Singapore’s Digital Infrastructure Act: The regulation shaping the next phase of AI, cloud and business trust

As Singapore prepares to table its Digital Infrastructure Act, the message is clear: cloud services and data centres are no longer invisible back-end systems. They are becoming national infrastructure — and business trust will increasingly depend on how resilient, secure and sustainable they are.

|

Article audio is generated by AI tool.

Singapore’s Digital Infrastructure Act: The Quiet Regulation Behind the Next Phase of AI, Cloud and Business Trust
AI-assisted image: Created using a human-written editorial prompt. Click image to see AI prompt.

For years, digital infrastructure has sat quietly in the background of business life.

Most companies do not think too much about where their websites are hosted, how their cloud applications are powered, or what happens behind the scenes when a customer makes an online payment, books a ride, uses Singpass, accesses accounting software, or stores documents in the cloud.

That invisibility may soon change.

Singapore’s proposed Digital Infrastructure Act marks an important shift in how the country thinks about the systems that support its digital economy. The Act is expected to be tabled in Parliament later this year and will introduce requirements to strengthen the resilience, security and sustainability of key digital infrastructure, starting with major cloud service providers and data centres.

This is not just another cybersecurity regulation. It is a sign that Singapore now sees digital infrastructure as foundational infrastructure — not unlike power, water, transport, or telecommunications.

Digital infrastructure is no longer just an IT issue

The logic behind the proposed Act is simple: when digital infrastructure fails, the impact does not stay inside a server room.

Data centres and cloud platforms now support many daily services, including e-banking, payments, ride-hailing, e-commerce and digital identity authentication. MDDI has warned that disruptions or cyber-attacks affecting such infrastructure could have significant impact on the economy and people’s daily activities.

This is the real issue.

In the past, a company’s IT problem was mostly its own problem. Today, a cloud outage, data centre incident, system misconfiguration, cooling failure or cyberattack can ripple across banks, platforms, SMEs, public services and consumers.

That makes digital infrastructure a matter of public confidence.

Singapore had already signalled this direction in 2024, when the Government said the proposed Act would go beyond the Cybersecurity Act to address a broader set of resilience risks, including technical misconfigurations and physical hazards such as fires, water leaks and cooling system failures.

This is an important distinction. Cybersecurity is only one part of digital resilience. A system can fail even without being hacked.

From cybersecurity to business continuity

The Digital Infrastructure Act should therefore be understood as part of a broader shift from cybersecurity compliance to digital business continuity.

In February 2025, IMDA introduced Advisory Guidelines for Cloud Services and Data Centres. These guidelines recommend measures for cloud service providers and data centre operators to improve resilience and security, reduce disruptions, and restore services quickly when incidents occur.

The guidelines cover areas such as risk assessment, business impact analysis, business continuity planning, cybersecurity measures, disaster recovery, access controls and data governance.

For large operators, this points towards clearer obligations.

For businesses that depend on these operators, the message is equally important: digital resilience cannot be outsourced completely.

A company may not operate its own data centre. It may not directly manage its cloud platform. But it still depends on these systems for customer service, transactions, communications, records, marketing, payments and operations.

In other words, businesses must start asking better questions:

Are our critical systems dependent on a single cloud provider?
Do we know what happens if our website, CRM, payment gateway or email service goes down?
Do we have backups, alternative workflows and communication plans?
Have we treated digital disruption as a business risk, or merely an IT inconvenience?

For SMEs, this may be the most practical takeaway.

The Act may directly regulate major infrastructure operators, but its implications will travel downstream to enterprise customers, vendors and service providers.

AI makes the infrastructure question more urgent

The timing of the proposed Act is also significant.

Singapore is pushing deeper into AI adoption. But AI is not powered by software alone. It depends on compute capacity, cloud platforms, data centres, energy, cooling, connectivity and reliable operations.

This is where the infrastructure conversation becomes strategic.

MDDI has linked the Digital Infrastructure Act not only to resilience and cybersecurity, but also to sustainability and energy efficiency. The proposed legislation is expected to establish baseline energy efficiency requirements for all data centres, including existing and new ones, starting with Power Usage Effectiveness requirements.

This matters because AI will increase demand for compute. More compute means more pressure on data centres. More data centre demand means more pressure on land, energy, water and sustainability targets.

IMDA’s Green Data Centre Roadmap, launched in 2024, already recognised this tension. The roadmap aims to provide at least 300MW of additional data centre capacity in the near term, while accelerating energy efficiency and green energy deployment. Singapore had over 1.4GW of data centre capacity and more than 70 cloud, enterprise and co-location data centres at the time of the roadmap’s launch.

This gives the Digital Infrastructure Act a broader meaning.

It is not only about preventing outages. It is also about ensuring Singapore can support the next phase of AI and digital growth without overloading its physical and environmental constraints.

The hidden competitiveness angle

There is also a competitiveness story here.

Countries compete not only on talent, tax rates, grants and innovation programmes. Increasingly, they compete on trust.

Can businesses rely on the infrastructure?
Can global companies run mission-critical workloads here?
Can AI firms access reliable compute?
Can financial institutions, healthcare providers, manufacturers and digital platforms trust the underlying systems?

Singapore’s advantage has long been its reputation for reliability, governance and infrastructure quality. The Digital Infrastructure Act appears to extend that logic into the digital era.

A trusted AI and cloud economy cannot be built on fragile infrastructure.

This is especially relevant for Singapore’s position as a regional business and digital hub. If the country wants to attract high-value technology activity, advanced manufacturing, regional headquarters, cloud services and AI development, it must show that its digital infrastructure is not only fast and connected, but also resilient, secure and sustainable.

Why SMEs should pay attention

At first glance, the Act may seem distant from SMEs.

Most small businesses will not be directly regulated as major cloud service providers or data centre operators. But they are increasingly dependent on the systems that will be regulated.

A tuition centre relies on its website, WhatsApp enquiries, payment systems and digital marketing tools.
A home-based food business relies on e-commerce, social media, delivery platforms and cloud accounting.
A manufacturer relies on ERP systems, cloud storage, customer portals, logistics platforms and digital documentation.
A consultancy relies on email, shared drives, online meetings, CRM systems and digital proposals.

When these systems fail, revenue, reputation and customer trust are affected.

The lesson for SMEs is not to become technical infrastructure experts. The lesson is to become more deliberate buyers and users of digital services.

They should ask vendors about uptime, backup, data portability, incident response, service-level agreements, cybersecurity, support channels and recovery timelines.

Digital transformation should no longer be sold only as convenience, automation or productivity. It should also be discussed as resilience.

Regulation is only the beginning

The Government has acknowledged that regulation alone is insufficient. When the Digital Infrastructure Act was first discussed, the taskforce also said non-regulatory measures, such as guidance and best practices, would be needed to complement Singapore’s laws.

That is an important point.

The real test will not be whether Singapore introduces another piece of legislation. The real test will be whether the broader ecosystem — cloud providers, data centre operators, enterprise customers, SMEs, vendors, consultants and technology teams — becomes more mature in how it thinks about digital dependency.

The Digital Infrastructure Act is therefore more than a compliance story.

It is a signal of where the economy is heading.

Singapore’s next phase of digital growth will not be defined only by better apps, smarter AI models or more online services. It will also be defined by the quality of the infrastructure beneath them.

The invisible layer is becoming visible.

And in a digital economy, trust may increasingly depend on what happens behind the screen.

Disclosure: This article was developed with AI assistance and curated by Mediafacturing. The final editorial direction, review, and publication decision were made by Mediafacturing Editorial Team.

Article audio is generated by AI tool.

Share this article

Like our industry analysis?

Add Insights by Mediafacturing as your preferred source on Google.

Latest articles

Have a story, perspective or partnership idea?

We welcome relevant business stories, expert views, company features, event coverage and partner-led insights that are useful to our readers.

Find articles by keyword

Newsletter

Ideas worth following

Join our free weekly newsletter for sharp insights, industry stories, and business perspectives curated for leaders, builders, and decision-makers.

Singapore’s Digital Infrastructure Act: The regulation shaping the next phase of AI, cloud and business trust

Singapore’s Digital Infrastructure Act: The Quiet Regulation Behind the Next Phase of AI, Cloud and Business Trust

AI-assisted image: Created using a human-written editorial prompt.

Singapore’s Digital Infrastructure Act: The Quiet Regulation Behind the Next Phase of AI, Cloud and Business Trust