Jul 3, 2026 · 11:06 AM
Subscribe
Home Ai

Singapore Will Fine Cloud Giants a Million Dollars for Going Dark

Singapore's draft Digital Infrastructure Bill would let regulators fine major data centres and cloud providers up to S$1 million, or 10 percent of local turnover, for security and resilience failures. The proposal follows a 2024 Loyang data centre fire, a 2023 outage that hit 2.5 million banking transactions, and a 2025 state backed hacking campaign against Singapore's telecom networks.

Dave Barr
· 4 min read · 108 views
Singapore Will Fine Cloud Giants a Million Dollars for Going Dark

Singapore wants the power to fine cloud giants and data centre operators up to a million dollars, or ten percent of their local revenue, if their systems go down. The island already knows what that looks like.

The Ministry of Digital Development and Information and the Infocomm Media Development Authority released the draft Digital Infrastructure Bill on July 1, and they're giving the public just three weeks to respond, with submissions due by July 22 at 10am. That's a short runway for a bill that would put a licence, and a real financial penalty, on the companies that keep Singapore's internet running.

Under the draft, major data centre and cloud service operators face fines of up to S$1 million, or 10 percent of their annual turnover in Singapore, whichever is higher, according to Singapore Law Watch. The number sounds abstract until you see who it actually applies to. The bill defines a major foundational digital infrastructure provider as a data centre with a critical IT load of at least 10 megawatts that serves outside clients, the colocation and cloud facilities that host everyone else's servers, plus any cloud computing service pulling in S$100 million or more a year from Singapore users, averaged over three years, if it sells infrastructure or platform services rather than finished software. That threshold sweeps in the hyperscale cloud arms of Amazon, Microsoft and Google without naming them directly, since it's written around revenue and load rather than brand.

You don't have to squint to see why regulators moved now. In September 2024, a fire at a Digital Realty data centre in Loyang knocked out services for major tech tenants. A year earlier, in October 2023, a cooling system fault at a Singapore data centre disrupted roughly 2.5 million banking transactions in a single afternoon. And in July 2025, Singapore's coordinating minister for national security confirmed that the state backed hacking group UNC3886 had been actively targeting the country's critical infrastructure, prompting Operation CYBER GUARDIAN, the largest coordinated cyber response the country has run, after the group went after all four major telecom operators. None of those incidents needed a hypothetical to explain why a licensing regime with teeth might matter here.

Under the bill, IMDA would gain the power to grant, suspend and revoke licences, issue binding codes of practice, run investigations and levy the financial penalties directly. Licensed operators would have to keep physical security and cybersecurity controls in place, maintain business continuity and disaster recovery plans, and report cybersecurity incidents and service disruptions to the authority as they happen rather than after the fact.

There's a second, separate track buried in the same bill that has nothing to do with resilience. Any data centre with a critical load of 3 megawatts or more, a far lower bar than the 10 megawatt threshold for the security licence, would need a new sustainability licence. IMDA says it will weigh power usage effectiveness, water efficiency and how much of a facility's energy comes from renewables when deciding whether to grant one. That's a direct response to how much electricity data centres already draw on a small, power constrained island, and it puts Singapore ahead of most jurisdictions that have so far treated data centre energy use as a planning question rather than a licensing one.

Frankly, the fine itself isn't the interesting part of this bill. A million Singapore dollars, a little over 770,000 US dollars, won't move the needle for a cloud division reporting tens of billions in annual revenue. The 10 percent of local turnover clause is the one worth watching, since for a large enough operator that could run into real money fast. What matters more is the reporting obligation. Once operators have to disclose outages and breaches to IMDA as a condition of keeping their licence, Singapore gets visibility it doesn't currently have into how often these systems actually fail, and how close the last near miss came to becoming the next Loyang fire.

The consultation window closes on July 22 at 10am. After that, MDDI and IMDA will need to fold industry feedback into a bill that still has to clear Parliament, and the cloud providers named nowhere in the text but squarely inside its revenue thresholds will be watching every line.

Also read: Sakana AI's Ren Ito Joins the UN's New AI for Good CommissionTikTok confirms layoffs in Singapore and three other cities in one dayKioxia Sells Out Its Entire 2026 NAND Flash Supply Just as AI Chips Ship

TOPICS
Dave Barr is a professional Marketing Strategist With Over 6 Years Of Experience in PR. His primary area of expertise is public relations and social branding. Dave has been associated with various content projects from across the world on a regular basis. He has also had associations with big and reputed news networks. Dave contributes to Startup Fortune in the Business, Marketing and Technology sections.
Related Articles
More posts →
Loading next article…
You're all caught up