On 14 May 2026, Singapore's Ministry of Law and Ministry of Digital Development and Information confirmed that the Online Safety Commission (OSC) and the Online Safety (Relief and Accountability) Act 2025 (OSRAA) will commence on 29 June 2026, with veteran prosecutor Francis Ng appointed Commissioner-Designate from 1 June. From that date the Commissioner can order harmful content taken down, restrict a perpetrator's account, and compel platforms to disclose information identifying a user. Phase 1 targets five harms: intimate image abuse, image-based child abuse, doxxing, online harassment, and online stalking.
This is one of the more consequential content-governance regimes to launch in Asia this year. It deserves a careful verdict rather than a reflexive one — and the honest answer is split: the Phase 1 design is proportionate and overdue, but the broader statute it sits inside reaches further than the harms it was sold to solve.
The accountability gap is real
Start with the strongest case for the regulator, because it is a serious one. Singapore's own evidence points to a genuine gap. In MDDI surveys of 2,008 residents conducted between November 2024 and May 2025, 84% reported encountering harmful online content in the past year, and 62% called for stronger regulation (MDDI). The same data shows why faith in platform self-policing is thin: most services took an average of five days or more to act on user reports.
In his Second Reading speech, Minister for Law Edwin Tong argued that existing court remedies are "complex and expensive," that victims often cannot even identify who is harming them, and that an IMDA study found over half of legitimate user complaints went unaddressed at first instance (MinLaw). For a victim of leaked intimate images, a defamation suit that takes a year and costs five figures is not justice. A free, fast administrative body that can compel removal in days is a real improvement. None of that should be waved away.
What the Commissioner can actually do
OSRAA establishes an Office of the Commissioner of Online Safety with directive powers: stop-communication directions, access-disabling orders, account restrictions, and orders requiring platforms to surface information that may identify a suspected perpetrator (gov.sg). It also creates statutory torts letting victims sue communicators, group administrators, and platforms directly — a feature analysts note has "no equivalent under Australian or UK online safety law" (Squire Patton Boggs). The full Act covers 13 harm categories; only five are live in Phase 1.
Where Phase 1 gets it right
Two design choices are genuinely sound. First, the platform duty is reactive: providers must take reasonable steps to assess and address harm once properly notified, not proactively scan everything users post. That is the proportionate model. It avoids the general-monitoring mandates that turn platforms into pre-publication censors and that smaller services cannot afford — a distinction that keeps the door open for new entrants rather than entrenching incumbents.
Second, the Phase 1 list is narrow and defensible. Non-consensual intimate imagery, child sexual abuse material, doxxing, and stalking are not contested speech; they are conduct with identifiable victims and little expressive value. Speed matters most precisely here, where every hour of circulation compounds the harm. A regulator built to act fast on these is a reasonable answer to a real problem.
Where the full statute overreaches
The concern is the gap between what was demonstrated and what was enacted. The remaining categories include "publication of false material," "publication of statements harmful to reputation," and "incitement of enmity." These are not the unambiguous harms in the survey data — they are speech-adjacent judgments that courts, with their evidentiary rules and appeal rights, exist to make. Folding them into an administrative takedown regime invites scope creep from the conduct everyone agrees on toward the expression people reasonably dispute.
Two structural features sharpen the worry. The identity-disclosure power lets an administrative body, not a judge, order platforms to unmask users. Anonymity shields whistleblowers, abuse survivors, and dissidents; civil-society groups warn that eroding it "undermines the open web" and rarely addresses the root drivers of harm (EFF). And appeals run to an internal Appeal Committee, not the High Court. Tong defends this on cost and inclusivity grounds — repeated appeals, he argues, would price victims out — and that trade-off is real. But removing the judicial check entirely concentrates speech-adjudication power in the executive, exactly where it is hardest to keep narrow over time.
A narrow regime is the better regime
Singapore has built a capable instrument. The proportionate course is to keep it tethered to what the evidence justifies: run Phase 1 hard, publish transparency data on directions issued and overturned, preserve anonymity as the default with disclosure reserved for the gravest cases, and route the contested categories — falsehood, reputation, enmity — through courts rather than administrative fiat. Get that boundary right, and the OSC protects victims without becoming a general-purpose content regulator. Blur it, and a tool built for intimate-image abuse becomes one for disputed speech. The first 12 months of directions will tell us which Singapore chose.