PDPA Compliance
REQUIRED
Personal Data Protection Act 2012. Appoint a DPO, publish a privacy policy, and implement breach notification procedures. Moderate compliance burden.
Regional Deep Dive/APAC
Tax & Regulatory // Singapore
Entity type: Private Limited (Pte Ltd)
Core Compliance
Corporate Tax
17%
Flat rate; Start-up Tax Exemption available for first 3 years
GST
9%
Applies above S$1M annual turnover; register early for credibility
Ease of Doing Business
#2 globally
World Bank ranking — fastest company registration in APAC
Regulatory Vectors
watch
MAS Licensing (if fintech)
CONDITIONAL
Monetary Authority of Singapore licences are required for payment services, fund management, or digital token activity. Non-fintech products are unaffected.
Entity Setup
1–3 days
ACRA incorporation via Singpass is fast, cheap, and digital. Pte Ltd with at least one resident director is standard.
Data Residency
NOT MANDATED
SG has no mandatory data localisation. Cross-border data transfers are allowed with adequate safeguards (contractual or adequacy standards).
Key Legislation
PDPA 2012 (amended 2020)
Personal Data Protection Act — governs collection, use, and disclosure of personal data.
Computer Misuse Act
Covers cybersecurity obligations and unauthorised computer access.
Payment Services Act 2019
Governs payment institutions, digital payment tokens, and e-money services.
Entry Recommendation
Singapore has the lightest regulatory burden in APAC for most SaaS categories. Incorporate a Pte Ltd, implement PDPA basics, and begin operations. No regulatory approvals needed for standard software.
Regulatory Flashpoints — Evidence Base
Primary regulatory flashpoint
confidence 40PDPA consent and purpose limitation for personal data use.
Needs human review