On 13 November 2025, India's Ministry of Electronics and Information Technology (MeitY) notified the Digital Personal Data Protection Rules 2025 (the Rules), following a 10-month wait since the draft Rules were released on 3...more
11/19/2025
/ Consent ,
Data Breach ,
Data Privacy ,
Data Protection ,
India ,
International Data Transfers ,
New Legislation ,
Personal Data ,
Popular ,
Privacy Laws ,
Regulatory Requirements
On 5 November the Singapore Ministry of Health introduced the Health Information Bill (the “Bill”) in Parliament, marking a major step towards achieving a centralised digital health ecosystem in Singapore. If enacted, the...more
11/13/2025
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Health Care Providers ,
Healthcare ,
New Legislation ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Regulatory Requirements ,
Singapore
As data protection laws across the Asia-Pacific region continue to evolve, businesses operating in the region face increasing complexity in managing compliance and risk. To support our clients in navigating this dynamic...more
The Cybersecurity Act 2018 (the 2018 Act) established Singapore's statutory framework for the oversight and maintenance of national cybersecurity. Its key objectives were to protect critical information infrastructure (CII),...more
11/4/2025
/ Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Government Agencies ,
National Security ,
New Legislation ,
Regulatory Reform ,
Reporting Requirements ,
Singapore ,
Third-Party Risk
On 9 October 2025 the Federal Court of Australia (the Court) imposed an AU$5.8 million civil penalty on Australian Clinical Labs Limited, one of Australia's largest private hospital pathology service providers (the Company),...more
10/31/2025
/ Australia ,
Civil Monetary Penalty ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Health Care Providers ,
Healthcare ,
Incident Response Plans ,
Information Technology ,
Ransomware ,
Regulatory Requirements
During International Cyber Week 2025, Minister for Digital Development and Information Josephine Teo, unveiled a suite of draft frameworks developed by the Cyber Security Agency of Singapore (CSA), the Government Technology...more
10/28/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
Draft Guidance ,
Emerging Technologies ,
Governance Standards ,
Information Governance ,
Innovative Technology ,
Public Consultations ,
Regulatory Requirements ,
Risk Management ,
Singapore
On 17 October 2025, the National AI Centre (NAIC) unveiled the Guidance for AI Adoption (the “Guidance”), a new national framework designed to guide the responsible adoption of artificial intelligence (AI). This comprehensive...more
10/22/2025
/ Artificial Intelligence ,
Australia ,
Corporate Counsel ,
Emerging Technologies ,
Ethics ,
Innovative Technology ,
Machine Learning ,
New Guidance ,
NIST ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Small and Medium-Sized Enterprises (SMEs)
On 15 October 2025, the Online Safety (Relief and Accountability) Bill was tabled in Parliament by the Ministry of Digital Development and Information (MDDI) and the Ministry of Law (MinLaw) in Singapore. The Bill proposes to...more
10/17/2025
/ Abusive Acts ,
Anonymity ,
Child Pornography ,
Cyber-Stalking ,
Enforcement Actions ,
Online Platforms ,
Pending Legislation ,
Private Right of Action ,
Regulatory Authority ,
Regulatory Reform ,
Sexual Harassment ,
Singapore
The platform under investigation develops proof-of-human tools designed to secure digital environments in response to the growing risks posed by artificial intelligence. The NPC launched its inquiry following reports that...more
10/10/2025
/ Artificial Intelligence ,
Biometric Information ,
Cease and Desist Orders ,
Consumer Privacy Rights ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Government Agencies ,
Innovative Technology ,
Machine Learning ,
Personal Data ,
Philippines ,
Regulatory Oversight
On 24 September 2025, Singapore’s Police Force (SPF) issued a formal Implementation Directive (Directive) to a major social media platform (Platform), requiring urgent remedial action in response to a sharp rise in...more
9/26/2025
/ Cybersecurity ,
Enforcement Actions ,
Fraud ,
Government Agencies ,
Identity Theft ,
Information Technology ,
Online Platforms ,
Penalties ,
Phishing Scams ,
Regulatory Oversight ,
Regulatory Requirements ,
Singapore ,
Social Media ,
Vulnerability Assessments ,
Websites
As data protection laws across the Asia-Pacific region continue to evolve, businesses operating in the region face increasing complexity in managing compliance and risk. To support our clients in navigating this dynamic...more
9/24/2025
/ Asia Pacific ,
Australia ,
China ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Hong Kong ,
Indonesia ,
Information Technology ,
Japan ,
Legislative Agendas ,
Regulatory Agenda ,
Singapore ,
Vietnam
In a landmark decision, the Singapore High Court in Piper v. Singapore Kindness Movement [2025] SGHC 173 has clarified the limits of deemed consent under the Personal Data Protection Act 2012 (the "PDPA") and the requirements...more
9/8/2025
/ Damages ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Personal Data ,
Personal Information ,
Prior Express Consent ,
Regulatory Requirements ,
Singapore ,
Statutory Interpretation ,
Supreme Court of Singapore
Thailand's Digital Government Development Agency (“DGA”) has published two sets of draft public sector-targeted guidelines intended to steer government agencies towards implementing cloud technologies and data classification...more
Vietnam's data privacy landscape is undergoing a significant transformation with the recent enactment of the Law on Personal Data Protection (PDP Law), effective from 1 January 2026. This new law marks a pivotal step in...more
Thailand's Personal Data Protection Committee (“PDPC”) has significantly intensified its enforcement of Thailand's Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), announcing on 1 August 2025 eight new administrative...more
8/11/2025
/ Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
Enforcement Actions ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
Thailand
On 1 August 2025, the Privacy Commissioner for Personal Data, Hong Kong (“PCPD”), and the Personal Data Protection Bureau, Macao (“PDPB”), in collaboration with seven other privacy and data protection authorities across...more
On 30 July 2025, the Indonesian Constitutional Court (“Court”) issued a landmark ruling, Decision No. 151/PUU-XXII/2024 (“Decision 151”), which significantly broadens the scope of mandatory Data Protection Officer (“DPO”)...more
Following its enactment earlier this year, Myanmar's Cybersecurity Law No. 1/2025 (the “Cybersecurity Law”) came into effect on 30 July 2025. It introduces a comprehensive framework regulating both domestic and international...more
On 26 June 2025, Singapore’s Personal Data Protection Commission (PDPC) and Cyber Security Agency (CSA) released a joint statement advising organizations to stop “as soon as possible” the practice of using Singapore national...more
On July 23, 2025, Cambodia released a draft of its first ever comprehensive personal data protection law, the Law on Personal Data Protection (“LPDP”).
Once passed, Cambodia will join the ranks of seven other countries...more
Australia has implemented a first-of-its kind requirement for eligible businesses to report ransomware payments. From 30 May 2025, eligible businesses that make a payment in response to a cyber security incident, or become...more
6/16/2025
/ Australia ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
Government Agencies ,
New Legislation ,
Penalties ,
Ransomware ,
Regulatory Requirements ,
Reporting Requirements
India’s Ministry of Electronics and Information Technology (MeitY) released in June 2025 a Business Requirement Document for Consent Management Under the DPDP Act, 2023 (BRD). The BRD, while not legally binding, provides...more
With the introduction of the Data Sharing Act 2025 (the “Act”), Malaysia has formalised the rules governing the sharing of data between its public sector agencies. Designed to foster greater collaboration and efficiency, the...more
On 17 March 2025, the Australian Government published Model Clauses to help government purchasers manage vendor relationships when procuring AI technology based systems and services. The Model Clauses cover issues relevant to...more
The launch of the Global Cross Border Privacy Rules (CBPR) and Privacy Rules for Processors (PRP) systems on June 2, 2025 offers a framework to manage increasingly difficult standards for global data privacy governance....more