As the EU AI Act approaches full enforcement in August 2026, organisations operating across jurisdictions are asking the same question: how does AI regulation elsewhere compare?
Singapore offers one of the most developed alternative models — and understanding the differences matters for any company building or deploying AI in both markets.
This guide breaks down Singapore’s AI governance framework, its key laws and tools, sector-specific rules, and how it all compares to the EU’s approach.
How Singapore Regulates AI
Singapore takes a fundamentally different approach to AI governance than the European Union. Where the EU has enacted comprehensive binding legislation (the European AI Act), Singapore relies on voluntary frameworks, sector-specific guidance, and government-built testing tools. There is no single AI law in Singapore — instead, the regulatory landscape is shaped by a combination of national strategy documents, governance frameworks, data protection legislation, and sector regulators.
The philosophy is intentional: Singapore prioritises innovation and flexibility while encouraging responsible AI adoption through industry guidance rather than hard compliance mandates.
The key institutions driving this are the Infocomm Media Development Authority (IMDA), the Personal Data Protection Commission (PDPC), and sector-specific bodies like the Monetary Authority of Singapore (MAS) for financial services.
Key Frameworks and Tools
National AI Strategy 2.0 (NAIS 2.0)
Launched in December 2023, NAIS 2.0 allocates more than SGD 1 billion over five years to advance AI capabilities, digital trust, and workforce readiness. It focuses on three pillars: activity drivers (industry-government-research collaboration), people and communities (talent development), and infrastructure (computing, data accessibility, and governance).
Model AI Governance Framework
First published in 2019 and updated multiple times since, this is Singapore’s foundational AI governance document. It translates ethical principles — transparency, fairness, human-centricity, and explainability — into practical recommendations for organisations. It remains voluntary and non-binding.
Model AI Governance Framework for Generative AI
Released in May 2024 by IMDA and the AI Verify Foundation, this framework expands governance guidance to cover large language models and multimodal systems. It addresses nine dimensions of generative AI risk, from accountability to incident reporting.
Model AI Governance Framework for Agentic AI
Unveiled in January 2026 at the World Economic Forum, this is the world’s first comprehensive governance framework specifically for agentic AI — systems capable of autonomous reasoning, planning, and action. It addresses risks such as unauthorised actions, data leakage, cascading failures, and accountability gaps in multi-agent systems.
AI Verify
Launched in 2022, AI Verify is the world’s first government-developed AI testing toolkit. It combines technical tests with process checks to help organisations validate their AI systems against internationally recognised governance principles. It does not use pass-fail standards but enables transparency about AI system performance.
AI Verify Foundation
Established in 2023 as a non-profit subsidiary of IMDA, the Foundation has grown to over 90 member organisations and maintains the Global Model Evaluation Toolkit for large language and multimodal models. It collaborates with the OECD and GPAI to harmonise testing standards globally.
ISAGO 2.0
The Implementation and Self-Assessment Guide for Organisations, updated in 2025, integrates with AI Verify to create a governance-to-testing workflow. It helps organisations map AI risk tiers, build stakeholder communication plans, and conduct internal audits using standardised metrics.
Data Protection: The PDPA Connection
Singapore’s Personal Data Protection Act 2012 (PDPA) is the closest thing to hard law governing AI in Singapore. While the PDPA is not an AI-specific regulation, it directly governs how personal data is collected, used, and disclosed by AI systems.
In 2024, the PDPC published Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems, clarifying how the PDPA applies at three stages of AI implementation: development and testing, deployment (B2C), and procurement of bespoke AI systems (B2B).
Key provisions relevant to AI include the consent framework, the Business Improvement Exception for using data to enhance products, mandatory data breach notification within 72 hours, and penalties of up to SGD 1 million or 10% of annual turnover.
The PDPC encourages the use of anonymised data wherever possible in AI systems. Once properly anonymised, data falls outside the PDPA’s scope entirely.
Sector-Specific AI Regulations in Singapore
Financial Services (MAS)
In November 2025, the Monetary Authority of Singapore issued a consultation paper proposing Guidelines on AI Risk Management for financial institutions. These guidelines cover board and senior management oversight of AI risk, AI inventories, risk materiality assessments, and lifecycle controls including data management, fairness, transparency, human oversight, and third-party risk management. While not yet finalised, they signal a move toward more structured expectations for AI in banking and financial services.
MAS also runs the Veritas framework (launched in 2020) for assessing fairness in AI-driven financial products and offers the AIDA Grant to promote AI adoption in financial institutions.
Healthcare
The Ministry of Health, Health Sciences Authority, and Integrated Health Information Systems co-developed AI in Healthcare Guidelines covering the safe development and deployment of AI-Medical Devices. These complement the HSA’s existing medical device regulations.
Cybersecurity
The Cybersecurity Act 2018 governs critical information infrastructure and operates alongside the Computer Misuse Act 1993. In 2025, Singapore’s AI Safety Red Teaming Challenge tested generative AI applications for data leakage risks across multiple Asian languages.
Singapore vs EU AI Act: Head-to-Head Comparison
| Dimension | Singapore | EU AI Act |
|---|---|---|
| Legal nature | Voluntary frameworks, non-binding guidelines | Binding legislation with direct effect across all EU member states |
| Approach | Innovation-first, principles-based, sector-specific | Risk-based, comprehensive, cross-sector |
| Risk classification | No formal risk tiers; sector regulators assess risk contextually | Four explicit tiers: Unacceptable (banned), High-Risk, Limited Risk, Minimal Risk |
| Prohibited practices | None explicitly banned | Eight categories of AI practices prohibited outright (Article 5) |
| Conformity assessment | Voluntary self-assessment via AI Verify and ISAGO | Mandatory conformity assessment for high-risk systems, including third-party assessment for biometric systems |
| Registration requirement | No mandatory registration | High-risk AI systems must be registered in the EU database before market placement |
| Transparency obligations | Voluntary disclosure encouraged through governance frameworks | Mandatory transparency requirements for AI-generated content, chatbots, deepfakes, and emotion recognition |
| Human oversight | Recommended in governance frameworks; mandatory for agentic AI under new 2026 framework | Mandatory for all high-risk AI systems (Article 14) |
| Data governance | PDPA governs personal data use; AI-specific guidelines issued by PDPC | Comprehensive data governance requirements for training, validation, and testing datasets (Article 10) |
| Penalties for non-compliance | PDPA: up to SGD 1M or 10% of turnover. No AI-specific penalties | Up to €35M or 7% of global turnover for prohibited practices; up to €15M or 3% for other violations |
| Extraterritorial reach | PDPA applies to organisations processing data in Singapore | Applies to any organisation placing AI systems on the EU market, regardless of location |
| Authorised representative | Not required | Mandatory for non-EU providers of high-risk AI systems and GPAI models |
| Post-market monitoring | Encouraged through governance frameworks | Mandatory for high-risk AI systems (Articles 61-62) |
| Technical documentation | AI Verify provides a testing framework; documentation is voluntary | Mandatory technical documentation per Annex IV for high-risk systems |
| Generative AI / GPAI | Covered by voluntary Model Framework for Generative AI (2024) and Agentic AI (2026) | Mandatory obligations for GPAI providers including transparency, copyright compliance, and technical documentation |
| Financial services | MAS issuing dedicated AI risk management guidelines | AI Act applies cross-sector; financial services AI systems (credit scoring, fraud detection) classified as high-risk under Annex III |
| Enforcement body | PDPC (data protection); IMDA (governance); MAS (financial services) | National competent authorities in each member state, plus the European AI Office for GPAI |
What This Means for Companies Operating in Both Markets
If you operate in both Singapore and the EU, understanding the gap between voluntary governance and mandatory compliance is critical.
A company that has adopted Singapore’s Model AI Governance Framework and tested its systems through AI Verify has a solid governance foundation — but this does not automatically satisfy EU AI Act requirements. The EU demands specific documentation, conformity assessments, registration, and ongoing monitoring that Singapore’s voluntary approach does not mandate.
However, the overlap is significant. Singapore’s governance principles (transparency, fairness, human oversight, explainability) map closely to the EU AI Act’s requirements. Organisations that have invested in Singapore’s frameworks are well-positioned to build on that foundation for EU compliance — rather than starting from scratch.
The strategic approach is to treat Singapore governance as the baseline and layer EU-specific compliance obligations on top, rather than running two separate programmes.
What’s Coming Next for AI Regulation in Singapore
Singapore’s AI governance landscape continues to evolve rapidly. Key developments to watch include the planned AI Assurance Framework (2026) to unify technical, organisational, and ethical testing criteria, the finalisation of MAS AI Risk Management Guidelines for financial institutions, cross-border AI service standards enabling trusted data and model transfer across ASEAN, and early research guidelines for quantum and autonomous AI governance.
Singapore is also actively contributing to global AI governance harmonisation through its collaboration with the OECD, GPAI, and the International Network of AI Safety Institutes.
FAQ
Does Singapore have an AI law?
No. Singapore does not have comprehensive AI-specific legislation. AI governance is managed through voluntary frameworks (Model AI Governance Framework), sector-specific guidelines (MAS for financial services, MOH for healthcare), and existing legislation like the Personal Data Protection Act (PDPA). This approach is intentional — Singapore prioritises innovation-friendly governance over prescriptive regulation.
Is AI Verify mandatory?
No. AI Verify is a voluntary, government-developed testing toolkit. Organisations use it to self-assess their AI systems against internationally recognised governance principles. There is no legal requirement to use it, but adoption is encouraged and increasingly expected by industry partners and regulators.
How does Singapore’s approach affect companies selling AI into the EU?
Singapore’s voluntary frameworks do not satisfy EU AI Act compliance requirements. However, companies that have adopted Singapore’s governance principles and tested through AI Verify will find significant overlap with EU requirements. The key differences are that the EU mandates specific documentation, conformity assessments, and registration that Singapore does not require. Companies operating in both markets should build on their Singapore governance foundation and layer EU-specific obligations on top.
What are the penalties for AI-related non-compliance in Singapore?
There are no AI-specific penalties in Singapore. However, violations of the PDPA in connection with AI systems can result in fines of up to SGD 1 million or 10% of annual turnover. The MAS can also take enforcement action against financial institutions for failures in AI risk management under its supervisory framework.
Does Singapore regulate generative AI?
Singapore addresses generative AI through voluntary governance frameworks rather than binding regulation. The Model AI Governance Framework for Generative AI (2024) covers nine dimensions of risk, and the Model AI Governance Framework for Agentic AI (2026) extends this to autonomous systems. The PDPA applies where generative AI systems process personal data.
How does Singapore handle AI in financial services?
The Monetary Authority of Singapore (MAS) is developing dedicated AI Risk Management Guidelines for financial institutions, proposed in November 2025. These cover board oversight, AI inventories, risk assessments, lifecycle controls, fairness, transparency, human oversight, and third-party risk management. MAS also operates the Veritas framework for assessing fairness in AI-driven financial products and the AIDA Grant to promote responsible AI adoption.
Can Singapore’s AI governance frameworks be used as evidence for EU AI Act compliance?
Not directly — EU AI Act compliance requires specific documentation and processes that Singapore’s frameworks do not prescribe. However, organisations that have implemented Singapore’s governance recommendations (risk assessment, testing, documentation, oversight) will have a strong operational foundation. Tools like AI Verify can generate evidence that supports but does not replace EU conformity assessment requirements.
What is the Agentic AI Governance Framework?
Unveiled in January 2026 at the World Economic Forum, this is the world’s first governance framework specifically for agentic AI systems — AI that can autonomously reason, plan, and take actions. It covers risk assessment, human accountability, agent privilege limits, and monitoring. Like Singapore’s other AI governance frameworks, it is voluntary and non-binding.
How EYREACT Can Help
For organisations navigating AI compliance across multiple jurisdictions, EYREACT provides the structured compliance infrastructure to manage EU AI Act obligations while leveraging existing governance work done under Singapore’s frameworks.
Our platform automates risk classification, evidence management, and audit-ready documentation — turning the gap between Singapore’s voluntary governance and the EU’s mandatory compliance into a manageable, systematic process.
Launching April 2026. Book a demo!
This article is for informational purposes only and does not constitute legal advice. Organisations should seek qualified legal counsel for jurisdiction-specific compliance guidance.
