Contact Us

Singapore: Elevates Cybersecurity Requirements for Routers

Home / Country Update / Singapore: Elevates Cybersecurity Requirements for Routers
The Cyber Security Agency of Singapore (CSA), in collaboration with the Infocomm Media Development Authority (IMDA), has announced a significant update to the mandatory cybersecurity requirements for residential routers.
 
By the end of 2027, the baseline security standard for these devices will be elevated from the Cybersecurity Labelling Scheme (CLS) Level 1 to Level 2. This proactive measure addresses the growing vulnerability of residential routers, which are increasingly targeted by malicious cyber actors to exploit home networks or integrate devices into global botnets for Distributed Denial of Service (DDoS) attacks.
Singapore on map device regulatory update

Transition to CLS Level 2 Standards

Currently, all residential routers sold in Singapore are required to meet CLS Level 1 standards, which provide basic protections such as unique default passwords and regular software updates. However, as cyber threats become more sophisticated, these foundational measures are no longer sufficient against attacks targeting data encryption and authentication weaknesses.

The transition to CLS Level 2 mandates that manufacturers incorporate more robust security features. These enhancements include secure communications protocols, the secure storage of sensitive data, and advanced authentication mechanisms designed to better protect user privacy and reduce the risk of compromise.

Implementation and Industry Impact

The CLS, introduced in 2020, rates the cybersecurity levels of Internet-of-Things (IoT) devices to help consumers make informed purchasing decisions. With the upcoming regulatory shift, manufacturers and distributors of residential routers must prepare to meet these heightened security benchmarks to maintain market access in Singapore. The CSA and IMDA are actively working to finalize the updated requirements, ensuring the industry has a clear framework to achieve compliance before the end-of-2027 deadline.

For this article’s source information and any product certification guidance, please contact Global Validity. 

Quick Country Facts

Singapore

Certification Body: Infocomm Media Development Authority (IMDA)

Certification Type: Mandatory

License Validity: 60 Months

Application Language: English

Legal License Holder: Local Representative

In-Country Testing Requirement: Testing Not Required

The regulatory information above is based on radio type approval certification. Access additional certification requirements in over 200 countries and territories with Global Validity’s free proprietary product certification management software, Access Manager. Learn more about the platform here or fill our quick contact form! 

Global Validity is your partner for global certification success

Want to learn more about regulatory compliance and how we can help? Simply fill out the form below and we’ll be in touch!