Singapore AI Guidance: Governance, Data Protection, and Legal Responsibility
Between May and June 2026, Singapore authorities issued three significant AI publications:
- the Infocomm Media Development Authority of Singapore’s (IMDA’s) Model AI Governance Framework for Agentic AI (Version 1.5) (MGF for Agentic AI), published on 20 May 2026 and updated on 5 June 2026;
- IMDA’s discussion paper on Legal Responsibility for AI Agents (Legal Responsibility for AI Agents Paper), published in May 2026; and
- the Personal Data Protection Commission’s (PDPC’s) Proposed Advisory Guidelines on Use of Personal Data in Generative AI (Proposed Guidelines), published on 2 June 2026, with public consultation closing on 14 July 2026.
Together, these publications demonstrate Singapore’s strong commitment to developing practical guidance and being at the forefront of exploring complex legal issues for emerging AI technology.
This Client Alert summarises the publications, covering three distinct areas (i) a principles-based governance framework for the deployment of agentic AI; (ii) IMDA’s initial exploration of how legal responsibility should be allocated for AI agents; and (iii) the PDPC’s proposed guidelines on the use of personal data in generative AI and its impact on organisations developing or deploying AI in Singapore.
Model AI Governance Framework for Agentic AI (IMDA)
The MGF for Agentic AI is aimed at organisations deploying agentic AI, whether developed in-house or procured from third parties. It defines agentic AI by reference to independent planning, decision-making, and action-taking over multiple steps, and organises recommended practices around four dimensions: assessing and bounding risks upfront; making humans meaningfully accountable; implementing technical controls and lifecycle processes; and enabling end-user responsibility.
The MGF identifies five specific categories of harmful outcomes that organisations should consider: (i) erroneous actions, such as incorrect appointments or flawed code; (ii) unauthorised actions outside of permitted scope or without required human approval; (iii) biased or unfair actions leading to discriminatory outcomes; (iv) data breaches, noting that agents can both leak and wrongly modify data; and (v) disruption to connected systems when compromised or during agent malfunctions.
For multi-agent systems, the MGF highlights additional systemic risks, including agent sprawl (uncontrolled proliferation without centralised management), collaborative failures (such as miscoordination between agents, conflict between agents optimising different goals, and potential collusion), and unpredictable emergent behaviours that cannot be anticipated from testing individual agents.
IMDA takes the view that not all use cases are suitable for agents. Governance should be calibrated to risk factors affecting both impact (such as domain sensitivity, access to sensitive data, access to external systems, and scope and reversibility of actions) and likelihood (such as agent autonomy, task complexity, exposure to external systems, use of third-party solutions, and system complexity). Controls should, where possible, be structural and system-level rather than merely prompt-based, with deterministic safeguards preferred over non-deterministic ones for higher-risk actions.
Organisations should define human approval checkpoints for higher-risk or irreversible actions, and regularly audit the effectiveness of human oversight by tracking indicators such as human override rates and response times. Testing should cover new agentic dimensions such as overall task execution accuracy, policy adherence, and tool use, with agents gradually rolled out into production supported by continuous monitoring, logging, and robust change management processes.
For end-user responsibility, organisations should provide transparency on the agent’s range of actions, data access, and escalation channels. For users who integrate agents into their work processes, IMDA recommends layering on training such as relevant use cases, common failure modes (such as hallucinations), and looping errors.
IMDA describes the MGF for Agentic AI as a “living document” and invites feedback to refine the framework and more case studies.
Exploration of Legal Responsibility for AI Agents (IMDA)
The Legal Responsibility Paper for AI Agents consolidates discussions from a working group convened by IMDA to consider how legal responsibility should be allocated when AI agents act autonomously, use tools, interact with third parties, and cause harm. It focuses on civil liability and private law, and identifies autonomy, planning, and decision-making, and action-taking and tool-use as the agentic AI features most relevant to liability. The paper also highlights that responsibility may need to be considered across a broader agentic AI value chain, including model developers, tooling providers, platform providers, system providers, deployers, end-users, and impacted third parties.
The paper suggests that existing legal frameworks, including contract and negligence, may address many agentic AI scenarios, but highlights potential challenges in determining fault, causation, foreseeability, and attribution of knowledge or intention across a complex value chain. Contracts can pre-allocate risk and define expectations for agent behaviour, but their usefulness is limited by privity and bargaining power, particularly where consumers or impacted third parties are involved. The paper also notes that Singapore’s current product liability laws are limited and do not cover losses arising from AI.
The paper also explores fault-based and strict liability approaches and weighs the respective considerations. For fault-based liability, it considers the difficulty of establishing breach, causation, and foreseeability where agents act autonomously and unpredictably, together with the challenge of attributing knowledge or intention to any single actor across the value chain. It notes that strict liability could assist victim compensation by shifting complex apportionment disputes away from end-users and third parties, but may also create unscoped liability and moral hazards. The paper includes a detailed hypothetical involving a computer-use agent that hacks into a cloud provider’s servers, causing data leakage and financial harm to third parties. This illustrative scenario analyses how fault-based and strict liability could apply across the value chain. However, the paper does not reach firm conclusions.
The paper notes various areas for further study, including value-chain responsibility allocation, protections for actors with limited bargaining power, and responsibility for unforeseeable agent actions. These issues underscore the importance of clear records, disclosures, logs, and safeguards while the liability landscape develops.
Proposed Advisory Guidelines on Use of Personal Data in Generative AI (PDPC)
The Proposed Guidelines are advisory in nature and set out the PDPC’s expectations on how organisations should comply with the Personal Data Protection Act 2012 (PDPA) when developing or deploying generative AI solutions involving personal data. They are organised by the development, deployment, and post-deployment stages of the generative AI lifecycle. Key aspects include:
- Roles of generative AI stakeholders. The Proposed Guidelines distinguish between model providers, system providers, and system deployers, each of which may have independent PDPA obligations. The PDPC contemplates that the system deployers bear primary responsibility as organisations in ensuring that the AI system meets their obligations under the PDPA. It further states that the model providers processing personal data for downstream users as part of services provided and the system providers engaged to develop bespoke AI systems on behalf of downstream deployers may be data intermediaries. Model and system providers should document relevant safeguards for downstream stakeholders, while system deployers should map their role(s), document responsibilities, and obtain sufficient information on upstream safeguards before procurement or deployment. Model providers and system providers will be considered organisations when they process personal data as part of their own datasets to develop AI systems, including where model providers use personal data from downstream systems (e.g., end-user prompts, inputs) for model development.
- Use of personal data:
- Consent and notifications. The PDPC views notifications that provide a general purpose (such as “new product development”) as insufficient for the purpose of obtaining consent to use user data for AI model training or fine-tuning. Organisations should provide AI-specific notifications covering the types of personal data used, how it will be used, model functions, and withdrawal options.
- Publicly available exception. Instead of consent, organisations may be able to rely on the “publicly available exception” to collect, use, or disclose personal data to develop AI models where the personal data forms part of online data that is publicly accessible without any restrictions. Where personal data sits behind digital barriers such as paywalls, registration requirements, or AI bot blockers, the PDPC considers these barriers as measures that meaningfully restrict access. However, the existence of a barrier does not automatically mean that personal data is not publicly available. The assessment is fact-specific and takes into account, e.g., the barrier’s purpose and effects, steps needed for access, and whether the data is available elsewhere. For example, data on large open forums may be considered publicly available even in the presence of registration requirements. The PDPC also recommends notifying the organisation hosting the data before scraping behind digital barriers. Disputes between the parties as to whether the data is publicly available may be referred to the PDPC.
- Protection and purpose limitation. The PDPA’s Purpose Limitation Obligation requires system deployers to specify the intended purpose of processing and limit personal data to what is required; personal data should not be processed for illegal or harmful purposes. The Protection Obligation requires system deployers to safeguard personal data, including new categories of data sources collected through their systems (such as end-user prompts, generated outputs, agent or tool activity data, and internal enterprise data). System deployers should track and designate responsibilities for these new data sources and educate users on what should be input into AI systems.
- Access and correction. The PDPA’s Access and Correction Obligations apply to personal data used for model and system development. The PDPC acknowledges practical challenges in the generative AI context, including: (i) the massive amounts of data used to develop models, which can make it difficult to identify, verify, and correct data of specific individuals; (ii) the nature of generative AI models (e.g., training data stored as embeddings rather than in traditional repositories, user data held temporarily in context windows); and (iii) technical limitations in removing specific information from models. Organisations are expected to adopt best practices, including: maintaining data provenance records to document the lineage of training data; reviewing requests case-by-case and acceding where reasonable (e.g., for data stored in RAG databases); removing inaccurate data from training datasets before future training runs; and tracking the maturity of and adopting technical measures, such as machine unlearning, to remove inaccurate personal data from models.
The PDPC request further feedback on the Proposed Guidelines by 14 July 2026.
Implications and Recommendations
Organisations developing or deploying generative or agentic AI in Singapore may consider:
- reviewing agentic AI deployments against guidance on use-case risk assessments, limits on action-space and autonomy, technical controls, monitoring, and meaningful human oversight;
- reviewing contracts and operating arrangements across the AI value chain to allocate responsibilities for agent behaviour, unexpected actions, data protection, security, logging, disclosures, and audit rights; and
- updating PDPA compliance measures for generative AI, including, for example, AI-specific notifications, provider/deployer responsibility mapping, safeguards for prompts, outputs, and agent activity data.
Latham & Watkins will continue to monitor developments in this area and is available to assist clients in navigating the evolving landscape of AI governance, data protection, and legal responsibility in Singapore.
With PDPC’s public consultation closing by 14 July 2026, organisations have a timely opportunity to submit comments on the Proposed Guidelines, and Latham & Watkins is available to support clients in preparing and submitting their comments to the PDPC. Please contact one of the authors below, or the Latham lawyer with whom you normally consult, if you would like assistance in developing your feedback to the PDPC or in assessing the implications of the IMDA’s Discussion Paper and Model Governance Framework to your organisation’s business and operations.