Be aware of scammers impersonating as IMDA officers or misrepresenting our policies. Government officials will NEVER call you to transfer money, verify refunds, disclose bank log-in details or request for your personal information. For scam-related advice, please call the ScamShield Helpline at 1799 or go to www.ScamShield.gov.sg.

  1. Architects of SG's Digital Future
  2. Resources
  3. Press Releases, Factsheets and Speeches
  4. Government to Raise Cybersecurity Labelling Requirements for Residential Routers

Government to Raise Cybersecurity Labelling Requirements for Residential Routers

SINGAPORE – 02 MAR 2026

1. The Cyber Security Agency of Singapore (CSA) will work with the Infocomm Media Development Authority (IMDA) to raise mandatory cybersecurity requirements for residential routers from Cybersecurity Labelling Scheme (CLS) Level 1 to Level 2 by 2027. This was announced at the Ministry of Digital Development and Information (MDDI) Committee of Supply Debates 2026. 

2. Residential routers are common targets for malicious cyber actors because these devices serve as gateways to home networks and can be exploited to either gain access to other connected systems on the networks or become bots to launch attacks on other systems. In 2025, Singapore took part in a global operation, where it was found that attackers infected over 2,700 Singapore devices including routers. These devices formed part of a global botnet which refers to a network of comprising hundreds of thousands of everyday devices infected with malicious software, which could be used to launch Distributed Denial of Service (DDoS) attacks. 

3. The CLS, launched in 2020, rates the cybersecurity levels of Internet-of-Things (IoT) devices through a tiered labelling system. As of mid-February 2026, 870 products have attained the CLS label. 

4. Currently, all residential routers sold in Singapore must meet CLS Level 1 requirements such as having unique default passwords, vulnerability management processes and keeping software updated. While CLS Level 1 provides basic security protections, the evolving cyber threat landscape requires more robust defences. Current Level 1 requirements, while addressing fundamental vulnerabilities, are insufficient against more sophisticated attacks that exploit weaknesses in data encryption, authentication mechanisms, and secure storage. 

5. CSA will raise the mandatory cybersecurity requirements for routers to CLS Level 2 to better protect consumers from cyber threats. Under CLS Level 2 requirements, manufacturers need to ensure that residential routers incorporate stronger security measures such as secure communications, secure storage of sensitive data and robust authentication mechanisms to better protect users' data and privacy. These measures also reduce the risk of devices being compromised by malicious cyber actors.

6 CSA is working with IMDA to update the new requirements for routers, which are expected to come into force by end 2027.

LAST UPDATED: 02 MAR 2026

Jointly Issued by Infocomm Media Development Authority and Cyber Security Agency of Singapore

About Infocomm Media Development Authority

The Infocomm Media Development Authority (IMDA) leads Singapore’s digital transformation by developing a vibrant digital economy and an inclusive digital society. As Architects of Singapore’s Digital Future, we foster growth in Infocomm Technology and Media sectors in concert with progressive regulations, harnessing frontier technologies, and developing local talent and digital infrastructure ecosystems to establish Singapore as a digital metropolis.

For more news and information, visit www.imda.gov.sg or follow IMDA on LinkedIn (IMDAsg), Facebook (IMDAsg) and Instagram (@imdasg).

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships, and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.

For media queries, please contact:

(Ms) Felicia Goh
Manager
(Communications and Marketing Division)
IMDA
Email: media@imda.gov.sg

(Ms) Chen Jingxuan
Senior Assistant Director
(Communications & Engagement Division)
CSA
Email: CHEN_Jingxuan@csa.gov.sg

(Mr) Alvin Ho
Assistant Manager
(Communications & Engagement Division)
CSA
Email: Alvin_HO@csa.gov.sg

Explore more

Related Programmes

10Gbps Nationwide Broadband Network (10G NBN) Grant
Programme

10Gbps Nationwide Broadband Network (10G NBN) Grant

IMDA offers grants to support the development of Singapore's 10G Next-Generation Broadband Network, preparing the nation for...

GenAI Navigator
Digital Solution

GenAI Navigator

A recommendation tool for SMEs, which provides recommendations based on SMEs’ specific business needs and guides them to...

Green DC Roadmap
Programme

Green DC Roadmap

The Green DC Roadmap Fact Sheet details IMDA’s efforts in driving sustainable digital infrastructure through eco-friendly data...

View all programmes