The Electronic Transactions Act establishes a safe harbour regime for intermediaries for copyright infringements. According to Section 26 of the Act (introduced by the amendment of the Act within the Act 26 of 2012), any network service provider shall not be subject to any civil or criminal liability in respect of “third-party material” in the form of electronic records to which it “merely” provides access. This exemption of liability also extends to liabilities arising from data protection obligations in respect of third-party material under the Personal Data Protection Act 2012.

The Electronic Transactions Act establishes a safe harbour regime for intermediaries beyond copyright infringements. According to Section 26 of the Act (introduced by the amendment of the Act within the Act 26 of 2012), any network service provider shall not be subject to any civil or criminal liability in respect of “third-party material” in the form of electronic records to which it “merely” provides access. This exemption of liability also extends to liabilities arising from data protection obligations in respect of third-party material under the Personal Data Protection Act 2012.

It is reported that Singapore imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card or a passport in case of foreigners to activate a new prepaid SIM card. In addition, SIM cards cannot be activated without biometric identification

Singapore does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, accounting separation is required in some instances (dominant licensees and their related companies).
Under Section 2.3 of the Code of Practice for Competition in the Provision of Telecommunication and Media Services 2022, a telecommunications licensee or regulated person may be classified as a dominant entity where it operates facilities that are sufficiently costly or difficult to replicate, creating a significant barrier to market entry, or where it has the ability to exercise significant market power in a market covered by its telecommunications or media licence.
The Accounting Separation Guidelines, issued under Section 28 of the Telecommunications Act, allow the Infocomm Media Development Authority (IMDA) to require facilities-based operators and individually licensed services-based operators to comply with accounting separation. The Guidelines provide for two levels of accounting separation: detailed segment reporting, which applies to dominant facilities-based operators and certain related entities, and simplified segment reporting, which applies to certain entities linked to a dominant operator.
Functional or structural separation is not generally imposed on all dominant operators. However, IMDA may impose structural separation as an enforcement remedy in appropriate cases under Sec. 12.6.4.6 of the 2022 Code.

The "Guidelines for Submission of Application for Services-Based Operations Licence" outline the procedures for obtaining the Services-Based Operations (SBO) Licence, which authorises an operator to provide services-based telecommunications services in Singapore. Generally, operators that lease international transmission capacity to deliver their services are required to obtain an SBO (Individual) Licence. According to Section 2.3 of the Guidelines, applicants seeking an SBO (Individual) Licence for prepaid services must ensure that their company possesses a minimum paid-up capital of SGD 100,000 (approx. USD 74,000).

Singapore has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

According to the Info-communications Media Development Authority Act, the Info‑communications Media Development Authority, the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Under Art. 199 of the Companies Act 1967, every company must keep accounting and other records that sufficiently explain its transactions and financial position. Where those records are kept outside Singapore, Art. 199(4) requires the company to send to and keep in Singapore the statements and returns necessary to enable the preparation of true and fair financial statements, including any documents required to be attached to them. These records must also remain open to inspection by the company’s directors at all times.

According to Section 26.1 of the Personal Data Protection Act, organisations are prohibited from transferring personal data to a country or territory outside Singapore unless they comply with the requirements prescribed by the Act. Organisations must implement appropriate measures to verify and ensure that the recipient of the personal data, located in a foreign country or territory, is bound by legally enforceable obligations that provide a standard of protection comparable to that of the Personal Data Protection Act. Section 26.2 of the Act allows organisations to apply to the Personal Data Protection Commission for an exemption from any of the restrictions outlined in Section 26.1.
In addition, Part 3 of the Personal Data Protection Regulations specifies that if a recipient of personal data holds a specified certification granted or recognised under the law of the country or territory to which the personal data is transferred, they are considered to be bound by legally enforceable obligations to ensure a standard of protection for the transferred personal data that is at least equivalent to the protection provided by the Personal Data Protection Act. The specified certifications include those recognised under the Asia Pacific Economic Cooperation (APEC) Privacy Recognition for Processors System, applicable when the recipient is a data intermediary, or the APEC Cross-Border Privacy Rules in other cases. Additionally, data transfers are permitted under the following conditions:
- The individual has given consent to the transfer of their data, having been provided a reasonable summary, in writing, of the extent to which their data will be protected by standards comparable to the Personal Data Protection Act;
- The transfer is necessary for the performance of a contract between the organisation and the individual or for the purpose of entering into such a contract;
- The transfer is necessary for the conclusion or performance of a contract between the organisation and a third party, which is entered into at the individual's request;
- The transfer is necessary for use or disclosure in certain situations where the consent of the individual is not required under the Personal Data Protection Act, such as use or disclosure necessary to respond to an emergency;
- The data are in transit;
- The data are publicly available in Singapore.

Singapore has joined several agreements with binding commitments to open transfers of data across borders. These include: the Updated Singapore-Australia Free Trade Agreement (SAFTA, Chapter 14, Art. 13), the Protocol to Amend the Agreement between Singapore and New Zealand on a Closer Economic Partnership (Art. 9.10), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11), the Free Trade Agreement between the Democratic Socialist Republic of Sri Lanka and the Republic of Singapore (Art. 9.9), the Australia - Singapore Digital Economy Agreement (Annex A Art. 23), the Digital Economy Partnership Agreement Between Singapore, Chile and New Zealand (DEPA, Art. 4.3), the Digital Economy Agreement between the United Kingdom of Great Britain and Northern Ireland and the Republic of Singapore [Art. 8.61-F(2)], the amended Free Trade Agreement between the Government of the Republic of Korea and the Government of the Republic of Singapore (Art. 14.14), and the Protocol to the Digital Economy Partnership Agreement (Art. 5)

The Personal Data Protection Act 2012 (PDPA) provides a baseline standard of protection for personal data in Singapore. It complements sector-specific legislative and regulatory frameworks such as the Banking Act and Insurance Act. It comprises various requirements governing the collection, use, disclosure and care of personal data in Singapore. The Act came into force in different phases, and the provisions concerning data protection were enforced in July 2014.

According to the Services-Based Operations (Individual) Licence Template issued by the Infocomm Media Development Authority (IMDA), licensees providing certain telecommunications services must maintain data records, including assigned source IP addresses, date and time stamps, assigned user IDs or user names, and, for some services, Call Detail Records (CDRs). These records must be made available for inspection by authorised Singapore government agencies and must generally be retained for at least 12 calendar months. IMDA also reserves the right to require licensees to retain any other details as part of data records where necessary.
In addition, the licensee shall disclose subscriber information, where deemed necessary to the Authority or such other relevant law enforcement or security agencies in the exercise of their functions and duties.

Under the Code of Practice for Online Communication Services, designated online communication service providers must take all reasonably practicable steps to prevent their services from being used for scams and malicious cyber activity offences.
In particular, Section A5 requires service providers to retain all available data relating to accounts that have been, or are suspected of being, used for scams and/or malicious cyber activities. This includes, where available, records identifying the account user(s), transaction or interaction records, activity logs, IP addresses, and metadata. Such data must be retained for at least 90 days to support potential criminal investigations into scams and malicious cyber activities.
The currently designated online services include Facebook, Instagram, Telegram, WeChat, WhatsApp, and TikTok.

Copyright enforcement in Singapore remains a concern in the online environment. It is reported that stakeholders continue to raise concerns regarding enforcement against unauthorised streaming services, third-party illicit streaming devices (ISDs), and illicit Internet Protocol television (IPTV) applications used to access pirated content.

Singapore has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.