S’pore joins multinational effort to create common cyber-security labelling scheme for smart devices
Sign up now: Get ST's newsletters delivered to your inbox
Representatives from 11 nations - Singapore, Brunei, United Arab Emirates, United Kingdom, Australia, Germany, Finland, South Korea, Japan, Canada, and Hungary - have endorsed the Global Cybersecurity Labelling Initiative.
PHOTO: LIANHE ZAOBAO
Follow topic:
SINGAPORE - Singapore has joined 10 other nations in committing to create a common labelling scheme for smart devices, which aims to provide tiered reference to security levels that can guide consumers into making informed decisions.
The Global Cybersecurity Labelling Initiative (GCLI), which applies to Internet of Thing (IoT) devices such as Wi-Fi routers and security cameras, will also help manufacturers easily navigate compliance requirements across multiple markets.
On Oct 23, the third day of Singapore International Cyber Week, representatives from 11 nations gathered to endorse the initiative. The nations are Singapore, Brunei, Australia, South Korea, Japan, United Arab Emirates, Finland, Hungary, Germany, the United Kingdom and Canada.
With more than 75 billion devices expected to be connected worldwide by 2030, security frameworks must evolve as rapidly as the attack surface expands, said Singapore’s deputy commissioner of cyber security Chua Kuan Seah, during his opening address at the joint statement event.
“Consumers struggle to assess device security while manufacturers navigate compliance requirements across multiple markets,” said Mr Chua, who is also deputy chief executive of development at the Cyber Security Agency of Singapore (CSA).
The stakes are “real and immediate”, he said. Mr Chua cited Operation Da Maque, which saw law enforcement uncover and dismantle a network of devices that had been hijacked. The operation was reportedly conducted by US officials in 2024 against Chinese state-sponsored hackers.
Earlier in 2025, hacker group Akira exploited a surveillance camera to conduct a ransomware attack on an unnamed organisation.
The widespread use of connected devices across all sectors of society demands a coordinated international approach, said Mr Chua.
“Fragmented individual efforts, while valuable, cannot effectively address the global scale of IoT supply chains and international cyber threats.”
Deputy commissioner of cyber security Chua Kuan Seah says a coordinated global approach is needed.
PHOTO: LIANHE ZAOBAO
Under this global initiative, countries will seek to establish a standardised set of security requirements and create interoperable labelling frameworks, said Mr Chua.
“(This will) enable our vision of ‘labelled once, recognised everywhere’, enhancing consumer protection opportunities while reducing friction in global digital trade.”
He added that the nations will also seek to create market incentives in strengthening device security by partnering manufacturers, testing laboratories and industry associations, to ensure that secure smart devices become the market standard.
Devices that will come under the GCLI include home networking equipment, smart home products such as smart locks, wearable devices, and connected home appliances like smart refrigerators and washing machines. The number of products to be included from the 11 nations is yet to be determined, as the initiative is still at its foundational phase.
The cost of inaction will outweigh the cost of prevention and compliance when it comes to cyber security, said Ms Claudia Plattner, the president of the German Federal Office for Information Security, during her keynote address at the event.
Half of all households in Germany have more than four IoT devices at home, she added.
“Visibility is the first line of defence we need,” said Ms Plattner, adding that consumers and businesses should be able to choose between products that clearly indicate their level of security.
She referenced how many appliances now have colour-coded labels to indicate their energy consumption levels, adding that this quick manner of identification is what the GCLI aims to achieve.
“It’s our job as government agencies, as policymakers, to provide that level of transparency to the consumers and businesses.”
Singapore has an existing Cybersecurity Labelling Scheme (CLS)
It uses a rating system that comprises four levels. Level 1 is given to products where unique default passwords are ensured and software updates are automatically provided. The highest Level 4 rating is for products that have undergone structured penetration tests approved by third-party labs.
More than 800 smart devices such as smart home hubs and pacemakers have been certified under this scheme, said CSA in a statement on Oct 23.
Individual countries will continue to operate their own national schemes, while participating in the GCLI.
However, mutual recognition between participating countries may be possible over time, as schemes begin to adopt standards under the GCLI.
A memorandum of understanding between Singapore and Britain was signed on Oct 22, which will allow smart devices certified under the CLS to be deemed as secure by British standards, starting January 2026.
With this, products compliant with Britain’s Product Security and Telecommunication Infrastructure Act can also undergo a simplified application process to obtain a Level 1 CLS label.
This will be the fourth such agreement that Singapore has entered into with other countries, after Finland, Germany and South Korea.
