Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam

Ministry of Digital Development and Information
Press releases

Government to Raise Cybersecurity Labelling Requirements for Residential Routers

2 March 2026

  1. The Cyber Security Agency of Singapore (CSA) will work with the Infocomm Media Development Authority (IMDA) to raise mandatory cybersecurity requirements for residential routers from Cybersecurity Labelling Scheme (CLS) Level 1 to Level 2 by 2027. This was announced at the Ministry of Digital Development and Information (MDDI) Committee of Supply Debates 2026.

  2. Residential routers are common targets for malicious cyber actors because these devices serve as gateways to home networks and can be exploited to either gain access to other connected systems on the networks or become bots to launch attacks on other systems. In 2025, Singapore took part in a global operation, where it was found that attackers infected over 2,700 Singapore devices including routers. These devices formed part of a global botnet which refers to a network of comprising hundreds of thousands of everyday devices infected with malicious software, which could be used to launch Distributed Denial of Service (DDoS) attacks.

  3. The CLS, launched in 2020, rates the cybersecurity levels of Internet-of-Things (IoT) devices through a tiered labelling system. As of mid-February 2026, 870 products have attained the CLS label.

  4. Currently, all residential routers sold in Singapore must meet CLS Level 1 requirements such as having unique default passwords, vulnerability management processes and keeping software updated. While CLS Level 1 provides basic security protections, the evolving cyber threat landscape requires more robust defences. Current Level 1 requirements, while addressing fundamental vulnerabilities, are insufficient against more sophisticated attacks that exploit weaknesses in data encryption, authentication mechanisms, and secure storage.

  5. CSA will raise the mandatory cybersecurity requirements for routers to CLS Level 2 to better protect consumers from cyber threats. Under CLS Level 2 requirements, manufacturers need to ensure that residential routers incorporate stronger security measures such as secure communications, secure storage of sensitive data and robust authentication mechanisms to better protect users' data and privacy. These measures also reduce the risk of devices being compromised by malicious cyber actors.

  6. CSA is working with IMDA to update the new requirements for routers, which are expected to come into force by end 2027.

Back to top