GCC Harmonization 2026 update, read our latest regulatory advisory
Singapore Cybersecurity Labeling Scheme Guide 2026
Technical Guide

IoT Security: The Singapore Cybersecurity Labeling Scheme (CLS) Guide 2026

As a global pioneer in IoT security, Singapore has introduced the Cybersecurity Labeling Scheme (CLS). For many consumer smart devices, this label is now the standard for consumer trust and a mandatory requirement for specific government procurements.

Executive Summary: Singapore CLS

  • Regulator: Cyber Security Agency of Singapore (CSA)
  • Scope: Consumer IoT devices (Smart home hubs, IP cameras, locks, lights, etc.)
  • Requirement: Voluntary for most, but mandatory for Wi-Fi routers (Level 1).
  • Levels: 4-level rating system from self-declaration (Level 1) to penetration testing (Level 4).
  • Mutual Recognition: MRAs exist with Finland, Germany, UK, and South Korea, enabling cross-border recognition.

What is the CLS?

Launched by the Cyber Security Agency of Singapore (CSA), the CLS provides a rating system for the cybersecurity level of consumer IoT products. It allows consumers to make informed choices based on the security "stars" displayed on the product packaging. Think of it like an energy efficiency label, but instead of saving electricity, it saves your smart fridge from becoming part of a global botnet. And frankly, your fridge doesn't need to be mining cryptocurrency on the weekend.

Cybersecurity rating scheme security stars and levels

The 4-Level Rating System

The scheme features four ascending levels of security. As you move up the scale, the required documentation and testing become more rigorous.

Level 1: Basic Requirements

Meets basic security requirements like no default passwords and the ability to receive software updates. Based on self-declaration.

Level 2: Enhanced Requirements

Meets ETSI EN 303 645 standards. Requires a more rigorous technical self-declaration and documentation of your secure development lifecycle.

Level 3: Binary Software Analysis

Requires assessment by an independent CSA-approved laboratory via binary software analysis. This is where self-attestation ends and third-party verification begins.

Level 4: Penetration Testing

The highest level. Requires structured penetration testing by a CSA-approved laboratory to ensure resilience against advanced threats.

Independent penetration testing and binary code analysis

Product Scope

While the scheme is technically voluntary for most consumer electronics, skipping it is generally not recommended if you want your brand to be taken seriously by security-conscious Singaporeans. Furthermore, it is heavily pushed for:

  • Smart Home Hubs & Gateways
  • Smart IP Cameras
  • Smart Door Locks
  • Smart Lighting & Switches
  • Wi-Fi Routers (Mandatory for Level 1 compliance)

Mutual Recognition (MRA)

Singapore has signed Mutual Recognition Arrangements (MRAs) with several global leaders, including Finland, Germany, the UK, and South Korea. If your product already holds a recognized cybersecurity label from these countries, the process for obtaining the Singapore CLS is significantly streamlined, saving you from repeating costly and time-consuming testing.

Frequently Asked Questions (FAQ)

Is the CLS label mandatory?

For most consumer IoT devices, it is voluntary but highly encouraged to build consumer trust. However, for home Wi-Fi routers, obtaining at least Level 1 certification is a mandatory regulatory requirement.

Does CLS replace IMDA Type Approval?

No. CLS specifically addresses cybersecurity. If your device is wireless, you must still obtain your Singapore IMDA Type Approval for radio frequency compliance.

How long is the CLS label valid?

The label is generally valid for the period the product is supported with security updates by the manufacturer, up to a maximum of 3 years.

How HertzWeg Can Help

HertzWeg coordinates with CSA-approved laboratories to manage your Level 3 and Level 4 assessments. For Level 1 and 2, we handle the technical documentation and portal filing, ensuring your smart products launch with the prestigious "Singapore Cybersecurity Label" prominently displayed.

Secure Your IoT Rating

Apply for the Singapore CLS and build consumer trust in your smart tech.

Get Started

Confidential Technical File Handling Guaranteed

Written by

HertzWeg Regulatory Research Team

Specializing in global market access, wireless certification, and telecommunications compliance across 25+ jurisdictions.

Last Updated: May 22, 2026 Reviewed by: Compliance Lab

Related Guides

Singapore

Singapore IMDA Type Approval (Pillar Guide)

The complete 2026 guide to obtaining IMDA wireless compliance.

 Singapore

IMDA Telecommunication Dealer's Licence

Learn about the local representative requirements for market entry.

 Singapore

IMDA Schemes: SER vs. GER

Understand which equipment registration scheme applies to your product.