On 5 July 2023, the Singapore Parliament passed the Online Criminal Harms Act 2023 (“OCHA”), which is intended to enable the authorities to better tackle online criminal activities and harm, and proactively prevent scams and malicious cyber activities.
The OCHA will come into effect on a date to be notified subsequently.
The OCHA allows a competent authority to issue the following directions in cases involving specified offences, scams or malicious cyber activities:
A competent authority can issue a direction where the following thresholds are met: (a) in respect of online activity where a specified offence has been committed, or (b) where it suspects that online activity is preparatory to or in furtherance of the commission of a scam or malicious cyber activity. The lower threshold for scams and malicious cyber activities compared to specified offences is intended to reflect the greater harm that can be propagated to many people in a short time.
A failure to comply with a direction is an offence under the OCHA, and can attract a maximum fine of SGD 500,000 (approximately USD 375,000 or EUR 350,000) or SGD 1 million (approximately USD 750,000 or EUR 700,000), depending on the type of direction not complied with.
The OCHA also empowers a competent authority to require designated online service providers to comply with codes of practice that set out detailed requirements for putting in place systems, processes and measures to counter scams and malicious cyber activities. A code of practice may contain requirements for the following purposes:
Online service providers, including app stores, Internet access service providers and operators of other online platforms, can potentially be issued directions by the authorities when the OCHA comes into effect. These directions may require online service providers to block online material, restrict accounts and remove apps from app stores, amongst others.
Designated online service providers may also be required to comply with detailed requirements under a code of practice to implement systems, processes and measures to counter scams and malicious cyber activities.
As the OCHA has yet to take effect, it remains to be seen in what circumstances the authorities will exercise the new powers under the OCHA, and which online service providers the authorities will decide to designate for compliance with a code of practice. There will likely be more clarity on the regulatory approach after the authorities start to implement the new law. Online service providers should continue to monitor this space for further developments.
*Information is accurate up to 27 November 2023