On 13 November 2025, India's Ministry of Electronics and Information Technology (MeitY) notified the Digital Personal Data Protection Rules 2025 (the Rules), following a 10-month wait since the draft Rules were released on 3...more
11/19/2025
/ Consent ,
Data Breach ,
Data Privacy ,
Data Protection ,
India ,
International Data Transfers ,
New Legislation ,
Personal Data ,
Popular ,
Privacy Laws ,
Regulatory Requirements
On 5 November the Singapore Ministry of Health introduced the Health Information Bill (the “Bill”) in Parliament, marking a major step towards achieving a centralised digital health ecosystem in Singapore. If enacted, the...more
11/13/2025
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Health Care Providers ,
Healthcare ,
New Legislation ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Regulatory Requirements ,
Singapore
The Cybersecurity Act 2018 (the 2018 Act) established Singapore's statutory framework for the oversight and maintenance of national cybersecurity. Its key objectives were to protect critical information infrastructure (CII),...more
11/4/2025
/ Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Government Agencies ,
National Security ,
New Legislation ,
Regulatory Reform ,
Reporting Requirements ,
Singapore ,
Third-Party Risk
On 9 October 2025 the Federal Court of Australia (the Court) imposed an AU$5.8 million civil penalty on Australian Clinical Labs Limited, one of Australia's largest private hospital pathology service providers (the Company),...more
10/31/2025
/ Australia ,
Civil Monetary Penalty ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Health Care Providers ,
Healthcare ,
Incident Response Plans ,
Information Technology ,
Ransomware ,
Regulatory Requirements
During International Cyber Week 2025, Minister for Digital Development and Information Josephine Teo, unveiled a suite of draft frameworks developed by the Cyber Security Agency of Singapore (CSA), the Government Technology...more
10/28/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
Draft Guidance ,
Emerging Technologies ,
Governance Standards ,
Information Governance ,
Innovative Technology ,
Public Consultations ,
Regulatory Requirements ,
Risk Management ,
Singapore
On 17 October 2025, the National AI Centre (NAIC) unveiled the Guidance for AI Adoption (the “Guidance”), a new national framework designed to guide the responsible adoption of artificial intelligence (AI). This comprehensive...more
10/22/2025
/ Artificial Intelligence ,
Australia ,
Corporate Counsel ,
Emerging Technologies ,
Ethics ,
Innovative Technology ,
Machine Learning ,
New Guidance ,
NIST ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Small and Medium-Sized Enterprises (SMEs)
On 15 October 2025, the Online Safety (Relief and Accountability) Bill was tabled in Parliament by the Ministry of Digital Development and Information (MDDI) and the Ministry of Law (MinLaw) in Singapore. The Bill proposes to...more
10/17/2025
/ Abusive Acts ,
Anonymity ,
Child Pornography ,
Cyber-Stalking ,
Enforcement Actions ,
Online Platforms ,
Pending Legislation ,
Private Right of Action ,
Regulatory Authority ,
Regulatory Reform ,
Sexual Harassment ,
Singapore
The platform under investigation develops proof-of-human tools designed to secure digital environments in response to the growing risks posed by artificial intelligence. The NPC launched its inquiry following reports that...more
10/10/2025
/ Artificial Intelligence ,
Biometric Information ,
Cease and Desist Orders ,
Consumer Privacy Rights ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Government Agencies ,
Innovative Technology ,
Machine Learning ,
Personal Data ,
Philippines ,
Regulatory Oversight
On 24 September 2025, Singapore’s Police Force (SPF) issued a formal Implementation Directive (Directive) to a major social media platform (Platform), requiring urgent remedial action in response to a sharp rise in...more
9/26/2025
/ Cybersecurity ,
Enforcement Actions ,
Fraud ,
Government Agencies ,
Identity Theft ,
Information Technology ,
Online Platforms ,
Penalties ,
Phishing Scams ,
Regulatory Oversight ,
Regulatory Requirements ,
Singapore ,
Social Media ,
Vulnerability Assessments ,
Websites
As data protection laws across the Asia-Pacific region continue to evolve, businesses operating in the region face increasing complexity in managing compliance and risk. To support our clients in navigating this dynamic...more
9/24/2025
/ Asia Pacific ,
Australia ,
China ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Hong Kong ,
Indonesia ,
Information Technology ,
Japan ,
Legislative Agendas ,
Regulatory Agenda ,
Singapore ,
Vietnam
In a landmark decision, the Singapore High Court in Piper v. Singapore Kindness Movement [2025] SGHC 173 has clarified the limits of deemed consent under the Personal Data Protection Act 2012 (the "PDPA") and the requirements...more
9/8/2025
/ Damages ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Personal Data ,
Personal Information ,
Prior Express Consent ,
Regulatory Requirements ,
Singapore ,
Statutory Interpretation ,
Supreme Court of Singapore
Thailand's Digital Government Development Agency (“DGA”) has published two sets of draft public sector-targeted guidelines intended to steer government agencies towards implementing cloud technologies and data classification...more
Vietnam's data privacy landscape is undergoing a significant transformation with the recent enactment of the Law on Personal Data Protection (PDP Law), effective from 1 January 2026. This new law marks a pivotal step in...more
Thailand's Personal Data Protection Committee (“PDPC”) has significantly intensified its enforcement of Thailand's Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), announcing on 1 August 2025 eight new administrative...more
8/11/2025
/ Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
Enforcement Actions ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
Thailand
On 1 August 2025, the Privacy Commissioner for Personal Data, Hong Kong (“PCPD”), and the Personal Data Protection Bureau, Macao (“PDPB”), in collaboration with seven other privacy and data protection authorities across...more
Following its enactment earlier this year, Myanmar's Cybersecurity Law No. 1/2025 (the “Cybersecurity Law”) came into effect on 30 July 2025. It introduces a comprehensive framework regulating both domestic and international...more
On 26 June 2025, Singapore’s Personal Data Protection Commission (PDPC) and Cyber Security Agency (CSA) released a joint statement advising organizations to stop “as soon as possible” the practice of using Singapore national...more
On July 23, 2025, Cambodia released a draft of its first ever comprehensive personal data protection law, the Law on Personal Data Protection (“LPDP”).
Once passed, Cambodia will join the ranks of seven other countries...more