The Government of Singapore has reportedly announced a new licensing framework for enterprises and individuals that provide cybersecurity service on Monday, effectively giving current vendors approximately six months to file for a license or stop offering these services.
The licensing structure intends to provide consumers with a greater guarantee of safety and security, according to a statement released by Singapore's Cybersecurity Agency (CSA) on Monday.
It also intends to raise the bar for cybersecurity companies as well as resolve the information imbalance that exists between customers and providers.
For starters, the CSA will provide licenses to two kinds of cybersecurity service providers: those who conduct penetration testing as well as the ones who provide fully managed security operations center surveillance services.
According to the CSA, the two mentioned kinds were selected as vendors providing them have extensive access to their customers' confidential information and computer systems. if the access is misused, it could lead to the client's business being interrupted indefinitely.
These services have been widely adopted and available in the market since a long time, and thus have the ability and the potential to disrupt the overall cybersecurity landscape significantly.
However, the vendors have been permitted to offer their services to customers even if they have only submitted their application with the decision regarding their license still pending, according to the CSA.
Anyone convicted of supplying any sort of licensable cybersecurity services to others without a license faces a maximum sentence of two years in prison, a penalty of S$50,000, or even both.
Each license costs around S$500 for an individual and S$1,000 for an enterprise, and has a two-year validity. For any applications submitted before April 11, 2023, a 50% exemption of the license fees will be given one time.
The license system was unveiled following a four-week consultation period that was completed in October of last year. The proposed license conditions and draught subsidiary legislation were subjected to industry feedback.
In total, 29 replies were obtained from both domestic and international industry actors, as well as trade organizations and the general public members.
A Cybersecurity Services Regulation Office (CSRO) has also been established by the agency to oversee the licensing framework and enable liaisons with the sector and the public on all licensing-related concerns.
The CSRO will administer the licensing framework and provide a response to licensee and business inquiries and feedback.