The Infocomm Media Development Authority of Singapore (IMDA) is launching two initiatives, the generative AI (GenAI) Playbook and the GenAI Navigator, to make artificial intelligence (AI) more accessible to Singapore businesses and to increase its adoption locally.
The Malaysian Personal Data Protection Department recently published three public consultation papers to gather feedback on proposed guidelines on (i) data protection impact assessments, (ii) data protection by design and (iii) automated decision-making and profiling. The guidelines are part of a set of seven guidelines that are being (and have been) developed to complement the Personal Data Protection Act 2010 (PDPA), as announced by Digital Minister Gobind Singh Deo in January last year.
On 19 March 2025, Hong Kong’s Legislative Council enacted the Protection of Critical Infrastructures (Computer Systems) Bill, which was gazetted as the Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653) on 28 March 2025. The Ordinance, which is set to take effect on 1 January 2026, aims to enhance cybersecurity standards in relation to the providers of essential services in eight sectors deemed crucial to the normal functioning of the society, namely energy, information technology, banking and financial services, air transport, land transport, maritime transport, healthcare services, and telecommunications and broadcasting services, as well as critical societal or economic activities (such as those managing major sports and performance venues, as well as research and development parks) in Hong Kong.
On 11 March 2025, the Insurance Commission (IC) and the National Privacy Commission (NPC) issued Joint Advisory No. 2025-001 (“Joint Advisory”), or Considerations on the Use of Privacy Enhancing Technologies (PETs) in the Insurance Industry.
The Joint Advisory values the adoption of PETs in the insurance industry, which may supplement existing privacy-preserving practices to mitigate data privacy risks and ensure protection of personal data processed by personal information controllers (PICs) and personal information processors (PIPs).
The Infocomm Media Development Authority (IMDA) has released a new set of advisory guidelines (Advisory Guidelines) aimed at enhancing the resilience and security of cloud services and data centers in Singapore. These Advisory Guidelines are part of Singapore’s broader digital infrastructure strategy and reflect growing emphasis on the systemic importance of digital services and infrastructure to both the economy and daily life.
On 19 February 2025, the Securities and Futures Commission (SFC) issued a regulatory roadmap for Hong Kong’s virtual asset market. Entitled “‘A-S-P-I-Re’ Roadmap for a Resilient Virtual Asset Ecosystem”, it sets out a five-pillar framework (Access, Safeguards, Products, Infrastructure, and Relationships) that is intended to serve as a strategic action plan for addressing emerging new priorities in the virtual asset space (e.g., managing liquidity fragmentation and ensuring investor protection across decentralized and centralized platforms) and, in the SFC’s words, “future-proof[ing] Hong Kong’s VA ecosystem”.
The Canadian Competition Bureau (“Bureau”) recently published the Consultation on Artificial Intelligence and Competition: What We Heard (“Report”), which summarizes feedback it received from its 2024 public consultation about how AI is impacting competition in Canada. The Bureau will use the insights from the submissions summarized in the Report to inform how it will protect and promote competition in Canada’s AI market.
On 10 March 2025, the Health Sciences Authority launched its public consultation for the draft on the Best Practices Guide for Medical Device Cybersecurity. The document provides medical device manufacturers and healthcare providers with best practice recommendations and considerations on general cybersecurity principles to protect the security of medical devices for their entire product life cycle.
On 12 February 2025, the Cyberspace Administration of China (CAC) issued the Measures for the Administration of Personal Information Compliance Audit (“Audit Measures”), which will take effect from 1 May 2025. The draft of the Audit Measures was first released for solicitation of public comments on 3 August 2023, and it took a year and a half for CAC to finalize the Audit Measures. In the final version of the Audit Measures, there are a few notable changes compared with the draft version, which reflect the evolving and more relaxed data protection regulatory stance of the CAC.
On 25 February 2025, the Saudi Data and Artificial Intelligence Authority published a new set of comprehensive guidelines aimed at ensuring the protection of personal data when transferred or disclosed to entities outside the Kingdom. These guidelines, which are intended for reference purposes and are not binding, provide a systematic approach for organizations to assess and mitigate potential risks associated with such data transfers, ensuring compliance with the Saudi Personal Data Protection Law and its Regulations.