In brief
On 12 January 2026, the Public Sector (Governance) Act (PSGA) (Amendment) Bill (“Bill”) was passed in Parliament. The Bill introduces amendments to the PSGA, enabling public sector agencies to share data with authorized external partners for legitimate public-interest purposes.
In more detail
In 2018, Parliament passed the PSGA to establish a legal framework that allows public agencies to share data with one another for seven public-interest purposes. For more information, please read our previous alert here. The latest amendments extend the legal framework to authorized external partners (outside of the public sector) that public sector agencies work with. These amendments provide a clear legal basis and safeguards for data sharing with authorized external partners, as external partners may require data that the government possesses to deliver services in a timely manner on behalf of the government. Examples of these organizations that currently work with ministries include SG Enable, the Chinese Development Assistance Council, Mendaki, Sinda and the Eurasian Association.
The Bill ensures that data is shared with external partners according to three safeguards under the PSGA:
- Data can only be shared if there is a legitimate purpose (i.e., the same public purposes for which inter-public agency sharing is allowed under the PSGA).
- A public sector agency must be specifically authorized by the relevant minister or their delegate to share data with these authorized external partners. This must be done with proper documentation of the specific purpose, scope of data and external partners authorized to receive data from the public sector agency.
- When sharing data within the public sector, external partners will be contractually required to protect and safeguard the shared data according to at least the same standard provided by public sector agencies.
The amended PSGA does not override confidentiality obligations under written law, privilege or contract.
To deter misconduct with respect to the shared data, the PSGA imposes criminal liability on individuals, including those from external partners, for the following: (i) unauthorized disclosure of information under a data-sharing direction, (ii) improper use of such information and (iii) unauthorized reidentification of anonymized information. Upon conviction, the offender will be subject to a fine of not more than SGD 5,000 or a jail term of not more than two years, or both.
Key takeaways
The PSGA amendments provide a pathway for trusted external partners of Singapore public agencies to collect and process personal data without having to rely on consent, sector-specific legislation or common-law public interest grounds.
Organizations that work closely with public sector agencies for legitimate public-interest purposes should continue to monitor the Ministry of Digital Development’s (MDDI) developments to ensure compliance with regulatory requirements and best practices.
The MDDI’s press release is available here.
For further information, and to discuss what this development might mean for you, please get in touch with your usual Baker McKenzie contact.
Sanil Khatri, Daryl Seetoh, and Natalie Joy Huang, Local Principals, have contributed to this legal update.
* * * * *
© 2026 Baker & McKenzie. Wong & Leow. All rights reserved. Baker & McKenzie. Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "principal" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.