CNP Update On Licensable Cybersecurity Services ("LCS")

CL
CNPLaw LLP

Contributor

CNPLaw LLP  logo
Established in 1988, CNPLaw LLP (CNP) is a full -service law firm with a talent for cross-border business. With about 100 staff, including close to 40 lawyers, and a strong network of international contacts, the firm has the capability to deliver legal solutions in Singapore and beyond.
On 11 April 2022, The Cyber Security Agency of Singapore announced the launch of a licensing framework for providers of the following cybersecurity services ("LCS")...
Singapore Technology
To print this article, all you need is to be registered or login on Mondaq.com.

On 11 April 2022, The Cyber Security Agency of Singapore announced the launch of a licensing framework for providers of the following cybersecurity services (“LCS”):

  1. managed security operations centre monitoring service; and
  2. penetration testing service.

Under the new framework, cybersecurity service providers (“CSPs”) who are already engaged in the business of providing either or both of the LCSs are given until 11 October 2022 to apply for a licence with the Cybersecurity Services Regulation Office (“CSRO”) to continue providing LCS after 11 October 2022. Pursuant to the new framework, Part 5 and the Second Schedule to the Cybersecurity Act of 2018 will both come into effect.

CSPs providing LCS to another person1 without a licence after 11 October 2022 shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 2 years or both. An extension of time would be given to CSPs who have applied for the LCS licence by 11 October 2022 and are awaiting a decision on their LCS licence application.

Requirements

Applications can be made on the CSRO webpage. The fees for each licence are $1,000 for business entities and $500 for individuals, and the licence is valid for up to 2 years from the date of its issuance. A 50% fee waiver will be granted for all applications lodged by 11 April 2023.

Due to the sensitive nature of the LCS, Applicants are required to be ‘fit and proper persons' in order to be eligible for the licence. Applicants are required to submit a declaration in relation to the matters listed in section 26(8) of the Cybersecurity Act, identification documents, as well as their curriculum vitae. With respect to business entities, every officer2 of the business entity would also have to complete and submit a separate personal declaration. Overseas applicants are required to submit a Certificate of Clearance (or its equivalent in the applicant's home country) to show that the relevant officer does not have any record of criminal conviction in his or her home country.

Where there are any changes or inaccuracies in the information and particulars previously given to the CSRO in relation to the application, CSPs are required to notify the CSRO within 14 calendar days of such change or upon knowledge of such inaccuracy. This includes changes to the appointment of any officers of the business entities.

Renewal

CSPs should renew their licence at least 2 months prior to the expiry of their licence. Failure to do so would result in the CSP having to apply for a new licence and the CSP will be required to suspend its operation, i.e. refrain from providing LCS until a new licence is granted.

Complaints

The CSRO also responds to queries and feedback from businesses and members of the public, allowing complaints to be made against unethical and incompetent CSPs. According to section 26(9), the licensing officer “may take into account any matter that the licensing officer considers relevant” when considering whether an applicant/officer is a “fit and proper person”, as this is an essential criterion for the application and renewal of the LCS.

Footnotes

1. with the exception of companies providing LCS solely to their related companies or in-house consumers of LCS.

2. refers to:

  • any director, partner, or individuals listed in the business profile, with the exception of shareholders and company secretary; and
  • any other person who is responsible for the management of the business entity.

Originally published 5 May, 2022

This update is provided to you for general information and should not be relied upon as legal advice.

CNP Update On Licensable Cybersecurity Services ("LCS")

Singapore Technology

Contributor

CNPLaw LLP  logo
Established in 1988, CNPLaw LLP (CNP) is a full -service law firm with a talent for cross-border business. With about 100 staff, including close to 40 lawyers, and a strong network of international contacts, the firm has the capability to deliver legal solutions in Singapore and beyond.
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More