Philippines | EN

Cybersecurity labelling scheme (CLS) by Singapore’s CSA

An approved CLS (IoT) test laboratory by Cyber Security Agency of Singapore (CSA)
Pictogram in .SVG for Data Trust Center

With the rapid increase in users of Internet of Things (IoT) products and improvements to IoT technology, many consumer IoT products have been designed to optimise functionality and short go-to-market period. According to an estimate, there will be 50 billion IoT devices by 2030. Due to the fast rate of launching IoT products, there may not have been many checks in these products for cybersecurity and products might have little to no security features built-in. This gap gives hackers an opportunity to attack such products and gain access to consumers’ information and data. Hackers can also use compromised IoT devices as botnets to launch DDoS attacks on the internet service.

What is the Singapore Cybersecurity Labelling Scheme (CLS) from the Cybersecurity Agency (CSA)?

As an effort to improve the IoT cybersecurity, the Cyber Security Agency of Singapore (CSA) has launched the Cybersecurity Labelling Scheme (CLS) for consumer smart devices. This will help to raise the overall cybersecurity hygiene levels in smart devices and better secure the cyberspace of Singapore. CSA has introduced the CLS to Wi-Fi routers and smart home hubs as a start. In Jan 2021, CSA has expanded the CLS Security scheme to cover all type of consumer IoT devices.

Under the CLS, there are 4 levels of cybersecurity provisions that the smart devices can be rated into. The CLS is represented by one, two, three, or four asterisks corresponding to level 1 through 4. Each additional asterisk represents an additional level of testing and assessment that the smart devices has comply with.

Below is a breakdown of the cybersecurity provisions for each level:

  • Level 1 - Security Baseline Requirements
    The product meets basic security requirements such as ensuring unique default passwords and providing software updates.
  • Level 2 - Adherence to International Standard 
    The product has been assessed to a set of International Standard (based on all mandatory requirements within the ETSI EN 303 645) in the devices and fulfilled Level 1 requirements.
  • Level 3 - Lifecycle Requirements + Software Binary Analysis
    The product has been developed using the principles of Security-by-Design such as conducting threat risk assessment, critical design review and has undergone assessment of software binaries by approved third-party test labs and fulfilled Level 2.
  • Level 4 - Penetration Testing
    The product has undergone structured penetration testing by approved third-party test labs and fulfilled Level 3 requirements.

Singapore has mutual recognition with Finland, Germany, South Korea, Japan and the United Kingdom (UK) for the cybersecurity labels issued: 

  • Products with the Finnish Cybersecurity Label issued by Transport and Communications Agency of Finland (Traficom) are mutually recognised under CSA's CLS Level 3 and vice versa. As of 31 July 2025, Finland has discontinued its cybersecurity labelling scheme.
  • Products with the IT Security Label under Germany's Federal Office for Information Security (BSI) will be recognised under CSA's CLS Level 2 and vice versa.
  • Products certified with South Korea Cybersecurity Certification (CIC) Basic Level and above are recognised as having fulfilled CLS Level 3 requirements and vice versa.  
  • Smart devices that have obtained cybersecurity labels under Japan’s JC-STAR scheme and Singapore’s CLS will be mutually recognised, with both schemes operating on a one-to-four-star rating system based on progressively stringent cybersecurity testing and assurance requirements.
  • Smart consumer products labelled under Singapore's CLS are deemed compliant with the requirements of the United Kingdom's Product Security and Telecommunications Infrastructure (PSTI) Act. Products compliant with the PSTI Act may undergo a simplified application process to obtain a CLS Level 1 label.
     

Get started with TÜV SÜD

Start your Cybersecurity Labelling Scheme journey with us.

Why is Cybersecurity Labelling Scheme (CLS) important?

As most consumers do not understand the technicalities and the information on the amount of cybersecurity that is built into smart devices is not readily available, consumers are not able to make informed decisions when buying such smart devices. With the introduction of CLS, consumers are able to understand the level of cybersecurity measures that have been tested on the smart devices and assist in making their purchase decisions.

Smart products assessed under CLS, can allow manufacturers to demonstrate their products’ security standing and certification under the Singapore recognised cybersecurity standard. The assessment permits the manufacturer to display the CLS label on their product and webpages if the product meets the necessary security standards. This allows consumers to make informed purchase decisions that help them better protect themselves against common cyberattacks.

By end 2027, Singapore’s mandatory CLS requirement for residential routers will be raised from Level 1 to Level 2, introducing stronger cybersecurity requirements to address evolving threats. Manufacturers, importers, and brands should prepare early to ensure compliance and continued market access.

Why choose TÜV SÜD for CSA'S CLS in Singapore?

TÜV SÜD can facilitate and review your smart devices based on CSA's CLS levels 1 to 4. We have a well-versed team that is familiar with the security requirements and evaluation of various consumer IoT products. TÜV SÜD's team is able to access global expertise and tools in the cybersecurity test requirements and provide the option of expanding accessibility to global markets. 

We are a one stop solution for your testing and certification needs with services that expand beyond security. TÜV SÜD PSB is an approved Cybersecurity Labelling Scheme (IoT) Test Laboratory by CSA. 

Your benefits at a glance

  • Gain competitive edge – by complying to the CSA requirements for smart devices and allow consumers to understand the cybersecurity of the your product.

  • Minimise risks – by testing your smart devices according to an established cybersecurity guideline from the Singapore government.

  • Proof of quality – by using the CLS mark to signal the cybersecurity of your smart devices to the consumers.