Online Criminal Harms Bill passed to enable authorities to deal more effectively with criminal online activities

18 July 2023

On 5 July 2023, the Online Criminal Harms Bill (“Bill”) was passed in Parliament. The Bill focuses on online content or activity which is criminal in nature, or which is used to facilitate or abet crimes.

The broad features of the Bill are as follows:

  • Directions against specified criminal offences: The Bill allows directions to be issued to online service providers, other entities, or individuals, when specified criminal offences are committed.
  • Special provisions to counter scams and malicious cyber activities: The Bill sets out special provisions relating to scams and malicious cyber activities given the speed and scale of such activities and the potential to inflict great harm on victims.

Directions against specified criminal offences

The Bill will allow directions to be issued in respect of any online service through which criminal activities could be conducted (“Directions”). The Directions may be issued in respect of criminal offences specified in Part 1 of the First Schedule of the Bill, such as offences that affect national security, national harmony, and individual safety, and which have an online nexus. Directions may be issued where there is reasonable suspicion that such an offence has been committed and that the online activity is in furtherance of that offence. Designated officers may issue Directions for criminal offences under their agency’s purview.

The Bill provides for five types of Directions which serve to limit the reach of criminals and prevent more persons from being exposed to harm:

  • Stop communication direction: This requires the recipient of the direction to stop communicating specified online content (including substantially similar content) to people in Singapore. The recipients of the direction are persons and entities who communicated such online content.
  • Disabling direction: This requires online service providers to disable specified content (e.g. a post or page) on their service from the view of people in Singapore, which may include identical copies of the content.
  • Account restriction direction: This requires online service providers to stop an account on their service from communicating in Singapore and/or interacting with people in Singapore, such as by terminating, suspending or restricting functionalities of the service in relation to the account.
  • Access blocking direction: This requires internet service providers to block access to an online location such as a web domain from the view of people in Singapore.
  • App removal direction: This requires app stores to remove an app from its Singapore storefront to stop further downloads of the app by people in Singapore.

Special provisions to countering scams and malicious cyber activity

Lower threshold for issuance of Directions for scams and malicious cyber activity offences

Given the speed and scale of scams and malicious cyber activity and the potential to inflict great harm on victims, the Bill introduces a lower threshold for issuing Directions for scams and malicious cyber activity offences that are specified under Part 2 of the First Schedule. This is when there is suspicion or reason to believe that any online activity is preparatory to, or in furtherance of, the commission of a scam or malicious cyber activity offence.

Codes of practice

As providers of online services have direct and full access to relevant data about activities on their platform and can also perform analytics to detect and respond to crime on their platform, the Bill will require providers of designated online services to put in place systems and processes to counter possible offences under the Second Schedule. While currently the only group specified in the Second Schedule is scam and malicious cyber activity offences, this approach allows faster response if new classes of offences emerge which also require counter actions by designated online services.

These requirements will be set out in the form of codes of practice. The competent authority will consult and work with the providers of designated online services in developing the codes of practice. The codes will be updated periodically in response to new and evolving threats, and technological developments. If designated online services are found to be non-compliant with the codes of practice, the competent authority may serve the providers of these services with a Rectification Notice to correct the non-compliance by a specified time, before escalation to prosecution.

Implementation Directives

Under the Bill, the competent authority may give the provider of a designated online service a directive to implement any system, process, or measure, if it is satisfied that this is necessary or expedient to address a relevant offence under the Second Schedule (“Implementation Directive”). Unlike a code of practice, an Implementation Directive will be specific and prescriptive.

Other provisions

The Bill also provides for the following:

  • Orders against non-compliance: The competent authority may issue Access Blocking Orders, App Removal Orders, or Service Restriction Orders (together “Orders”) in the event of non-compliance with a Direction, a Rectification Notice, an Implementation Directive, or another Order. These Orders are intended to be an escalatory enforcement measure, taken only where necessary, if there has been non-compliance. Their purpose is to limit the further exposure of persons in Singapore to the criminal activity.
  • Appeal mechanisms: The Bill provides for appeal mechanisms against Directions, Orders against non-compliance, designation of online services, the application and content of codes of practice, and Implementation Directives.
  • Information powers: To facilitate investigations and criminal proceedings, the Bill empowers police officers and enforcement officers to request information from online service providers or owners of online locations where there is reasonable suspicion that a specified offence has been committed, and any online activity in furtherance of the offence has occurred (whether in Singapore or outside Singapore) on or through an online service or through an online account or at an online location. These powers also apply to entities that are based overseas and information which is stored overseas.

Reference materials

The following materials are available on Singapore Statutes Online sso.agc.gov.sg and the Ministry of Home Affairs website www.mha.gov.sg:

More