Review of e-commerce legislation harmonization in the Association of Southeast Asian Nations (ASEAN) [UNCTAD/DTL/STICT/2013/1]


[ Galexia Dots ]

In Brief


Singapore has been very active in updating its laws and regulations to meet international best practice standards in relation to e-commerce. The Electronic Transactions Act and the Electronic Transactions Regulations were updated in 2010 in order to align them with the 2005 United Nations Convention on the Use of Electronic Communications in International Contracts. Singapore was the first ASEAN member country to ratify that Convention (which came into force only in March 2013). Singapore also passed the Personal Data Protection Act in 2012, and has begun work on policies and strategies to facilitate the growth of cloud computing.

ICT uptake in Singapore has been accompanied by the development of a highly competitive ICT sector, and significant use of e-commerce and m-commerce. The country enjoys the highest levels of Internet, mobile phone and fixed broadband use in the region.

Electronic transactions law

The Electronic Transactions Act 2010 replaces the previous Electronic Transactions Act 1998. It provides for the recognition of electronic signatures and digital signatures in Singapore. Section 8 provides that where a rule of law requires a signature, an electronic signature satisfies that rule of law, subject to some simple requirements.

The Electronic Transactions Act 2010 closely matches the provisions of the United Nations Convention on the Use of Electronic Communications in International Contracts – a Convention that Singapore has both signed and ratified.

Consumer protection

Singapore does not have consumer protection laws specifically for e-commerce. However, a number of general consumer laws are in place. These apply generally to all transactions including electronic transactions, but do not address specifically consumer protection issues raised by the online environment. These consumer laws include the Consumer Protection (Fair Trading) Act 2003.

Privacy and data protection

Singapore passed the Personal Data Protection Act in 2012. This is comprehensive privacy legislation, modelled on the OECD Privacy Guidelines. The privacy law appears broadly compatible with the European Union Data Protection Directive. Singapore is also a member of APEC and the new law has been influenced by the APEC Privacy Framework.

The new law includes the establishment of a Data Protection Commission, which will be an independent authority, with oversight provided by a new appeals tribunal.

Online content regulation

Singapore has a three-pronged approach to content regulation:

(a) Government regulation through a class licensing scheme;
(b) Industry self-regulation;
(c) A public education programme.

Singapore’s Media Development Authority (MDA)[3]0 maintains license and registration requirements that subject Internet content and service providers to penalties for non-compliance with restrictions on prohibited material. The MDA is charged with ensuring that “nothing is included in the content of any media service which is against public interest or order, or national harmony, or which offends good taste or decency”. The core of this framework is a class licence scheme stipulated under the Broadcasting Act and by industry policies and regulations issued by the MDA.

Under the class license scheme, all ISPs and those ICPs determined to be political parties or persons “engaged in the propagation, promotion or discussion of political or religious issues relating to Singapore” must register with the MDA. As licensees, ISPs and ICPs are also bound by the MDA’s Internet Code of Practice. The Code defines “prohibited material” broadly, specifying only a few standards for sexual, violent, and intolerant content. Where filtering is not mandated at the ISP level, the Code requires that ICPs deny access to material if so directed by the MDA. Licensees that fail to comply with the Code may face sanctions, including fines or licence suspensions or terminations

Cybercrime and cybersecurity

The Computer Misuse Act 1993 includes provisions to protect computers, computer programmes and data stored in computers from unauthorized access, modification, interception and interference. The Act intentionally defines “computer” very widely and is not technology-specific. It applies to any person, irrespective of his physical location, who does any act that relates to any computer, programme or data located within Singapore at the material time.

The Act specifies a number of offences that can be committed using a computer. These are:

  • Unauthorized access to computer material (section 3);
  • Accessing a computer with the intent of committing or facilitating the commission of an offence (section 4);
  • Unauthorized modification of the content of data within a computer (section 5);
  • Unauthorized use or interception of a computer function or process (section 6);
  • Unauthorized obstruction of the lawful use of a computer (section 7);
  • Unauthorized disclosure of a computer access code or password (section 8);
  • Abetting or attempts to commit any of the above offences (section 10).

The offences contained in the Computer Misuse Act are compatible with the Convention on Cybercrime.

Singapore plans to amend the Act to cover a wider range of cybercrime and cybersecurity issues, including attacks on national infrastructure and cyberbullying. The first of these amendments was introduced to the Singapore Parliament in November 2012.

Other legislation of general application, for example the penal code, can also be applied to digital crime.

Online dispute resolution and domain-name regulation

The .sg domain space is administered by the Singapore Network Information Centre, which imposes conditions on the granting to an individual, business or organization use of a .sg domain name. These conditions are contained in the standard form contracts the Centre uses to register domain names and the registration polices the Centre implements.

[30] Singapore Media Development Authority,