In the first half of 2025, Singapore’s digital rulebook shifted from designing principles to proving they work. Measures moved from paper to practice: store‑wide age assurance and system‑level safety controls at the app‑store layer; public benchmarking of designated social media services; an enforceable perimeter for digital‑token services (license or cease); and audit‑ready guidance for keeping cloud services and data centres resilient.

Together, they make safety and reliability things that can be tested, audited and improved, not merely stated. As a small, trade‑reliant state, Singapore invests in shaping interoperable digital norms, so openness endures and autonomy is preserved. Hence, assurance artefacts of the first half of 2025 (which includes codes, tests, benchmarks, and enforcement) are designed to travel across jurisdictions, not just comply at home.

This update uses a simple idea to frame the year: “sovereignty‑by‑assurance.” Instead of relying on data localisation or isolation, Singapore aims to keep control, choice, and continuity in a connected world. The policies in the first six months of 2025 are best read as tools that make those three properties visible and verifiable.

Internationally, Singapore deepened trusted connectivity. With Europe, it signed a Digital Trade Agreement to provide more legal certainty for cross‑border data and digital services. Regionally, the Association for Southeast Asian Nations (ASEAN) released practical guides on anonymisation, contract clauses for data transfers, and governance for generative AI. In energy, which is now central to digital reliability, Singapore advanced new cross‑border electricity arrangements with Vietnam and Indonesia, and signed a civil‑nuclear cooperation memorandum with the United States to build long‑term capability. These moves support openness without losing control, by anchoring shared rules and diversified supply.

Singapore also strengthened the foundations of public law and service delivery. The Electronic Gazette and Legislation Act made the e‑Gazette authoritative from 9 March, improving legal certainty about what is in force and when. Consumer protection functions for product safety and trade measurement were consolidated in the Competition and Consumer Commission of Singapore (CCCS), and a new SME Pro‑Enterprise Office began operations to help smaller firms navigate cross‑cutting rules.

These updates showcase the governance and policy trends in Singapore in the first half of 2025.

Key Governance Trends

Sovereignty‑by‑assurance

• Singapore is pairing openness with practical safeguards that work under stress. The Code of Practice for Online Safety-App Distribution Services took effect on 31 March, pushing child‑safety and harmful‑content controls up to the app‑store layer (Apple, Google, Huawei, Microsoft, Samsung). The Online Safety Assessment Report (OSAR) published the first benchmark of how designated social‑media services protect users, focusing on measures and effectiveness rather than policy statements. In parallel, Part 9 of the Financial Services and Markets Act commenced on 30 June for digital‑token service providers, making clear that those serving overseas clients from Singapore must license or cease, with no transitional period. On infrastructure, Infocomm Media Development Authority (IMDA)’s Advisory Guidelines for Cloud Services and Data Centres set out practical steps for risk assessment, business continuity and physical‑hazard control. These are voluntary but signal what “good” looks like and what may later become mandatory. In this sense, resilience, which is the ability to withstand and recover, is not a side theme here but instead is an integral part of assurance.

Digital safety with faster remedies

• The Protection from Scams Act was passed in January and comes into force on 1 July (2nd half of 2025), enabling Restriction Orders to freeze banking facilities in real time when there is a reasonable belief of an ongoing scam. This complements the earlier Shared Responsibility measures and shifts the system from relying on user vigilance to time‑bound controls and fair redress.

Trusted innovation and interoperable rules

• AI governance moved from principles to testable practice. The Global AI Assurance Pilot (launched in February) focused on real‑world applications, and IMDA released a Starter Kit for safety testing of LLM‑based applications for public consultation in late May. Across borders, the EU-Singapore Digital Trade Agreement and new ASEAN guides point to a world where companies can carry one set of proof (e.g. privacy certifications, AI test results) across multiple markets with less duplication.

Key Policy Trends

Infrastructure, cloud and data centres: Resilience-by-design

• IMDA’s Cloud Services and Data Centres Advisory Guidelines translate hard‑won lessons into plain guidance: do thorough risk assessments, plan for business continuity, and prepare for physical hazards like fires, leaks and cooling failures. This expands the coverage to overall resilience and reliability, not just cyber issues. They are voluntary today, but they encourage operators to keep audit‑ready evidence of controls and drills. At the same time, the Cyber Security Agency expanded its Cyber Essentials and Cyber Trust marks to cover cloud, AI and operational technology, lifting the baseline for organisations that handle sensitive systems. This is sovereignty in practice: control through clear expectations, choice through avoiding single‑provider lock‑in, and continuity by testing failovers and recovery not by walling systems off.

Digital safety and consumer trust

• Two levers mattered most. First, the app‑store code took effect on 31 March, requiring system‑level age assurance and other safety tools to reduce children’s exposure to harmful content-safety enforced at the gateway where people download apps. Second, the OSAR published in February gave the public a view of how six major social‑media services are doing and where they must improve. On financial harm, the start of Part 9 FSMA on 30 June made the digital‑token perimeter real, while the Protection from Scams Act (from 1 July) adds the power to freeze fast and fix fairly.

Innovation with guardrails (AI, healthtech, IP)

• Singapore encouraged innovation while tightening safeguards. In AI, the Global AI Assurance Pilot and the LLM Safety Testing Starter Kit offer practical tests for risks like hallucinations, prompt‑injection and data leakage—tools teams can add to their software‑development lifecycles. In healthtech, the Health Sciences Authority consulted on a sandbox‑style exemption to let public healthcare deploy AI software as a medical device under strict conditions, and Synapxe launched HealthX Sandbox 2.0 to give start‑ups better access to data and multi‑cloud infrastructure for safe experimentation. In intellectual property, Intellectual Property Office of Singapore (IPOS) launched SG Patents Fast and SG Trade Marks Fast and started a Patent Prosecution Highway pilot with Malaysia, speeding up filings by re‑using examination results across offices. These are good indicators for projects that depend on speed to market and regional growth.

Looking Ahead: on the Direction of Evolution

The 2nd half of 2025 is where sovereignty-by-assurance becomes easier to see and will be felt in action. The Protection from Scams Act starts on 1 July The test will be whether Restriction Orders stop losses quickly and handle appeals fairly. From 7 July, the Data Protection Trustmark becomes Singapore Standard 714:2025, with an accreditation programme for certification bodies—a sign that privacy assurance is maturing into a nationally recognised standard. Negotiations on a Digital Economy Agreement with EFTA concluded on 10 July, and implementation of the EU-Singapore Digital Trade Agreement moves ahead—both are opportunities to make one set of proofs travel across markets.

For infrastructure, a new data‑centre IT‑energy efficiency standard (SS 715:2025) launched in August sets practical guidance to cut IT energy use by about 30% and to run safely at higher temperatures—important for AI‑era power demands and overall resilience. On cyber defence, the Government has signalled that Critical Information Infrastructure owners will soon be required to report suspected Advanced Persistent Threat (APT) attacks, and is consulting on amendments to the Public Sector (Governance) Act to allow carefully governed data‑sharing with trusted external partners. Both measures aim to strengthen control and continuity without closing doors.

Conclusion

The first half of 2025 shows a steady turn from principles to proof. Singapore’s bet is that assurance—backed by resilience—is the practical path to sovereignty in a connected world. The measures this half‑year make that real: safety at the stores where apps are found, public score‑cards for platforms, clear perimeters for digital‑token services, hands‑on guidance for cloud and data‑centre reliability, and cross‑border agreements that let trust travel.

About the writer

Lim How Khang is an Assistant Professor of Law and Computer Science (Practice) at Singapore Management University (SMU), holding a joint appointment at the Yong Pung How School of Law and the School of Computing and Information Systems. He is the Programme Director for the university’s interdisciplinary Bachelor of Science in Computing and Law. Before joining academia, he was the Deputy Director of the Legal Technology and Innovation Office and a Deputy Public Prosecutor at the Singapore Attorney-General’s Chambers.