AI Compliance: Singapore 2026

Sawai Gyoseishoshi Office • 2026
FREE CHAPTER

Chapter 1: Regulatory Overview

1.1 The Singapore Approach to AI Regulation

Singapore does not have a comprehensive AI-specific statute. As of June 2026, the city-state governs artificial intelligence through a deliberate combination of voluntary governance frameworks, an established personal data protection law (the Personal Data Protection Act 2012), sector-specific regulatory guidance, and open-source testing toolkits. This is not a regulatory gap. It is a policy choice. Singapore has explicitly positioned itself as an AI governance innovation hub that attracts investment and talent by offering structured, business-friendly guidance rather than prescriptive legislation.

The approach is sometimes described as "governance-by-design" — embedding responsible AI principles into development and deployment workflows through detailed frameworks and practical tools, rather than imposing top-down statutory obligations with penal consequences. The result is a regulatory environment that demands compliance with personal data protection law while offering voluntary but highly influential governance frameworks that most serious market participants adopt as a matter of commercial necessity and reputational prudence.

1.2 Key Regulatory Bodies

Infocomm Media Development Authority (IMDA): The primary government agency responsible for AI governance policy in Singapore. IMDA developed the Model AI Governance Framework (versions 1 and 2) and co-led the development of the Model AI Governance Framework for Generative AI (2024) and the Agentic AI Governance Framework (January 2026). IMDA also oversees the AI Verify Foundation and the broader National AI Strategy.

Personal Data Protection Commission (PDPC): Established under the Personal Data Protection Act 2012 and operating as part of IMDA. The PDPC enforces Singapore's data protection law, issues enforcement decisions, publishes advisory guidelines on data-related AI use, and imposes financial penalties for data protection violations. The PDPC published the Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision Systems in 2024.

AI Verify Foundation: Launched in June 2023, the AI Verify Foundation is an industry-led initiative supported by IMDA. It manages AI Verify, Singapore's open-source AI governance testing framework and software toolkit. The Foundation brings together over 70 member organisations globally to develop testing standards for AI systems. AI Verify enables organisations to conduct technical testing against internationally recognised AI governance principles.

Smart Nation Group (SNG): Formerly the Smart Nation and Digital Government Office (SNDGO). Oversees Singapore's national digitalisation strategy, including AI deployment across government. The National AI Strategy 2.0 (December 2023) falls under SNG's coordination.

Government Technology Agency (GovTech): The technology arm of the Singapore government. Develops and deploys AI systems for public services. GovTech operates under internal AI governance standards and publishes guidance on responsible AI use in government.

Monetary Authority of Singapore (MAS): The central bank and financial regulator. MAS issued the Fairness, Ethics, Accountability, and Transparency (FEAT) Principles for AI in financial services (2018, updated 2022) and leads the Veritas initiative, a collaborative framework for validating AI and data analytics solutions in the financial sector.

Ministry of Health (MOH) and Health Sciences Authority (HSA): MOH provides policy guidance on AI in healthcare. HSA regulates AI-based medical devices as Software as a Medical Device (SaMD) under the Health Products Act.

Competition and Consumer Commission of Singapore (CCCS): Enforces the Consumer Protection (Fair Trading) Act and the Competition Act 2004, both of which may apply to AI-related commercial conduct.

1.3 Timeline of Key Developments

Date Development
2012 Personal Data Protection Act enacted (No. 26 of 2012)
January 2, 2013 PDPA data protection provisions take effect
November 2018 MAS FEAT Principles published (AI in finance)
January 2019 Model AI Governance Framework v1 published (IMDA)
January 2020 Model AI Governance Framework v2 published (IMDA)
December 2020 PDPA amendments enacted (consent framework reform, mandatory breach notification, financial penalties increase)
February 1, 2021 PDPA amendments take effect (enhanced enforcement powers, breach notification, data portability)
January 2022 AI Verify testing toolkit announced
June 2023 AI Verify Foundation launched (open-source AI governance testing)
November 2023 National AI Strategy 2.0 released
December 2023 Bletchley Declaration signed by Singapore
June 2024 Model AI Governance Framework for Generative AI published (IMDA + AI Verify Foundation)
2024 PDPC Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision Systems published
January 2026 Agentic AI Governance Framework published (world-first framework for autonomous AI agents)

1.4 Key Legislation and Frameworks Affecting AI

Law or Framework AI Relevance
Personal Data Protection Act 2012 (No. 26 of 2012) Personal data processing obligations for all AI systems handling personal data
Model AI Governance Framework v2 (2020, IMDA) Voluntary governance principles: internal governance, risk management, stakeholder communication, human oversight
Model AI Governance Framework for Generative AI (2024) 9 dimensions of governance for generative AI systems
Agentic AI Governance Framework (January 2026) Governance for autonomous AI agents operating with limited human oversight
MAS FEAT Principles (2018, updated 2022) AI governance in financial services
Consumer Protection (Fair Trading) Act (Cap. 52A) Protection against unfair AI-related commercial practices
Competition Act 2004 (No. 46 of 2004) Competition law applicable to AI market conduct
Protection from Online Falsehoods and Manipulation Act 2019 (No. 18 of 2019) AI-generated disinformation and falsehoods
Computer Misuse Act 1993 (Cap. 50A) Unauthorised access and cybercrimes involving AI systems
Health Products Act (Cap. 122D) AI-based medical devices (SaMD)
Cybersecurity Act 2018 (No. 9 of 2018) AI systems in critical information infrastructure

Want to monitor your AI compliance automatically? Try AIOS — your AI compliance OS. https://mmoww.net/ai/app/

Quick Decision Matrix

Use this matrix to determine your AI compliance obligations.

Your Situation Risk Level Priority Action Go To
Deploying AI that affects employment decisions High Impact assessment required Chapter 3
Using AI for customer-facing services Medium-High Transparency obligations apply Chapter 4
Internal AI tools (analytics, automation) Medium Document and monitor Chapter 5
AI in regulated sector (finance, health) High Sector-specific rules apply Chapter 3
Procuring AI from third-party vendor Medium Vendor due diligence needed Chapter 5
Just exploring AI for the first time Low Start with governance framework Chapter 2

5-second answer: If your AI system makes decisions that affect people, you have compliance obligations. Start with Chapter 2 for the regulatory framework, then Chapter 3 for your specific obligations.

Continue Reading

Get the complete guide with all chapters, checklists, and regulatory updates.

Browse on Amazon Trust Library Edition — $77.7 Try Free Compliance Tool