Singapore issues deadline to social media platform over impersonation scams

Escalating threat landscape

The SPF’s intervention follows a significant increase in phishing and impersonation incidents that exploited vulnerabilities in platform infrastructure and response protocols. Authorities cited inadequate takedown mechanisms and delayed mitigation efforts as key factors contributing to the spread of scam-related content.

In Singapore, scammers have adopted increasingly sophisticated tactics, including the use of deepfake technology, doctored videos, and AI-generated imagery to impersonate high-profile public figures. These impersonations have frequently been deployed in fraudulent investment schemes, amplifying their reach and impact.

Regulatory framework and enforcement measures

The OCHA, which came into effect in July 2023, empowers the competent authority to issue implementation directives to designated online services where necessary to address criminal harms. This is the first such directive issued under the OCHA.

Under the Directive, the Platform is required to:

• Implement enhanced facial recognition measures in Singapore to detect impersonation attempts.
• Prioritise review of end-user reports originating from Singapore.
• Swiftly remove scam-related content involving impersonation of the Singapore government’s office holders.

The Directive must be complied with by 30 September 2025. Failure to comply without reasonable excuse could result in a fine of up to SGD $1 million, with additional daily penalties of up to SGD $100,000 for continuing offences after conviction.

Authorities have also indicated plans to work with the Platform to extend impersonation protection measures to other influential public figures in Singapore.

It is conceivable that similar requirements could be imposed on other online platforms in the future.

Implications for online service providers

The Directive marks a pivotal moment in Singapore’s digital safety enforcement.

Authorities have signalled increased scrutiny of online platforms and a broader push to hold service providers accountable for criminal harms facilitated through their infrastructure.

Key takeaways

In view of the Directive, operators of online services in Singapore should take heed and:

• Review and strengthen their incident response frameworks for impersonation and scam-related content.
• Ensure alignment with OCHA’s takedown and reporting requirements.
• Monitor regulatory guidance, including by SPF and the Ministry of Home Affairs to anticipate future compliance obligations.

For assistance in understanding the scope of these regulatory requirements, please contact the authors or your usual Hogan Lovells contact.

Authored by Charmian Aw and Ciara O'Leary.