Designated online services have until 26 December 2024 to comply with the Codes of Practice for the Online Criminal Harms Act issued by the Ministry of Home Affairs.

Insights

Deadline Nears for Compliance with Online Criminal Harms Act Codes of Practice

Date
December 6, 2024
Author
OrionW

On 21 June 2024, the Ministry of Home Affairs published the Codes of Practice for E-Commerce Services and for Online Communications Services (Codes of Practice).  The Codes of Practice require designated online services to put in place appropriate systems, processes or measures to proactively disrupt scams and malicious cyber activities affecting persons in Singapore.

So far, the Singapore Police Force nominated Facebook, Instagram, Telegram, WeChat and WhatsApp as designated online communications services and Carousell, Facebook Marketplace, Facebook Advertisements and Facebook Business Pages as designated e-commerce services.

Designated service providers must comply with the following requirements within 6 months from 26 June 2024 (i.e., by 26 December 2024):

Quick Disruption of Malicious Accounts and Activities

  • Proactively detect and promptly act against suspected scams and/or malicious cyber activities (collectively, Malicious Activities), including accounts used to commit them.
  • Provide an accessible reporting mechanism that allows Singapore end-users to report suspected Malicious Activities, compromised end-user accounts and accounts that impersonate end-users, and promptly act on those reports.
  • Implement a fast-track channel to facilitate the receipt of reports from, and the submission of information to, relevant law enforcement agencies regarding Malicious Activities.
  • Keep all data of accounts used for Malicious Activities for at least 90 days and for as long as needed to facilitate investigation into the Malicious Activities.
  • Facilitate requests for information and data from law enforcement agencies.

Deployment of Safeguards to Prevent Propagation of Malicious Activities

  • Implement verification measures to prevent account misuse, with additional checks on accounts suspected of malicious activity.
  • Require strong login credentials for account holders.
  • Provide means for account holders to verify their accounts, with “verified” status having stronger verification measures.
  • For e-commerce services, verify advertisers against Singapore Government records and offer payment protection that requires verified delivery before payment is released to sellers.

In addition, designated online services are required to submit an annual report regarding the implementation of measures and efforts covered in the items above.  Among others, the report is expected to:

  • describe existing and new policies, programmes and systems in place to detect, prevent and respond to Malicious Activities;
  • identify new challenges in countering and preventing Malicious Activities; and
  • provide information on Malicious Activities that were detected and removed or banned.

Conclusion

The Codes of Practice mark a key move towards proactive detection and prevention of scams and/or malicious cyber activities.  Designated online services should be aware of the Codes of Practice to prevent the proliferation of malicious activity online.

For More Information

OrionW provides expert advice on cybersecurity and regulatory compliance.  For more information on the Online Criminal Harms Act and how it affects your organisation, please contact us at info@orionw.com.

Disclaimer: This article is for general information only and does not constitute legal advice.

Newsletter

Subscribe to
our newsletters

To subscribe, select the newsletter options that interest you (TMT, FinTech or DPC - Data Protection and Cybersecurity) and provide your details.

  • TMT - Technology, Media and Telecommunications
  • FinTech
  • DPC - Data Protection & Cybersecurity
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.