Singapore proposes Digital Infrastructure Bill to strengthen cloud security
The new legislation supports Singapore’s digital economy by strengthening critical infrastructure security and sustainability.
Singapore has launched a public consultation on a proposed Digital Infrastructure Bill that would establish a comprehensive regulatory framework for major cloud computing services and data centres.
Published jointly by the Ministry of Digital Development and Information and the Infocomm Media Development Authority (IMDA), the draft legislation aims to strengthen the resilience and security of critical digital infrastructure while introducing mandatory environmental sustainability standards for data centre operations.
The Bill recognises digital infrastructure as a foundation of Singapore’s digital economy, supporting services ranging from digital banking and e-commerce to cloud platforms and public administration. Unlike earlier amendments to the Cybersecurity Act, which focused primarily on cyber risks, the proposal extends regulatory oversight to operational resilience, business continuity, disaster recovery and environmental sustainability.
A central feature is a new licensing regime for major foundational digital infrastructure (FDI) providers. Cloud providers generating at least S$100 million annually from Singapore-based customers through Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) offerings would require a major FDI licence.
Cloud and colocation data centres with a critical IT load of at least 10 megawatts serving third parties would also fall within the regime. Licensed providers will be required to implement robust physical security and cybersecurity measures, maintain business continuity and disaster recovery plans, and report cybersecurity incidents and service disruptions to IMDA.
The Bill also establishes a separate licensing regime for data centres with a critical IT load of at least 3 megawatts. In addition to operational capability, applicants would be assessed against energy efficiency, water efficiency and broader sustainability criteria.
Beyond operational capability, applicants will be assessed on energy efficiency, water efficiency and broader sustainability considerations. Licensed operators will initially need to comply with facility-level Power Usage Effectiveness (PUE) requirements, while the legislation enables future regulations covering IT equipment efficiency and water consumption.
Singapore’s Green Data Centre Roadmap and previous voluntary industry standards will therefore evolve into legally enforceable baseline requirements across the sector.
IMDA would receive broad enforcement powers, including the authority to grant, suspend and revoke licences, issue binding codes of practice, conduct investigations and impose financial penalties. The Bill also proposes amendments to Singapore’s Cybersecurity Act to ensure consistency across the country’s digital infrastructure framework. Public consultation remains open until 22 July 2026.
Why does it matter?
The proposed legislation reflects a growing shift in how governments view digital infrastructure. As cloud computing and data centres become increasingly critical to AI, financial services and public administration, policymakers are expanding regulation beyond cybersecurity to include operational resilience, business continuity and environmental sustainability.
Singapore’s approach could also serve as a model for other digital hubs. By combining resilience requirements, licensing, cyber oversight and sustainability obligations within a single regulatory framework, the Bill illustrates how governments are adapting infrastructure governance to support the rapid growth of cloud services and AI-driven computing.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
