centrefor

RegulatorystrategyAsiapacific

SafeguardingCybersecurityinAI:

BuildingResilienceinaNewRiskLandscape

December2025

Australia

China(Mainland)

NavigatingtheReport

OverviewoftheRegulatoryLandscape

Recommendations

Clickicontonavigatetotherelevantsection

Introduction

AI

Cybersecurity

DeepDive

Philippines

Thailand

Indonesia

Jurisdictional

Singapore

Vietnam

Japan

Malaysia

SouthKorea

HongKongSAR

India

NewZealand

Taiwan(China)

Contacts

Endnotes

Introduction

Introduction

AICybersecurity

Overview

Recommendations

JurisdictionalDeepDive

However,despitethepotentialrisks,AIalsoprovidesopportunitiestostrengthencybersecurity.AI-enabledtoolscanhelporganisationsdetectissues,improvethesecurityofsoftwareandsystems,andrespondtoincidentsmorequicklyandconsistently.Firmsthatcombinethesecapabilitieswithstronggovernanceandproportionatecontrolswillbebetterpositionedtomanagetheevolvingcyberthreatlandscape.

CybersecurityisnowfirmlyaBoardlevelresponsibility.TheadditionalrisksintroducedbyAImakestrongoversight,clearlinesofaccountability,andBoardfluencyinAItechnologyessential.Thesecapabilitiesareneedednotonlytoprotectcriticaloperationsandmeetregulatoryobligations,butalsotomaintaincustomerandstakeholdertrust.

ThispaperexamineshowAIisimpactingcybersecurityrisk,howsupervisorsinAParerespondingandwhatorganisationscandotobuildstrongerandmoreresilientdefences.Itoutlineskeyattackvectors,emergingregulatoryexpectations,andpracticalstepsforBoardsandseniorexecutivestobolstertheirfirm’scyberresilience.

WhilstthispaperfocusesonAIsecurityconsiderations,itisimportantforfirmstotakeaholisticviewandaddressallAI-relatedriskswhendevelopingtheirtechnologystrategyandAIsystems.

Artificialintelligence(AI)isreshapingthecybersecuritylandscapeacrossAsiaPacific(AP).

Australia

China(Mainland)

HongKongSAR

EvenbeforetheriseofadvancedAI,theincreasingdigitisationofbusinessoperationshadalreadymadecyber-attacksmorefrequent,scalableandeffective.AIisnowamplifyingthistrendbyenablingmaliciousactorstoworkmorequicklyandproducemoreconvincingandadaptiveattacks.Forexample,AIcanhelpgeneratepersuasivephishingmessagesanddeepfakes,analysesystemstoidentifyweaknesses,andadjustattackmethodsinreal-time.Thislowersthebarrierforattackersandincreasesboththespeedandpotentialimpactofacyberincident.

India

Indonesia

Japan

Malaysia

AsorganisationsadoptAIacrosscoreprocesses,theattacksurfaceisalsoexpanding.AIintroducesnewsystemsanddataflowsintotechnologyarchitecture,includingmodeltrainingenvironments,automateddecisionworkflowsandlarge-scaledatapipelines.Thesecomponentscanpotentiallycreateadditionalpointswherevulnerabilitiesmayarise.Further,theAIsystemsarealsosubjecttoattack.Adversariesmaytrytocorruptthedatausedtotrainmodels,influenceordistortmodeloutputs,orexploitweaknessesinhowthesystemsinterpretandrespondtouserinputs.

NewZealand

Philippines

Singapore

Thesethreatscreateclearbusinessrisks.AI-relatedcyberincidentscancausefinanciallosses,compromiseintellectualproperty,distortcriticaldecisionoutputs,exposesensitivecustomerdata,anderodeorganisationalreputationandstakeholdertrust.Therefore,asAIadoptiongrows,itiscriticalthatrisksmustbeassessedandmanagedaspartofawidercyberdefencestrategy.

SouthKorea

Taiwan(China)

Thailand

Vietnam

Contacts

Endnotes

03

AISecurityvs.AISafety

Forthepurposesofthisreport,wedefineAIsecurityastheprotectionsthatkeepAIsystemsresilientagainstattacksandmisuse.Thisincludesdefendingagainstadversarialinputs,tampereddata,stolenmodels,andattemptstomanipulateorextractmodeloutputs.

WedistinguishthisfromAIsafety,whichconcernshowanAIsystembehavessuchasitsaccuracy,reliability,fairness,andalignmentwithintendedgoals.

Inpractice,thesetwodomainsoftenoverlap.Weaksafety,suchasamodelthatisbrittle,poorlycalibrated,orpronetohallucinationcancreateopeningsthatattackerscanexploit.Conversely,asecurityfailurelikecompromisedtrainingdataormanipulatedcontentcandegradesafetybychangingasystem’sbehavioranderodingtrustinitsoutputs.

ThispaperfocusesonthecybersecurityrisksassociatedwithAIsystemswhilerecognisingtheseriskscanaffectbroadersafetyoutcomesandvice-versa.

NewZealand

Philippines

Singapore

SouthKorea

Taiwan(China)

Thailand

Vietnam

Contacts

Endnotes

04

Australia

India

Indonesia

Malaysia

Overview

Recommendations

JurisdictionalDeepDive

Japan

China(Mainland)HongKongSAR

Introduction

AICybersecurity

Introduction

AICybersecurity

Overview

Recommendations

JurisdictionalDeepDive

AustraliaChina(Mainland)HongKongSARIndia

IndonesiaJapanMalaysiaNewZealand

AICybersecurity

AICybersecurityRisks

AsorganisationsbegintoadoptandscaleAI,maliciousactorsareevolvingtotargetthesesystems.Sometechniquessuchaspromptinjections,jailbreaksandmodelextractionarerelativelynewandarisefromthewayAImodelsprocessdataandinstructions.Others,includingsupplychaincompromiseortheexploitationofvulnerablecomponents,buildonlongstandingcyber-attackmethods.Nevertheless,theimpactsareamplifiedbyAI’srelianceonexternalmodels,opensourcetoolsandcomplexdatapipelines.Theresultisabroaderandmoredynamicattacksurfacethatcanimpacttheintegrity,confidentialityandreliabilityofAIsystemsandtheprocessestheyunderpin.UnderstandingtheserisksisanimportantfirststepindevelopingthesecuritycontrolsandmonitoringmechanismsneededtokeepAIsystemssafe.

ThetablebelowsummarisessomeofthekeysecurityrisksimpactingAIsystems.

AttacksonModelBehaviour

AttackVector

WhatItIs

HowAttackersExploitIt

WhyItMatters

Promptinjections

MaliciousorcarefullycraftedinstructionsinsertedintopromptsorcontextualdatathatanAImodelreliesontogenerateoutputs.Theseinstructionsareoftenhiddenwithinuserinputs,documents,websitesordatasets

Attackerstrickthemodelintofollowingunintendedinstructionsbyembeddingcommandsinusertext,metadataorexternalcontentpulledintothe

modelIscontext.Thiscanoverrideintendedlogicandcausethemodeltobehaveunpredictably

Promptinjectionscancausethemodeltodisclosesensitiveinformation,performunintendedactions,generateharmfulorunauthorisedoutputsor

underminedownstreamautomatedprocessesthatrelyonmodel-generatedcontent

Jailbreaks

TechniquesthatdeliberatelybypassguardrailsandrestrictionsbuiltintoAIsystems,allowingthemtooutputcontentthatwouldnormallybeblocked

Attackerschainprompts,useroleplay,disguiserequestsorcreatemulti-stepinstructionsthatgraduallyweakenthemodel’sguardrailsuntilitproducesrestrictedorinappropriatecontent

Jailbreaksexpose?rmstothegenerationof

harmful,misleadingornon-compliantoutputs,

whichcancreateregulatory,ethicaland

reputationalrisks.Theycanalsoenableattackerstomapweaknessesinamodel’scontrolframework

Adversarial

promptsorexamples

Inputsthathavebeensubtlyandintentionallyalteredinawaythatmisleadsthemodel,

eventhoughthechangesmaybeimperceptibletohumans

Attackersadjustwords,phrasing,imagesordatapatternssothemodelinterpretsthemincorrectly.Thesemanipulationsexploithowmodelsprocessandweightdi?erentfeatures

Thiscancausemodelstomisclassifyormisinterpretinformation,resultinginunreliabledecisions,

manipulationofautomatedwork?owsorincorrectoutputsinhigh-stakesenvironmentssuchasfrauddetectionorcontentmoderation

PhilippinesSingaporeSouthKoreaTaiwan(China)ThailandVietnamContactsEndnotes

05

Introduction●

Overview

Recommendations●

JurisdictionalDeepDive

Australia●

China(Mainland)●HongKongSAR●

India●

Indonesia●

Japan

Malaysia

AICybersecurity

AttacksonDataand

TrainingPipelines

WhatItIs

AttackVectorHowAttackersExploitItWhyItMatters

●Modelinversion

Poisoningweakensmode|performance,embedsbackdoors,createssystematicinaccuraciesanderodestrustinthesystem.Poisoningattackscanbedi?culttodetect,anddamagecanpersist

acrossiterationsofthemode|

Thiscanexposesensitiveorregulateddata,

vio|ateprivacyob|igationsanda||owattackerstobuilddetailedpro?lesofindividualsordatasets.Regulatorsincreasinglyviewthisasasigni?cantcomplianceandcon?dentialityrisk

Thisunderminesintellectualproperty,reducescompetitiveadvantageandenab|esma|iciousactorstodep|oythesto|enmode|forharmfu|purposes,inc|uding|arge-sca|eattacksor

disinformation

Thedeliberateintroductionofcorrupted,biasedormisleadingdataintotrainingor?ne-tuning

pipe|ines.Poisoneddatamay|ook|egitimatebutisengineeredtodistortmode|behaviour

Amethodofreconstructingsensitiveinformationaboutthetrainingdatabyana|ysingpatternsinthemode|,soutputs.Overtime,attackerscan

inferdetai|sabouttheorigina|dataset

Aprocesswhereanattackerrep|icatesamode|,sfunctiona|ity,|ogicorparametersbyqueryingitrepeatedly,e?ectivelycloningthemodelwithoutdirectaccesstoitscodeortrainingdata

Attackersissuerepeated,carefu||ystructuredqueriesandana|ysereturnedpatternstoinferpersonalattributes,con?dentialinformationorproprietarytrainingdata

Attackerssystematica||yprobethemode|,sinputsandoutputs,oftenusingautomatedtoo|s,unti|theycanreproduceitsdecisionboundariesor

Attackersinsertmanipu|atedsamp|esintodata

sourcesthemode|re|ieson,suchasopen

datasets,web-scrapedmateria|orinterna|updatepipe|ines.lnsomecases,attackersaddItrigger,

patternsthatcausethemode|tobehavedi?erentlyonlyinspeci?cscenarios

Modelextractionortheft

generateanequiva|entmode|

Datapoisoning

NewZealand

Philippines

Singapore

SouthKorea

Taiwan(China)

Thailand

Vietnam

Contacts

Endnotes

06

Introduction

AICybersecurity

Overview

ChainandInfrastructure

Supply

Attackson

WhatItIs

Recommendations

JurisdictionalDeepDive

AttackVectorHowAttackersExploitItWhyItMatters

Australia

China(Mainland)

HongKongSAR

India

Indonesia

Japan

Malaysia

NewZealand

Asinglecompromisedcomponentcana?ecteverysystemthatusesit,creatingwidespreadand

hard-to-tracevulnerabilities.Manyorganisationsrelyheavilyonsharedcodeandmodels,thereforeanattackononecomponentcanescalateintoabroadersystemicissueacrosssectorsorregions

Thiscanresultincorruptedmodels,unauthorisedmodelupdates,silenttamperingordisruptionofproductionsystems.Becausepipelinesautomatedeployment,asinglecompromisecanspread

widelyandrapidly

Evenifanorganisation’sownsystemsaresecure,weaknessesinanexternalpartnercancreateapathwayforattackers.Thiscanresultindata

exposure,incorrectmodeloutputsordisruptiontobusinessprocessesthatdependonthose

externalservices

Attackerscompromisepopularopen-source

packagesorpre-trainedmodelssothatany

organisationthatinstallsthemunknowinglyimportstheattacker’scodeormanipulatedmodelweights.Thisallowstheattackertospreadmalwareor

updatedorstored,suchasversion-controlsystemsordeploymentscripts,andinsertchangeswithoutdetection.Thiscanallowthemtomodifyhowa

servicesthattheAIreliesonfordata,processingorfunctionality.TheseareoftenexternaltoolsthatsupplyinputsintotheAIsystem

Compromised

AIdevelopmentpipeline

Third-partyexploitation

Weaknessesorhiddenrisksinopen-source

software,sharedlibrariesorpre-builtAImodelsthatanorganisationdownloadsorintegratesintoitssystems.Thesecomponentsmaycontain

Attacksonthetoolsandsystemsusedtobuild,testanddeployAImodels.Thisincludescoderepositories,modelstoragelocationsand

modelbehaves,disablekeysecuritychecksoraddhiddenfunctions

Insomecases,theyinterceptinformationorfeedincorrectdataintothesystemtoalteroutputs

interfaceswiththird-partyservicesormanipulatethedatabeingsentthroughtheseconnections.

coding?awsormayhavebeentamperedwithbeforedistribution

in?uenceAIbehaviouracrossmanyorganisationsatonce

Compromised

componentsorexternalmodels

Attackerstargettheplaceswheremodelsare

Attackerstakeadvantageofpoorlyprotected

Weaknessesinothercompanies’systemsor

automateddeploymenttools

Philippines

TheseattackvectorsillustratetheAIcyberthreatenvironment,andunderscoretheimportanceofrobustsecuritycontrolsthroughouttheAImodellifecycle.

Singapore

SouthKorea

Taiwan(China)

Thailand

Vietnam

Contacts

Endnotes

07

Introduction

AICybersecurity

Overview

Recommendations

JurisdictionalDeepDive

SupplyChainandThird-PartyRisks

Ashighlightedabove,third-partyrelationshipsandextendedsupplychainsareamajorsourceofcyberandAI-relatedvulnerability,particularlyforfirmsincomplexvendorecosystems.ManyincidentsnowstemfromvendorsandtheAIcapabilitiesembeddedinthesoftwareandservicestheyprovide.Asfirmsconnectmoretoolsanddatapipelines,theycanalsobesusceptibletoweaknessesacrossthisextendedecosystem.Inpractice,acompany’sattacksurfacethereforeexpandstoincludehowitsvendorsdesign,deploy,andupdateAI.

Companiesthatutilisethird-partyinfrastructureshouldbeawarethatvendorpracticesvarysignificantly.SomeprovidershavematuregovernanceandmonitoringprocessesfortheirAImodels;othersarestilldevelopingbasicpoliciesandcontrols.Visibilityintohowvendorsusedata,trainandupdatemodels,andrespondtoissuesisthereforeessentialforunderstandingresidualrisk.

ContractsandoperatingtermsneedtoreflecthowAIfeatureswillevolve,howchangeswillbeannounced,andhowincidentswillbereported.Ongoingdialoguewithkeyvendorsespeciallyaroundnewfeatures,modelchanges,andsystemupdatesiscrucialtoensuresystemsremainsecureandsensitivedataisprotected.

AustraliaChina(Mainland)HongKongSARIndia

Indonesia

Japan

Malaysia

NewZealand

Philippines

Singapore

SouthKorea

Taiwan(China)

Thailand

Vietnam

Contacts

Endnotes

08

Introduction

AICybersecurity

Overview

AISecurityTrade-offs

ImplementingcybersecuritymeasuresforAIsystemsrequiresacarefulbalancebetweentheperformanceandsecurityofAIsystems.OrganisationsmustprotectAIassetsagainstincreasinglysophisticatedcyberthreats,whilerecognisingthatgreatersecurityconstraintscandirectlyreducetheaccuracy,adaptability,andoverallutilityofAImodels.AsAIbecomesembeddedincriticalbusinessoperationsanddecision-making,theneedforstrongcybersecuritycontrolisintensifying.Inordertosafeguardagainstkeyriskssuchasdatapoisoning,modeltheftandunauthorisedaccess,firmstypicallydeployarangeofcontrols.Thesesecuritymeasuresincludeencryption,accessmanagement,continuousmonitoringandrigorousauditingofmodelsandtrainingdata.

Akeyconsiderationisthedistinctionbetweenproductivitytools(e.g.,enterprisechatbots,researchtools)andAImodelsthatdrivebusinessdecisions(e.g.,decision-supportalgorithms,model-basedriskengines).Productivitytoolstypicallyoperateonlower-riskdataandcanthereforebedeployedwithlightersecuritycontrolswithoutsignificantlyincreasingexposure.Incontrast,decision-criticalandcustomerfacingAImodelsusuallyrequiremorestringentprotectionsduetothesensitivityoftheunderlyingdataandthepotentialimpactofmodelcompromise.

Applyingauniform,high-securitypostureacrossallAItoolscanunnecessarilydegradeperformanceandreducebusinessvalue,particularlyforlow-risk,high-volumeproductivityapplicationswhereusabilityandspeedareessential.Thechallenge,therefore,liesincalibratingsecurityframeworkstotheriskprofileanduniquecharacteristicsofeachAIusecase.Doingsoallowsfirmstoprotectcriticalassetswithoutconstrainingmodelperformanceorimpedingbusinessproductivity.

Recommendations●

JurisdictionalDeepDive

Australia

China(Mainland)

HongKongSAR

India

Indonesia

Japan

Malaysia

NewZealand

However,manyoftheseprotectionscomewithperformancetrade-offsandcanberesourceintensive.Restrictiveaccesstodata,forexample,canmateriallylimitanAIsystem’sabilitytolearnfromdiverseandrepresentativedatasets,reducingtherobustnessandaccuracyofitsoutputs.Likewise,frequentauthenticationchecksorhighlysegmentedenvironmentscanintroducelatency,disruptreal-timeprocessing,andfrustrateend-userswhoexpectseamlessinteractions.Overlyconservativepoliciescanalsostifleinnovationbypreventingteamsfromexperimentingwithnewusecasesoriteratingmodelsatpace.

Philippines

Singapore

SouthKorea

Taiwan(China)

Thailand

Vietnam

Contacts

Endnotes

09

Introduction

AICybersecurity

Overview

Recommendations

JurisdictionalDeepDive

AustraliaChina(Mainland)HongKongSARIndia

IndonesiaJapanMalaysiaNewZealand

AI-enabledCybersecurityCapabilities

Ascyberthreatsbecomemorefrequentandcomplex,organisationsareincreasinglyturningtoAItostrengthentheirdefences.Whenusedappropriately,AIcanautomateroutinetasks,detectsuspiciousactivityearlier,andsupportfastermoreaccurateincidentresponse.Thesecapabilitiesenhanceboththeefficiencyandeffectivenessofexistingcybersecuritycontrolswhilehelpingfirmsscaletheirdefencesacrossacomplexdigitalenvironment.

ThreatDetectionandResponse

AIanalysesnetwork,endpoint,anduseractivitytoidentifyanomaliesandsuspiciouspatternsthatmayindicateanemergingthreat.Itprioritisesalertsandproposeslikelycauses,enablingfasterandmoretargetedresponses

SecurePipelineand

DeploymentAutomation

AIpredictsbuildissuesandidenti?escon?gurationweaknessesbeforedeployment.Thishelpsensurethatonlysecurelycon?guredcodeprogressesthroughthepipeline,reducingtheriskofintroducingvulnerabilities

IncidentResponseandMonitoring

AIcorrelatesandsummariseslargevolumesoflogsandtelemetrytoidentifyrootcausesmorequickly.Itautomatespartsoftriageandsupportsmoreconsistentremediationacrossteams

AIisbecominganincreasinglyimportantenablerofmoderncyber-defence.Whilethesetoolsdonotreplaceestablishedcontrolsorhumanjudgement,theysupportmorescalableandefficientsecurityoperations.AsfirmsadoptAI-enabledcapabilities,successwilldependonembeddingthemwithinexistinggovernance,risk,andassuranceframeworkstoensuretheyenhanceratherthancomplicateafirm’scyberdefencestrategy.

AIEnabledSolution

HowdoesthisStrengthensCybersecurity

AIreviewscodeforunsafepatternsandknownvulnerabilitiesasitiswritten,reducingthelikelihoodofsecuritydefectsenteringproductionandloweringremediatione?ort

SecureCodeDevelopment

Policy,Control,and

ComplianceAssurance

AIcontinuouslycheckssystemsagainstinternalsecuritypoliciesandregulatorybaselines,?aggingdeviationsinrealtime.Thisreducestheriskofmiscon?gurations,weakcontrols,andaudit?ndings

SoftwareSupply-ChainSecurity

AIscansthird-partycomponentsandopen-sourcelibrariestodetectvulnerabilities,tampering,orunexpectedchanges.Ithelps?rmsmanagedependencyrisksacrossincreasinglycomplexsoftwareecosystems

SecurityTestingand

VulnerabilityManagement

AIidenti?essecurity-relevantcodeweaknesses,prioritisesvulnerabilityremediationbasedonrisk,andrecommendswhereadditionaltestingisneeded.Thisenhancestherobustnessofpreventivecontrols

Developerand

AnalystSupport

AIactsasanassistantthatexplainssecurityissuesinplainlanguage,recommendsremediationsteps,andreducesmanuale?ortacrosssecure-codingandsecurity-operationswork?ows

Architectureand

Attack-SurfaceManagement

AIevaluatessystemdesignanddependenciestohighlightcomponentsthatincreaseattacksurfaceorintroducesecurityfragility.Itsupportslong-termplanningforhardeningandmodernisation

PhilippinesSingaporeSouthKoreaTaiwan(China)ThailandVietnam

Contacts●

Endnotes

10

Introduction

AICybersecurity

Overview

》

Recommendations

Deepfakesaresyntheticimages,videosoraudiorecordingsgeneratedbyAItoimitaterealpeoplewithahighdegreeofrealism.Theycanmakeitappearasthoughanindividualhassaidordonesomethingtheyneverdid,creatingriskstoinformationsecurity,reputationmanagement,andtrustindigitalcommunications.

Althoughdeepfaketechniquesareimprovingrapidly,thisisoneareawhereeffectivemitigationisalreadyachievable.Risksassociatedwithdeepfakescanbesuccessfullymitigatedbyorganisationswhichadoptrobustcybersecuritycontrolsthatbothdetectandlimitthespreadofmanipulatedcontent.Advancedmachinelearning-baseddetectiontoolscananalyseaudio-visualcuesandmetadatatoidentifyforgedmedia,whiledigitalwatermarkingandprovenance-trackingtechnologieshelpverifytheauthenticityoffiles.Thesecapabilitiescontinuetomatureandareincreasinglybeingintegratedintomainstreamcybersecurityandcontent-verificationtools.However,regularlyupdatingthesedetectionmechanismsisessential,asdeepfaketechniquescontinuetoevolve.

Inadditiontotechnicalsolutions,implementingstrictaccesscontrolsandmulti-factorauthenticationcanreducethelikelihoodofattackersobtainingoriginalcontenttocreateconvincingdeepfakes.Securityawarenesstrainingalsoplaysavitalrole;educatingemployeesandstakeholdersaboutthepotentialsignsanddangersofdeepfakesfostersacultureofvigilance.Bycombiningsophisticateddetectionsystems,accessmanagement,andongoingawarenessinitiatives,organisationscansignificantlymitigatethecybersecurityrisksposedbydeepfakes.

JurisdictionalDeepDive

AustraliaChina(Mainland)HongKongSARIndia

IndonesiaJapanMalaysiaNewZealand

PhilippinesSingaporeSouthKoreaTaiwan(China)ThailandVietnamContactsEndnotes

11

Deepfakes

Introduction

AICybersecurity

Overview

Recommendations

OverviewoftheRegulatoryLandscape

JurisdictionalDeepDive

Australia

nollnaurusgircissAP,drivenbythegrowingfrequencyandseverityofcyberincidentsandthe

China(Mainland)

Thisregulatorypatchworkcreatessignificantchallengesformultinationalfirmsthatmustensuretheircyberriskmanagementframeworksareadaptabletodifferinglocalrequirements.Inaddition,regulatoryexpectationsarerapidlyevolvinginstepwithtechnologicalchange,meaningfirmsmustremainagileandvigilanttomaintaincomplianceandavoidpenaltiesoroperationaldisruptions.

WhilemostjurisdictionsstillrelyongeneralcybersecurityframeworkstosafeguardAIsystems,regulatorsarebeginningtointroduceAI-specificsecurityexpectations.Forexample,somejurisdictionshaveintroducedrulesandguidelinesaimedatmodelrobustness,adversarialtesting,securedatahandling,andprotectionsagainstmodelmanipulation.

HongKongSAR

India

Indonesia

Authoritiesarerespondingbystrengtheningcyber-specificframeworksandembeddingcybersecurityexpectationsaspartofbroaderoperationalresilienceorAIgovernancerequirements.Nevertheless,theregulatorylandscapeacrossAPremainshighlyfragmented,witheachjurisdictioncraftingitsownrules,definitions,andenforcementpriorities.

Japan

Malaysia

NewZealand

JurisdictionssuchasAustralia,Singapore,Japan,China(Mainland)(“China”),SouthKorea,andIndiahaveenactedcomprehensivelawstoaddresscyberrisks.However,therearesignificantdifferencesinthescope,terminology,andenforcementmechanisms.Forexample,whileSingapore’sCybersecurityActfocusesontheprotectionof“criticalinformationinfrastructure”andprescribessector-specificobligations,China’sCybersecurityLawencompassesabroaderrangeofsectors,andmandateslocalisationofcriticaldata.Meanwhile,Japan’sCybersecurityBasicActtakesamorestrategic,coord