PDPA: the core legal obligation
Every organisation in Singapore that collects, uses, or discloses personal data β including through AI systems β must comply with the PDPA. Core obligations for SMEs using AI: notification (tell individuals what personal data you are collecting and for what purpose, including AI use); consent (obtain consent for purposes not covered by PDPA exceptions); purpose limitation (use data only for the purposes disclosed); access and correction (respond to requests within 30 business days); and security (implement reasonable security safeguards). The PDPC's SME Guide to Data Protection provides practical templates and checklists. The PDPC also operates a free advisory service β pdpc.gov.sg/overview-of-pdpa/sme-corner.
AI Verify: Singapore's governance testing framework
IMDA launched AI Verify in 2022 as Singapore's AI governance testing and certification programme. It allows organisations to test and document AI systems against 11 AI ethics principles through automated technical tests and process checks. AI Verify is free to access and produces a standardised report that organisations can share with partners and customers. The AI Verify Portal (aiverifyhub.imda.gov.sg) provides self-assessment tools, guidance, and templates β useful for SMEs even if formal certification is not the immediate goal.
Government support for SME AI governance
Singapore's SMEs Go Digital programme provides funding for SMEs adopting pre-approved digital solutions including AI tools with built-in governance features. The Enterprise Development Grant (EDG) supports capability development including AI governance implementation. The Chief AI Officer (CAIO) community programme helps organisations develop AI leadership. Before building AI governance infrastructure from scratch, SMEs should check what support is available β Singapore has invested significantly in making responsible AI accessible to SMEs.
