Singapore Raises Router Cybersecurity Labels Requirements
Singapore is raising router cybersecurity labels requirements for residential routers. The Cyber Security Agency of Singapore and the Infocomm Media Development Authority announced this change during the Ministry of Digital Development and Information Committee of Supply Debates 2026. Under the update, all residential routers sold in Singapore must meet Cybersecurity Labelling Scheme Level 2 by 2027.
Singapore raises router cybersecurity labels requirements
Residential routers often attract malicious cyber actors because they act as gateways to home networks. As a result, attackers can exploit these devices to access connected systems or use them as bots to launch attacks. For example, in 2025, Singapore participated in a global operation where attackers infected over 2,700 local devices, including routers. Consequently, these compromised devices became part of a global botnet used to launch Distributed Denial of Service attacks.
Moreover, Singapore introduced the Cybersecurity Labelling Scheme in 2020 to rate the cybersecurity levels of Internet-of-Things devices through a tiered system. As of mid-February 2026, 870 products had already received CLS labels.
What Level 2 requires for residential routers
Currently, all residential routers sold in Singapore must comply with CLS Level 1 requirements. These requirements include unique default passwords, vulnerability management processes, and regular software updates. However, the authorities will raise this baseline to Level 2.
Under the new requirements, manufacturers must ensure that devices include stronger security measures. Specifically, routers must support secure communications, protect sensitive data through secure storage, and implement robust authentication mechanisms. As a result, these measures aim to better protect users’ data and privacy while reducing the risk of device compromise.
Additionally, the Cyber Security Agency of Singapore is working with IMDA to finalize the updated requirements. The authorities expect the new rules to come into force by the end of 2027. Furthermore, they will implement these changes through an amendment to the IMDA Telecommunications (Compliance Label) Regulations.
How Entirety Can Help
For support on regulatory framework and compliance requirements related to cybersecurity updates, see Entirety’s Global Regulatory Updates Service: https://entirety.biz/services/global-regulatoryupdates/
Impact assessment
Technical Standards? ❌ No
Type Approval & Market Access? ✅ Yes
Imports, Customs, Trade, or Market Surveillance? ✅ Yes
Spectrum Management? ❌ No
