Singapore's Digital Infrastructure Bill Signals a New Era of Regulation for Data Centres and Cloud
Source: ASEAN Tech & Security
Singapore's MDDI and IMDA have opened public consultation on a Digital Infrastructure Bill that introduces licensing regimes for major data centre and cloud services, covering security, resilience, and environmental sustainability across the sector. The consultation closes July 22.

Singapore has spent years positioning itself as Southeast Asia's data centre capital, but with that ambition comes a growing recognition that the infrastructure powering the digital economy can't run on goodwill alone. The Ministry of Digital Development and Information and IMDA just opened public consultation on a draft Digital Infrastructure Bill that would create the country's first licensing regime for major data centre and cloud services, and it signals a significant shift in how the government thinks about resilience, security, and sustainability in the sector.
The Bill, which closes for feedback on July 22, introduces two new licensing tracks. The first — a Major Foundational Digital Infrastructure licence — applies to data centre facility services operating at 10 megawatts of critical IT load or above, and cloud computing services (IaaS and PaaS, not SaaS) earning at least S00 million annually from Singapore users over three years. Licensees will need to implement security measures, maintain business continuity and disaster recovery plans, and notify IMDA of cybersecurity incidents or service disruptions. The second track is a DC licence aimed at operators running facilities of 3MW or more, focused squarely on environmental sustainability — think power usage effectiveness requirements and eventually water efficiency standards, with IMDA holding the authority to impose financial penalties for non-compliance.
This Bill doesn't exist in a vacuum. It builds on the 2024 amendments to the Cybersecurity Act, which introduced cybersecurity requirements for major foundational digital infrastructure services but stopped short of addressing broader operational resilience. The new framework fills that gap by creating a statutory layer that covers everything from physical security to outage response. Industry observers have already noted that Singapore's move could ripple across the region — Keeper Security's APAC senior vice president told media the Bill could introduce fines of up to S million and is being watched as a potential bellwether for how other Asia-Pacific markets might approach digital infrastructure regulation.
What's interesting here is the dual focus. The Bill doesn't just secure infrastructure — it also mandates sustainability baselines across the entire DC sector, which is notable given that data centres already consume around 7% of Singapore's electricity and that figure is climbing fast. The government is essentially saying that if you want to operate a data centre in Singapore, you need to be both secure and efficient, and there's now a regulatory framework to enforce both. That's a meaningful departure from the voluntary approaches that have characterised the sector so far.
Why it matters for Singapore: Data centres and cloud services underpin virtually every digital service Singaporeans use — from banking to e-commerce to government platforms. This Bill gives IMDA the tools it needs to ensure those services stay online when things go wrong, while also pushing operators toward better environmental performance. The consultation is open until July 22, and the feedback period is relatively short at three weeks, suggesting the government intends to move quickly. For businesses operating in this space — whether hyperscalers like AWS and Azure, colocation providers, or the cloud startups building on top of them — the message is clear: the era of light-touch oversight is winding down.


