AI Regulation in Singapore and Hong Kong: A Mid-Year Checkpoint
This Legal Update takes stock of Artificial Intelligence ("AI") regulation in Singapore and Hong Kong at the mid-point of 2026. Both jurisdictions continue to rely on existing laws, voluntary frameworks and sector-specific guidance, but the first half of the year has seen a sharper emphasis on practical controls: agentic AI governance, assurance and testing, financial-sector oversight and cyber resilience.
This reflects a broader global pattern. AI regulation remains fragmented, with jurisdictions choosing different tools—statutes, regulator guidance, voluntary standards and sector-specific supervision—but common themes are becoming clearer: risk-based controls, transparency, human accountability, incident management, safety testing, data governance, cybersecurity and assurance. Singapore and Hong Kong fit within that trend, while continuing to avoid a single horizontal AI statute for now.
Singapore: Building an Assurance Infrastructure
Singapore entered 2026 without a standalone AI law. Its approach remained anchored in voluntary governance frameworks, AI Verify and sector-specific guidance. AI Verify is a testing framework and software toolkit, launched by Singapore's Infocomm Media Development Authority and Personal Data Protection Commission in 2022 in consultation with various industry partners. It is meant to help companies assess the responsible implementation of their AI system against 11 internationally recognised AI governance principles.
The developments in the first half of 2026 build on—rather than replace—that approach, translating it into more concrete expectations around assurance, testing and operational risk management.
- Governance Frameworks for Generative and Agentic AI: In January 2026, the Infocomm Media Development Authority ("IMDA") launched what it described as the world's first Model AI Governance Framework for Agentic AI, building on its earlier frameworks for traditional and generative AI. IMDA subsequently updated the framework in May 2026 to include real-world case studies and new best practices, drawing on feedback and contributions from more than 50 organisations. The framework addresses the distinctive risks of AI agents—systems capable of autonomous, multi-step decision-making with limited real-time human involvement—and emphasises that humans remain ultimately accountable for AI agent outputs. It recommends both technical controls (least-privilege access, logging, rollback mechanisms) and non-technical measures (clear accountability structures, incident escalation paths, meaningful human oversight).
- AI Tester Accreditation and Assurance: A notable development is Singapore's planned AI Tester Accreditation Programme ("AI TAP"), to be launched by Q3 2026 and reported to be the first of its kind in Asia. AI TAP should be seen as the next step in an assurance ecosystem that Singapore has been building for several years, starting with the launch of AI Verify in 2022. Whereas AI Verify establishes a foundation of internationally aligned standards for AI governance, AI TAP goes further to accredit third-party companies that test and "red team" AI systems, signalling that they have demonstrated competencies to be able to perform robust AI testing. On a related note, Singapore has also pushed the assurance agenda internationally by proposing ISO/IEC 42119-8, a new standard for generative AI testing methodologies, including benchmarking and red teaming.
- Financial Sector: MindForge and Operationalising Risk Management: In March 2026, the Monetary Authority of Singapore ("MAS") announced the conclusion of phase two of Project MindForge, publishing the MindForge AI Risk Management Operationalisation Handbook and an accompanying compilation of AI case studies. These documents provide detailed guidance for financial institutions adopting AI. It extends the existing FEAT principles and Veritas toolkit to generative AI and agentic AI, and focuses on board and senior management accountability, AI inventories, third-party risk, materiality assessments, key risk indicators, employee training and use of approved AI tools
For agentic AI specifically, MindForge identifies risks including unauthorised actions, cascading errors across connected systems, data breaches, tool-access risks and governance scalability challenges. Recommended controls include weighting "agenticness" in risk assessments, tracking all agents, tools and access rights, applying least-privilege design, logging and traceability, limited rollouts, and human-in-the-loop approvals for higher-risk actions.
-
Cybersecurity and Frontier AI Risks: The Cyber Security Agency of Singapore ("CSA") issued an advisory in April 2026 warning that frontier AI models can reportedly reduce the time required to identify vulnerabilities and develop exploits from months to hours. CSA recommends immediate actions—patching critical vulnerabilities on internet-facing systems, implementing multi-factor authentication, securing development environments and enforcing least-privilege access—alongside longer-term measures including network segmentation, AI-powered vulnerability detection, shortened patch cycles, and comprehensive asset visibility.
Hong Kong: Patchwork Regulation, Hardening Expectations
Similar to Singapore, Hong Kong began 2026 with no single AI statute. Hong Kong's governance position remained distributed across the Personal Data (Privacy) Ordinance ("PDPO"), guidance issued by the Office of the Privacy Commissioner for Personal Data ("PCPD") and the Digital Policy Office, and sectoral rules for financial services, healthcare and insurance. The developments in the first half of 2026 are therefore best read as an intensification of supervisory expectations under existing regimes, especially where AI use involves personal data, autonomous agents or cyber-risk exposure.
- PCPD: From Framework to Enforcement Posture: Following the publication of its Model Personal Data Protection Framework for AI in June 2024, the PCPD has taken an increasingly active supervisory stance. In January 2026, it launched compliance checks on 60 organisations; results published in May 2026 showed that 95% used AI in day-to-day operations, with over half using three or more AI systems. Although the PCPD found no PDPO contraventions, it recommended governance structures, privacy impact assessments, AI audits, staff training, incident-response plans and prudent controls for agentic AI.
- Agentic AI: A New Risk Category: In March 2026, the PCPD issued a specific alert on agentic AI, identifying it as a distinct and elevated privacy risk. The PCPD noted that AI agents may access local devices, files, emails, credentials, browser contents and external services, and may autonomously execute multi-step tasks without real-time user involvement. Practical recommendations include restricting AI systems to minimum access rights, avoiding administrator privileges, separating runtime environments from local infrastructure, managing internet-facing surfaces, reviewing plugins for malicious code and maintaining human-in-the-loop for decisions with significant individual impact.
- Financial Sector: AI-Driven Cyber Threats: The intersection of AI and financial-sector cybersecurity has drawn particular attention. In April 2026, reports emerged that the Hong Kong Monetary Authority ("HKMA") had engaged major banks regarding AI-driven cyber threats and would bring forward a Cyber Resilience Testing Framework.
In late-May/early-June 2026, the HKMA and the Securities and Futures Commission ("SFC") issued circulars calling for enhanced cybersecurity measures in response to evolving risks from AI-enabled cyberattacks. The HKMA circular reminded authorised institutions to review the adequacy of their cyber risk management, incident response, recovery testing and third-party resilience arrangements. The SFC circular applies to licensed corporations, SFC-licensed virtual asset service providers and associated entities, and highlighted areas such as patching and vulnerability management, detection and monitoring, and incident response and recovery. Together, the circulars underline that financial institutions are expected to continuously reassess existing cyber controls to ensure they remain fit for purpose as frontier AI capabilities evolve.
Conclusion
Singapore and Hong Kong are taking different but converging paths: Singapore through frameworks and assurance infrastructure, Hong Kong through sectoral guidance and active privacy and financial-services supervision. The common expectation is that organisations must demonstrate, not merely assert, responsible AI governance.
Companies should not wait for comprehensive AI legislation. A practical governance framework—anchored in existing privacy, financial-services and cybersecurity obligations, and supplemented by current regulatory guidance—will put them in a stronger position as and when binding requirements emerge.
At this juncture, measures that companies implementing AI in Singapore or Hong Kong may consider implementing include the following:
- Inventory, classification and governance: Maintain a register of AI models, tools, vendors, data inputs, use cases and jurisdictions; classify each use case by risk and materiality; and appoint accountable owners with escalation to senior management or the board for high-risk deployments.
- Testing and assurance: Use proportionate pre-deployment testing, red teaming, jailbreak testing, output validation, and security testing. For high-risk use cases in healthcare, finance or public services, consider external assurance and monitor schemes such as AI TAP.
- Access controls and agent governance: Apply least privilege to AI systems, especially agents: restrict plugins, internet access, credentials, and administrator privileges; separate runtime environments from core infrastructure; and log agent activity, tool use, and handoffs.
- Vendor and third-party management: Conduct due diligence on AI providers and contract for data-use restrictions, change and incident notification, security standards, audit rights, exit plans, and continuity arrangements.
- Cybersecurity and incident response: Shorten patching cycles, enforce MFA, review cloud configurations, segment networks, deploy anomaly detection, and update incident-response playbooks for AI-accelerated threats.
- Privacy, transparency and human oversight: Conduct data protection impact assessments where AI processes personal data, provide clear notices and explanations, and maintain human-in-the-loop or human-in-command controls for decisions that materially affect individuals.
- Training and culture: Require employees to use approved AI tools only, and train them on acceptable use cases, prompt design, confidential information, and personal data handling.


