SINGAPORE - A new one-stop centre for online harms will begin operation in the first half of 2026 to help victims seek faster recourse for harms, particularly those related to cyberbullying, deepfakes and the non-consensual sharing of intimate images.
Named the Online Safety Commission, the dedicated Government agency will be empowered by new legislation to order online platforms to take down offensive content flagged by victims.
To be tabled in Parliament in later in 2025, the Online Safety (Relief and Accountability) Bill carries other remedies for victims such as the option to request perpetrators’ information to commence legal proceedings.
“We want to do more to support victims of online harms,” said Minister for Digital Development and Information Josephine Teo, announcing plans for the upcoming agency and legislation in Parliament on March 7 during the debate on her ministry’s budget.
Stengthening trust and safety online is one of the key priorities for the Ministry of Digital Development and Information’s (MDDI) spending over the next financial year, she said in her response to MP Tin Pei Ling (MacPherson) who asked about rising cases of online harms.
“More often than not, platforms fail to take action to remove genuinely harmful content reported to them by victims,” said Mrs Teo, referring to a study by the Infocomm Media Development Authority which found social media companies often dragged their feet to respond to reports of harmful content. Facebook, Instagram, TikTok, X and YouTube took an average of at least five days to respond to user complaints, IMDA found.
Mrs Teo gave the example of an 18-year-old victim whose likeness was used in a deepfake video that was circulated online, with her face superimposed onto another person’s nude body.
Strangers reposted the image and left inappropriate comments, Mrs Teo said. When the girl made a report to the platform, the platform removed the original post, but did not take down the copies of the image which had been shared.
“(She) continues to question who created that photo of her, and if it is still found online,” Mrs Teo said. “Victims like (her) need more support to find closure.”
The Online Safety Commission and upcoming Bill aims to speed up the time taken for victims to get help for online harms encountered online, said Mrs Teo.
One proposed remedy, which received overwhelming support during a recent public consultation, allows victims to sue page administrators and tech platforms for cases related to online harassment (such as cyber bullying and sexual harassment), intimate image abuse, child abuse material, impersonation, deepfakes and hate speech.
Victims will also be able to request the Commission to issue a direction to the platform to take down the offensive image, including identical copies on the platform, said Mrs Teo.
The functions of this new agency received strong support from more than 100 respondents in a month-long consultation with the public in late 2024.
Plans for the new agency were first announced by Prime Minister Lawrence Wong in October 2024. The agency is modelled on Australia’s eSafety Commissioner, an independent regulator that was granted powers in 2022 to direct social media platforms to remove flagged harmful content within 24 hours or face penalties.
The new Bill and Online Safety Commission will add to existing legal levers including the amended Broadcasting Act and Protection from Harassment Act (Poha).
Under the Broadcasting Act, app stores and social media services can be ordered to remove specified harmful content. The Government in January also issued new requirements for app stores to implement age assurance measures like facial scans by March 2026 to keep young users under 18 away from mature apps.
Poha is also available to victims to take known perpetrators to court to seek compensation from wrongdoers.
Efforts will also be ramped up to fend against malicious cyber activities amid rising threats, said Mrs Teo.
More than 80 per cent of organisations in Singapore have faced at least one cybersecurity incident in the past year, with most of them suffering some form of business impact, such as data loss, according to a 2023 survey by the Cyber Security Agency.
Mrs Teo said the authorities will focus on developing new measures to drive the adoption of cybersecurity measures.
MDDI is looking into establishing standards for cybersecurity testing and introducing new requirements for cybersecurity practices to be factored into Government procurement decisions, she said.
Mrs Teo also gave details of Singapore’s participation in an international cyber operation in 2024 to disinfect IT systems that have been compromised to form a global botnet - a network of computers infected to allow them to be controlled as a group without the owners’ knowledge, such as to send spam or viruses.
Some 2,700 infected devices in Singapore were discovered in the exercise, she said, adding that bad actors had targeted those with poor cyber hygiene practices like weak passwords to infect devices, including baby monitors and internet routers.
“So what if the botnet had remained?” said Mrs Teo. “The devices could be used as a standby army, much like our NSFs, ready to be deployed into active duty. Except in this case, it would be foreign state-linked actors using the bots for malicious purposes, which can be directed at targets in Singapore.”
No critical information infrastructure (CII) like banks, telcos or energy providers were affected.
Close work with industry partners is crucial for stronger cybersecurity, said Mrs Teo, highlighting work with tech companies, for instance, in combating scams.
For instance, IMDA in February published guidelines for cloud service and data centre operators to perform background checks on all employees and third-party service providers, among other measures, to strengthen the security of digital infrastructure that underpins critical services like banks and telecommunications.
These guidelines are likely to be given legal teeth when the upcoming Digital Infrastructure Act (DIA) is enacted to hold cloud service providers and data centre operators accountable to more stringent security standards.
The guidelines spell out expectations for the organisations in managing user access controls, set up business continuity plans and measures to minimise service disruptions, among other safeguards.
Osmond Chia is a technology reporter at The Straits Times, covering cyber security, artificial intelligence and the latest consumer gadgets.
Join ST's WhatsApp Channel and get the latest news and must-reads.
Thanks for sharing!