On 9 May 2023, the Singapore Parliament passed the Computer Misuse (Amendment) Act 2023, which is intended to prevent abuse of the Singpass national digital identity by establishing new offences relating to Singpass credentials.
The new law will take effect on a date to be notified subsequently.
Singpass is the national digital identity service operated by the Singapore government, and used by Singapore residents to access and transact with all government services online.
Businesses can also integrate their online services with Singpass through the use of APIs, to improve their customers’ user experience and offer greater functionalities. For example, businesses can enable their customers to use Singpass as a means of logging in, verifying their details, signing documents and filling in forms automatically by pulling relevant data from government databases, which can streamline and speed up customer onboarding and KYC processes.
The new law is intended to address the concerns about the abuse of Singpass credentials, particularly against the backdrop of an emerging trend where Singpass users give away their Singpass credentials (usually for money), which are then used by criminals to perform online transactions such as registering companies, opening bank accounts and signing up for new phones lines to perpetrate unlawful activities such as scams.
It amends the Computer Misuse Act 1993 to establish two new offences:
Notwithstanding the new law which is intended to prevent the abuse of Singpass accounts, businesses whose online services are integrated with Singpass may wish to consider taking steps to protect their services from misuse.
The amendments to the Computer Misuse Act 1993 have yet to come into effect at this time, and are expected to be brought into force in due course.
*Information is accurate up to 27 November 2023