Singapore suppliers: SGX climate reporting, MAS guidelines, PDPA, and the Green Plan 2030.

Singapore Exchange (SGX) requires all listed companies to report climate-related disclosures in line with TCFD recommendations. This includes Scope 1, 2, and 3 emissions, climate risks, and transition plans. Listed companies will increasingly request supply chain data from their Singapore-based suppliers.

MAS has issued guidelines requiring banks, insurers, and asset managers to manage environmental risks. Financial institutions are expected to conduct due diligence on their clients and counterparties, which may include requesting ESG data from Singapore businesses.

Singapore's whole-of-nation sustainability roadmap sets targets for green buildings, clean energy, sustainable living, and green economy. Government procurement increasingly favours suppliers with demonstrated sustainability credentials.

Singapore's PDPA requires organisations to notify the Personal Data Protection Commission (PDPC) and affected individuals within 3 calendar days of assessing that a notifiable data breach has occurred. A breach is notifiable if it involves personal data of 500 or more individuals, or is likely to result in significant harm to affected individuals. Organisations must also have in place a data breach response plan. Non-compliance can result in financial penalties of up to SGD 1 million (or 10% of annual Singapore turnover for larger organisations under the 2020 amendments).

The Cybersecurity Agency of Singapore (CSA) requires owners of Critical Information Infrastructure (CII) — covering 11 sectors including energy, water, banking, healthcare, and transport — to report prescribed cybersecurity incidents to CSA within 2 hours of discovery. Suppliers to CII owners may be required to meet cybersecurity standards as part of supply chain security obligations. The 2024 Cybersecurity (Amendment) Act extended obligations to major IT service providers and entities of special cybersecurity interest.