-specific legislation launched to date.

• CMS Artificial Intelligence - https://cms.law/en/int/insight/artificial-intelligence[CMSHA1] 
• CMS Law Now - Demystifying Vietnam’s New Laws Regulating Data and Navigating Key Compliance for Businesses
• CMS Law Now - Singapore’s Cyber Security Agency issues security guidelines for AI systems 
• CMS Law Now - Top developments and predictions in the Technology, Media and Communications sector in Asia-Pacific