At Singapore International Cyber Week 2025, the Cyber Security Agency of Singapore (CSA) announced two sets of draft resources central to shaping Singapore’s next phase of digital resilience for public consultation — the new Addendum to the Guidelines and Companion Guide on Securing Agentic AI Systems (“Draft Addendum”) and the Quantum-Safe Migration Handbook (“Handbook”) and Quantum Readiness Index (QRI). The consultation period for both initiatives will run until 31 December 2025. Both initiatives underscore the CSA’s commitment to preparing Singapore for emerging technology risks while enabling innovation.
In depth
Quantum resilience — preparing for a new cryptographic era
The Handbook and the QRI, jointly developed by the CSA, the Government Technology Agency of Singapore and the Infocomm Media Development Authority, help organizations plan their transition away from cryptographic systems that could one day be broken by quantum computing. The concern is that today’s threat actors can now harvest encrypted data and decrypt sensitive information at a later point when quantum capabilities become available.
The Handbook provides clear guidance across five domains — risk assessment, governance, technology, training and capability, and external engagement — encouraging a phased and risk-based migration approach.
Meanwhile, the QRI serves as a self-assessment tool to benchmark readiness and generate tailored recommendations to support leadership-level conversations and strategic planning.
Both resources emphasize that, while quantum computing remains an emerging technology, prudent early preparation is critical to safeguarding data confidentiality and business continuity.
Securing the rise of agentic AI
Alongside quantum preparedness, the CSA introduced the Draft Addendum for public consultation. The Draft Addendum is a new resource complementing the 2024 Guidelines and Companion Guide on Securing AI Systems.
Agentic AI represents a significant change in capability: systems that can reason, plan and act autonomously to achieve objectives. These advances also introduce novel security challenges, arising from unintended actions or even deliberate manipulation of connected tools and data sources.
The Draft Addendum builds on the earlier AI security guidance by outlining how organizations can assess and map risks based on the capabilities and autonomy of agentic AI systems. It also sets out targeted security controls across the development life cycle, with practical examples for applications, such as coding assistants, automated onboarding and fraud detection.
Public consultations
The CSA has invited interested organizations, critical information infrastructure owners, technology providers, cybersecurity practitioners and experts to provide input that can shape the final versions of these resources. The consultations will run until 31 December 2025.
Key takeaways
Taken together, the CSA’s two consultations reflect a forward-looking national strategy that strengthens trust in the technology that is expected to shape the next decade. Quantum-safe migration ensures the integrity of today’s data against tomorrow’s decryption risks, while secure AI governance ensures the trustworthiness of increasingly autonomous digital systems. Both initiatives invite collaboration between government, industry and research communities to codevelop safeguards that keep pace with technological progress. Our team is closely monitoring developments in this space and is ready to assist organizations with regulatory engagement and navigating the consultation process, where appropriate.
© 2025 Baker & McKenzie. Wong & Leow. All rights reserved. Baker & McKenzie. Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “principal” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.
