Open-source software is widely used by companies, and now they are adopting “open source” AI models as well. Just last month, the Open Source Initiative released a definition of “open-source AI”. This article thus examines what are “open-source AI models” and how much they need to be “open” about – for example, balancing the need to release the training data to understand how model works with IP and data protection issues. It also examines what new risks they pose compared to “traditional” open-source software and closed AI models. Finally, we look at what measures are being instituted to mitigate the risks and ensure the models’ safe use, such as new types of licences (known as “Responsible AI Licences”), and regulatory controls in legislation and ongoing monitoring. For example, are open-source AI models subject to lighter regulatory regimes since they are distributed for free, and how is this balanced against the need for transparency on the model’s capabilities and development process?

The topic of “open-source AI models” is of interest because Singapore’s Infocomm Media Development Authority (IMDA) proposed a “shared responsibility” approach in May 2024, where responsibility should be allocated amongst the players in the AI development chain¹For example, model developers, application deployers (who develop solutions or applications that make use of AI technology), application deployers (who provide the AI solutions to end-users) and cloud service providers (who provide the platform to host the AI application). according to the level of control they have, so that they can take the necessary action to protect end-users.²See the Model Governance Framework for Generative AI (30 May 2024) (“Model Gen-AI Framework”) at page 7. The IMDA has indicated that when apportioning responsibility, we “may also need to consider different model types (e.g. closed-source, open-source or open-weights) given the different levels of control that application deployers have for each model type”³See the Model Gen-AI Framework at page 7., and that the details of how these responsibilities will be allocated are in the midst of being worked out.⁴See the Model Gen-AI Framework at footnote 11.

We will thus explore the different types of models where they exist on a spectrum, described by IMDA as⁵As defined in the Model Gen-AI Framework at footnotes 9 and 10.:

1. Closed-source models have all information about them kept private by the developer;
2. Open-weights models make available pre-trained parameters/weights of the model, but not the training code, dataset, methodology, etc.
3. Open-source models make available the full source code and information required for re-training the model from scratch, include model architecture code, training methodology and hyperparameters, original training dataset and documentation.

Part 1: What does it take to be an “open source” AI model? What are the difficulties in considering them “open-source”’ and how can these issues be overcome?

In this article, an “AI model” is created when algorithms (as a set of steps/instructions to reach an outcome) are applied to datasets to analyse the data, leading to an output that is examined and the algorithm iterated, until the most appropriate model emerges.⁶The definitions are based on (3.20) and (3.21) of the Singapore’s Model AI Governance Framework, as well as the definition from IBM at https://www.ibm.com/topics/ai-model. The IBM differentiates that “algorithms are procedures, often described in mathematical language or pseudocode, to be applied to a dataset to achieve a certain function or purpose” and “models are the output of an algorithm that has been applied to a dataset”. An AI model is thus what is “learnt” by the algorithm from the data. Algorithms can be expressed in, for example, mathematical language, pseudocode or programming languages.⁷https://www.techtarget.com/whatis/definition/algorithm

To understand the concept of “open-source AI models”, we will draw on concepts from open-source software, and their differences will come to light in the paragraphs below.

By way of background, open-source software is software where the source code (i.e. the instructions for a computer to execute, written in languages such as Python, C++ and Java) is made available to anyone to inspect, modify and enhance.⁸https://opensource.com/resources/what-open-source It is in contrast to “proprietary” or “closed-source” software where only the person or organisation who created the source code can access and modify it.⁹https://opensource.com/resources/what-open-source

For software to be considered open-source, the Open Source Initiative (OSI) defines 10 criteria to be met¹⁰See the definition at https://opensource.org/osd (last modified on 16 February 2024). (where the most relevant are set out below):

1. the program must include source code, and must allow distribution in source code as well as compiled form;
2. the license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software;
3. the licence must not discriminate against any person or group of persons;
4. the license must not restrict anyone from making use of the program in a specific field of endeavour – e.g. it may not restrict the program from being used in a business, or from being used for genetic research.

The two criteria mentioned in paragraphs (c) and (d) are most affected when we look at “open-source AI models” and new licence terms developed for them:

1. Issue 1: how much of the model and its associated/underlying information (e.g. the training data) must be shared so that the user can understand how it works?
2. Issue 2: what happens if the licence restricts how the AI model can be used, given the growing adoption of “Responsible AI Licences” with use restrictions?

The IMDA has also highlighted that “[t]oday, however, there is a lack of information on the approaches being taken to ensure trustworthy models. Even in cases of “open-source” models, some important information like the methodology and datasets may not be made available.”¹¹See the Model Gen-AI Framework at page 13. Therefore, can we still say that an AI model is ‘open source’ if key criteria are not met as we would then be ‘watering down’ the requirements for open source models? In exploring these issues, we will also look at the positions taken by recognised institutions like the OSI, as well as regulators in the EU and USA.

Issue 1: How much must be shared to allow meaningful use and modification of the model?

Unlike open-source software, with AI models, more than just the source code is needed to understand how the model works. There is no consensus on exactly what other components must be shared for an AI model to be considered as open-source, but it generally includes the following:¹²See page 11 of “Open Sourcing Highly Capable Foundation Models”, Centre for the Governance of AI (“CGAI Report”), accessible at https://cdn.governance.ai/Open-Sourcing_Highly_Capable_Foundation_Models_2023_GovAI.pdf, referencing training code, model weights and training data. See also page 3 of CNIL, “Open source practices in artificial intelligence” (July 2024) (“CNIL Report”), accessible at: https://www.cnil.fr/sites/cnil/files/2024-07/in-depth_analysis_open_source_practices_in_artificial_intelligence.pdf, which states: “Openness in AI generally does not refer to the publication of the source code related to the use or development of a model, although this may be part of it, but rather to the publication of the model and the weights, or parameters, that constitute it.”

1. Training code – the instructions that guide the model training, optimising the model weights to improve the model’s performance on the training tasks (this is distinct from inference code, which implements the model after it is trained and allow it to perform tasks like writing and classifying images)¹³See the definitions on page 11 of the CGAI Report.
2. Training data – you can’t just look at the code to understand how the model works and how to modify it, as you must also know what kind of data it was trained on. This thus opens up a package of legal issues not found in traditional open-source software: there are limitations to sharing training data, such as IP, privacy and confidentiality concerns, which will be exacerbated if all the training data is shared as-is.

   Practically, model developers may also be reluctant to disclose all their training data if it would expose the fact they trained on third-parties’ copyrighted material.¹⁴The Verge, “Open-source AI must reveal its training data, per new OSI definition”, 29 October 2024, accessible at: https://www.theverge.com/2024/10/28/24281820/open-source-initiative-definition-artificial-intelligence-meta-llama Even if they had obtained a licence to use that material for training, that licence may not extend to sharing a copy of that material with the wider public.

   However, it is also not the case that developers necessarily need access to all the training data to modify the AI model – what is helpful is detailed information about the dataset (the dataset building process rather than the dataset), such as where the data was from, so that they can build similar datasets to improve on the existing datasets.¹⁵See the interview with OSI’s Executive Director Stefano Maffulli at TechBrew, “The divide over open-source AI, explained” (18 June 2024), accessible at: https://www.emergingtechbrew.com/stories/2024/06/18/what-is-open-source-ai Hence, the issue is how much of the training data must be made available.

3. Model weights – these are the learned connections between the material the model is trained on (numerical values that influence how much each factor has over an output, that are optimised during training).¹⁶See page 8 of the NTIA Report on “Dual-Use Foundation Models with Widely Available Model Weights” (July 2024) (“NTIA Report”), which explains AI model weights simply: “An AI model processes input – such as a user prompt – into a corresponding output, and the contents of that output are determined by a series of numerical parameters that make up the model, known as the model’s weights. The values of these weights, and therefore the behaviour of the model, are determined by training the model with numerous examples. The weights represent numerical values that the model has learned during training to achieve an objective specified by the developers.” These are crucial to determine the effectiveness of model, but are not necessarily covered under traditional open-source licences as they are not source code.

To this end, the OSI has recently released a definition of ‘open source AI’ (in October 2024)¹⁷https://opensource.org/ai/open-source-ai-definition, to cover these required components. Regardless of how the offering is characterised (as an AI system, model or weights), it must be made available under terms and in a way that grants users the freedom to use, study, modify and share the system (with or without modifications) for any purpose.

The OSI elaborates that in order to exercise these freedoms, the user must have access to the “preferred form” to make modifications to the system or its components, which includes the following elements:

1. Training data – where there must be “sufficiently detailed information about the data used to train the system so that a skilled person can build a substantially equivalent system”¹⁸https://opensource.org/ai/open-source-ai-definition. This must include a description of all data used for training (including unshareable data due to privacy and copyright issues)¹⁹The OSI has made it clear that some training data can be excluded due to privacy and copyright issues. Otherwise, if there is unfettered access to all training data, then what is open-source AI will be reduced to a very small niche of AI that is trained only on open public data – see https://hackmd.io/@opensourceinitiative/osaid-faq, disclosing the provenance of the data, its scope and characteristics, how it was obtained and selected, labelling procedures, as well as data processing and filtering methodologies. It must also include a list of where to obtain publicly available training data and data from third parties.
2. Code (both training code and inference code, and including code used for processing and filtering data);
3. Model weights.

Nevertheless, it is very much open to interpretation what training data must be shared to meet the definition, given that the parallel system need only be “substantially equivalent”, and it would depend on the relative “skill” of the person trying to reproduce the system.²⁰See commentary at https://www.juliaferraioli.com/blog/2024/on-open-source-ai/ Also, even if the developer discloses the third-party data source, the subsequent user of the model may not be granted the same permissions by the third party. ²¹See commentary at https://www.juliaferraioli.com/blog/2024/on-open-source-ai/ It is understandable that sensitive and confidential data cannot just be openly shared, but where the balance will be struck for this definition remains to be seen in practice. The French data protection regulator has suggested that synthetic data could be published instead, or subsets that would be representative of the full dataset (where any personal data has been removed).²²Page 11 of the CNIL Report

Issue 2: Can you limit what the model can be used for?

The second issue is not one that is inherent in the model (e.g. how much information is made available, as discussed above), but is a feature of the licence attached to it. This limits the freedom to make use of the model in any field of endeavour.

Responsible AI Licences (RAIL)²³See, for example, the BigScience RAIL Licence v1.0, available at https://huggingface.co/spaces/bigscience/license that have use restrictions are gaining traction,²⁴It is not compulsory to use RAIL for AI models – there are also models licensed under traditional open-source licences like MIT and Apache. See the analysis in McDuff et. al., “On the Standardization of Behavioral Use Clauses and Their Adoption for Responsible Licensing of AI”, accessible at https://arxiv.org/pdf/2402.05979. where the use restrictions not only bind the organisation that uses/builds on the model, but the organisation must also integrate these restrictions in its subsequent licence, so anyone using the modified model is also bound.

Some of the restricted uses – e.g. not to use the model to “generate or disseminate verifiably false information with the purpose of harming others” – reflect what the law already is, hence the overwhelming majority of users would not use the model in that manner, even without the licence restriction. However, some RAILs can contain unique and specific purposes – e.g. not “to provide medical advice and medical results interpretation”,²⁵See paragraph (l) in Attachment A to the BigScience RAIL Licence v1.0., in contrast to the responsible AI licence for GRID, available at https://github.com/ScaledFoundations/GRID-playground/blob/main/LICENSE so users must review the licence terms very carefully. Nevertheless, if someone is going to use an AI model for nefarious purposes, the prospect of breaching a licence condition is not going to stop them.

Separately, there are also licences that restrict who can use the model – e.g. if the person has more than 700 million monthly active users for their products/services, they must request for a permission to use the model, which the developer can decide not to grant.²⁶See for example https://github.com/meta-llama/llama-models/blob/main/models/llama3_2/LICENSE This needs to be reconciled with the OSI criteria where the license must not discriminate against any person or group of persons (even if they are competitors).

Taking a pragmatic approach to promoting the safety of AI models regardless of how “open” they are

At the end of the day, what is the practical effect of coming up with a definition for “open source” AI models? If there are no tangible benefits to meeting the OSI definition (or any other emerging definition set to become an industry standard), then there are no incentives for companies to meet it, as it would involve them releasing a sizeable amount of training data together with their AI model, and possibly exposing themselves to liability when they make it public that they have trained their model on copyrighted materials without seeking permission from the rights holder.²⁷Especially since the scope of the fair use and text and data mining exceptions are still pending before the courts.

Furthermore, some industry players have expressed the view that there is no single open-source AI definition as it would depend on the nature and purpose of the AI model.²⁸See the comments by Meta spokesperson Faith Eischen, as reported in The Verge, “Open-source AI must reveal its training data, per new OSI definition” (29 October 2024), accessible at: https://www.theverge.com/2024/10/28/24281820/open-source-initiative-definition-artificial-intelligence-meta-llama They would support a definition of open source that “most suits what they’re pushing at the moment”.²⁹Interview with GitHub’s Chief Legal Officer, “How big new AI regulatory pushes could affect open source” (17 September 2024), accessible at: https://www.emergingtechbrew.com/stories/2024/09/16/ai-regulations-open-source-development-shelley-mckinley-github. See also the view expressed by MIT Technology Review in “We finally have a definition for open-source AI” (22 August 2024), available at: https://www.technologyreview.com/2024/08/22/1097224/we-finally-have-a-definition-for-open-source-ai/, where they said “(d)escribing models as open source may cause them to be perceived as more trustworthy, even if researchers aren’t able to independently investigate whether they really are open source.”

On the regulatory front, the EU AI Act does not define “open-source” AI, but “targets certain categories of licences”,³⁰As described by the CNIL (see page 2 of the CNIL Report). covering licences for software and data, including models, “that allows them to be openly shared and where users can freely access, use, modify and redistribute them or modified versions thereof”.³¹See Recital 102 of the EU AI Act. Unlike the OSI definition, it does not require training data to be shared³²Even in the context of general-purpose AI models, recital 102 does not reference the extent of training data required – “General-purpose AI models released under free and open-source licences should be considered to ensure high levels of transparency and openness if their parameters, including the weights, the information on the model architecture, and the information on model usage are made publicly available.” to be considered open-source. But in the context of the EU AI Act, this makes sense because there are reduced obligations for certain AI models that are not monetised and fall under a “free and open-source licence”, so the definition must be one without room for ambiguity (although one could still argue one cannot freely modify the model without access to a certain amount of training data).

The USA also avoided using the term “open source”, instead calling them “dual-use foundation models with widely available model weights”.³³See the Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, issued on 30 October 2023. Its emphasis is on whether model weights are shared, the capacity of the model, as well as the resultant risks posed, rather than whether any training data must be shared and whether there can be any restrictions on downstream uses of the model, as that would be “meaningless when addressing threats posed by sophisticated threat actors who are already operating outside the law and thus don’t care about licence terms”.³⁴David Evan Harris, “How to Regulate Unsecured “Open-Source” AI: No Exemptions”, accessible at: https://www.techpolicy.press/how-to-regulate-unsecured-opensource-ai-no-exemptions/

Ultimately, the reality is that any person can open up access to their AI models without meeting the OSI open-source definition, under any licence terms they choose. Hence, searching for a definition may not matter as much as identifying what is shared in the case of each AI model made available, as the degree of sharing poses different risks (which we will address in Part 2).

In the next Parts, where “open-source” AI models is used, it will refer to the spectrum of “open-source” and “open-weights” models, and not solely to models which conform to the OSI definition. An asterisk will be used to mark out such usage. A better term may in fact be “unsecured” AI models (proposed by the Centre for International Governance Innovation), which “convey[s] not only the literal choice to not secure the weights of these AI systems but also the threat to security posed by these systems”.³⁵David Evan Harris, “Not Open and Shut: How to Regulate Unsecured AI” (6 September 2024), accessible at: https://www.cigionline.org/articles/not-open-and-shut-how-to-regulate-unsecured-ai/

Part 2: What are the risks posed by open-source* AI models?

We will cover the risks from the perspective of both users and developers of the models. We will not cover risks of erroneous, biased or toxic output, deepfakes, or leakage of confidential training data, as these concerns apply regardless of whether the model is open-source* or not.

Persons who use or modify the models released

A key concern is that if users do not have access to the training dataset, they will not know exactly what the model is trained on, which can be an issue where it comes to assessing the quality of the model and its appropriateness for the use case.³⁶“Challenges and limits of an open source approach to Artificial Intelligence” at page13, accessible at https://www.europarl.europa.eu/RegData/etudes/STUD/2021/662908/IPOL_STU(2021)662908_EN.pdf. Nevertheless, model cards are raised as a solution to this issue (which we will discuss in Part 3).

Also, it is not clear who bears liability if the model released was trained on copyrighted material by the developer, which the user used/made modifications to, as unlike a proprietary model (where the developer can offer an indemnity for IP infringement), open-source* models are released without any warranties or indemnities relating to IP infringement.

There can also be cybersecurity vulnerabilities inherent in the model, although this is not unique to open-source AI models.³⁷Also found in proprietary AI models, as well as in other open-source software.

Persons who release the open-source* models (i.e. developers)

First, developers are concerned about downstream misuse of their model. When the model weights are released, it becomes easier for people to circumvent safety features (e.g. content filters, blocklists and prompt shields to prohibit certain prompts) in the model.³⁸Page 14 of the NTIA Report. This is also because many filters are implemented post-hoc as part of the model’s inference code, “rather than fundamentally changing the behaviour of the model itself”.³⁹Page 12 of the CGAI Report. It is thus a matter of removing that one or two lines of code to make the model perform in undesired ways.⁴⁰See the anecdotal example given page 12 of the CGAI Report.

Second, once the model is released, the developer cannot “take it back” even if the model has serious flaws, as users would have a copy of that model/weights within their own computers/servers and can keep going back to it. The developer also loses control over how the model is used, as if the model was instead a closed one accessed through an API, the user’s access could be restricted remotely by revoking the access key,⁴¹See the FAQs at https://bigscience.huggingface.co/blog/the-bigscience-rail-license and the developer can also monitor the kind of prompts that go to the model and how it is being used.

Part 3: How do we mitigate the risks of open-source* AI models, looking at regulatory approaches to complement RAIL licences and other best practices?

We will first cover how regulators are looking to control the development and use of open-source* AI models. Their position can generally be summed up as: developers still have responsibilities and standards to develop against so that the model remains safe, even if they release the model without charge, and under circumstances where people can freely use and adapt it.

At the outset, it is important to note that not every open-source* AI model will be restricted or regulated. The EU and US are only going to target the most powerful models (in terms of computing power), which pose serious public safety and national security risks. We will explore the positions across Singapore, EU and the US, and then conclude with identifying general takeaways for developers/deployers.

Singapore

The position in Singapore is still nascent and references open-source* models without distinction of their capabilities (unlike the EU and US). We had earlier discussed IMDA’s proposed “shared responsibility” approach, where responsibility is allocated based on the level of control over the model development. As model developers are “the most knowledgeable about their own models and how they are deployed”, they (regardless of whether the model is released open-source, open-weights or closed-source) are expected lead the ongoing/emerging discussions on how responsibilities should be allocated.⁴²Page 8 of Gen-AI Model Framework. The IMDA also recommends that people who download open-source or open-weights models should do so “from reputable platforms to minimise the risk of tampered models”⁴³Page 8 of Gen-AI Model Framework..

The Cybersecurity Agency of Singapore also issued Guidelines on Securing AI Systems in October 2024, recommending that persons downloading AI models should evaluate these open-source models, such as by running code checking, or checking against a database with vulnerability information.⁴⁴See 2.1.9 of the CSA Companion Guide on Securing AI Systems.

USA

The US presently takes a relaxed approach towards open-source* AI models with little regulation,⁴⁵Nicole Kobie, “Open-source AI just got a major seal of approval from US regulators – but will it push developers in the right direction?” (31 July 2024), accessible at: https://www.itpro.com/software/open-source/open-source-ai-just-got-a-major-seal-of-approval-from-us-regulators-but-will-it-push-developers-in-the-right-direction but the Government will shape future strategy based on real-life issues that surface.

The Executive Order on “Safe, Secure and Trustworthy Development and Use of AI” (October 2023) directed the holding of public consultations to determine the appropriate policy and regulatory approaches for “dual-use foundation models with widely available model weights”.⁴⁶See section 4.6 of the Executive Order. This reference to “dual-use foundation models” means that the EO only targets the most powerful AI models — which contain at least 10 billion parameters⁴⁷Parameters are variables the model learns during training and are used to make predictions and decisions – see https://tedai-sanfrancisco.ted.com/glossary/parameters/. and can perform tasks that pose a serious risk to security, national economic security, national public health or safety.⁴⁸See the definition of “dual-use foundation model” in section 3(k) of the Executive Order. Separately, there are also reporting requirements for models trained on a quantity of computing power greater than 10²⁶ FLOPS, which can include dual-use foundation models (see section 4.2 of the Executive Order).

Following from the public consultations, the NTIA recommended⁴⁹See the “Dual-Use Foundation Models with Widely Available Model Weights” report (NTIA Report) issued in July 2024. that the Government should not restrict the availability of such models for now, such as by prohibiting them from being distributed, or require a person to have a licence before they can access the model weights. However, they also reserved the Government’s position to restrict certain classes of model weights in the future.⁵⁰Pages 36 and 40 of the NTIA report.

It also recommended that the Government should develop the capacity to evaluate such models for evidence of unacceptable risk, and quickly respond to such risks. The Government should take an evidence-based approach to uncovering such risks (instead of merely hypothesising), such as by looking at audit reports, issues encountered by model developers, model evaluations, and red-teaming results.⁵¹Pages 37 and 40 of the NTIA report.

EU

The EU AI Act adopts a tiered approach towards open-source* AI models:

1. The bulk of open-source* AI models (described in the Act as released under a “free and open-source licence”⁵²See recital (102) of the EU AI Act which defines a “free and open-source” licence as one that allows the model “to be openly shared and where users can freely access, use, modify and redistribute them or modified versions thereof”. It broadly matches the OSI definition of what is ‘open source AI’ in terms of freely accessing, using, modifying and redistributing, but unlike the OSI definition it is silent on whether training data has to be shared to be considered ‘open-source’.) – except for general purpose AI (GPAI) models discussed at paragraph (b) below – are not subject to regulation.⁵³See Article 2(12) of the EU AI Act. Instead, the developers are “encouraged to implement widely adopted documentation practices, such as model card and data sheets as a way to accelerate information sharing along the AI value chain”.⁵⁴See recital (89) of the EU AI Act.

   Specifically, non-GPAI open-source* AI models will only be regulated if:

1. 1. they are high-risk AI systems (where they are subject to the same requirements as closed high-risk counterparts);
   2. they are banned or prohibited AI systems under Article 5;
   3. they are AI systems that interact directly with natural persons (e.g. emotion recognition systems) as described in Article 50 – in which case there are transparency obligations (e.g. informing natural persons that they are interacting with an AI system unless it is obvious to a reasonably well-informed person; watermarking of outputs).

2. For GPAI models (i.e. AI models trained with a large amount of data, have significant generality and are capable of performing a wide range of distinct tasks – similar what the USA calls “foundation models”)⁵⁵As defined in Article 3(63) of the EU AI Act. — their treatment depends on the following:
   1. If the model is (a) not monetised (e.g. not offered for a fee, no charge for technical support); (b) released under a “free and open-source licence”; and (c) does not “presents systemic risks” (characterised by its technical capabilities where the cumulative amount of computation used for its training is greater than 10²⁵ FLOPS)⁵⁶See Article 51(2) of the EU AI Act., the developer only has to provide a summary of the content used for model training and comply with EU copyright law.⁵⁷See Article 53(2). Notably, the EU AI Act requires compliance with copyright law but doesn’t mention how to comply, so it is still an open question as to whether fair use and text and data mining exceptions apply to scraping data from the Internet to train the AI model. A GPAI model that does not fulfil criteria (a) or (b) will require maintaining technical documentation to be provided to the authorities upon request, and making available information about the model to persons who will integrate it into their own systems.
   2. However, if the model “presents systemic risks”, then regardless of whether it is monetised and the type of licence it is released under, it will be subject to the full suite of obligations across Articles 53 to 55, including the need for technical documentation, maintaining cybersecurity protections and reporting any serious incidents arising to the EU AI Office.

Best practices

From the examples above, we can see that how open-source* AI models will be evaluated and regulated is still a work in progress. However, there are safeguards (from legislation, guidelines and industry practice) that model users and developers can adopt now to ensure that open-source* AI models are developed, released and used safely. Testing and evaluation of the models (both before release, and after modifying them) would be essential regardless of whether the model is open-source*, so these will not be discussed here.

In the case of persons using/building on open-source* models, they should be able to answer the question of “do you know what you are using”:

1. Select models where the technical details, summaries of training data, intended uses, and performance on evaluation and red-teaming efforts are disclosed, over models that don’t – model cards can help with providing this information;⁵⁸Page 9 of the NTIA Report. See also Anokhy Desai, “5 things to know about AI model cards”, accessible at: https://iapp.org/news/a/5-things-to-know-about-ai-model-cards. See also a sample model card at https://ai.google.dev/gemma/docs/model_card_2 which describes how the model performs on evaluations, the risks/limitations of the model and a general overview of the types of data it was trained on.
2. Download models from reliable sources to minimise risks of tampered models;⁵⁹Page 8 of Gen-AI Model Framework.
3. Read licence terms carefully to comply with permitted uses of model.

On the other hand, model developers should consider how much of the model and related information to share:

1. Vary levels of access to model weights to “vetted” persons as an alternative to release to all persons;⁶⁰Page 9 of the NTIA Report, and page 25 of the CGAI Report on gated download access.
2. Ensure models are tested properly before release to patch vulnerabilities, because once the model and its weights are released the developer cannot “recall” it;⁶¹Page 19 of the GCAI Report.
3. Have API access to the model (akin to “dialling-in” to the model) instead of releasing it for download, so that the developer can cut off access to the model as needed;⁶²Pages 19 and 32 of the GCAI Report. and
4. Use RAILs to limit downstream use, although effective monitoring and enforcement remains an issue.

The views expressed in this article are the personal views of the author and do not represent the views of Drew & Napier LLC.

The post Open-source AI Models – What Are They, and Closing the Safety and Liability Gaps appeared first on The Singapore Law Gazette.

Introduction

Open-ended fair use and categorical fair dealing provisions both temper the exclusive rights of copyright owners to foster further creative expression by permitting secondary uses of copyrighted works, providing the primary mechanism to balance copyright protection with the broader public interest of fostering creative expression.¹See, eg, Campbell v Acuff-Rose Music, Inc 510 US 569 at 579 (1994). A number of jurisdictions also provide definitional statutory exceptions that do not require a balancing of factors, that is, it is a permitted use of copyrighted works for specific purposes so long as particular conditions are satisfied; the text and datamining (TDM) exception – called the computational data analysis exception in Singapore – is one such example. Today, the breathtaking pace of technological developments has perhaps left copyright law struggling to keep up, as traditional understandings of various copyright doctrines and legislative mechanisms are generally unable to match this speed. In the article in the Harvard Law Bulletin, it was commented that “[w]hile embracing technological change is part of the human experience, when the pace of that change seems to ramp up exponentially, the rules and regulations meant to keep that technology in check can fall further and further behind.”²Colleen Walsh, “How to think about AI: Delving into the legal and ethical challenges of a game-changing technology”, Harvard Law Bulletin, Summer 2023, 21 at 22. This two-part article discusses the fair use doctrine in Singapore in relation to internet search engines and the use of works for training generative artificial intelligence applications (GAIAs) (e.g. ChatGPT, Midjourney, Stable Diffusion).

Fair Use Codified in Copyright Act 2021

The open-ended fair use provision in the US³Copyright Act 17 USC (US) § 107 (1976). operates as a general exception that courts apply on a case-by-case basis; this is explicitly adopted in Singapore in section 191 of the Copyright Act 2021 which enumerates a non-exclusive list of four factors to be weighed to determine whether an unauthorised use is fair, and hence a permitted use.⁴It replaces the previous open-ended fair dealing in s 35(2) of the Copyright Act (Cap 63, 2006 Rev Ed). Section 191 of the Copyright Act 2021(2020 Rev Ed) provides:Subject to sections 192, 193 and 194, all relevant matters must be considered in deciding whether a work or a protected performance (including a recording of the performance) is fairly used, including —(a) the purpose and character of the use, including whether the use is of a commercial nature or is for non‑profit educational purposes;(b) the nature of the work or performance;(c) the amount and substantiality of the portion used in relation to the whole work or performance; and(d) the effect of the use upon the potential market for, or value of, the work or performance. It seems from the announcements by the Government that by renaming the open-ended fair dealing provision as “fair use”,⁵Ministry of Law & Intellectual Property Office of Singapore, Singapore Copyright Review Report (17 January 2019) at para 2.6.8 and Conclusion 6(b). Singapore’s copyright law is poised to be more future ready and able to better tackle how the copyright balance should be struck between authors/owners and the users/public.

The rapid technological developments pose a number of challenges for fair use in Singapore. First, the kaleidoscope of infringing activities made possible by technology makes it difficult to articulate ex ante clear rules as new generative artificial intelligence (AI) uses and capabilities, search engines, social media apps, time-shifting/format-shifting capabilities and prevalent online community behaviour often present novel scenarios for the application of copyright law. Second, these activities also severely test the multi-factor-inquiry of an open-ended fair use approach by requiring courts to make critical policy choices involving technological innovations such as determining the degree of public benefit in a secondary use and how likely it would supplant the commercial market for the original or its derivatives.⁶For example, Google LLC v Oracle America, Inc, 141 S Ct 1183 at 1207 (2021); Capitol Records, LLC v ReDigi Inc, 910 F.3d 649 at 662 (2nd Cir. 2018); Fox News Network, LLC v TVEyes, Inc, 883 F.3d 169 at 179 (2nd Cir. 2018) and Authors Guild v Google, Inc, 804 F.3d 202 at 223 (2nd Cir. 2015). Third, to what extent should US jurisprudence on technology-related fair use decisions influence the deliberations in Singapore?

Singapore Case Law on Fair Use

The Court of Appeal in Global Yellow Pages Ltd v Promedia Directories Pte Ltd⁷(2017) 2 SLR 185. concluded that the defendant’s scanning and photocopying of the Business Listings was fair dealing, and the court also provided significant guidance on the application of the fair dealing provision under section 35(2) of the Copyright Act.⁸Cap 63, 2006 Rev Ed. Sundaresh Menon CJ hinted at the willingness of the local courts to take greater cognisance of US and Australian decisions in this area:⁹Global Yellow Pages Ltd v Promedia Directories Pte Ltd (2017) 2 SLR 185 at (76). Section 35(2) of the old Copyright Act (Cap 63, 2006 Rev Ed) is the precursor of the new open-ended fair use provision in ss 190–191 of the Copyright Act 2021 (2020 Rev Ed).

Accordingly, although there are very few reported local cases that consider in detail the scope of and relationship between the factors in s 35(2), both American and Anglo-Australian jurisprudence will be helpful in shaping our law on fair dealing.

In respect of the first factor, the purpose and character of the dealing, it favoured fair dealing where “the defendant added to, recontextualised or transformed the parts taken”¹⁰Global Yellow Pages Ltd v Promedia Directories Pte Ltd (2017) 2 SLR 185 at (79). or where the new work was “transformative”, that is, whether it “supersede[s] the objects” of the original creation, or “adds something new, with a further purpose or different character”.¹¹Global Yellow Pages Ltd v Promedia Directories Pte Ltd (2017) 2 SLR 185 at (79) (referring to Campbell v Acuff-Rose Music, Inc, 510 US 569 at 579 (1994)). It appears that the Court of Appeal is edging towards the view of the US Supreme Court in Campbell v Acuff-Rose Music, Inc¹²510 US 569 at 579 (1994). (Campbell) when Menon CJ remarked that “we do not go as far as those cases which suggest that a commercial nature or purpose of the dealing will presumptively be regarded as unfair” and “the commerciality of the dealing is but one of the factors to be considered and it will not necessarily be fatal to a finding of fair dealing”.¹³Global Yellow Pages Ltd v Promedia Directories Pte Ltd (2017) 2 SLR 185 at (81). In fact, the court considered the application of the transformative use doctrine in Campbell (where the commerciality of the rap song “Pretty Woman” was trumped by the transformative value of the parody) and in Authors Guild v Google, Inc¹⁴Authors Guild v Google, Inc, 804 F 3d 202 (2nd Cir. 2015). (where Google’s making of digital copies of books for the purpose of enabling a search for identification of books containing a term of interest to the searcher involved a highly transformative purpose).

With respect to the first factor of fair use, the US statute requires courts to examine the “purpose and character of the use”, but neither “purpose” nor “character” is defined in the statute. Section 191 of the Singapore Copyright Act 2021 contains similar words, with the first factor being stated as “the purpose and character of the use, including whether the use is of a commercial nature or is for non‑profit educational purposes”. While there has been no local case law applying section 191, it is highly likely that courts here will look to how the US courts consider a number of relevant elements like what kind of transformation is present in the secondary work, the track record of the author of the secondary work, the extent of commentary or criticism present in the secondary work, the significance of the secondary use to research or study, as well as its public benefit.¹⁵David Tan, “The Lost Language of the First Amendment in Copyright Fair Use: A Semiotic Perspective of the ‘Transformative Use’ Doctrine Twenty-Five Years On” (2016) 26 Fordham Intellectual Property, Media and Entertainment Law Journal 311 at 325.

In response to the Campbell decision, Pierre Leval hailed Justice Souter’s opinion as “the finest opinion ever written on the subject of fair use”.¹⁶Pierre N Leval, “Nimmer Lecture: Fair Use Rescued” (1997) 44 UCLA Law Review 1449 at 1464. However, sitting as a judge in the Second Circuit Court of Appeals, he was recently more critical of the privileged position of the transformative use doctrine in copyright fair use, commenting that the fourth factor is “undoubtedly the single most important element of fair use”.¹⁷Capitol Records, LLC v ReDigi, Inc, 910 F 3d 649 at 662 (2nd Cir. 2018). In light of the US Supreme Court’s decision in Google LLC v Oracle America, Inc¹⁸141 S Ct 1183 (2021). handed down in April 2021, the transformative use doctrine seems to have taken a backseat to the fourth factor which evaluates market impact.¹⁹Google LLC v Oracle America, Inc, 141 S Ct 1183 (2021). The importance of economic impact on the licensing market of the original work was also emphasised by the majority in a later decision: Andy Warhol Foundation for the Visual Arts, Inc v Goldsmith, 598 US 508 (2023). Justice Breyer, delivering the majority’s opinion, held that: “in determining whether a use is ‘transformative,’ we must go further and examine the copying’s more specifically described ‘purpose[s]’ and ‘character’”.²⁰Google LLC v Oracle America, Inc, 141 S Ct 1183 at 1203 (2021). Furthermore, the court would “take into account the public benefits the copying will likely produce”.²¹Ibid at 1206. In Campbell, the court explained that “a use that has a distinct purpose is justified because it furthers the goal of copyright, namely, to promote the progress of science and the arts, without diminishing the incentive to create.”²²Campbell v Acuff-Rose Music, Inc, 510 US 569 at 531 (1994) (emphasis added). This was most recently reiterated in Keck v Mix Creative Learning Center LLC, 116 F.4th 448 at 454 (5th Cir. 2024). See also Hachette Book Group, Inc v Internet Archive, 115 F.4th 163 at 181 (2nd Cir. 2024). The need to discern a distinct purpose from the original was also emphasised in the majority judgment of the Supreme Court in 2023 in Andy Warhol Foundation for the Visual Arts, Inc v Goldsmith.²³Andy Warhol Foundation for the Visual Arts, Inc v Goldsmith, 598 US 508 at 527–529 and 531–532 (2023).

On the fourth factor, the effect of the use on the potential market for the value of the copyrighted work, Menon CJ, referring to Campbell, was of the view that it requires the court to consider “not only the extent of market harm caused by” the alleged infringer’s action, but also whether the defendant’s conduct, if “unrestricted and widespread”, would “result in a substantially adverse impact on the potential market” for the original and derivative works.²⁴Global Yellow Pages Ltd v Promedia Directories Pte Ltd (2017) 2 SLR 185 at (82) (citing Campbell v Acuff-Rose Music, Inc, 510 US 569 at 590 (1994)). The interplay between the fourth factor and the first factor is a controversial one, depending on one’s definition of a transformative market, a point which the court did not address. It has been observed that the “commerciality” of the secondary work (a consideration under the first factor of fair use) is a different analysis from the effect of the secondary use upon the potential commercial market for, or value of, the copyrighted work or its adaptations (a consideration under the fourth factor of fair use).²⁵David Tan, “The Transformative Use Doctrine and Fair Dealing in Singapore: Understanding the ‘Purpose and Character’ of Appropriation Art” (2012) 24 SAcLJ 832 at para 47.

Part 2 will discuss the application of fair use to two specific technological uses.

The post Copyright Fair Use in the Face of Technological Developments: Staying Ahead or Limping Behind? (Part 1) appeared first on The Singapore Law Gazette.

This article discusses the different approaches taken by the courts when dealing with the issue of exclusive use and enjoyment of common property, mapping out developments in this area of the law from Poh Kiong Kok v MCST Plan No 581 [1990] 1 SLR(R) 617, to the recent decision of Soo Hoo Khoon Peng v The MCST Plan No. 2906 [2023] SGHC 355.

Introduction

1. The question of whether a subsidiary proprietor (SP) of a strata-titled development may install awnings and air conditioner compressors outside his unit is interestingly still not quite settled.
2. Section 33(1) of the Building Maintenance and Strata Management Act 2004 (BMSMA) provides that a management corporation (MCST) may make a by-law pursuant to an appropriate resolution, conferring on an SP the exclusive use and enjoyment or special privileges in respect of the whole or any part of the common property.
3. The BMSMA does not provide a definition of what constitutes “exclusive use and enjoyment”. The plain meaning of “exclusion” in the Oxford Learner’s Dictionary is “the act of preventing somebody/something from entering a place or taking part in something”.
4. Logically, there should be a difference between “use and enjoyment” and “exclusive use and enjoyment”. To amount to “exclusive use and enjoyment” of common property, the use and enjoyment should operate to the exclusion of other SPs or the MCST from doing something that they would have been able to do. Where there is “exclusive use and enjoyment”, the requisite resolution (ordinary, special or 90%) under section 33 BMSMA to be obtained depends on the period of exclusivity.
5. If an SP uses common property which the MCST and no other SP would want to use, this would be mere “use and enjoyment”, and not “exclusive use and enjoyment”. However, consent of the MCST still has to be obtained.
6. An example of “exclusive use and enjoyment” would be where a childcare centre situated on the ground floor cordons off a part of the common playground to the exclusion of other SPs.

Decisions That Considered the Exclusive Use and Enjoyment Issue

7. The meaning of “exclusive use and enjoyment” was first considered by the High Court in Poh Kiong Kok v MCST Plan No 581 [1990] 1 SLR(R) 617. The MCST had a parking scheme where every SP was allocated a specific lot exclusive to him. Mr Poh was allocated a lot and excluded from parking in any other lot.
8. The Court held that in the absence of an exclusive use unanimous resolution under section 41(8) Land Titles Strata Act, the prevailing legislation, the MCST had no right to exclude Mr Poh from parking in any of the other lots.¹Poh Kiong Kok v MCST Plan No 581 [1990] 1 SLR(R) 617, at [20] – [21].
9. In Wu Chiu Lin v MCST Plan No. 2874 [2018] 4 SLR 966 (Sunglade), the issue was whether awnings sought to be installed by SPs in their private enclosed spaces (PES) and balconies would constitute exclusive use and enjoyment of common property. The High Court held that absent a 90% exclusive use resolution under section 33 BMSMA, Ms Wu was not allowed to build an awning in her balcony despite the fact that: –
   1. the MCST had by a special resolution at an AGM approved installation of the awnings following an approved design for all SPs;²Wu Chiu Lin v MCST Plan No. 2874 [2018] 4 SLR 966 (“Sunglade”), at [6].
   2. out of 12 SPs who made applications to install such awnings, the MCST had before the Strata Titles Board (STB) consented to let the SPs of nine ground floor units proceed with their awnings on the basis that they constituted a safety device;³Sunglade, at [12] – [13].
   3. the MCST made clear to the STB that they recognized that 83.06% of the general body voted in favour of the awnings, that their intention was simply to seek guidance and ensure the purported approval granted to the SPs to install the awnings was valid and regular, and not to unreasonably prohibit them from installing them;⁴Sunglade, at [6].
   4. there was no evidence that any other SP was being excluded from putting up awnings in their PES or balcony, and/or that anyone would want to put up an awning in Ms Wu’s balcony.
10. Sunglade was followed in MCST Plan No. 508 v Loh Sook Cheng (Loh Sook Cheng) (HC/RAS 13 of 2020, unreported). Mdm Loh sought several orders from the Court including, inter alia, that she be allowed to install two air conditioning compressors just outside the rear exterior wall of her unit (a location proposed by the MCST), an upgrade to her unit’s electrical supply and ancillary plumbing works for the installation of fire hose reels (to comply with SCDF requirements).

    Aircon compressors on the exterior common property wall of the subject property involved in the case of Loh Sook Cheng.

11. The District Court held that the works did not confer on Mdm Loh exclusive use and enjoyment of common property and furthermore many other SPs including the Chairperson and Secretary had installed air conditioning compressors, piping and cable ducts on common property without any 90% exclusive use resolution under section 33 BMSMA.⁵MCST Plan No. 508 v Loh Sook Cheng (“Loh Sook Cheng”) [2020] SGDC 159, at [22] – [23].
12. However, the High Court overturned the decision, noting that the air conditioning compressors, additional electric cables and water pipe were permanent structures installed on common property for the sole benefit of Mdm Loh, which would deprive other SPs from using and enjoying the same.

Decisions That Did Not Consider the Exclusive Use Issue

13. In Choo Kok Lin and anor v MCST Plan No. 2045 [2005] 4 SLR(R) 175 (Kentish Lodge), the SPs erected, inter alia, air-conditioning compressors on the external wall above their landscape/air well area without the MCST’s consent.⁶Choo Kok Lin and anor v MCST Plan No. 2045 [2005] 4 SLR(R) 175 (“Kentish Lodge”), [6] – [16]. The High Court dealt with this as a case of use and enjoyment of common property without the MCST’s consent. The issue was whether the compressors should be ordered to be removed. Balancing all the circumstances, the Court decided not to order their removal.⁷Kentish Lodge, at [59].
14. In Prem N Shamdasani v MCST Plan No 920 [2022] SGHC 280 (Hawaii Tower), the Appellant carried out renovation works including, inter alia, the replacement of the air conditioner compressor on the external wall, without MCST approval. The Court held that the MCST ought to have approved the renovation works, including the replacement of the air conditioner compressor, as it did not detract from the appearance of the building since there were six other units with similar air conditioner compressors on the external walls which the MCST could not do anything about.⁸Prem N Shamdasani v MCST Plan No 920 [2022] SGHC 280 (“Hawaii Tower”), at [152] – [153].
15. It is not surprising that in Kentish Lodge, Hawaii Tower and numerous cases over the years, no court or counsel considered the installation of air conditioning compressor units outside your own window, balcony or unit to amount to “exclusive use and enjoyment” of common property requiring an exclusive use resolution under section 33 BMSMA. These are all ordinary and reasonable instances of use and enjoyment of common property.

Different Tests Applied Depending on Whether Works Carried Out

16. In Kentish Lodge, the High Court was asked to grant a mandatory injunction requiring the SP to remove air-conditioning compressors erected on common property without the MCST’s approval.⁹Kentish Lodge, at [4]. Following The MCST Plan No. 1378 v Chen Ee Yueh Rachel [1993] 3 SLR(R) 630, the Court in Kentish Lodge declined to grant the order sought as it would not benefit the MCST.¹⁰The MCST Plan No. 1378 v Chen Ee Yueh Rachel [1993] 3 SLR(R) 630; Kentish Lodge, at [59]. The Court held that the MCST did not consider that the appearance of the condominium had been adversely affected by the compressors. This was especially so since other SPs had similarly installed their compressors on common property.¹¹Kentish Lodge, at [59].
17. However, in Sunglade and Loh Sook Cheng, where the SPs sought the MCST’s approval before carrying out the installations, the High Court took a different approach.
18. In Sunglade, there was evidence of awnings put up by SPs of six or seven other units similar to Ms Wu’s, all without approval and no action was taken for many years.¹²Sunglade, at [91]. This was in addition to the ground floor units which were allowed put up the awnings. Nevertheless, the High Court held that “two wrongs do not make a right” and that the obligation is on the SP to obtain a 90% exclusive resolution under section 33 BMSMA.¹³Sunglade, at [91].
19. In Loh Sook Cheng, the external wall of the building had many air conditioning compressor units put up by other SPs. There were also piping and cable ducts running outside of the units of several SPs. The District Court took the view that a party who has come to Court to seek approval of works involving the common property should be in no worse a position than a SP who had proceeded to undertake the same works without authorisation and for which the MCST is seeking a mandatory injunction.¹⁴Loh Sook Cheng, at [20].
20. The High Court in Loh Sook Cheng, in reversing the District Court’s decision, stated that the Court, in the exercise of its discretion, may consider the even-handedness of the MCST in dealing with the SPs only in cases involving the grant of a mandatory injunction. However, where a SP applies to court to compel the MCST to consent to works, the Court observed that the question is whether the works may be consented to by the MCST and that this answer does not change because other SPs might have acted in breach of section 33 BMSMA.
21. The unfortunate result from the different approaches taken is that it appears you may be better off proceeding to carry out the unauthorised works first instead of seeking proper approval before carrying out the works. This cannot be right.

Prescriptive or Descriptive Approach

22. Even if the works amount to “exclusive use and enjoyment” of common property, it should not follow that an exclusive use resolution must necessarily be passed before it can be allowed. Whilst the MCST “may” make a by-law pursuant to a 90% resolution conferring on a SP “exclusive use and enjoyment” of common property for a period exceeding three years, in which case the SP’s “exclusive use and enjoyment” of the common property during that period is protected by the by-law, it should not follow that without such by-law and 90% resolution, the SP cannot have any such “exclusive use and enjoyment”.
23. In Chan Sze Ying v MCST Plan No 2948 [2020] SGHC 88 (Chan Sze Ying), the High Court adopted a descriptive approach and held that Paragraph 3A(1) of the First Schedule of the BMSMA which states that a meeting of the MCST “may” be adjourned by a motion did not displace the residual power at common law to adjourn meetings by some other means.¹⁵Chan Sze Ying v MCST Plan No 2948 [2020] SGHC 88, at [45].
24. Another instance of the Court applying the descriptive interpretation of section 33 would be the case of The MCST Plan No 3436 v Tay Beng Huat and another [2019] SGDC 208 (The Infiniti). The District Court dismissed the MCST’s argument that the placement of a shoe cabinet along the common corridor amounted to “exclusive use” or “special privileges” which was unlawful unless there was a by-law under section 33 expressly allowing it. Instead, it held that section 33 is an empowering provision and should not be read as a restrictive provision that renders unlawful anything that might be considered “exclusive use” if the MCST has not expressly permitted it. The Court added that the latter interpretation “would render unnecessary and otiose the fine balance between the potentially competing rights of SPs in respect of the common property that the by-laws in the Second Schedule endeavour to achieve.”¹⁶The MCST Plan No 3436 v Tay Beng Huat and another [2019] SGDC 208, at [12].

Equating Exclusive Use and Enjoyment with Permanence

25. In Loh Sook Cheng, the Court held that the installation of the compressors amounted to “exclusive use and enjoyment” as they were permanent. The Court distinguished The Infiniti as the shoe cabinet was not permanent.
26. However, usage can be permanent and yet not amount to exclusive use. e.g. air-conditioning compressor outside one’s window, or electrical wires and plumbing pipes running along the common property into one’s unit as no other SP would want to use these parts of the common property. Usage can also be temporary yet amount to exclusive use and enjoyment e.g. exclusive use of three lanes of the swimming pool during the evening to conduct swimming lessons.
27. It is a question of fact in every case whether there is “exclusive use and enjoyment”. If so, then the “permanence” (i.e. the duration of use), should determine the type of resolution required under section 33 i.e. ordinary, special or 90% resolution.

Other Control Mechanisms in the BMSMA

28. A descriptive interpretation of section 33 does not imply that a SP will be entitled to do whatever they like on or to the common property, without regard to the rights of other SPs and the MCST.
29. There are provisions in the BMSMA and regulations thereunder that balance the rights and obligations of SPs and occupiers. For example, section 63 BMSMA lists the duties of SPs and other occupiers. They cannot use or enjoy the common property to interfere unreasonably with the use or enjoyment of the common property or any other lot by other SPs and occupiers.¹⁷BMSMA, s 63. The prescribed by-laws under the Second Schedule of the Building Maintenance (Strata Management) Regulations 2005 restrain various specific misuses of common property.

Mere Use and Enjoyment of Common Property

30. Where there is no “exclusive use and enjoyment” of common property, such that an exclusive use resolution under section 33 BMSMA is required, but mere “use and enjoyment” of common property, then the issue is whether the MCST should consent to the works.
31. Where the MCST consents to the works, it is hard to understand why the tribunal or court should intervene and stop the works. The BMSMA provides a legal framework for MCSTs to self-govern and manage their own estate. The SPs themselves are the best people to decide what is best for their estate.
32. Where the MCST does not consent to the works, the issue is whether taking into account all relevant factors, the MCST has been unreasonable, in which case the Board or the Court may make an order that the MCST consents to the works, as was done by the STB in Lee Lay Ting Jane v MSCT Plan No 3414 [2015] SGSTB 5 under section 111 BMSMA.

The Case of Mark Wheeler

33. Most of the cases that held that there was “exclusive use and enjoyment” of common property cited and followed Mark Wheeler v The MCST Plan No. 751 and Another [2003] SGSTB 5 (Mark Wheeler).
34. In Mark Wheeler, the SP installed an awning above the balcony of the entrance to his unit, without MCST approval.¹⁸Mark Wheeler v The MCST Plan No. 751 and Another [2003] SGSTB 5, at [13] – [21]; [28]. On the facts, the Board did not consider the MCST’s refusal to grant consent unreasonable, considering that: (a) it was the only unit with an awning; (b) the installation detracted from the theme of the development; (c) was in breach of the by-laws; and (d) resolutions to approve the installation were defeated at the AGM.
35. Although the Board also accepted the MCST’s submission that the installation of the awnings amounted to “exclusive use” which required a unanimous vote at the material time, it treated the case primarily as one of “use and enjoyment” of common property. If the Board had conclusively determined that it was a case of “exclusive use and enjoyment” of common property, the lack of consent from the MCST, let alone a unanimous resolution, would have been fatal to Mark Wheeler’s case.
36. Interestingly, the Board commented that treating a situation like this as one of “exclusive use” requiring a unanimous vote may make living in a condominium unworkable.

Approach Taken in Australia

37. Since Singapore’s strata legislation borrowed heavily from Australian provisions, it would be useful to consider some Australian decisions.
38. In Platt v Ciriello [1999] QCA 33 (Platt), the appellants were proprietors in a strata development who objected to the respondents and their tenants using common property for various purposes.¹⁹Platt v Ciriello [1999] QCA 33 (“Platt”), at p 1 – 2. The appellants in Platt argued before the Court below that the respondents’ uses of common property amounted to exclusive use and enjoyment of common property, in breach of the Building Units and Group Titles Act 1980 (BUGTA) since no “exclusive use” by-law had been passed under s 30(7) BUGTA (which is in pari materia with section 33(1) BMSMA).²⁰Platt, at p 1 – 2.
39. This argument was dismissed by Derrington J, who held that the question for determination was not whether the respondents’ uses of common property involved a use that is exclusive within the meaning of section 30(7), but whether they amounted to a use of common property in a manner or for a purpose that unreasonably interferes with the entitlement of others to use and enjoy common property under section 51(1)(c) BUGTA (which is in pari materia with section 63(c) BMSMA).
40. On appeal, the Queensland Court of Appeal by a 2:1 majority (Pincus J.A. dissenting) upheld Derrington J’s decision, expressly rejecting the prescriptive reading of section 30(7)(a).
41. Similarly, in Waller v The Owners of ‘Tranby on Swan’ – Strata Plan 2232 (1996) NSW Titles Cases 80-037, the District Court held that in each instance where exclusive use was being made of common property, the question is whether that particular use unreasonably interfered with the use and enjoyment of the common property by other SPs. This application of the descriptive interpretation means that even where there is “exclusive use and enjoyment” of common property without the requisite resolution, the Court must be satisfied that this was unreasonable before it will injunct such use.²¹Waller v The Owners of ‘Tranby on Swan’ – Strata Plan 2232 (1996) NSW Titles Cases 80-037; Teo Keang Sood, Strata Title In Singapore and Malaysia (LexisNexis, 5th Ed, 2015) at [10.43].

Conclusion

42. The decisions in Kentish Lodge and Sunglade, and the cases following either authority, would therefore appear to be inconsistent with each other. A decision of a higher court to resolve this inconsistency would be helpful.
43. In Soo Hoo Khoon Peng v The MCST Plan No. 2906 [2023] SGDC 162, the Court held that the installation of a screen at the balcony within the SP’s lot (which was essentially a ziptrack) constituted exclusive use and enjoyment of common property requiring a 90% resolution.²²Soo Hoo Khoon Peng v The MCST Plan No. 2906 [2023] SGDC 162, at [110].
44. On appeal, the High Court, in Soo Hoo Khoon Peng v The MCST Plan No. 2906 [2023] SGHC 355 opined that such installations would not always amount to exclusive use and enjoyment just because persons standing outside would be obstructed from viewing this part of the common property. The Court observed that the question of how common property may be used or enjoyed must hinge on the property’s location within the development and the role(s) it plays given that location.²³Soo Hoo Khoon Peng v The MCST Plan No. 2906 [2023] SGHC 355, at [12]. This must be a question of fact in every case.

The post From Aircons to Ziptracks – Exclusive Use of Common Property appeared first on The Singapore Law Gazette.

Specific Technological Developments and Fair Use – Two Case Studies

At the time of writing, there are over a dozen lawsuits since the start of 2023 against companies such as OpenAI and Stability AI for using copyright-protected works in the training of various AI systems,¹For example, Raw Story Media, Inc v OpenAI Inc, Case 1:24-cv-01514 (SDNY, 22 August 2024); UMG Recordings Inc, et al v Uncharted Labs Inc, Case 1:24-cv-04777 (SDNY, 24 June 2024); The Intercept Media, Inc v Open AI, Inc, Case 1:24-cv-01515 (SDNY, 6 June 2024); The New York Times Company v Microsoft Corporation, Case 1:23-cv-11195 (SDNY, 30 May 2024); Zhang, et al v Google LLC, et al, Case 3:24-cv-02531 (ND Cal, 24 April 2024); Nazemian v Nvidia Corp, Case 3:24-cv-01454 (ND Cal, 8 March 2024); Tremblay v Open AI, Case 3:23-cv-03223 (ND Cal, 16 February 2024); Andersen v Stability AI Ltd, Case 23-cv-00201-WHO (ND Cal, 30 October 2023); Getty Images (US), Inc v Stability AI, Inc, Case 1:23-cv-00135 (D Del, 3 February 2023). but there has been no judicial ruling on the merits as yet. Part 1 has provided an overview of fair use case law. This Part will focus on the analysis of whether two particular technological uses qualify as fair use – the common thread between these two uses is that both rely on TDM (text and datamining) and machine learning. Generally, TDM is an umbrella term referring to “computational processes for applying structure to unstructured electronic texts and employing statistical methods to discover new information and reveal patterns in the processed data.”²Brief of Digital Humanities and Law Scholars as Amici Curiae in Support of Defendant-Appellees at 5, Authors Guild v Google, Inc, 804 F.3d 202 (2nd Cir. 2015) (No. 13-4829). It can refer to any process using computers that creates metadata derived from something that was not initially conceived of as data; it can be used to produce statistics and facts about copyrightable works, and to render copyrighted text, sounds, and images into uncopyrightable abstractions.³Matthew Sag, “Copyright Saftety for Generative AI” (2023) 61 Houston Law Review 295 at 305-306.

1. Search Engines

Over the past two decades, search engines have emerged as a significant technology that may qualify as a transformative fair use, making images and information that would otherwise be protected by copyright searchable on the Internet. By 2020, Google has amassed a global market share of 87%, and “has become ubiquitous, often used as a transitive verb”.⁴Chuck Price, “17 Great Search Engines You Can Use Instead of Google”, Search Engine Journal (5 April 2020). Back then, other search engines, such as Bing, Baidu, Wiki, Twitter, DuckDuckGo and Startpage, while gaining popularity, still lag far behind. However, by 2024, with the rapid development of AI, the possibility of combining AI with search engines is fast becoming a reality, such as GPTGO.ai and a new Gemini model customised for Google Search. On 31 October 2024, OpenAI launched a search feature within ChatGPT, which offers numerous up-to-the-minute information such as sports scores, stock quotes, news, and the weather, powered by real-time web search and partnerships with news and data providers.⁵Hayden Field, “OpenAI launches ChatGPT search, competing with Google and Microsoft”, CNBC (31 October 2024).

Based on prevailing case law, in assessing fair use in the context of internet search engines, courts have relied heavily on the first fair use factor. In Kelly v Arriba Soft Corp,⁶336 F.3d 811 (9th Cir. 2003). it was held in 2003 that the now-defunct search engine Arriba’s creation and use of thumbnail versions of a professional photographer’s copyrighted images was fair use because the “smaller, lower-resolution images … served an entirely different function than [the] original images”.⁷Kelly v Arriba Soft Corp, 336 F.3d 811 at 818 (9th Cir. 2003). The Ninth Circuit was of the view that the original images served an artistic or aesthetic purpose but the thumbnail images, which were provided in response to a user’s search query, were incorporated into the search engine’s overall function “to help index and improve access to images on the internet and their related web sites”.⁸Ibid at 818–819. Arriba’s use was found to be transformative and the use of the thumbnail images also “benefit[ed] the public by enhancing information-gathering techniques on the internet”.⁹Ibid at 820. In the Google Images litigation, the Ninth Circuit in 2007 held that Google’s use of thumbnail images in its search engine is “highly transformative” and that “a search engine provides social benefit by incorporating an original work into a new work, namely, an electronic reference tool”, and thus Google’s use of the thumbnail images was fair use.¹⁰Perfect 10, Inc v Amazon.com, Inc, 508 F.3d 1146 at 1163–1165 (9th Cir. 2007).

In 2015, the Second Circuit similarly found that fair use protected the Google Books search engine, which employs digital, machine-readable copies of millions of copyright-protected books scanned by Google.¹¹Authors Guild v Google, Inc, 804 F.3d 202 at 220–221 and 223 (2nd Cir. 2015) (“Google Books”). The Google Books search engine enables searching for a specific term, and then provides “snippets,” or a part of a page, for users to read. The Court held that both functions involve a “highly transformative purpose of identifying books of interest to the searcher”.¹²Ibid at 218. Again the consideration of public benefit was foremost in the minds of the judges as the Court unanimously held that the search function “augments public knowledge by making available information about Plaintiffs’ books without providing the public with a substantial substitute” [emphasis in original].¹³Ibid at 207. Finally, the Court concluded that Google’s commercial motivation did not significantly outweigh these transformative uses. The search engine makes possible a new type of research known as “text mining” or “data mining”, whereby users can search across the corpus of books to determine the frequency of specified terms across time. In 2019, the Ninth Circuit distinguished these search engine cases where fair use was found, from the closed-universe search engine Digs – a service provided by Zillow, an online real estate marketplace – that does not “crawl” the web, deciding that it was not fair use there.¹⁴VHT, Inc v Zillow Group, Inc, 918 F.3d 723 at 739–740 (9th Cir. 2019). The court cautioned that:¹⁵Ibid at 742.

What we divine from these cases is that the label ‘search engine’ is not a talismanic term that serves as an on-off switch as to fair use. Rather, these cases teach the importance of considering the details and function of a website’s operation in making a fair use determination.

In summary, not all uses of works in search engines are considered fair use. Courts will still have to analyse each fair use factor on a case-by-case basis. Cases such as HathiTrust and Google Books were based on a different technological paradigm of non-expressive fair use. Generative AI systems like ChatGPT and Midjourney today, however, “produce much more than information about expression; they are now the engines of new content creation.”¹⁶Matthew Sag, “Copyright Saftety for Generative AI” (2023) 61 Houston Law Review 295 at 308. For new search engines that combine generative AI with search features, such as the new ChatGPT search, the fair use evaluation becomes more complicated. The next section attempts to understand some of the implications.

2. Generative AI

(a) Computational Data Analysis Exception

It should be noted that a TDM exception known as the computational data analysis (CDA) exception has been enacted in the Copyright Act 2021. Under the CDA exception, five stringent conditions must be fulfilled, and they include “lawful access” to the copyrighted content and that the making of a copy cannot be used for any other purpose except for identifying, extracting or analysing information/data and using that to improve the functioning of a program in relation to that type of information/data.¹⁷For an analysis of the computational data analysis exception, see David Tan & Thomas Lee Chee Seng, “Copying Right in Copyright Law: Fair Use, Computational Data Analysis and the Personal Data Protection Act” (2021) 33 SAcLJ 1032. In implementing Proposal 8 of the Copyright Review Report,¹⁸Ministry of Law & Intellectual Property Office of Singapore, Singapore Copyright Review Report (17 January 2019). section 243 of the Copyright Act 2021 introduces a specific exception for reproduction of works made for the purpose of “computational data analysis” provided that a number of conditions in section 244 are met. “Computational data analysis” is defined non-exhaustively as “using a computer program to identify, extract and analyse information or data from the work” – which is synonymous with TDM. The UK has already in place a TDM exception – albeit narrower than the Singapore version – that “a person who has lawful access to the work may carry out a computational analysis of anything recorded in the work for the sole purpose of research for a non-commercial purpose”.¹⁹Copyright, Designs and Patents Act 1988 (c 48) (UK) s 29A. For an analysis of other TDM exceptions, see Rossana Ducato and Alain M Strowel, “Ensuring Text and Data Mining: Remaining Issues with the EU Copyright Exceptions and Possible Ways Out” (2021) 43 European Intellectual Property Review 322; Martin Senftleben, “Compliance of National TDM Rules with International Copyright Law: An Overrated Nonissue?” (2022) 53 International Review Intellectual Property & Competition Law 1477; Thomas Margoni and Martin Kretschmer, “A Deeper Look into the EU Text and Data Mining Exceptions: Harmonisation, Data Ownership, and the Future of Technology” (2022) 71 GRUR International 685.

It is generally difficult to prove wholesale copying of millions of works as the various GAIAs do not disclose the training datasets, and one would have to proceed on a classic substantial similarity analysis in respect of each output text/image vis-à-vis the original work.²⁰David Tan, “Generative AI and Copyright – Part 1: Copyright Infringement” (2023) SAL Prac 24. Two salient issues are relevant: (a) whether the use of copyright-protected works for machine learning (“input”); and (b) the works created from natural language commands (“output”) are infringing copyright. To determine if there is liability, one needs to understand how the CDA exception and fair use provision in the Copyright Act 2021 may be relevant to the input and output scenarios. In Singapore, copyright law can provide a defence for such infringing uses if these uses fall under either the CDA exception²¹Copyright Act 2021 (2020 Rev Ed) ss 243–244. or the fair use provision.²²Copyright Act 2021 (2020 Rev Ed) ss 190–191. It should be noted that these permitted uses are independent of one another, and more than one exception may apply if the relevant conditions are met.²³Copyright Act 2021 (2020 Rev Ed) ss 184. Lastly, any contract term is void to the extent that it purports, directly or indirectly, to exclude or restrict the CDA exception.²⁴Copyright Act 2021 (2020 Rev Ed) ss 187(1)(c).

For the CDA exception, the five conditions to be satisfied include the user proving that the copy is made for the purpose of CDA and not for any other purpose; the user not supplying the copy to any person other than for the purpose of verifying the results of the CDA carried out by the user; the user having lawful access to the material (the first copy) from which the copy is made; and that the first copy not being an infringing copy. All five conditions must be satisfied. The Singapore legislation gives an example that “X does not have lawful access to the first copy if X accessed the first copy by circumventing paywalls” and that the use of images to train a computer program to recognise images, such as facial recognition software, as a permissible purpose. Furthermore, it is stated in the Act that “X does not have lawful access to the first copy if X accessed the first copy in breach of the terms of use of a database”.²⁵Copyright Act 2021 (2020 Rev Ed) s 244(2)(d).

For machine learning purposes, the scraping of the Internet for text and images will often circumvent paywalls or violate the terms of use, hence failing the “lawful access” requirement under s 244(2)(d) of the Copyright Act 2021. Furthermore, the making of a copy, which will involve the conversion of authorial works into a machine-readable format or, in some GAIAs, data storage, will not be for the sole purpose of analysing the data to improve the functioning of the AI in relation to that data;²⁶Copyright Act 2021 (2020 Rev Ed) s 244(2)(b). it will be for the purpose of generating new works based on that data, which is an impermissible purpose.

(b) Fair Use

There is a wealth of scholarship on training data and fair use.²⁷See, eg, Andrew W Torrance and Bill Tomlinson, “Training is Everything: Artificial Intelligence, Copyright and ‘Fair Training’” (2023) 128 Dickinson Law Review 233; Matthew Sag, “Copyright Saftety for Generative AI” (2023) 61 Houston Law Review 295; Mark A Lemley and Bran Casey, “Fair Learning” (2021) 99 Texas Law Review 743; Benjamin L W Sobel, “Artificial Intelligence’s Fair Use Crisis” (2017) 41 Columbia Journal of Law & the Arts 45. It was pointed out by Matthew Sag that US courts “have agreed that copying without permission is fair use, and thus noninfringing, in the context of software reverse engineering, plagiarism detection software, and the digitization of millions of library books to enable meta-analysis and indexing.”²⁸Sag, ibid at 304. Sag notes that:

The fair use status of nonexpressive use is not a special exception for the technology sector. Rather, the rationale for allowing for-profit and academic researchers to derive valuable data from other people’s copyrighted works is a necessary implication of the fundamental distinction between protectable original expression and unprotectable facts, ideas, abstractions, and functional elements.²⁹Ibid at 304-5.

In considering fair use as applied to generative AI systems, two fair use factors that are likely to carry the greatest weight in the analysis are: (a) what is the purpose/character of the use, namely whether the use by generative AI is “transformative”, that is, whether it changes the purpose or the nature of the original work in some way; and (b) what is the impact of the generative AI’s use on the market, that is, whether it threatens the livelihood of the original creator by competing with their works or the licensing market for their works. While I conclude that the use of copyrighted works as training data is generally not fair use, there are other scholars who argue that such a use amounts to “fair training” and is therefore fair use.³⁰Eg Andrew W Torrance and Bill Tomlinson, “Training is Everything: Artificial Intelligence, Copyright and ‘Fair Training’” (2023) 128 Dickinson Law Review 233, 245, 253-254.

In respect of the first factor, Authors Guild v HathiTrust³¹Authors Guild v HathiTrust 755 F.3d 87 at 92 (2nd Cir. 2014). is instructive – the issue was whether the digitisation of copyrighted works by 13 universities and other organisations in creating the HathiTrust Digital Library (HDL) without authorisation may constitute fair use. The US Second Circuit Court of Appeals found that the first factor weighed in favour of fair use as HDL’s enabling of full-text search “serves a new and different function from the original” and is socially beneficial.³²Ibid at 97. See also William F Patry, Patry on Copyright, vol. 4 (West, Online, 2015) at §10:21 (observing that the use in Authors Guild v HathiTrust is “socially beneficial, serves a different purpose than the original, and is in no way substitutional”). Additionally, the dealing was found to carry a “non-profit educational” purpose as the HDL was a project started by educational and non-profit institutions targeted at providing greater access to works without any “purely commercial” motive.³³Authors Guild v HathiTrust 755 F.3d 87 at 90–91 (2nd Cir. 2014).

The Ninth Circuit’s decision in Kelly v Arriba Soft Corp³⁴336 F.3d 811 (9th Cir. 2003). is also useful in understanding how the evaluation of the third factor could be applied to generative AI uses. There, it was held that the use of entire copyrighted works was necessary in situations involving search engines since copying only a part of the copyrighted work would create practical difficulties for users, thereby reducing the usefulness of the search engine. In the same vein, even if entire works were copied by web robots in the TDM context, it could be reasoned that such a taking is reasonable, considering the different purpose of the dealing (that is, to identify patterns in vast amounts of raw data); thus, the third factor might not necessarily weigh against fair use. But if the purpose of generative AI is to analyse the specific expression of particular artists, and then replicate portions of that expression in response to a text prompt, then it does not appear to be a different purpose.

In the latest US Supreme Court’s decision on fair use, the majority observed that “whether the purpose and character of a use weighs in favour of fair use is, instead, an objective inquiry into what use was made, that is, what the user does with the original work.”³⁵Andy Warhol Foundation for the Visual Arts, Inc v Goldsmith, 598 US 508 at 545 (2023). In that case, the use was Andy Warhol Foundation’s commercial licensing of Warhol’s Orange Prince (which was based on Lynn Goldsmith’s original photograph) to appear on the cover of Condé Nast’s special commemorative edition. The purpose of that use was to illustrate a magazine about Prince with a portrait of Prince, and an infringing work that portrays Prince somewhat differently from Goldsmith’s photograph (yet has no critical bearing on her photograph) was insufficient for the first factor to favour Andy Warhol Foundation, given the specific context of the use. The majority emphasised:³⁶Ibid at 546.

To hold otherwise would potentially authorize a range of commercial copying of photographs, to be used for purposes that are substantially the same as those of the originals. As long as the user somehow portrays the subject of the photograph differently, he could make modest alterations to the original, sell it to an outlet to accompany a story about the subject, and claim transformative use.

These observations are especially pertinent for images produced by GAIAs such as DALL·E, Stable Diffusion or Midjourney. If a user was looking for an image for illustrative purposes for a magazine, book, annual report or marketing brochure, and provides specific text prompts to a generative AI system to produce such an image – as opposed to licensing one directly from the original author – then the first factor is unlikely to weigh in favour of fair use. The most recent US Circuit Court of Appeals decision on fair use clearly illustrates this point. Deciding that the first factor weighed in favour of fair use despite the defendant’s reproduction of the artist’s Dog Art painting series online as part of educational art kits so that students could learn at home during the pandemic, the unanimous opinion states: “As noted, the art kits had educational objectives, while the original works had aesthetic or decorative objectives. The purpose of Mix Creative’s specific use thus was not “substantially the same” as that of the original works, and there was little threat that the art kits would serve as substitutes for the originals.”³⁷Keck v Mix Creative Learning Center LLC, 116 F.4th 448 at 455 (5th Cir. 2024). This stands in contrast to the facts in AWF v Goldsmith, where the purpose of the Foundation’s “specific use” was, according to the Supreme Court, “substantially the same” as the purpose of the original photograph. Both the original and the adaptation that the Foundation licensed to Condé Nast were “portraits of Prince used in magazines to illustrate stories about Prince.”³⁸Ibid.

The application of the fourth factor is also highly dependent on the finding of the first factor. The US Supreme Court in Campbell v Acuff-Rose Music Inc had emphasised the close linkage between the first and fourth factors, in that the more the copying is done to achieve a purpose that differs from the purpose of the original, the less likely it is that the copy will serve as a satisfactory substitute for the original.³⁹Campbell v Acuff-Rose Music, Inc, 510 US 569, 591 (1994). The Second Circuit noted that even if the purpose of the copying was for a valuably transformative purpose, such copying might nonetheless harm the value of the copyrighted original if done in a manner that resulted in widespread revelation of sufficiently significant portions of the original as to make available a significantly competing substitute.⁴⁰Authors Guild v Google, 804 F.3d 202, 223 (2nd Cir. 2015). Generally, copyright-protected works copied for data mining purposes will require extensive processing and analysis before knowledge is derived and shared. Miners must ensure that they do not reveal significant portions of the original copyrighted works to the public. Although one could argue that data mining could limit the rights owners’ expansion into a potential market (e.g. a lost opportunity to license the works⁴¹Authors Guild, Inc v HathiTrust, 755 F.3d 87, 99 (2nd Cir. 2014) (this was an argument the plaintiffs raised).) since markets are dynamic and change over time to meet new demands, the US Circuit Courts have universally dismissed this argument where only a small portion of the original works was revealed to the public. In the Google Books litigation, the Second Circuit held that “a mere revelation of 16% of the text of plaintiffs’ books overstates the degree to which snippet view can provide a meaningful substitute.”⁴²Authors Guild v Google, 804 F.3d 202, 223 (2nd Cir. 2015). In generative AI scenarios where a significant portion of an original work is reproduced in an output in response to a user’s text prompt, then one may more confidently discern a substitutive impact.

I have previously written:

Programme developers, and the organisations that invest significant resources in generative AI, will have the benefit of access to two generous but distinct provisions in the Singapore Copyright Act 2021 as a defence to their unauthorised uses of copyright-protected works. However, they must be mindful that the judicial interpretation of the fair use provision in Singapore likely remains guided by paradigmatic cases where an open-universe search engine making of a digital copy for the purpose of enabling a search for identification of books containing a term of interest involves a highly transformative purpose, and where copying from an original for the purpose of criticism, commentary, caricature, parody, or pastiche would be transformative.⁴³David Tan, “Generative AI and Copyright – Part 1: Copyright Infringement” (2023) SAL Prac 25 at para 23.

ChatGPT, Stable Diffusion, Midjourney and many other comparable GAIAs, including the new Gemini 1.5 announced by Google at the time of writing, are not search engines. A number of them are highly successful commercial enterprises, with Stability AI valued at US$1bn, and some charging a user fee for their services. It is likely that there is little transformative purpose to be found as the AI would be accessing and reproducing the creative expression in these works in the outputs, that is the works would have been appropriated for their creative elements rather than their underlying facts. Similarly, Sag concludes: “If [large language models] just took expressive works and conveyed that same expression to a new audience with no additional commentary or criticism, or no distinct informational purpose, that would be a very poor candidate for fair use.”⁴⁴Matthew Sag, “Copyright Saftety for Generative AI” (2023) 61 Houston Law Review 295, 312-313. According to Professor Rebecca Tushnet at Harvard Law School, an overhaul of copyright law is not needed as “current copyright law is clear when it comes to those employing the technology for creative use.”⁴⁵Colleen Walsh, “How to think about AI: Delving into the legal and ethical challenges of a game-changing technology”, Harvard Law Bulletin, Summer 2023, 21 at 22. The fair use provision ain’t broke, and it is poised to be able to handle the challenges of new technology. Bring it on!

This article is adapted from a presentation by Professor Tan titled “AI Learning and Copyright Law: Developments in Singapore” at the United States-Asia Comparative Copyright Roundtable in December 2024 at Waseda University in Tokyo.

The post Copyright Fair Use in the Face of Technological Developments: Staying Ahead or Limping Behind? – Part 2 appeared first on The Singapore Law Gazette.

BYOD and Disclosure in Legal Proceedings

What are the legal risks and issues if employees use personal devices in the course of employment? What are ways to mitigate some such risks? This article discusses (i) the benefits and implications of a formal Bring Your Own Device (BYOD) policy, (ii) technological measures for data security and device management; (iii) whether employers have a right to data in employees’ devices; and (iv) discovery in legal proceedings regarding such device data.

Introduction

1. It has become common for employees to use their personal devices for work.
   Many employees use their personal devices to access their company email and other communication accounts, access and store company information and documents, and access and store work-related contacts.
2. Some employers may also adopt a “Bring Your Own Device” (BYOD) approach, with or without a formal BYOD policy, benefiting from employees’ use of personal devices in the course of their service. However, what are the legal and other risks and issues for employers and employees in this regard?

Securing Data in Personal Devices

3. Employers would generally have a strong interest in ensuring the security and confidentiality of such accounts, information and documents on employees’ personal devices.
4. Employers should thus have a formal written BYOD policy which, among other things, stipulates obligations on employees to comply with acceptable use directions, and to secure and keep confidential data on their personal devices according to the organisation’s security directions. Mobile device security requirements may include the following:
   1. Specific strong password requirements;
   2. Device lock requirements after a certain amount of idle time;
   3. Prohibition against use of rooted or jailbroken devices to access company network, systems, applications or data;
   4. Whitelisting or blacklisting certain devices and models.
5. In addition, employers should consider implementing practical technological measures such as Mobile Device Management (MDM), Mobile Application Management (MAM), and Unified Endpoint Management (UEM) solutions.
6. MDM solutions enable employers to manage company accounts and data on employees’ devices, whether personal devices or company-issued devices, and are agnostic as to the device’s operating system (whether it is iOS, Android, Windows, or otherwise). It generally works by containerization i.e. segregating company accounts and data within the devices from personal accounts and data. MDM solutions would enable employers to remotely configure application and account settings, enforce device encryption, wipe company accounts and data, whitelist or blacklist certain applications, update applications and licences, and obtain device location reports, status and activity reports, and so on.
7. MAM solutions are a form of MDM solutions by way of specific software applications installed on the employees’ devices. Employers’ control is limited to the applications, and not the device generally, although MAM solutions may enable some extent of control over employees’ own non-company data without actually being able to view or access such data for the purpose of protecting the company data on the device.
8. UEM solutions are single-point suites of solutions which enable control of both on-site and off-site devices and security, and include MDM and MAM solutions as well as other security solutions such as anti-malware solutions, web control software, firewalls, etc. UEM solutions enable administrators to enforce policies which are compliant with data privacy regulations, and ensure that only authorized applications with the requisite authentication and privileges can access sensitive data.

Employer’s Right to Data in Personal Devices?

9. Employers may wish to assert ownership over work-related data stored in employees’ personal devices. In this regard, the common law does not recognise ownership over data per se because “data” is not considered “property” and the common law does not presently recognise “intangible property” other than a thing/chose in action,¹Boardman v Phipps (1967) 2 AC 46 at 127, per Lord Upjohn. Your Response Ltd v Datateam Business Media Ltd (2015) 1 QB 41 at (42); Janesh s/o Rajkumar v Unknown Person (“CHEFPIERRE”) (2022) SGHC 264 at (56). i.e. a bundle of rights which can only be claimed or enforced by action.²See UK Law Commission, “Digital Assets: Final report”, Law Com No 412, paras 3.17-3.19. For a discussion on whether data per se should be subject to private property rights, see Hu Ying, “Private and Common Property Rights in Personal Data” (2021) 33 SAcLJ 173.
10. Information and data may nonetheless give rise, or be subject, to intellectual property rights such as copyright. The general default position would be that any copyrightable work created by an employee would be owned by the employer.³Section 134, Copyright Act 2021. However, copyright does not necessitate a right to possession or control of the data.
11. Do employers have a right to access, retrieve, or inspect the information stored in employees’ personal devices?
12. Should an employee refuse to grant an employer consent or access to their personal devices, an employer probably cannot simply take things into their own hands without risking violating the law. This would include offences under the Computer Misuse Act 1993 as well as torts of conversion, detinue or breach of confidence. It is also possible that the implied duty of mutual trust and confidence in the employment relationship would be engaged.
13. As such, employers would do well to include express provisions in a formal written policy duly incorporated into employment contracts which entitle the employer to have reasonable access to company data stored on or accessible through the employees’ personal devices and accounts (such as email, communication, and cloud storage accounts).⁴See Ang Ann Liang, “Employee Investigations – The Limits To Accessing Employees’ Emails And Personal Devices”, (2023) SAL Prac 2. The policy should properly define the scope of company data, such as to include work-related documents and contact information. Consideration should be had to what mode of access and the scenarios where the request for access would be considered reasonable. This may include e.g. access under the employee’s or an independent third party’s supervision, supervised access by an independent third party, or agreed scopes of searches or imaging by an independent forensic professional. The policy should also expressly prohibit employees from deleting or disclosing any company data on their personal devices unless with the employer’s approval.
14. In a contentious scenario where an employee refuses to provide access or surrender company data pursuant to express contractual provisions, an employer may be able to apply to the Court for an order compelling the employee to deliver up and provide access to the company data even if it is stored in their personal devices. In SpaceSATS Pte Ltd v Chan Chia Sern and others [2023] SGHC 40, the plaintiff successfully sued the defendants (including former employees and seconded personnel providing services to the plaintiff) for, among other things, breach of contract to maintain confidentiality and surrender intellectual property and work products, and got an order that the defendants deliver up their personal devices to their solicitors, who were then to deliver them to IT forensic investigators appointed by the plaintiff.
15. Insofar as any data or material “has the necessary quality of confidence about it” and has been “imparted in circumstances importing an obligation of confidence”, such as to engage the equitable law of confidence, the employer may also obtain an order of delivery up of the confidential data or material, apart from an injunction restraining the wrongful disclosure of the data.⁵Clearlab SG Pte Ltd v Ting Chong Chai and others (2014) SGHC 221 at (332); c.f. I-Admin (Singapore) Pte Ltd v Hong Ying Ting and others (2020) SGCA 32 at (56), (67)-(70).
16. Indeed, it is often the case that employers enforcing their rights in legal action in contentious circumstances where the (former) employee has allegedly breached confidentiality would urgently apply ex parte / without notice for search orders or Anton Piller orders against the (former) employees. This would include searches conducted at the (former) employees’ homes (whether or not the home is owned by the employee) or subsequent workplaces.⁶See e.g. Clearlab SG Pte Ltd v Ting Chong Chai and others (2014) SGHC 221 at (22)-(29). Such search orders would involve searches into the (former) employees’ personal devices and the cloning or forensic imaging of the data on the personal devices.
17. It should however be borne in mind that the information and materials obtained from a search order would be subject to the Riddick undertaking.⁷Riddick v Thames Board Mills Ltd (1977) 1 QB 881; Amber Compounding Pharmacy Pte Ltd and another v Lim Suk Ling Priscilla and others (2019) SGHC 269 at (14); Lim Suk Ling Priscilla and another v Amber Compounding Pharmacy Pte Ltd and another and another appeal and another matter (2020) 2 SLR 912 (CA) at (43). In discussing this principle, the Singapore apex court has cautioned against over-expansive search orders, suggesting that independent computer experts would be helpful in ensuring appropriate search terms used in computer searches to meet the legitimate needs of the applicant and to preserve data integrity.⁸Lim Suk Ling Priscilla and another v Amber Compounding Pharmacy Pte Ltd and another and another appeal and another matter (2020) 2 SLR 912 (CA) at (122)-(127).
18. It is worth mentioning as regards search orders in respect of personal devices that generally, the terms of search orders would not allow a claimant to seize items which were not owned or controlled by the defendants.⁹BP Singapore Pte Ltd v Quek Chin Thean and others (2011) 2 SLR 541 (HC) at (64). In BP Singapore Pte Ltd v Quek Chin Thean and others [2011] 2 SLR 541 (HC),¹⁰BP Singapore Pte Ltd v Quek Chin Thean and others (2011) 2 SLR 541 (HC) at (62)-(67) the plaintiff executed search orders at the homes of the defendants and seized the personal devices of the defendants and their family members. The Court commented that if the devices were owned solely by the defendants’ family members, the defendants would have had no right to permit those items to be inspected or seized, and the family members would have been perfectly entitled to refuse to hand over such items. If the plaintiff had intended to also seize items belonging to the defendants’ family members, it should have specified such persons in the search orders, presumably with justification. However, this means that if there is justification for including employees’ family members and new employers in the search orders, such persons may be subject to onerous search orders.
19. This serves as a cautionary tale for (former) employees. Employees who play fast and loose with their employer’s data or confidential information may risk getting themselves, and possibly even their family members or new employers, exposed to onerous circumstances such as search orders, injunctions, and delivery up orders.

Employer’s Discovery Obligations and Personal Accounts or Devices

20. Another scenario an employer may face is when it is confronted with discovery or disclosure obligations in legal proceedings. Here, both employers and employees may face certain risks.
21. If an employer is required to comply with general or specific discovery obligations, and the relevant data which may be required to be disclosed or is in fact required to be disclosed is stored in a current or former employee’s personal devices or accounts, what is the employer and employee to do?
22. The Singapore courts have held that a litigant has a duty to take reasonable steps to search for relevant and material documents and to be satisfied that it has complied with its discovery obligations. Where documents may lie with a third party, the duty extends to making reasonable efforts to request for the relevant documents.¹¹Natixis, Singapore Branch v Lim Oon Kuin and others (2023) SGHC 301 at (32); Saxo Bank A/S v Innopac Holdings Ltd (2022) 3 SLR 964 (HC) at (63); SK Shipping Co Ltd v IOF Pte Ltd (2012) SGHCR 14 at (38); Hai Jiao 1306 Ltd and others v Yaw Chee Siew (2020) 3 SLR 142 (HC) at (47); Phones 4U (in administration) v EE Ltd and others (2021) EWCA Civ 116 at (26) and (28). Otherwise, a litigant could simply come up with a “convenient ruse” for not providing discovery, even if those documents could be easily requested from the third party. Indeed, a particularly wily defendant could even deliberately put documents within the possession of a third party in order to then use that as an excuse not to provide discovery.¹²Natixis, Singapore Branch v Lim Oon Kuin and others (2023) SGHC 301 at (32).
23. Where a litigant has the “practical ability” to access or obtain documents held in the possession of the third party, the producing party may be found to have a sufficient degree of control as to constitute power; the practical ability to obtain those documents is to be seen and assessed in context.¹³Natixis, Singapore Branch v Lim Oon Kuin and others (2023) SGHC 301 at (32); Hai Jiao 1306 Ltd and others v Yaw Chee Siew (2020) 3 SLR 142 (HC) at (46); Dirak Asia Pte Ltd and another v Chew Hua Kok and another (2013) SGHCR 1 at (35)–(37).
24. Insofar as any disclosable document is stored in a current employee’s personal device, and the employer has contractual rights of access to the company data in the employee’s personal device, the employer may possibly be deemed to have the ‘practical ability’ to access or obtain the document and may also be deemed to have the power over the document in question such that the document must be disclosed by the employer.
25. On the other hand, it may not be so clear if a party can be said to have the “practical ability” or power to access or obtain documents in a former employee’s possession, control or power. Again, this may turn on the specific terms of the employment contract.
26. In Pipia v BGEO Group Ltd [2021] EWHC 86 (Comm), at [67]-[87], the Court considered that although the former employee had ceased employment with the defendant, the express provisions of the employment contract entitled the defendant to seek a surrender of the defendant’s confidential information post-termination; this gave the defendant the right to access the former employee’s smartphone used during his employment. Accordingly, the Court ordered that the relevant documents in the phone be disclosed.
27. In contrast, in In re Pork Antitrust Litig., No. 18-cv-2022 WL 972401 (D. Minn. Mar. 31, 2022), the Court declined to order an employer to disclose text messages from the personal devices of its current employees. The BYOD policy terms of the employer did not assert ownership, control or right to access personal text messages of the employees, but merely defined company data as data that is sourced from company systems and synced between the mobile devices and its servers. The mere fact that they were employees of the company did not mean that the employer had the practical ability to demand access to data on its employees’ personal devices. The Court drew a distinction between permissibly asking for documents on one hand, and on the other hand impermissibly demanding them.
28. In Phones 4U Ltd v EE Ltd & Ors [2021] EWCA Civ 116, the Court ordered a litigant to request its former employees or agents to voluntarily allow forensic IT consultants to examine their personal devices for relevant documents, as opposed to an order against those former personnel. The order was to enable the IT consultants to search for work-related communications relating to the employer’s business that would be passed to the relevant defendant for a disclosure review to be undertaken. The IT consultants were to undertake to the court to search the devices and emails for responsive material, not to disclose any other material to the defendant or its solicitors, and to return the devices and emails to those third parties, and to delete or destroy any copies. The court noted that although the third parties’ own data were mixed with the disclosable company-related documents, the inseparability of irrelevant materials does not justify refusal to permit inspection, extraction and copying of relevant material.¹⁴Phones 4U Ltd v EE Ltd & Ors (2021) EWCA Civ 116 at (29).
29. In Fairstar Heavy Transport NV v Adkins [2013] EWCA Civ 886, the English Court of Appeal ordered that the employer/principal had the right to inspect and copy emails relating to its business which its former agent and CEO (although technically he was not an employee, but had provided services pursuant to a service agreement between the principal and his own company) had possession of in his own email account. The Court considered that the order should be for an inspection of the emails on the former agent’s computer, and permission to copy those emails;¹⁵Fairstar Heavy Transport NV v Adkins (2013) EWCA Civ 886 at (50). as a general rule, a principal is entitled to require production by the agent of documents relating to the affairs of the principal, even if the agency had been terminated;¹⁶Fairstar Heavy Transport NV v Adkins (2013) EWCA Civ 886 at (53); c.f. Phones 4U Ltd v EE Ltd & Ors (2021) EWCA Civ 116 at (10), citing Bowstead & Reynolds on Agency (21st edition, 2017). the issue of ownership or proprietary right in the contents of the emails is irrelevant.
30. Accordingly, it appears from the foregoing authorities that much turns on (i) the relevant provisions in the employment contract and BYOD policy; and (ii) the legal nature of the relationship between the litigant and the third party who is in possession of the relevant documents or data. The fact that the employee’s device in question may contain personal data or documents which are irrelevant to the scope of disclosure does not preclude an order for inspection of the device.
31. Where circumstances justify it, privacy concerns and interests of the former employee may be addressed by the appointment of an independent IT forensic consultant and perhaps additionally a supervising solicitor to supervise the inspection and access such that only such data as is required to pursue the legitimate interests of the applicant is collected.
32. It is also worth highlighting that it is likely that the Personal Data Protection Act 2012 (PDPA) does not preclude such access, inspections, or disclosure, where the employer’s disclosure obligations are engaged as a result of legal proceedings. First, if the data in question is in any event not personal data but company data, it would not fall within the scope of the PDPA. Second, in any event, the PDPA provides exemption to consent for collection, use or disclosure of personal data where necessary for any investigation or proceedings.¹⁷Paragraph 3, Part 3, First Schedule, PDPA read with section 17 of the PDPA. Section 2(1) of the PDPA defines “investigation” as “an investigation relating to — (a) a breach of an agreement; (b) a contravention of any written law, or any rule of professional conduct or other requirement imposed by any regulatory authority in exercise of its powers under any written law; or (c) a circumstance or conduct that may result in a remedy or relief being available under any law”. And “proceedings” are defined as “any civil, criminal or administrative proceedings by or before a court, tribunal or regulatory authority that is related to the allegation of — (a) a breach of an agreement; (b) a contravention of any written law or any rule of professional conduct or other requirement imposed by any regulatory authority in exercise of its powers under any written law; or (c) wrong or a breach of a duty for which a remedy is claimed under any law”.

Conclusion

33. We have considered that the express provisions of a formal written BYOD policy implemented by employers can have a wide-ranging impact on employers’ right of access to employees’ personal devices, maintaining the security and confidentiality of company-related data, and disclosure obligations in connection with legal proceedings. Employers should thus consider these scenarios and risks in developing an appropriate BYOD policy. Technological measures such as MDM, MAM and UEM solutions to manage security, confidentiality and data integrity risks should also be considered.
34. In contentious circumstances, employers and employees should note the possible risk scenarios where personal devices of current or former employees may become subject to search orders, inspection, and disclosure orders. It is therefore pertinent for employers and employees alike to take into account such risks before actively or tacitly adopting any particular BYOD policy or approach.

The post Employers’ Control of Data in Employees’ Personal Devices appeared first on The Singapore Law Gazette.

A Comparative Analysis of United Kingdom’s UniCredit Bank v RusChemAlliance and Singapore’s Anupam Mittal v Westbridge Ventures II Investment Holdings

This article offers a comparative analysis of the determination of the governing law of arbitration agreements in the UK and Singapore, focusing on the landmark cases of UniCredit Bank GmbH v RusChemAlliance LLC in the UK and Anupam Mittal v Westbridge Ventures II Investment Holdings in Singapore. It highlights the nuanced approaches both jurisdictions take in interpreting parties’ intentions regarding the governing law of arbitration agreements, especially in scenarios where such agreements lack explicit governing law provisions. The analysis highlights the absence of international consensus on this issue, with both the UK and Singapore emphasising the significance of the law of the main contract as a default governing law for the arbitration agreement, unless clear indications suggest otherwise. The article also discusses the implications of the forthcoming Arbitration Bill in the UK, which proposes a significant shift by prioritising the law of the seat of arbitration as the default governing law for arbitration agreements, unless the parties have expressly agreed otherwise. This legislative change is poised to diverge from the current common ground shared by UK and Singaporean approaches, potentially impacting how future arbitration agreements are interpreted and enforced in the UK. The anticipated divergence underscores the importance of explicitly specifying the governing law in arbitration agreements to avoid legal uncertainties and ensure the efficacy of arbitration clauses.

Introduction

1. Lord Mustill, in his leading judgment in the 1993 case of Channel Tunnel Group Ltd v Balfour Beatty Construction Ltd, definitively stated that it is “by now firmly established that more than one national system of law may bear upon an international arbitration”.¹Channel Tunnel Group Ltd v Balfour Beatty Construction Ltd (1993) AC 334 at (67). Although Lord Mustill’s explanation is now more than three decades old, his words still ring true: the determination of the governing law of arbitration agreements remains a cornerstone issue, pivotal for ensuring the efficacy and enforceability of arbitration clauses. However, it is not without considerable debate, with difficulty lying in deciding which system of law should govern the arbitration agreement when the law of the main contract differs from that of the law of the seat. The resulting arbitrability of the dispute heavily depends on this determination, which can spell profound implications for contracting parties.
2. As of the date of writing, there remains an absence of international consensus regarding the determination of the law of the arbitration agreement. In France, so-called “substantive rules” – “règles matérielles” – specify that the law of the seat will govern an arbitration agreement, including its validity and effectiveness, unless otherwise expressed by the parties to submit the arbitration agreement to another choice of law. However, the position is inversed in the United Kingdom (the UK) and Singapore: the chosen seat will not determine the law applicable to the arbitration agreement.
3. This note delves into the approach taken to determine the governing law of arbitration agreements by the UK and Singapore, in particular by placing a spotlight on the critical judgments of UniCredit Bank GmbH v RusChemAlliance LLC (UniCredit)²UniCredit Bank GmbH v RusChemAlliance LLC (2024) UKSC 30. in the UK and Anupam Mittal v Westbridge Ventures II Investment Holdings (Anupam)³Anupam Mittal v Westbridge Ventures II Investment Holdings (2023) SGCA 1. in Singapore.
4. These cases underscore the nuanced approaches English and Singapore courts have taken in deciphering the parties’ intentions regarding the governing law of arbitration agreements, especially when such agreements lack explicit governing law provisions. Through a comparative analysis, this note aims to illuminate the similarities and differences in the judicial treatment of arbitration agreements across the two jurisdictions, and highlight the potential implications of the forthcoming Bill to amend the Arbitration Act 1996 (the Arbitration Bill) in the UK.

The Approach in UniCredit Bank v RusChemAlliance (United Kingdom)

5. English law, similar to the laws of many other jurisdictions, considers an arbitration agreement as a legally separable contract, entirely distinct from the main contract (referred to as the “matrix contract”) that contains the arbitration clause. Consequently, the law governing the arbitration agreement can differ from the law applicable to the contract in which it is embedded, as was the case in Sulamérica Cia Nacional de Seguros SA v Enesa Engenharia SA [2012] EWCA Civ 638 (Sulamérica).⁴Sulamérica Cia Nacional de Seguros SA v Enesa Engenharia SA (2012) EWCA Civ 638.
6. Arbitration agreements often do not specify their governing law, which can lead to complications when the matrix contract is governed by a different jurisdiction’s law than where the arbitration occurs. Although the English Court of Appeal’s decision in Sulamérica provided some guidance, later rulings have complicated the process of identifying the governing law of an arbitration agreement.
7. Thankfully, the UK Supreme Court decisions of: (i) Enka Insaat Ve Sanayi A.S. v OOO Insurance Company Chubb⁵Enka Insaat Ve Sanayi A.S. v OOO Insurance Company Chubb (2020) UKSC 38. (Enka); and more recently, (ii) UniCredit now offer a measure of clarity on the vexed issue of how to determine the proper law of an arbitration agreement.

UniCredit Bank GmbH v RusChemAlliance LLC

8. In UniCredit, RusChemAlliance LLC (RusChem), a Russian company, entered into contracts with German firms for the construction of liquefied natural gas facilities. UniCredit issued the performance bond for these contracts. Following the European Union’s imposition of sanctions against Russia, the German contractors halted their work, leading RusChem to terminate the contracts. Subsequently, RusChem sought the repayment of advance payments and demanded the execution of the bond payments from UniCredit.
9. The bonds were governed by English law (the law of the main contract) and included an International Chamber of Commerce arbitration clause stipulating that arbitration proceedings would take place in Paris (the law of the seat).
10. However, RusChem commenced proceedings in Russia and UniCredit turned to the English courts to seek an anti-suit injunction on the basis that RusChem had breached the arbitration agreement. UniCredit, in order to establish the English court’s authority over RusChem, had to demonstrate that its claim pertained to a contract under English law. This requirement aligns with one of the “gateways” for serving proceedings outside the jurisdiction, as outlined in Civil Procedure Rules PD6B.3.1. UniCredit contended that the arbitration agreement was governed by English law, asserting that the selection of English law for the bond contract extended to the arbitration clause and all other contract clauses. Conversely, RusChem maintained that the arbitration agreement should be governed by French law, as it is the law of the arbitration’s seat, which was chosen by the parties.
11. UniCredit reaffirmed the approach in Enka, namely that the law governing the arbitration agreement will be either: (i) the law (expressly or impliedly) chosen by the parties to govern it; or (ii) the system of law with which the arbitration agreement is most closely connected. The key principles arising out of Enka, as they pertain to UniCredit, are as follows:

1. where the applicable law is not specified, the law chosen to govern the contract usually extends to the arbitration agreement, which is a component of the contract;
2. choosing a different country as the seat of arbitration does not, by itself, negate the presumption that the law selected to govern the contract is also intended to govern the arbitration agreement; and
3. in paragraph 170(iv) of Enka, the UK Supreme Court explained that there are circumstances that might suggest the parties intended for the law of the arbitration’s seat to govern the arbitration agreement. The relevant factor for the purpose of this case was that set out in paragraph 170(iv)(a): “any provision of the law of the seat which indicates that, where an arbitration is subject to that law, the arbitration agreement will also be treated as governed by that country’s law”.⁶Enka at (170).

12. Conspicuously, the UK Supreme Court stated that merely specifying a choice of seat for the arbitration does not support an inference that the parties intended the law of the seat to govern the arbitration agreement.⁷UniCredit at (50).
13. Applying the Enka test, the UK Supreme Court in UniCredit held that the arbitration clauses were governed by English law. The choice of Paris as the arbitration seat did not warrant a departure from the general rule, thereby granting the English court jurisdiction to repudiate the claim.

RusChem’s Argument

14. While the decision favoured the law of the main contract, RusChem’s argument in the dispute warrants acknowledgment. RusChem argued that Enka, specifically at paragraph 170(iv)(a), introduced an exception to the general rule that the main contract’s governing law should also apply to the arbitration agreement. This exception would be relevant if the law of the chosen seat automatically governs the arbitration agreement in the absence of an explicit stipulation – under this premise, RusChem contended that selecting such a seat implied the parties’ intention for the arbitration agreement to be governed by the law of that seat. In this scenario, RusChem posited that a French court would likely find the arbitration agreement to be governed by French law.
15. In response, Lord Leggatt, who delivered the leading judgment, rejected this argument. He clarified that the wording in paragraph 170(iv)(a) of Enka was “permissive rather than prescriptive” and that the parties should focus on the Court’s “underlying reasoning”.⁸Ibid. at (39). The core outcome of Enka was the determination that the selection of an English seat does not imply the choice of English law to govern the arbitration agreement. Lord Leggatt argued that a principle which assumes the arbitration agreement is governed by the law deemed applicable by the seat’s court would be “neither clear nor simple to apply”.⁹Enka at (55). The approach would necessitate examining the laws of the chosen foreign seat for arbitration to ascertain which law applies to the arbitration agreement. Moreover, the Court’s task is to deduce the parties’ intentions in selecting a foreign seat for arbitration – the principle proposed by RusChem was unlikely to reflect the intention of typical commercial parties.
16. UniCredit has shown that the UK maintains a consistent stance, in line with Enka, on determining the law governing the arbitration agreement – by presuming it aligns with the law of the main contract. It is against this backdrop that we explore Singapore’s approach.

The Approach in Anupam Mittal v Westbridge Ventures II Investment Holdings (Singapore)

17. Singapore’s approach to determining the law of arbitration agreement draws strong parallels with that of the UK. The decision of the Singapore Court of Appeal in Anupam affirmed the three-stage test laid out in BCY v BCZ (BCY).¹⁰BCY v BCZ (2016) SGHC 249.
18. The dispute in Anupam concerned an investment in People Interactive (India) Private Limited, an Indian company which ran the online matchmaking website “shaadi.com”. A dispute arose between the founder (Anupam Mittal) and the private equity fund (Westbridge Ventures II Investment Holdings) with respect to Westbridge’s attempt to exit the business. The claimant and respondent had previously signed a shareholders’ agreement which governed their relationship; and this shareholders’ agreement envisaged an exit by way of IPO five years on from the initial investment by Westbridge. When Westbridge saw that an impending IPO was unlikely within the specified timeframe, they engaged in discussions with a competitor, with which it shared sensitive information. As such, the shareholders’ relationship deteriorated.
19. Clause 20.1 of the shareholders’ agreement stated that the “[shareholders’ agreement] and its performance shall be governed by and construed in all respects in accordance with the laws of the Republic of India”. Further, clause 20.2 (the Arbitration Agreement) provided that all “such disputes that have not been satisfactorily resolved under Clause 20.1 above shall be referred to arbitration … and the place of arbitration shall be Singapore.” Notably, there was no express provision stipulating the law of the Arbitration Agreement.
20. The claimant (Mittal) commenced proceedings in the National Company Law Tribunal (NCLT) in Mumbai, India against Westbridge alleging minority shareholder oppression. Consequently, in March 2021, the respondent (Westbridge) proceeded with an action before Singapore’s High Court to seek an interim anti-suit injunction restraining the proceedings before the NCLT, which the respondent argued was in breach of the arbitration clause. The Singapore High Court granted the interim injunction ex parte on the basis that the arbitration agreement was breached when the claimant commenced the proceedings in Mumbai. The claimant then commenced proceedings before the Mumbai High Court, arguing that the NCLT was the “only competent forum to hear and decide the disputes”¹¹Anupam at (18). and seeking a permanent injunction to restrain the respondent from pursuing arbitration in Singapore.
21. Anupam was concerned with the appeal raised by the claimant, and the Singapore Court of Appeal had to determine whether the Arbitration Agreement was governed by Singapore or Indian law.
22. To analyse this issue, the Singapore Court of Appeal applied the three-stage test laid down in BCY (based on Sulamérica) as follows.¹²Ibid. at (40).

1. Stage 1: Whether parties expressly chose the proper law of the arbitration agreement.
2. Stage 2: In the absence of an express choice, whether parties made an implied choice of the proper law to govern the arbitration agreement, with the starting point for determining the implied choice of law being the law of the main contract.
3. Stage 3: If neither an express choice nor an implied choice can be discerned, which is the system of law with which the arbitration agreement has its closest and most real connection.[emphasis added]

23. Applying the BCY test in Anupam, it found that for the first stage the Arbitration Agreement did not constitute an express choice of law, and language providing that the underlying shareholders’ agreement was to be governed by Indian law was “insufficient to constitute an express choice of the proper law of the arbitration agreement”.¹³Ibid. at (65). The Singapore Court of Appeal ruled that an express choice of law for an arbitration agreement required “explicit language stating so in no uncertain terms”.¹⁴Ibid. at (66).
24. Proceeding to the second stage, the prevailing principle is that in the absence of explicit indications to the contrary, the law chosen for the main contract (Indian law) is presumed to apply to the arbitration agreement. Consequently, by virtue of the shareholders’ agreement between the parties being governed by Indian law, it is implied that Indian law was selected as the proper law of the Arbitration Agreement. In Sulamérica, the English Court observed that the governing law of the main contract “should only be displaced if the consequences of choosing it as the governing law of the arbitration agreement would negate the arbitration agreement even though the parties had themselves evinced a clear intention to be bound to arbitrate their disputes”.¹⁵Sulamérica at (65) and (74). While oppression claims are considered non-arbitrable under Indian law, the arbitration agreement explicitly covers disputes “relating to the management of the Company”.¹⁶Anupam at (70). Applying the Sulamérica criteria, the Singapore Court of Appeal concluded that applying Indian law would contradict the parties’ evident intention to resolve all disputes through arbitration. This constituted a sufficient indication to counter the presumption that Indian law was intended to govern the Arbitration Agreement.
25. At the third stage, the Singapore Court of Appeal determined that Singapore law, as the law of the seat, possessed the “most real and substantial connection” to the Arbitration Agreement. Therefore, Singapore law was deemed to govern the Arbitration Agreement.¹⁷Ibid. at (75).

Similarities Between the UK and Singapore’s Approaches

26. In determining the law governing arbitration agreements, the approach taken by the Singapore courts, as evidenced in the Anupam case, closely mirrors that of the English courts, as seen in the UniCredit and Enka cases. Specifically, the methodology applied in Anupam, which follows the BCY test, is consistent with the approach employed by the UK Supreme Court in the Enka case.
27. The Singapore law position posits that the law governing the main contract is a significant indicator of the law that should govern the arbitration agreement, unless there are clear indications to suggest a different intention. The mere choice of a different seat of arbitration from the law governing the main contract does not suffice to displace this initial presumption. This presumption may only be revisited if adhering to the main contract’s governing law for the arbitration agreement would lead to its invalidation, contrary to the parties’ evident intention to settle disputes through arbitration.

Arbitration Bill

28. Although the UK judiciary favours the presumption that the law governing the main contract also governs the arbitration agreement, this stance is poised for change. This shift is anticipated due to the Arbitration Bill, which is presently progressing through the UK Parliament.
29. Clause 1 of the proposed Arbitration Bill introduces a new section 6A to the Arbitration Act 1996 as follows:

“6A Law applicable to arbitration agreement

1. The law applicable to an arbitration agreement is —

1. 1. The law that the parties expressly agree applies to the arbitration agreement, or
   2. Where no such agreement is made, the law of the seat of the arbitration in question

2. For the purposes of subsection (1), agreement between the parties that a particular law applies to an agreement of which the arbitration agreement forms a part does not constitute express agreement that that law also applies to the arbitration agreement.”

30. The proposed Arbitration Bill marks a significant departure from the precedent established in UniCredit in three key aspects. First, it removes the opportunity for English courts to deduce an implied choice of law for the arbitration agreement. Second, should the parties not explicitly select a governing law for the arbitration agreement, the law of the arbitration’s seat will automatically be applied. Third, the Bill introduces a definitive rule that prioritises the law of the seat, moving away from the close connection test.
31. The introduction of the proposed Arbitration Bill is set to (largely) nullify the rule established in Enka, significantly limiting its temporal relevance. Had this Bill been in force at the time the UniCredit case was heard before the UK Supreme Court, the outcome would have differed markedly: French law would have been applicable to the arbitration agreements, and consequently, UniCredit’s argument regarding the English law being the governing law would not have prevailed.
32. Although the introduction of the new section 6A therefore signifies a new beginning, the UK Supreme Court decision in UniCredit does appear to unnecessarily complicate matters. As mentioned, the proposed new section 6A will helpfully eliminate the concept of implied choice in determining the law for the arbitration agreement. The default rule will be that the law of the seat of arbitration applies unless the parties have expressly agreed otherwise: that is clear.
33. In the UniCredit judgment, the UK Supreme Court makes reference to the newly introduced section 6A, noting that the extent to which section 6A will modify the Enka ruling hinges on the interpretation of “what the word “expressly” is taken to add to the word “agree”” at section 6A(1)(a).¹⁸UniCredit at (28). With respect, the authors find it difficult to interpret section 6A in any way other than what it says on its face: “agreement between the parties that a particular law applies to an agreement of which the arbitration agreement forms a part does not constitute express agreement that the law also applies to the arbitration agreement”.¹⁹Proposed section 6A(2) Arbitration Bill 2024. Once the new section 6A is in force, unless parties have expressly stated what the law governing the arbitration agreement is, nothing else will suffice: the law of the seat shall apply. Courts will no longer have to contend with the potential presumption that an express or implied choice was made by the parties for the law governing the main contract to also apply to the arbitration agreement.

Conclusion

34. Identifying the governing law of the arbitration agreement is crucial for protecting the interests of contracting parties. Currently, both the UK and Singapore adopt a similar stance: in instances where parties have not specified a governing law for the arbitration agreement, the chosen law for the main contract is presumed to govern the arbitration agreement as well.
35. The anticipated overhaul of the approach established in Enka by the Arbitration Bill, which passed its third reading in the House of Lords on 6 November 2024, is set to change how English courts ascertain the governing law. With the potential enactment of section 6A in the Arbitration Bill, parties requesting anti-suit injunctions from English courts to back an arbitration agreement with a seat outside England will be required to demonstrate either an explicit agreement that English law governs the arbitration agreement or establish the jurisdiction of English courts via an alternative mechanism. This represents a notable shift from the precedent in UniCredit, consequently diverging from the methodology employed by Singapore in Anupam as well.
36. Although it seems likely, if not certain, that the methods for determining the law of the arbitration agreement in the UK and Singapore will diverge in the near future, one clear aspect remains: both jurisdictions, long recognised as strong supporters of arbitration, are committed to enforcing parties’ agreements to arbitrate.
37. While governing law and arbitration clauses are frequently termed “midnight clauses” due to their tendency to be hurriedly drafted and inserted at the final stages of negotiations, the cases of UniCredit and Anupam serve as welcome reminders that to avoid being entangled in legal complications long after midnight, contracting parties would do well to explicitly specify the law governing the arbitration agreement.

The authors would like to acknowledge the valuable contribution of Choon Wee Yeo, currently studying for a BA in Law at Homerton College, Cambridge.

The post Determining the Law of the Arbitration Agreement appeared first on The Singapore Law Gazette.

With the growth of Singapore as a wealth hub in the last 10 years, there has been a corresponding growth and development in our law in related areas such as estate and trust administration, succession and mental capacity issues. This article is largely based on a 15-minute session at the Family Law Conference on 3 and 4 September 2024 on the development in the law relating to Estate and Mental Capacity practices in the last 10 years.

As with the session, it is a challenge to seek to properly capture the progress in these areas in this relatively short article. The objective is thus to provide a high-level view of the relevant case precedents in the last 10 years under each relevant topic and hopefully a springboard for further and more interesting development of the law in these areas.

Rectification of Wills

Section 28 was included in the Wills Act 1838¹This amendment was precipitated by the case Cheo Yeoh & Associates LLC v AEL (2015) 4 SLR 325, where beneficiaries who suffered losses because of an invalid Will sued the solicitor for professional negligence. On the issue of mitigation of damages, the Court of Appeal citing English cases, took the view that the claimant should seek rectification of the Will before proceeding on a claim for damages against the solicitor. The Court of Appeal however noted that the remedy of rectification was not available in Singapore. (See also, parliamentary comments by Ms Indranee Rajah on 9 May 2016, Parliament No 13, Session No 1, Volume No 94, Sitting No 20 at 4:04 pm and 4:32 pm) in 2016, after a period of almost 20 years without any amendments. There does not appear to be any Singapore reported decisions on rectification since the amendment.²In UK though, in Marley v Rawlings (2014) UKSC 2, a husband and wife had signed each other’s will. Rectification was allowed.

The Presumptions

Cheo Yeoh & Associates LLC v AEL³Cheo Yeoh & Associates LLC v AEL (2015) 4 SLR 325 importantly, set out the legal position in relation to the presumption of revocation, presumption of intestacy and doctrine of conditional revocation. The legal position is this: Firstly, the Court will determine if there is any evidence that the testator intended to revoke a will. If there is no such evidence, the question is whether the presumption of revocation is triggered (i.e. the will is burnt, torn or otherwise destroyed; or cannot be located upon the testator’s death, despite reasonable efforts).

Secondly, the presumption of revocation is rebuttable and the person seeking to rebut the presumption may rely on the doctrine of conditional revocation. It is for him to (i) show some evidence that the will has been destroyed; (ii) prove the existence of the condition upon which revocation was wholly and solely premised; and (iii) the non-fulfilment of that condition such that the will he is seeking to rely on is still valid.

Lastly, the presumption against intestacy operates as a rule of construction in a case where the testator’s intention is ambiguous and the presumption of revocation has not arisen or has been rebutted by the doctrine of conditional revocation.

These principles were applied in WEZ v WFA.⁴WEZ v WFA (2022) SGFC 62. In this case, the former wife and residuary legatee of the testator applied to admit a copy of the Will for Grant of Probate. The original of the Will could not be located. The Court took into account that the wife and the testator had divorced and the testator had in his last days asked his daughter to engage a lawyer in concluding that the former wife had failed to rebut the presumption of revocation.

Testamentary Capacity

On the issue of testamentary capacity, the law has not changed since Chee Mu Lin Muriel v Chee Ka Lin Caroline.⁵Chee Mu Lin Muriel v. Chee Ka Lin Caroline (2010) 4 SLR 373 This has been re-stated in cases such as ULV v ULW,⁶ULV v. ULW (2019) 3 SLR 1270 UWF v UWH⁷UWF v. UWH (2021) 4 SLR 314 (UWF) and WWI v WWJ⁸WWI v. WWJ (2024) SGFC 22 (affirmed on appeal (2024) SGHCF 28) (WWI).

For a valid Will, the testator must have the mental capacity to make a Will, have knowledge and approve of the contents of the Will, and be free from undue influence or the effects of fraud. The testator must also have testamentary capacity. That is, the testator must understand the nature of the act and consequences of executing the Will, know the extent of his property which he is disposing, know who his beneficiaries are, and appreciate their claims to his property and be free from an abnormal state.

In UWF, the Court clarified that undue influence in the probate context meant coercion, that is, the testator was coerced into making a Will, or part of it, which he did not want to make. The persuasion is of such intensity as to overpower his volition but without actually convincing him.

In WWI, the Court stated that an indication of testamentary capacity would be the rationality of the Will having regard to its terms and identities of the beneficiaries.

Executor, Administrator and Trustee

The division of roles between those of an administrator/executor and those of a trustee remains. The administrator/executor “calls in” the estate, collects and converts the assets into cash, and pays all the testamentary expenses, estate duty, debts and legacies. When this is done, his duty as the administrator/executor is discharged, he steps into the shoes of a trustee.⁹Foo Jee Boo v. Foo Jhee Tuang (2016) SGHC 260 and Ong Wui Teck (personal representative of the estate of Chew Chen Chin, deceased) v. Ong Wui Swoon (2019) SGCA 61

The importance of this distinction is illustrated in UJT v UJR¹⁰UJT v. UJR (2018) 4 SLR 931 (UJT) and in VIK v VIL (VIK).¹¹VIK v. VIL (2021) 3 SLR 857 In UJT, the Court pointed out that a sole personal representative of an estate has the power to sell land belonging to the deceased’s estate¹²see section 15(4) Trustees Act 1967 while by contrast, a trustee must exercise his power of sale with another trustee except where the trustee is a trust corporation.¹³see sections 15(2) and 15(3) of the Trustees Act 1967

In VIK, the issue arose as to whether the applicant was acting as an administrator or a trustee in their application to court for a power of sale. ¹⁴The Will of the testator provided the trustee (and not the administrator) with the power of sale. Section 56 of the Trustees Act 1967 (“TA”) however, applies to both an administrator and a trustee, by reason of sections 2(1) and (3) TA which defined trustee to include executors and administrators. The Court held that as not all liabilities of the estate has been paid, the applicant was acting in their role as administrators.

Whether the personal representative is an executor or an administrator affects the right of the party to litigate for the deceased’s estate. The general principle is stated by Chao Hick Tin JA in Teo Gim Tiong v Krishnasamy.¹⁵Teo Gim Tiong v. Krishnasamy Pushpavathi (legal representative of the estate of Maran s/o Kannakasabai, deceased) (2014) 4 SLR 15 Executorship takes effect from the moment of death and the executor can be substituted in place of the deceased in court proceedings, without a grant of probate. For intestacy cases, until such time as the grant of letters of administration is extracted, the cause of action of the deceased estate is vested in the Public Trustee.¹⁶See section 37 of the Probate and Administration Act 1934 The administrator could not lawfully commence or continue action on behalf of the estate, until the grant of letters of administration is extracted.¹⁷This was elaborated further in Phoa Eugene (personal representative of the estate of Evelyn Phoa (alias Lauw Evelyn Siew Chiang), deceased and personal representative of the estate of William Phoa, deceased) v Oey Liang Ho (alias Henry Kasenda) (sole executor of the estate of Wirio Kasenda (alias Oey Giok Tjeng), deceased) (2024) 4 SLR 1108 (Phoa Eugene) which held that when the grant of the application for letters of administration is obtained, the property of the intestate is vested in the administrator. The authority to administer the deceased’s estate is conferred upon the administrator only upon the extraction of the sealed grant of letters of administration. Likewise, until the reseal of a foreign grant is extracted in Singapore, the administrator has no authority to administer the deceased’s estate. See also China Taiping Insurance v Low Yi Lian Cindy (2018) 4 SLR 523. The proper party to obtain remedy on behalf of estate is the executor or administrator of the estate; on behalf and for a mentally incapable litigant is its donee or deputy. Dependents under the Workmen Injury and Compensation Act claim in their own capacity, and not that of the injured person.

The rule that only the executor or the administrator may sue is subject to the exception established locally in Wong Moy (administratrix of the estate of Theng Chee Khim, deceased) v Soo Ah Choy¹⁸Wong Moy (administratrix of the estate of Theng Chee Khim, deceased) v Soo Ah Choy (1996) 3 SLR(R) 27 (Wong Moy) which allows a beneficiary to sue on behalf of the estate. Crucially, there is no restriction as to the kinds of action that a beneficiary may institute to protect the estate’s assets, save that the beneficiary cannot be in a better position than a trustee carrying out his duties in a proper manner.¹⁹see Wong Moy at (12), (14), (24) and (28)

In Mustaq Ahmad v Ayaz Ahmed ²⁰Mustaq Ahmad (alias Mushtaq Ahmad s/o Mustafa) v Ayaz Ahmed (2024) 1 SLR 1016 (Mustaq Ahmad) the High Court exercising its appellate jurisdiction allowed the beneficiary to commence minority oppression proceedings with respect to a company in which the estate is a shareholder (as the alleged wrongdoer was also the administrator of the estate). The Court reiterated that the test remains that in Wong Moy,²¹In Sia Chin Sun v Yong Wah Poh (2019) 3 SLR 1168, where the claimant had applied to pursue the estate’s pecuniary claim, the learned Judge in the High Court had held that the Wong Moy exception only permitted a beneficiary to bring “proprietary claims to protect and preserve the assets of the estate”. In Mustaq Ahmad at (104), the Court was of the view that Sia Chin Sun v Yong Wah Poh does not stand for any legal proposition regarding limits to the types of claims that a beneficiary may bring on behalf of the estate. that is, in considering whether a beneficiary should be allowed to commence or maintain proceedings for the estate, all the circumstances of the case should be considered, including the nature of the assets, the position of the personal representative and the reason for the default of the personal representative.²²It would also be pertinent to consider whether the circumstances made it impossible or seriously inconvenient for the representative to take proceedings.

In Phoa Eugene,²³Phoa Eugene (personal representative of the estate of Evelyn Phoa (alias Lauw Evelyn Siew Chiang), deceased and personal representative of the estate of William Phoa, deceased) v Oey Liang Ho (alias Henry Kasenda) (sole executor of the estate of Wirio Kasenda (alias Oey Giok Tjeng), deceased) (2024) 4 SLR 1108 the Court held that the Wong Moy exception applied and allowed a beneficiary to be added to proceedings, despite Order 15 rule 15(1) of the Rules of Court 2014 (RoC)²⁴rule 364 of the Family Justice Rules 2014 (FJR) which only allowed one of the litigating parties to be appointed to represent the estate.

Duties of Personal Representatives

Lakshmi Prataprai Bhojwani v Moti Harkishindas Bjohwani²⁵Lakshmi Prataprai Bhojwani (alias Mrs Lakshmi Jethanand Bhojwani) v MotiHarkishindas Bjohwani (2019) 3 SLR 356 (Lakshmi) deals with the duty of an executor and trustee to account to the beneficiaries. The Court made the distinction between (1) named beneficiaries whose benefits are to be paid out based on the discretion of the trustee; and (2) persons who are members of a beneficiary class and hence possible beneficiaries. Named beneficiaries are entitled to an account from the executor/ trustee as they have an identifiable interest in the estate regardless of the manner in which the trustee’s discretion may be exercised; but not persons who are possible beneficiaries as part of a beneficiary class. A trustee’s duty to account is limited to matters which occurred in their term as a trustee and assets which were in their control as trustee. The Court may also, in its discretion, decline to make an order for an account if it will be oppressive for the trustee to do so or if there are other good reasons.

In Mustaq Ahmad v Providentia Wealth Management Ltd²⁶Mustaq Ahmad @ Mushtaq Ahmad s/o Mustafa v Providentia Wealth Management Ltd (2023) SGHCF 52 the Court stated that as a starting point, a beneficiary does not have any entitlement as of right to disclosure of trust documents. This, however, is to be balanced against the beneficiary’s right for an account and the need to maintain trust confidentiality. The Court refused the applicant’s request for disclosure of communication between the trustee and other beneficiaries.

GDR v GDL²⁷GDR v GDL (2022) SGHC 30 dealt with the law of assent. It held that assent may be given notwithstanding that there are debts and other liabilities still outstanding. Executors, when they assent, should be satisfied that the transferee is entitled to the distribution, that a valid receipt can be obtained, and the estate has sufficient funds to meet any remaining liabilities after distribution.

GDR v GDL was followed by Mustaq Ahmad v Providentia Wealth Management Ltd²⁸Mustaq Ahmad @ Mushtaq Ahmad s/o Mustafa v Providentia Wealth Management Ltd (2023) SGHCF 53. This is related to but a different decision from Mustaq Ahmad @ Mushtaq Ahmad s/o Mustafa v Providentia Wealth Management Ltd (2023) SGHCF 52 referred to above. wherein the applicant applied for interim distributions from the estate. The Court held, consistent with the decision in Ong Wui Teck v Ong Wui Soon,²⁹Ong Wui Teck (personal representative of the estate of Chew Chen Chin, deceased) v Ong Wui Soon (2019) SGCA 61 that once an executor decides that he no longer requires the estate’s assets for the satisfaction of liabilities, he should assent to the legacy; delaying distribution where there is sufficient value and liquidity is a breach of duty.

In British and Malayan Trustees Limited v Ameen Ali Salim Talib,³⁰British and Malayan Trustees Limited v Ameen Ali Salim Talib (2024) SGHC 203 (Ameen) the trustee had over the years, distributed the income of a trust based on an interpretation of a provision of the Will, which though supported by legal opinions, was held by the Court to be erroneous. The Court allowed the trustee’s application to court for recoupment of overpayment from the beneficiaries’ future distribution.

Administration Action

The Court in Ameen³¹This is an administration action which can be made under Order 80 rule 2(1) RoC or rule 786 FJR. The purpose of these administration actions is to provide guidance to personal representatives in the performance of their duties or protection to beneficiaries and creditors against the actions of personal representatives. affirmed the four categories of administration action³²As stated in PT v Cooper (2001) WTLR 901 and accepted in Foo Jee Seng v Foo Jhee Tuang (2012) 1 SLR 211 – (1) where the issue is whether some proposed action is within the trustees’ powers; (2) where the issue is whether the proposed course of action is a proper exercise of the trustees’ powers; (3) where there is a surrender of discretion to the Court (eg where the trustees are deadlocked, conflicted from acting or other reasons); and (4) where the trustees have actually taken action and the action is attacked as being either outside their powers or an improper exercise of their powers.

Of interest is the second category – where the trustee’s decision is “particularly momentous”,³³Such as on the facts of Ameen. it may be prudent for the trustee to obtain the blessing of the court for their proposed action.³⁴An interesting illustration of this is the case of Grand View Private Trust Co Ltd v Wen-Young Wong (2022) UKPC 47, a Privy Council decision on appeal from the Court of Appeal for Bermuda.

Administration of Estate

In HSBC Trustee (Singapore) Limited v Carolyn Fong Wai Lyn (Carolyn Fong),³⁵HSBC Trustee (Singapore) Limited v Carolyn Fong Wai Lyn (2016) SGHC 31 the estate was left with no liquidity after years of litigation. On the application of the administrator, the Court allowed the administrator to mortgage two properties instead of the option to sell one of the properties. A few years later, the case returned to the courts as VIK v VIL³⁶VIK v VIL (2021) 3 SLR 857 with the administrator seeking a sale of one of the properties as they had not been able to procure any mortgages. The Court held that there was no res judicata in respect of its earlier decision³⁷HSBC Trustee (Singapore) Limited v .Carolyn Fong Wai Lyn (2016) SGHC 31 declining to order a sale.

Removal of Personal Representatives

An application to remove a personal representative can be made at various junctures. In Chiang Shirley v Chiang Dong Pheng,³⁸Chiang Shirley v Chiang Dong Pheng (2015) 3 SLR 770 the applicant objected to the grant being made to the executor named in the Will, under sections 8(1) and 55 of the Probate and Administration Act 1934 (PAA). For this, the test is whether there is evidence that it would be undesirable or unsafe for the estate to be in the hands of the named executor and whether there is someone else (not in an acrimonious relationship) to pass the administration to.

In Ong Wui Swoon v Ong Wui Teck,³⁹Ong Wui Swoon v Ong Wui Teck (2015) SGDC 270 the application was made to revoke a grant to an executor under section 32 of PAA. The revocation is to be made with “sufficient cause”, which is “undue and improper administration of the estate in total disregard of the interests of the beneficiaries.” The Court will consider whether the revocation of the grant is in the interest of the beneficiaries.

In Carolyn Fong,⁴⁰HSBC Trustee (Singapore) Limited v Carolyn Fong Wai Lyn (2016) SGHC 31 the sole administrator applied to be discharged due to unpaid fees. The Court considered the removal without a replacement as an extreme remedy which would be inappropriate in most cases. The court refused the application.⁴¹Query: whether it is even possible for a sole administrator/trustee to be discharged in view of section 40 Trustees Act 1967.

Trustee’s Liability

UVJ v UVH⁴²UVJ v UVH (2020) 2 SLR 336 (lower court’s decisions at (2020) 3 SLR 1329, and (2020) 3 SLR 1355) stands for the proposition that there must be causation between breach of fiduciary duty and profit made for an account of profit.

Jurisdiction of Courts

It is important to be aware of the limits of the jurisdiction of the Family Courts.⁴³Specifically, as stated in section 26(3A) of the Family Justice Act 2014, the jurisdiction of the Family Courts is set out in sections 17(1)(a), (d), (e) and (f) and 17A of the Supreme Court of Judicature Act 1969.

In URF v URH⁴⁴URF v URH (2020) 3 SLR 314, in defending an application to propound a 2008 Will of the deceased, the defendant inter alia, challenged transfers of monies made by the deceased to the applicant in his lifetime. The Family Court held that such claims relating to inter vivos transfers are not within its jurisdiction.

Tan Zhi Wei Alan v Tan Jia Lin Jaylin⁴⁵Tan Zhi Wei Alan v Tan Jia Lin Jaylin (2023) SGHC 271 was an application made to the General Division of High Court to remove a joint administrator. The High Court dismissed the application in light of section 26(3A) of the Family Justice Act 2014 (FJA). Section 26(3A) FJA provided that if any family proceedings may be heard and determined by the Family Court or by the Family Division of the High Court, those proceedings must in the first instance be commenced in a Family Court.

Other Estate Related Issues

The Court in UAM v UAN⁴⁶UAM v UAN (2018) 4 SLR 1086 held that there is no limitation period applicable to probate claims. The defence of laches could be applied to probate proceedings, but given the policy to give effect to the wishes of the testator, the threshold for the defence of laches is higher than in others.

The Court in Chye Seng Kait v Chye Seng Fong⁴⁷Chye Seng Kait v Chye Seng Fong (executor and trustee of the estate of Chye You, deceased) (2021) 2 SLR 1131 held that the deceased’s intention for the right of survivorship to apply was clear in clause 2 of the Will, and accordingly the jointly held assets were gifted to the surviving owner. The Court’s approach in a case where the Will provides for the application of resulting trust (so that the jointly held asset is to be dealt with according to the provisions of the Will) is less clear but definitely more interesting.⁴⁸See for instance, Khoo Phaik Eng Katherine v Khoo Phaik Ean Patricia (2023) SGHC 314

In relation to claims by or against the estate, the Court stated that it is the duty of the executor to determine the extent of assets and liabilities of the deceased and act diligently and reasonably in realising the assets. It is for the executor to balance between whether there was a cause of action and the potential value of the cause given the costs to the estate.

The Court further endorsed the practice of including a condition of acceptance of the estate’s account in the final distribution of the residuary estate.

VTL v VTM⁴⁹VTL v VTM (2021) SGHCF 30 held that a mutual will (i.e. a Will which is executed by a testator pursuant to an agreement not to revoke) takes precedence over subsequent wills.

Determination of Mental Capacity

The locus classicus remains set out in the Court of Appeal decision in Re BKR.⁵⁰Re BKR (2015) 4 SLR 81 The test as to whether a person lacks capacity is set out in section 4 of the Mental Capacity Act 2008 (MCA). It is decision-specific and time-specific with a clinical component (impairment of, disturbance in the functioning of the mind or brain) and a functional component (inability to make that particular decision at the material time). The Court will require expert evidence for the clinical component while the functional component is a question for the Court⁵¹As the assessment as to whether a person has mental capacity is fact-driven, the Court is watchful as to the evidence before the Court. The Court placed little weight on video recordings which are edited or do not provide context (see WEW v WEX (2022) SGFC 60; (2022) SGHCF 32, but contrast with the weight placed on video recording in Goh Yng Yng Karen (executrix of the estate of Liew Khoon Fong (alias Liew Fong), deceased) v Goh Yong Chiang Kelvin (2021) 3 SLR 896), medical reports obtained from “doctor shopping” or where doctors are not properly briefed or even mis-represented to (see VKX v. VKW (2024) SLR(FC) 18). for which there is limited scope for medical experts.

The fact that a person has a medical impairment does not necessarily mean that he lacked mental capacity.⁵²ULP v ULS (2021) 5 SLR 1291

In BUV v BUU,⁵³BUV v BUU (2020) 3 SLR 1041 based inter alia, on P’s performance under cross examination, the Court held that P did not have the requisite mental capacity. The Court held that the “assistance” to be provided to P for his decision making in sections 3(3) and 5(2) MCA refers to “facilitative assistance” which is aimed at helping a person retain his decision-making ability. There must be a base level of capacity.⁵⁴See also WWI v WWJ (2004) SGFC 22

Goh Yng Yng Karen v Goh Yong Chiang Kelvin⁵⁵Goh Yng Yng Karen (executrix of the estate of Liew Khoon Fong (alias Liew Fong), deceased) v Goh Yong Chiang Kelvin (2021) 3 SLR 896 followed the approach in Re BKR as to the interaction between mental impairment and undue influence. The Court will have regard of the actual circumstances holistically and decide whether the undue influence caused P to be unable to make decisions.⁵⁶In ULP v ULS (2021) 5 SLR 1291, it was held that though P had the mental capacity to execute her Lasting Power of Attorney (LPA), she was under undue influence from her son. Her LPA was revoked.

Choice of Deputies

VUW v VUT⁵⁷VUW v VUT (2021) SGHCF 41 overruled the practice of appointing one plaintiff and one defendant as deputies.⁵⁸The learned Debbie Ong J held that it is not appropriate or practical as the opposing interests of the deputies where trust was lacking may negatively impact the welfare of P. Given P’s need for consistent and constant care, neither was it in P’s interest for P to be cared for in alternate weeks by each deputy.

Statutory Wills

BHR v BHS⁵⁹BHR v BHS (2013) SGDC 149 deals with the Court’s exercise of its power⁶⁰Section 23(1)(k) MCA to execute a Will for P. The overarching principle is the best interest of P, including but not limited to the factors set out in section 6 MCA.⁶¹in particular sections 6(8) and (9) MCA The learned DJ Foo Tuat Yien held that the weight to be attached to the different factors may differ depending on the circumstances of each case and features or factors of “magnectic importance” will have decisive influence on its determination. These can include how P will be remembered⁶²TCZ v TDA, TDB and TDC (2015) SGFC 63 and the provisions in P’s previous Will.⁶³P’s previous Will is a relevant written statement, but the weight to be given to it will depend upon the circumstances under which it was prepared (for instance, whether P lacked capacity). The Court should not refrain from directing the execution of a statutory will where the validity of an earlier will is in dispute. The existence and nature of the dispute and the ability of court to investigate the issues which underlie it are relevant in deciding whether it is in P’s best interest to order the execution of a statutory Will.

Other Mental Capacity Related Issues

In Re TQR,⁶⁴Re TQR (2016) SGFC 98 Colin Tan DJ set out the considerations in granting investment powers to the deputy.⁶⁵These include whether P has enough assets for investment, the relationship between the deputy and P in particular, whether the deputy is a close relative or a future beneficiary of P, and the safeguards for bad investments.

WBK v WBL⁶⁶WBK v WBL (2024) SLR(FC) 192 provided guidance as to the powers of a donee for personal welfare. The Court took into account that the donor has chosen to empower the donee. Accordingly, the donee may place restrictions on access to P so long as these are not unreasonable. The donee is not required to consult with others, including P’s family members, as to the medical care of P and may instruct doctors to communicate with the donee only.

The Court in ULP v ULS⁶⁷ULP and others v ULS (2018) SGFC 43 set out the options available to an applicant to obtain a medical report on P.⁶⁸Applications may be made under section 20(2) MCA for the Court to authorise, on P’s behalf, the release of P’s medical record; under section 18(2)(a) MCA for the Court to direct the donee of an LPA not to object to the release of medical records; under rule 495 FJR to administer interrogatories to non-party; and/or to issue a subpoena for the production of the medical records. Section 36 MCA is for situations where an order is needed urgently to protect P’s interests and not for the production of medical reports. Likewise, paragraph 19 of the First Schedule of the Supreme Court of Judicature Act 1969 allows orders to be made for medical examination of a person who is a party to the legal proceedings.⁶⁹Goh Tze Chien v Tan Teow Chee (2024) SGHC 1

The Court in WLR v WLT⁷⁰WLR v WLT (2023) 5 SLR 1372 held that section 23(1)(d) MCA does not give the Court power to appoint a deputy as a director.

Where tortfeasors apply to be joined as a party in legal proceedings for appointment of deputies, the court in TWD v UQE⁷¹TWD v UQE (2019) 3 SLR 662 held that the relevant provision is rule 178(2) of the Family Justice Rules 2014 (FJR) and not Order 15 rule 6(2)(b) RoC. To allow such joinders, the advantage of the joinder had to outweigh the disadvantages.

Practice Reminders

The various cases in these areas in the last 10 years also illustrated the unusual position which lawyers may find themselves in, whether dealing with other family members of the client, dealing with a client who may have been alleged to lack mental capacity or putting in place legal documentation to facilitate the intention of the client. While trite, it remains a good reminder that as an advocate and solicitor, the lawyer may owe other duties, in addition to the duty to act in the best interest of the client.

The Court of Appeal has stated in several cases⁷²See for example, Kuek Siang Wei v Kuek Siew Chew (2015) 5 SLR 357, Mahidon Nichiar bte Mohd Ali v Dawood Sultan Kamaldin (2015) 5 SLR 62 involving family arrangements that the solicitor acting for the administrator or executor may owe a duty to the beneficiaries and potential beneficiaries and there are possibilities of conflicts of interest. The solicitor should be conscious of these and consider the beneficiaries’ need for independent legal advice and/or full and frank disclosure of opinions rendered by the solicitors.

Powers of attorney, when executed, may be used against the interest of the donor. Accordingly, solicitors must be conscious of the standard expected of lawyers in discharging their duties to client in the execution of powers of attorney.⁷³Goh Yng Yng Karen (executrix of the estate of Liew Khoon Fong (alias Liew Fong), deceased) v Goh Yong Chiang Kelvin (2021) 3 SLR 896. The solicitor is expected to speak with the client first, and take sufficient steps to satisfy himself that the client has mental capacity. Charging a small fee is not an excuse for cutting corners.

The post Development in the Law Relating to Estate and Mental Capacity Practices 2014 to 2024 appeared first on The Singapore Law Gazette.

Singapore Vs. the European Union

The article examines Singapore’s innovation-driven AI and data protection frameworks, contrasting them with the EU’s rights-centric governance model exemplified by regulations like the Model AI Governance Framework and the proposed AI Act. It explores their historical, cultural, and socio-legal foundations while offering practical strategies for businesses to navigate these divergent systems. Companies that balance innovation with ethical responsibility can align their operations with evolving global standards while effectively addressing challenges posed by fragmented regulatory landscapes.

The rapid proliferation of Artificial Intelligence (AI) and the increasing importance of data protection have created a complex global regulatory landscape. With its unique approach to fostering innovation and economic growth through voluntary frameworks and self-regulation, Singapore and the European Union (EU), which prioritises safeguarding individual rights via robust, binding regulations that impose significant business obligations, represent two distinct paradigms in addressing these challenges. These contrasting approaches reflect more profound cultural and socio-legal philosophies.

Singapore actively creates a regulatory environment that attracts investment and fosters technological advancements by minimising compliance barriers. For example, the Personal Data Protection Act (PDPA) allows organisations to use “deemed consent” in specific situations, while the Model AI Governance Framework provides voluntary guidelines for developing artificial intelligence.

On the other hand, the EU’s General Data Protection Regulation (GDPR) and proposed AI Act embody a rights-centric ethos, ensuring transparency, accountability, and fairness through enforceable legal instruments.

Navigating such divergent frameworks requires nuanced strategies for businesses operating across these jurisdictions. This article profoundly explores these differences, highlighting their historical underpinnings and practical implications for companies. It also offers personal perspectives on how businesses can align their operations with evolving global standards while balancing innovation with ethical responsibility.

Globally, regulatory approaches to AI and data protection vary widely. The United States adopts a sectoral approach, relying on industry-specific regulations, while China emphasises state control and national security in its governance of AI and data privacy. These differences underscore the complexity of achieving global harmonisation in AI and data governance, making the comparison between Singapore and the EU particularly instructive.

1. Artificial Intelligence Regulation: A Comparative Perspective

1.1 Singapore’s Innovation-Driven Framework

Singapore has long aimed to position itself as a global nexus for advanced technologies by fostering public-private partnerships and promoting AI research through funding initiatives. Its regulatory stance aligns with this ambition by emphasising flexibility and industry-led best practices rather than prescriptive laws.

The Model AI Governance Framework is at the core of Singapore’s approach, which advocates transparency, accountability, and fairness in AI development without imposing binding obligations.¹IMDA developed Singapore’s Model AI Governance Framework to guide ethical AI deployment through transparency, accountability, and fairness. Accessible at https://www.imda.gov.sg/ To assist organisations in managing risks, Singapore introduced AI Verify, a tool that enables companies to assess potential biases or vulnerabilities in their AI systems.²AI Verify is a self-assessment tool launched by Singapore to evaluate the trustworthiness of AI systems.

For example, a local healthcare start-up might use AI Verify to detect demographic biases in diagnostic algorithms before public deployment. However, such tools may not address high-risk scenarios uniformly across industries without enforceable mechanisms.

For example, autonomous vehicle malfunctions or algorithmic discrimination in hiring processes could remain inadequately regulated, leaving liability to civil litigation rather than statutory obligations.

The absence of enforceable mechanisms leaves liability primarily to civil litigation, which relies on corporate goodwill rather than statutory obligations. Singapore’s “light-touch” approach fosters rapid innovation by reducing business compliance burdens.

Start-ups in sectors like fintech or autonomous mobility benefit from fewer regulatory hurdles, allowing them to prototype and deploy solutions quickly.

However, companies targeting global markets must prepare to meet stricter international standards, particularly if they intend to operate within jurisdictions like the EU.

Consider the case of a Singaporean fintech company developing AI-driven credit scoring models. The company benefits from reduced compliance burdens under Singapore’s framework but faces significant challenges when expanding into jurisdictions like the EU, where stricter standards under the AI Act apply. This duality highlights the need for businesses to adopt scalable compliance strategies that accommodate varying regulatory landscapes, ensuring they are well-prepared for the challenges of operating in multiple jurisdictions.

While Singapore’s voluntary framework has successfully fostered innovation, growing international scrutiny of AI ethics may necessitate a shift toward hybrid models that combine flexibility with enforceable obligations for high-risk applications.

For instance, mandatory risk assessments for autonomous vehicles or facial recognition technologies could enhance public trust without stifling innovation. A Singaporean healthcare start-up using AI Verify to detect biases in diagnostic algorithms illustrates how voluntary tools can drive ethical AI practices, offering a hopeful vision for the future of AI innovation. However, without binding obligations, such measures may not be uniformly adopted across industries, potentially leaving gaps in accountability.

1.2 The EU’s Rights-Driven Approach

The EU’s proposed AI Act adopts a comprehensive risk-based classification system to mitigate potential harms associated with AI technologies.³The European Union’s Artificial Intelligence Act introduces a risk-based classification system for AI applications. High-risk applications — such as those used in law enforcement or employment — must meet stringent requirements for human oversight, transparency, and documentation.⁴Prohibited AI systems under the EU framework include applications like social scoring by governments. For instance, a European company developing AI-powered hiring tools must navigate extensive documentation and human oversight requirements under the AI Act. While these measures increase compliance costs, they also enhance consumer trust and attract privacy-conscious clients, demonstrating how robust regulations can serve as a competitive advantage.⁵High-risk AI systems require compliance with transparency obligations and mechanisms for human oversight.

Non-compliance can result in fines of up to 7% of global annual revenue.⁶Non-compliance with the EU’s Artificial Intelligence Act can result in penalties of up to €35 million or 7% of global annual turnover. This rigorous approach reflects Europe’s historical experiences with authoritarian regimes and its cultural emphasis on protecting individual rights. The EU views AI as a technological advancement deeply intertwined with social justice and ethical responsibility.

For businesses operating within the EU, compliance involves significant investments in algorithmic audits, impact assessments, and internal governance structures. While these measures increase operational complexity and costs, they also enhance consumer trust by demonstrating adherence to high ethical standards. This can be a significant competitive advantage in the global market, particularly for businesses that cater to privacy-conscious clients.

A European company developing AI-powered hiring tools might face extensive documentation and human oversight requirements under the AI Act. Despite these hurdles, achieving compliance could enhance its reputation among privacy-conscious clients and investors, demonstrating how robust regulations can serve as a competitive advantage in global markets. However, these regulations pose challenges, such as increased compliance costs and operational complexity. Understanding and navigating these implications is crucial for businesses operating within the EU, empowering them with the knowledge they need to succeed.

The EU’s rights-centric approach sets a global benchmark for ethical AI governance. This model may influence other regions to adopt similar frameworks, particularly as public demand for transparency and accountability grows. For instance, a European company developing AI-powered hiring tools must navigate extensive documentation and human oversight requirements under the AI Act. While these measures increase compliance costs, they also enhance consumer trust and attract privacy-conscious clients. The EU’s approach could shape the global AI market, influencing the development and deployment of AI technologies worldwide.

2. Data Protection Laws: Diverging Priorities

2.1 Singapore’s PDPA

The PDPA reflects Singapore’s pragmatic approach to balancing business efficiency with privacy protection.⁷Singapore’s Personal Data Protection Act (PDPA) emphasizes principles such as consent, purpose limitation, and data security while allowing deemed consent under specific conditions. It allows for “deemed consent” under certain conditions while requiring reasonable security measures for personal data processing. Unlike the GDPR, it does not mandate data erasure or portability rights. This flexibility benefits small businesses by reducing compliance costs but may create challenges for multinational firms managing cross-border data flows. For example, companies adopting GDPR-level protections globally might find Singapore’s framework less aligned with stricter jurisdictions like Europe. A multinational e-commerce platform operating in Singapore might implement GDPR-level protections globally to streamline operations across jurisdictions. While this approach ensures consistency, it also highlights how Singapore’s lighter framework can sometimes fall short of meeting global expectations for data protection.

While “deemed consent”’ provisions reduce compliance burdens for businesses, they may risk undermining consumer trust if individuals feel their privacy is insufficiently protected.

More straightforward guidelines on how companies should implement these provisions could help strike a better balance between efficiency and accountability. For example, a multinational e-commerce platform operating in Singapore might adopt GDPR-level protections globally to ensure consistency across jurisdictions. This approach highlights how Singapore’s lighter framework can sometimes fall short of meeting global expectations for data protection.

2.2 The EU’s GDPR

The GDPR is considered one of the world’s most stringent data protection frameworks. It establishes individual rights, including access to personal data, the right to erasure, and data portability.⁸The EU’s General Data Protection Regulation (GDPR) grants extensive individual rights over data processing activities. At the same time, it imposes strict obligations on businesses to justify every purpose for processing data.

One significant aspect of the GDPR is its extraterritorial effect, which means that even businesses outside the EU that handle the data of EU residents must comply with its rules. While this requirement can create considerable compliance challenges for smaller companies looking to enter European markets, it also enhances their reputation by demonstrating a commitment to responsible data governance practices.⁹GDPR non-compliance can lead to fines of up to €20 million or 4% of global annual turnover.

Consider a U.S.-based tech company expanding into Europe. Achieving GDPR compliance mitigates legal risks and enhances its reputation among European consumers, prioritising data privacy — and demonstrating how stringent regulations can drive competitive advantages in global markets. The GDPR’s extraterritorial reach ensures robust data protection globally but creates significant challenges for non-EU companies. This expansive scope underscores the EU’s commitment to setting global standards but raises questions about its long-term sustainability as data ecosystems grow increasingly complex.

3. Practical Implications of the Differences

3.1 Compliance Strategies and Operational Complexity

Operating across Singapore and the EU presents businesses with a fragmented compliance landscape due to the stark differences in their regulatory frameworks.

In Singapore, companies benefit from a more permissive environment that allows rapid prototyping and innovation without excessive oversight requirements. For instance, a start-up in Singapore can rely on voluntary AI frameworks like the Model AI Governance Framework and “deemed consent” standards under the PDPA, which reduce administrative burdens.

However, this flexibility can create challenges when scaling operations internationally, particularly in jurisdictions like the EU, where stricter regulations apply.

In the EU, businesses face significantly higher compliance requirements under the GDPR and the forthcoming AI Act. These mandates require companies to adopt strict lawful bases for data usage, conduct algorithmic risk assessments for high-risk AI solutions, and implement robust documentation processes.

This duality often translates into operational complexity for mid-sized businesses that lack the resources of significant tech players. To navigate these challenges effectively, companies must adopt strategic compliance measures that align with their long-term goals.

One practical approach is implementing “compliance by design” principles, which integrate privacy safeguards and ethical considerations into products and processes from inception. Businesses can streamline internal operations and avoid constant protocol adjustments when entering new markets. While this approach may involve higher upfront costs, it ultimately enhances consumer trust and regulatory approval in both jurisdictions.

A Singaporean AI start-up targeting European markets might design its systems to meet GDPR requirements from the outset. While this involves higher initial costs, it streamlines future expansion efforts and builds consumer trust by demonstrating adherence to global standards.

Adopting international standards harmonising compliance requirements across jurisdictions could reduce operational complexity while fostering stakeholder trust.

For example, a healthcare AI company developing diagnostic tools may need to conduct algorithmic audits to comply with GDPR standards while simultaneously addressing Singapore’s voluntary guidelines. This dual compliance strategy ensures smoother market entry but requires significant upfront investment in legal and technical expertise.

3.2 Liability and Risk Management

The differences in liability frameworks between Singapore and the EU further illustrate how divergent AI governance manifests in practice.

In Singapore, liability tends to hinge on contractual arrangements and civil litigation, with non-binding guidelines from the Model AI Governance Framework informing best practices.

For example, a company that voluntarily conducts risk assessments and addresses identified issues could argue that it exercised due diligence if an AI-related harm occurs.

However, without statutory liability mechanisms, the resolution of such disputes remains uncertain and largely dependent on judicial interpretation.

In contrast, the EU provides more straightforward statutory provisions for liability under its regulatory frameworks. High-risk AI systems must incorporate human oversight and extensive documentation protocols, making it easier to pinpoint accountability if something goes wrong.

This clarity benefits businesses by reducing uncertainty over potential legal disputes while protecting consumers’ fundamental rights. Although the EU’s approach increases compliance burdens for companies, it also establishes a more predictable legal environment that fosters stakeholder trust. Legal advisors often recommend that businesses in both jurisdictions draft robust contracts specifying oversight responsibilities to mitigate risks effectively.

By clearly defining accountability measures in contractual terms, companies can reduce the likelihood of disputes arising from ambiguous liability interpretations.

For instance, a company that voluntarily conducts risk assessments under Singapore’s Model AI Governance Framework might argue due diligence in court if AI-related harm occurs. However, without statutory liability mechanisms, outcomes remain uncertain and highly dependent on judicial interpretation.

3.3 Impact on Innovation and Investment

The longstanding debate over whether strict regulation stifles or fosters innovation is particularly relevant when comparing Singapore’s flexible regime with the EU’s stringent model.

On the one hand, Singapore’s permissive approach attracts start-ups looking to iterate quickly on novel AI products without being constrained by heavy compliance requirements. This is especially advantageous in sectors like fintech, healthcare diagnostics, and autonomous vehicles, where rapid adaptation is key to staying competitive.

However, as these start-ups scale beyond Singapore’s borders, they often face pressure to meet stricter international standards like those imposed by the GDPR or AI Act. This presents a significant paradox: Singapore’s environment effectively fosters early-stage innovation, yet its flexibility fails to prepare companies for successful global expansion adequately.

Conversely, the EU’s rigorous regulatory framework imposes higher upfront costs but builds consumer trust through robust protections against technology misuse. Businesses that comply with these standards enjoy global market reputational benefits and competitive advantages.

For example, achieving GDPR compliance signals a commitment to responsible data governance, which can attract privacy-conscious consumers and investors. A US-based tech firm expanding into Europe successfully leveraged its GDPR compliance to secure contracts with European healthcare providers. This demonstrates how stringent data protection frameworks can enhance reputational credibility and open doors to new markets.

Over time, market forces may drive a form of “de facto convergence,” where even regions with lighter regulations adopt elements of stricter regimes due to reputational pressures and consumer expectations.

Start-ups often struggle to navigate divergent regulatory frameworks due to limited resources, whereas established firms may leverage their scale to implement universal compliance strategies. This disparity highlights the need for tailored support mechanisms to help smaller players compete globally.

4. Analysis and Personal Views on Regulatory Divergence

From my perspective as an international lawyer specialising in cross-border regulatory compliance, each jurisdiction’s approach reflects its unique socio-economic priorities and cultural values. Singapore prioritises business feasibility and economic growth by fostering an environment conducive to innovation through minimal regulatory constraints. This strategy has proven effective for fintech and maritime technology, where agility is critical for maintaining competitiveness.

Conversely, the EU’s rights-centric model draws on historical experiences with authoritarian regimes and surveillance overreach to place individual rights at the forefront of its governance principles. Although some may perceive these regulatory structures as burdensome for businesses, they serve as vital safeguards against potential abuses of powerful technologies like AI. A gradual convergence between these frameworks is not just a possibility but an inevitability as public demand for accountability grows alongside technological advancements. This convergence will create a more balanced regulatory environment that respects individual rights and business innovation.

Singapore may eventually incorporate mandatory obligations for high-risk AI applications under international pressure or market demands for stricter oversight. Businesses should adopt ‘compliance by design’ principles. This approach involves integrating privacy safeguards and ethical considerations into their products from inception rather than as an afterthought. By doing so, businesses can ensure smoother navigation of cross-jurisdictional requirements and enhance consumer trust globally as they demonstrate a proactive commitment to ethical and legal compliance.

Similarly, the EU could refine its broad definitions or risk tiers to ensure proportionality in regulating lower-risk innovations without stifling creativity. As global standards evolve, we may see hybrid models emerge that combine Singapore’s flexibility with the EU’s accountability mechanisms. For example, mandatory risk assessments for high-risk technologies like autonomous vehicles could become standard practice worldwide.

International agreements like the EU-Singapore Digital Trade Agreement align certain principles between these jurisdictions. While such agreements are incremental steps toward harmonisation, they demonstrate a shared commitment to fostering responsible innovation while addressing ethical concerns. Singapore’s emphasis on economic growth reflects its pragmatic ethos, while the EU’s focus on individual rights draws from historical experiences with authoritarian regimes. Reconciling these cultural differences, with the help of international agreements, is essential for achieving meaningful regulatory convergence and ensuring a stable global regulatory landscape.

5. Cross-Jurisdictional Challenges and Digital Trade Agreements

Businesses encounter increased challenges in cross-border compliance when they face conflicting regulations between jurisdictions like Singapore and the EU. A company based in Singapore might initially rely on its flexible data protection laws but face new obligations for explicit consent and data subject rights when expanding into Europe. A global tech firm implementing GDPR-level protections across all operations demonstrates how adopting universal high standards can streamline compliance while enhancing customer trust worldwide.

This often necessitates operating dual infrastructures or implementing a universal high-standard policy across all regions. Adopting a global mindset is crucial for overcoming these challenges. Businesses should implement policies that align with the strictest applicable standards — such as GDPR-level protections — to safeguard against potential penalties while enhancing customer trust worldwide. The EU-Singapore Digital Trade Agreement exemplifies efforts to establish greater interoperability between regulatory frameworks by promoting transparency and fairness in data transfers while fostering collaboration in technology governance.¹⁰The EU-Singapore Digital Trade Agreement promotes interoperability between regulatory frameworks while protecting personal data during transfers.

However, its success depends on how well it translates into actionable guidance that reduces compliance burdens without compromising core principles.

6. Conclusion

Singapore and the European Union represent two distinct paradigms in regulating AI and data protection — one emphasising efficiency through flexibility and self-regulation, the other prioritising ethical responsibility through stringent oversight mechanisms rooted in fundamental rights protection. Integrating their strengths into cohesive internal policies is essential for businesses navigating these jurisdictions’ frameworks. This requires technical compliance and an appreciation of each jurisdiction’s underlying principles shaping its governance approach.

Regulatory convergence appears increasingly likely as global standards mature under mounting public scrutiny of AI technologies’ societal impacts. Singapore may adopt stricter obligations for high-risk applications under international pressure or market demands for greater accountability; meanwhile, the EU could refine its regulations to remain proportionate without hindering lower-risk innovations. Fostering ethical AI ecosystems requires collaboration among regulators, industry stakeholders, and legal professionals worldwide — a shared effort essential for ensuring technology serves humanity responsibly while enabling sustainable progress across borders. Businesses must adopt hybrid compliance models that effectively balance flexibility and enforceable obligations to navigate these evolving frameworks. Creating ethical AI ecosystems will demand proactive involvement in international regulatory dialogues to harmonise standards while considering regional priorities.

As global standards mature under mounting public scrutiny of AI technologies’ societal impacts, international collaboration among regulators, industry stakeholders, and legal professionals will foster ethical AI ecosystems that balance innovation with accountability.

The post Comparative Legal Practices in Artificial Intelligence and Data Protection appeared first on The Singapore Law Gazette.

The natural progression of birth is to end life with death. Along the journey from birth to death, there will be health issues. It cannot be denied that social problems can exacerbate poor health. Predictably, the root causes of such social problems could be linked to legal related woes. Consequently, this article advocates for the creation of an upstream approach to community lawyering, by augmenting primary medical care in our medical institutions such as polyclinics, to address health-harming related legal problems.

A Medical-Legal Partnership (MLP) is not an innovative or novel concept. It was conceptualised and has existed since 1993 at Boston Medical Center.¹Legal Key Partnership for Health and Justice, <https://legalkeypartnership.org/our-story/> (Accessed 10 March 2025)

MLPs was conceived to plug the disconnect between a diagnosis of poor health and the legal solutions to improve the underlying legal currents that contributed to poor health.

Attorneys were hospital employees who attended to patients’ pressing legal issues. Over time, it blossomed into an important key in preventive medicine and law.²Legal Key Partnership for Health and Justice, <https://legalkeypartnership.org/our-story/> (Accessed 10 March 2025)

A typical model in MLP involves a lawyer being placed upstream into the healthcare system to work in tandem with the primary healthcare professionals. Root causes of poor health are identified by the medical professionals and the appropriate referrals are made for the patients to see the lawyer, who is residing on the same premises. Drop-in services to see the lawyers are available as well if the medical professionals made no referrals.

Conditions in one’s environment irrefutably affect one’s health. These conditions are known as social determinants of health (SDOH).³U.S. Department of Health and Human Services. Office of Disease Prevention and Health Promotion, < https://odphp.health.gov/healthypeople/priority-areas/social-determinants-health> (Accessed 10 March 2025) Some examples of SDOH include abuse, employment related matters, insolvency worries and various community disputes.⁴U.S. Department of Health and Human Services. Office of Disease Prevention and Health Promotion, < https://odphp.health.gov/healthypeople/priority-areas/social-determinants-health> (Accessed 10 March 2025) Inevitably, those various discomforts of life will lead to stress.

The precipitation of stress-related disorders or chronic diseases from health-harming related legal issues⁵Kate Marple, “Framing Legal Care as Health Care”. National Centre for Medical-Legal Partnership (January 2015) < https://medical-legalpartnership.org/wp-content/uploads/2015/01/Framing-Legal-Care-as-Health-Care-Messaging-Guide.pdf> (Accessed on 13 March 2025) can be better managed through MLPs.⁶Teufel J, Heller SM, Dausey DJ. Medical-legal partnerships as a strategy to improve social causes of stress and disease. Am J Public Health. 2014 Dec;104(12):e6-7. doi: 10.2105/AJPH.2014.302268. Epub 2014 Oct 16. PMID: 25320880; PMCID: PMC4232103.

MLPs has since been institutionalised in the United States of America (U.S.).⁷National Center for Medical Legal Partnerships, < https://medical-legalpartnership.org/partnerships/> (Accessed 3 March 2025) 450 health organisations, including hospitals, across 49 states of U.S. integrate MLPs into their medical practice.

Canada has also implemented MLPs, albeit in a smaller scale, through their Health Justice Program.⁸Drozdzal G, Shoucri R, Macdonald J, Radford K, Pinto AD, Persaud N. Integrating legal services with primary care: The Health Justice Program. Can Fam Physician. 2019 Apr;65(4):246-248. PMID: 30979753; PMCID: PMC6467680. India has aptly promoted a variation of the MLPs in its National Institution of Mental Health and Neurosciences, Bengaluru.⁹Math SB, Kumar NC, Harish T. Legal aid in hospitals: an innovative approach. Indian J Med Res. 2013 Mar;137(3):440-1. PMID: 23640549; PMCID: PMC3705650. The legal aid clinic parked in the hospital premises provided free legal services to all patients. An Indian study further concluded that patients benefited from free legal aid in mental health hospitals.¹⁰Kadiveti S, Vajawat B, Kumar CN, Hegde PR, Moirangthem S, Math SB. Free legal aid in hospitals for persons with mental illness: Is it helpful? An Indian prospective study. Indian J Psychiatry. 2022 May-Jun;64(3):322-325. doi: 10.4103/indianjpsychiatry.indianjpsychiatry_510_21. Epub 2022 Jun 8. PMID: 35859558; PMCID: PMC9290419.

Though Singapore has first-class primary healthcare facilities such as our polyclinics and a robust community lawyering system, the logical step of integrating both influential foundations have not been substantially studied and explored. That is an enigma.

Benefits

Firstly, the collaboration of both medical and legal practitioners serves to provide a holistic solution to societal issues. Both services should not work in silos and the chasm could be bridged through MLP.¹¹Drozdzal G, Shoucri R, Macdonald J, Radford K, Pinto AD, Persaud N. Integrating legal services with primary care: The Health Justice Program. Can Fam Physician. 2019 Apr;65(4):246-248. PMID: 30979753; PMCID: PMC6467680.

Undeniably, law is pervasive and permeates the entirety of a person’s life. Everyone at some point in their lives will have legal needs. A needs assessment conducted by clinicians in Canada revealed that more than half of patients that are referred to social workers had at least one legal issue.¹²Drozdzal G, Shoucri R, Macdonald J, Radford K, Pinto AD, Persaud N. Integrating legal services with primary care: The Health Justice Program. Can Fam Physician. 2019 Apr;65(4):246-248. PMID: 30979753; PMCID: PMC6467680.

In essence, these legal needs when unmet lead to complications and stress. Visting healthcare professionals for primary care will treat superficial physiological difficulties but does not address the underlying and unmet legal needs of the populace.

Secondly, provision of upstream legal solutions through the healthcare system is arguably the best approach to prostrate before the ideology of “Access to Justice”.

The efforts of community lawyering are commendable.¹³Grace Yeoh, “From a small container at a Hougang temple, this lawyer and her team bring legal access to the vulnerable”. Channel News Asia Lifestyle (30 June 2024) < https://cnalifestyle.channelnewsasia.com/women/cai-chengying-pro-bono-community-lawyer-hougang-temple-392401> (Accessed 11 March 2025). Presently, there are legal clinics located on different Community Development Council sites, community clubs, centres and various organisations.¹⁴List of legal Clinics in Singapore < https://www.probono.sg/get-legal-help/legal-guidance/the-general-public/legal-clinics-in-singapore/> (Accessed 11 March 2025) Integrating MLPs into healthcare centres such as our polyclinics will serve to enhance and strengthen the available network and opportunities for the said segment of society to seek help. The legal community will then truly be accountable to our ideology as we tackle the roots of health-harming legal problems.

For example, a patient is suffering from depression due to unfair employment practices and is experiencing physical symptoms such as headaches and insomnia. If MLPs are in place, the patient can be treated holistically at the healthcare facility. Without MLPs, the patient will visit the healthcare facility to treat the physical symptoms while the health-harming legal problems continue to plague the patient’s life. The patient would then need to navigate the web and search for a convenient location at an appropriate time to seek legal advice and guidance. The delay could be costly if the patient is suicidal. Further, the patient may not be able to take leave from work due to the same employment practices that caused depression.

It is further argued that the same segment of society that will visit the healthcare facilities such as polyclinics is possibly the same segment of society that is vulnerable.¹⁵Drozdzal G, Shoucri R, Macdonald J, Radford K, Pinto AD, Persaud N. Integrating legal services with primary care: The Health Justice Program. Can Fam Physician. 2019 Apr;65(4):246-248. PMID: 30979753; PMCID: PMC6467680. They could have been facing medical and legal challenges with great stoicism that the better endowed segments of society would hardly fathom. Therefore, by empowering the vulnerable segments of society with legal knowledge and tools upstream would possibly aid to balance social inequality and build confidence in the vulnerable segments of our society.

Thirdly, some studies have shown the efficacy of MLP.¹⁶Nerlinger AL, Alberti PM, Gilbert AL, Goodman TL, Fair MA, Johnson SB, Pettignano R. Evaluating the Efficacy of Medical-Legal Partnerships that Address Social Determinants of Health. Prog Community Health Partnersh. 2021;15(2):255-264. doi: 10.1353/cpr.2021.0027. PMID: 34248069; PMCID: PMC8729181. Healthcare costs will foreseeably be reduced as there should be fewer medical visits and hospitalisations of the populace. Further, by arresting legal issues at its infancy could prevent downstream escalation into senseless litigation.

Fourthly, empirical research can be conducted with ease at such facilities to further chart the directions of MLP to conquer new frontiers in medical intervention and provide guidance for better policy making. MLP has even ventured into a neonatal intensive care unit¹⁷Gievers L, Mutrie L, Klawetter S. Novel perinatal medical-legal partnership development and pilot implementation to address health-harming legal needs. J Perinatol. 2024 Jan;44(1):136-141. doi: 10.1038/s41372-023-01829-8. Epub 2023 Nov 25. PMID: 38007591; PMCID: PMC10872264. in a study. That study concluded that the early intervention with legal services for the young and vulnerable patients is a promising direction to take to improve short and long-term health outcomes. This clearly exhibits that the possibilities are boundless but the foundation in Singapore must first be built.

Fifthly, there must be a paradigm shift in how medicine and law are traditionally taught in universities. Delivery of knowledge must be purpose driven and education must be meaningful to the community.

MLPs have progressed into studies on the efficacy of curricula and innovative practices jointly crafted by doctors and lawyers.¹⁸Cohen E, Fullerton DF, Retkin R, Weintraub D, Tames P, Brandfield J, Sandel M. Medical-legal partnership: collaborating with lawyers to identify and address health disparities. J Gen Intern Med. 2010 May;25 Suppl 2(Suppl 2):S136-9. doi: 10.1007/s11606-009-1239-7. PMID: 20352508; PMCID: PMC2847107. With an MLP curricula, it becomes crucial for healthcare professionals to screen and diagnose medical conditions as well as to identify the health-harming antecedent legal problems and refer them to the lawyers to help educate the patients on their rights and holistically treat them.¹⁹Cohen E, Fullerton DF, Retkin R, Weintraub D, Tames P, Brandfield J, Sandel M. Medical-legal partnership: collaborating with lawyers to identify and address health disparities. J Gen Intern Med. 2010 May;25 Suppl 2(Suppl 2):S136-9. doi: 10.1007/s11606-009-1239-7. PMID: 20352508; PMCID: PMC2847107. Lawyers will effectively become an integral facet of healthcare systems. Further, the MLPs could also provide career opportunities for allied legal professionals. These proposed outcomes should arguably complement the recommendations to reform legal education in Singapore.²⁰“Joint Press Release: Recommendations to Legal Education and Training in Singapore to Keep Pace with Evolving Industry Needs” (8 January 2024) < https://www.judiciary.gov.sg/news-and-resources/news/news-details/joint-press-release-recommendations-to-legal-education-and-training-in-singapore-to-keep-pace-with-evolving-industry-needs> (Accessed 11 March 2025)

Challenges

Firstly, there are considerations about funding and types of collaboration models. However, those are not indomitable obstacles that should impede the progress of law. Currently with the legal clinics operating in CDCs, CCs and other organisations, it is possible for some of them to move their operations to the polyclinics to integrate with the healthcare services of that precinct. That helps in the consolidation of the essential services through MLPs and provides a one-stop solution for the patients. Even if scalability is at an aphelion stage, it can be argued that at the very least, a pilot project in any of the primary care facility would be a move in the right direction.

Secondly, doctors and lawyers may have difficulties in integrating their services. Initially it may pose issues as the training of the two different professions is different. Fortunately, it is not an insurmountable hurdle. Doctors and Lawyers can conduct joint training in their own field to help alleviate any discomfort and perceived dissonance by fellow practitioners. In addition, as mentioned above, how medicine and law are conventionally taught in universities should be re-evaluated with the inclusion of credit bearing courses such as MLPs curricula.

Eventually, both doctors and lawyers will be equipped with community-based skills. Doctors will be better able to identify legal issues and make the necessary referrals. Lawyers will be able to intervene early through upstream lawyering and help prevent escalation of legal woes, physical and mental health of the patients.

Thirdly, there could be patient and client confidentiality issues. These are important ethical dilemmas that both medical and legal stalwarts must come together for a consensus. Confidentiality under the MLP framework should be legislated and a common code of ethics could be developed. Overall, such discussions could lead to a novel healthcare database that documents both medical and legal history. With informed consent from the patient and a possible waiver of privilege, a report generated from such a database could provide a compelling and strong evidential document to be used by the courts in decision-making.

Conclusion

Recently, there had been advocacy in the U.S. for a more advanced model of MLP to expand its ambit to include criminal legal needs.²¹Streltzov N, van Deventer E, Vanjani R, Tobin-Tyler E. A New Kind of Academic MLP: Addressing Clients’ Criminal Legal Needs to Promote Health Justice and Reduce Mass Incarceration. J Law Med Ethics. 2023;51(4):847-855. doi: 10.1017/jme.2024.3. Epub 2024 Mar 13. PMID: 38477263; PMCID: PMC10937173.

Unsurprisingly, there had also been a clarion call by the Ministry of Law of Singapore as well as professionals including lawyers to be more inclusive as well as to provide for offenders with invisible disabilities.²²Christine Tan and Claudia Tan, “MinLaw committed to task force to support those with unseen disabilities in legal system”. The Straits Times (26 March 2025) <https://www.straitstimes.com/singapore/courts-crime/minlaw-committed-to-taskforce-for-persons-with-invisible-disabilities-in-justice-system-edwin-tong> (accessed on 1 April 2025). Essentially, it is about brainstorming to develop solutions other than the traditional penal treatment for accused persons with mental health issues.

Naturally, it can be argued that MLPs would possibly serve as the ideal platform for the early detection, monitoring and tracking of potential accused persons to help arrest the growth of such social ills before they manifest into serious offences. MLPs would then be the envisioned upstream approach to plug the gaps in access to justice for the mentally ill.

Consequently, Lawyers can and should become important members of any healthcare system. Treatment of physical symptoms does not address health-harming legal issues.

A comprehensive approach to healthcare through MLPs will assist in improving population health and lower healthcare costs.²³Tobin Tyler E. Medical-Legal Partnership in Primary Care: Moving Upstream in the Clinic. Am J Lifestyle Med. 2017 Mar 23;13(3):282-291. doi: 10.1177/1559827617698417. PMID: 31105492; PMCID: PMC6506975. Patients will also benefit as the upstream approach will improve access to justice and reduce any perceived disparities in different social segments of the community.

In essence, legal education and community lawyering should indubitably be shifting toward a more predictive and preventive upstream practice rather than a traditional passive and reactive model.

The hard truth is that it will be wilful optimism to herald MLPs to be the panacea, but it will be profound folly for community lawyering to be caught in the slipstream of inertia.

The post The Inevitable Waltz – Medical-Legal Partnership appeared first on The Singapore Law Gazette.

This article will iron out the complexities surrounding China’s privacy laws on cross-border transfers and offer practical context on how to apply the law to your organisation’s business processes. The rules on cross-border transfers are multi-layered not unlike our traditional local delight (lapis sagu or rainbow kueh). They need to be dissected, and the nuances need to be appreciated. But once you start peeling the layers, the rules become easy to navigate. The article also draws out a comparison with the cross-border transfer laws in Singapore.

1. This author’s experience (both past and present) in heading the APAC data privacy functions in multi-national companies¹Author currently holds the CIPP/E and CIPP/A certification. She is working on getting the CIPP/China certification at the time this article was sent for publishing. has brought her closer to navigating the travails of cross-border personal data transfers. An in-house regional data privacy lawyer has two archetypal roles: (1) keep abreast of developments in privacy laws; (2) apply principles garnered from the said privacy laws to the inner machina of the lawyer’s organisation with a view to delivering practical business-oriented solutions.
2. In the Asia-Pacific context, the countries with fledgling data privacy legislation are China and India. China has had variations of data security and cybersecurity legislation²https://www.pwc.com/id/en/pwc-publications/services-publications/legal-publications/a-comparison-of-cybersecurity-regulations/china.html but all either applicable to specific sectors or relevant to security of data. There are at least thirteen sets of Chinese legislation addressing consumer rights, privacy, and cybersecurity.³The Law on Protection of Rights and Interests of Consumers 2014The Cybersecurity Law 2017The Provisions on Cyber Protection of Personal Information of Children 2019The Methods for Identifying Unlawful Acts of Collection and Use of Personal Information via Mobile Applications 2019The Cryptography Law 2020The Data Security Law 2021The Regulations on Critical Information Infrastructure Security Protection 2021The Personal Information Protection Law 2021The Cybersecurity Review Measures 2022The Measures on Security Assessment of Cross-border Data Transfer 2022The Measures for the Standard Contract for Cross-border Transfer of Personal Information 2023The Regulations on Protection of Minors Online 2024Regulations on Promoting and Regulating the Cross-border Data Flow, 2024Network Data Security Regulation, 2025 The Personal Information Protection Law (PIPL) is the first comprehensive data privacy legislation to encompass key GDPR⁴Regulation (EU) 2016/679 (General Data Protection Regulation) -like principles.

Understanding the Long Arm of the Orient

3. The PIPL applies to organisations within and outside of China if the organisation processes personal information of residents in China, and the purpose of its processing activities is to provide products or services to those individuals, or to analyse/assess their behaviours. Once it is established that the PIPL applies to the organisation, cross-border considerations follow if the said personal information needs to leave the Chinese borders.
4. Cross-border transfer is the movement of data from one country to another, either physically or digitally through a computer system or network. Typical examples would be the sending of data overseas for the purpose of storage in a server with remote access by tech support (situated in the said overseas country) from time to time for maintenance⁵Interestingly, Thailand’s regulatory authority has issued an Adequacy Notification that the following scenarios of data transfer do not qualify as cross-border data transfer and, therefore, the requirements of cross-border data transfer would not apply to them:When personal data is passing through a system (such as an email server) without being accessed or altered.When data is stored temporarily or permanently on a cloud server located abroad where no third party has access to it. or when a server located in one country transmits data to a cloud service provider based in another country.
5. The PIPL⁶Article 38 requires the following elements to be met before a cross-border transfer is lawful:
   1. provide a privacy notice to data subjects on purpose of the transfer, potential recipients, retention period of the data
   2. establish a lawful processing basis (for example, consent⁷Chinese Court Concluded Landmark Case on Cross-Border Transfer of Personal Information – Publications clarifies the scope of a lawful processing legal basis and the process to obtain consent, if required as a legal basis.)
   3. conduct a privacy impact assessment and keep records of processing activities
   4. establish a suitable transfer mechanism in place before cross-border transfers can take place
6. (Transfer Mechanisms) Examples of the transfer mechanisms (referred to in Paragraph 5d) above) in descending order of complexity are as follows:
   • Mechanism 1: Undergoing a security assessment conducting by the Cyberspace Administration of China (CAC)⁸Article 40
   • Mechanism 2: Obtaining a personal information protection certification given by a specialized body (professional institution) according to provisions of the CAC⁹On 3 January 2025, the Cyberspace Administration of China (“CAC”) released for public consultation thedraft Measures for Certification of Personal Information Protection for Cross-Border Transfer of PersonalInformation (“Draft Measures “). If it is passed, the Draft Measures will provide significant clarity and a practical route to data exporters on how to obtain the certification route.
   • Mechanism 3: Filing with the CAC a signed contract with a foreign party per the standards and template set by the CAC, complete with a detailed questionnaire on the scope of the transfer.
7. (Transfer Mechanism 1) Let us understand when a security assessment is mandatory. The security assessment measures¹⁰The Measures for the Security Assessment of Data Export 2022 stipulate that companies must undergo a security assessment by the CAC if they wish to export data under any of the following scenarios:
   • The company is a Critical Information Infrastructure Operator (CIIO)¹¹A CIIO is defined in the Regulations on Critical Information Infrastructure Security Protection 2021 Regulations as companies engaged in “important industries or fields”, including:Public communication and information services;Energy;Transport;Water;Finance;Public services;E-government services;National defense; andany other important network facilities or information systems that may seriously harm national security, the national economy and people’s livelihoods, or public interest in case of incapacitation, damage, or data leaks.;
   • The company exports “important data” overseas¹²The final version of the Measures for the Security Assessment of Data Export 2022 adds a new article defining the scope of ‘important’ data as “data that may endanger national security, economic operation, social stability, or public health and safety once tampered with, destroyed, leaked, or illegally obtained or used”. Further, the Regulations on Promoting and Regulating the Cross-border Data Flow, issued on 22 March 2024, provides much-needed clarification on what constitutes “important data”. For important data, government has officially introduced the “Data Classification and Grading Requirements” in which an Appendix specifies guidelines for identifying important data. Examples of key industries that have conducted the identification of important data are industry and information technology, automobile, healthcare, finance, energy, aviation and education.;
   • The company has provided the Personal Information (excluding sensitive Personal Information¹³Meanwhile, ‘sensitive PI’ is defined in the PIPL includes (but is not limited to):Biometric data (such as fingerprints, iris and facial recognition information, and DNA)Data about religious beliefs or “specific identities”Medical historyFinancial accountsLocation and whereaboutsAny PI of minors under the age of 14) of 1 million or more people to overseas parties since January 1 of the current year;
   • The company has provided the sensitive Personal Information of 10,000 or more people to overseas parties since January 1 of the current year; or
   • The company comes under situations as stipulated by the CAC.
8. (Transfer Mechanisms 2 and 3) Companies that are not mandatorily required to comply with Mechanism 1 (for example, companies that are not considered CIIOs or do not meet the thresholds set out under Paragraph 7 above) will be able to rely on Mechanisms 2 or 3. For example, data handlers other than key information infrastructure operators shall have to meet Mechanisms 2 or 3 if they have cumulatively exported since January 1 of the current year¹⁴Article 8 of Regulations on Promoting and Regulating the Cross-border Data Flow, issued on 22 March 2024:
   1. Personal Information of 100,000 or more people but less than one million people (excluding sensitive personal information); or
   2. Sensitive Personal Information of less than 10,000 people.

To Exempt or Not to Exempt?

9. Let us understand the exemptions under the PIPL that provide flexibility to the rules set out under Paragraphs 5 to 8 above.
   • ¹⁵Regulations on Promoting and Regulating the Cross-border Data Flow, issued on 22 March 2024Companies do not need to follow transfer restrictions related to “important data” unless their data is officially designated as “important data” by Chinese authorities.
   • ¹⁶DittoPersonal Information imported into China for processing can be re-exported freely if no Chinese data is added.
   • ¹⁷DittoA transfer mechanism is not needed for exporting Personal Information under the following circumstances:
     • concluding and fulfilling contracts to which the individual is a party, such as cross-border shopping, cross-border mailing, cross-border remittance, cross-border payment, cross-border account opening, air ticket and hotel booking, visa application, and examination services; or
     • implementation of cross-border human resources management per labor rules and regulations formulated per the law and collective contracts signed per the law, where there is a genuine need to provide personal information of employees outside the country; or
     • protecting natural persons in an emergency; or
     • if data handlers other than operators of critical information infrastructure operators have cumulatively provided less than 100,000 people’s personal information (excluding sensitive personal information) outside China since January 1 of the current year.
10. The Network Data Security Regulations¹⁸Network Data Security Regulation was released by the State Council on September 24, 2024, and will take effect on January 1, 2025. recently introduced a new exemption on cross-border transfer requirements. It is an implementation regulation of the Cyber Security Law (2017) (CSL), the Data Security Law (2021) (DSL), and the PIPL. If it is necessary to transfer personal information outside of China to fulfill a statutory duty or legal obligation, the relevant data exporter may conduct the transfer without implementing any “transfer mechanism”. It is unclear at this time how the new exemption rule will be interpreted and implemented in practice. For example, it is unclear whether the data transfers needed to fulfill legal obligations under foreign laws can be exempted. Legal tax requirements imposed by the parent company of a MNC may require transfers of Personal Information out of China, but will this come under exemption? Even if so, would the exemption extend to Sensitive Personal Information?
11. To summarise, the cross-border rules for companies that are not CIIOs or companies that deal with “important data” are as follows¹⁹The exemptions would override this table, wherever applicable.:

Flexing of Said Long Arm on Multi-national Companies: To Tackle or Not to Tackle?

12. Now, let us get to the juicy bit. The actual application of the law on organisations. My focus is on multi-national companies (MNCs) as this article is meant for Singapore companies or other businesses operating out of China with a view to providing services, goods or a combination of both to Chinese residents. It would not be usual for MNCs to be dealing with “important data” pertaining to key infrastructure operations as such data if often so critical to the operation of China as a country are likely to remain in the hands of local companies or Government-linked organisations.
13. Introspective: No organisation exists without its employees. For MNCs, it is common for employees at a country location to be employed by the local entity/subsidiary but also be subjected to a regional HR or global HR work process. An example of a regional HR work process is a shared services model where payrolls or employee benefits could be managed outside of the country in a regional hub like India or a global HR work process is one where HR data is stored, accessed and managed in systems like a Workday platform with servers located in the United States.
14. To be able to fall under the cross-border human resource management exemption for cross-border transfers, you must determine if your employees are under (1) a collective contract and (2) if there is a genuine need to provide that data overseas. For (1), external legal advice may need to be obtained to figure out if the employment contract entered with employees is sufficient. (2), there is a need to internally assess whether the overseas export of the data is a genuine necessity. Examples of what makes up a necessity could be a genuine requirement to centrally maintain employee data for the purpose of benefit allocation, resource management and career progression.
15. After answering (1) and (2) under paragraph 14 above, there are still other cross-border transfer requirements as set out under Paragraphs 5(a) to 5(c) that need to be met. For instance, are your employment contracts providing the adequate privacy notice and have you sought consent from your employees? In addition, have you done a privacy impact assessment to determine if you are only sending information on employees that is absolutely needed overseas and/or assessed the security measures facilitating the transfers?
16. When you finally think you are out of the weeds – i.e., you have managed the transfer requirements of employees’ data, there is an interesting angle of how to manage employees’ relative data. Employers would typically confer benefits on employees’ dependants under employees’ insurance policies or other ancillary benefits. The Personal Information (PI) of dependants would likely be stored in systems similar in nature to that of where employees’ data is stored. Whilst overseas transfers of employee data would fall under the cross-border human resource management exemption, the Sensitive Personal Information (SPI) belonging to their dependants would not. There is then that interesting conundrum of ensuring a transfer mechanism is in place for those transfers and having to meet other the requirements under Paragraph 5.
17. How about people you interview for jobs? Recruitment candidates – how and when is their PI being processed? If, for example, candidate profiles containing SPI are collected and then processed out of China by sending to Human Resource personnel based overseas or supervisors/team leads based out of China for consideration and review, please note that at the point of sending the profiles overseas, the cross-border human resource management exemption does not apply as these candidates are not employees. It is worthwhile to consider whether such SPI could be ringfenced within China. If data pertaining to recruitment candidates needs to be sent overseas because of the way the organisation is set up, another approach would be to collect only non-sensitive PI at the stage of considering employment²¹Recall – non-sensitive PI of 1-99,999 individuals does not require a transfer mechanism. and follow-up with collection and processing of SPI only after employment has been offered and accepted. What happens with the profiles after the vacancy has been filled? Some companies may store these profiles in their internal systems, backups that again may have severs in overseas locations. Again, these profiles are not covered by the cross-border human resource management exemption and if these profiles have SPI, care must be taken in where these profiles are sent and how they are processed.²²A transfer mechanism may need to be in place, plus a privacy notice to candidates which could be managed through employment application forms, and an internal privacy impact assessment as well.
18. Extrospective: Let us touch on PI organisations may collect from external third parties. Customers are a common example and could include consumers’ data collected for the purpose of marketing, existing customer databases, customer information collected when processing service quality feedback or complaints. For example, names, contact details and even addresses of external parties would not amount to SPI unless financial account information or medical history/health data was needed. If SPI needs to be collected, whether a Transfer Mechanism is necessary depends on where the PI is going to be transferred and stored – centrally – in an overseas marketing database or a cloud-based platform? Even cloud-based platforms make up servers located all over the world and, so sending PI of individuals to this platform comprises a cross-border transfer. Again, what is worth considering is what information is absolutely needed, whether this information needs to be stored and transferred overseas and what the threshold numbers are?
19. If the first probative questions are addressed and the result is that a Transfer Mechanism is needed, MNCs then must take steps to comp to ensure the required Transfer Mechanism 1, 2 or 3 is in place. There are then other considerations: (a) whether a privacy notice is in place seeking separate consent for the cross-border transfer. If external third-party information is collected through the company’s e-commerce platforms or through a complaint feedback portal on the MNC website, careful consideration must go into how the consent statements and privacy notices on these platforms and/or portals are set up – have you explained that data is being sent overseas, purposes for which the data is being collected and sought separate consent? (b) A privacy impact assessment is also needed.
20. It becomes trickier when PI of transactional matters like day-to-day goods or services and purchase orders are also centrally stored in cloud-based platforms based overseas. Whilst a Transfer Mechanism may not be needed if there is only non-sensitive PI of under 100,000 individuals collected in a year, a privacy notice is still needed with separate consent before the non-Sensitive PI can be sent overseas. The question is how will that notice, and consent be sought for transactional matters and orders? Does the cross-border transfer need to be mentioned in the sales order terms and conditions and separate consent be sought as part of the sales or Purchase Order acceptance confirmation? Also, an internal privacy impact assessment should be undertaken establishing the impact of the transfer and whether it is critical for such data to be stored overseas.
21. In short, whilst the cross-border transfer laws in China still permit data transfers (since, data localization is not mandated), the rules surrounding data transfers are still complicated to circumnavigate (see Paragraph 5) and some would argue that the Transfer Mechanisms are onerous.
22. Let us now take a sharp swerve southeast to Singapore and compare against the transfer requirements back home.

Home Team

23. The Singapore Personal Data Protection Act (PDPA) does not have a separate definition for Sensitive Personal Information. However, the guidelines²³See section 49 of the Personal Data Protection Act. issued by the Personal Data Protection Commission do stipulate that the sensitive nature of data should be considered when implementing organisational policies. In particular, the Commission has a set of advisory guidelines specific to use of National Identification Registration Card (NRIC) numbers. Arguably, NRIC numbers are considered higher risk and more sensitive in the Singapore context.
24. Once we understand the groundwork for what is considered personal data, then let us dive into specific requirements surrounding cross-border transfers in Singapore. There is no divergent approach in Singapore for personal data versus higher risk data when it comes to cross-border transfers. There is no approach premised on numbers either where a certain threshold number warrants a different approach.
25. The requirements are simply captured: The entity sending the data overseas (data exporter) requires the organisation receiving personal data overseas (data importer) to have in place via legally enforceable obligations, protection that is “comparable” to the standards set out in the PDPA when transferring personal data outside of Singapore.
26. Paragraphs 19.5 and 19.6 of the Advisory Guidelines²⁴https://www.pdpc.gov.sg/-/media/files/pdpc/pdf-files/advisory-guidelines/ag-on-key-concepts/advisory-guidelines-on-key-concepts-in-the-pdpa-17-may-2022.pdf set out a number of mechanisms to impose legally enforceable obligations on the data importer. Arguably, data transfer agreements are the most relevant mechanism for most companies based in Singapore. Binding corporate rules are another option but these are not common for companies headquartered in the Asia Pacific.²⁵Typically, companies bound by EU privacy laws for a variety of reasons because they are based out of the EU or have significant operations out of the EU, tend to have adopted Binding Corporate Rules as these are prevalent in the EU and have gained traction and popularity. A certification is also considered to have satisfied this requirement.²⁶Certifications under the Asia Pacific Economic Cooperation Cross Border Privacy Rules (“APEC CBPR”) System, and the Asia Pacific Economic Cooperation Privacy Recognition for Processors (“APEC PRP”) System, depending on whether the overseas recipient receives the Personal Information as an organization or a data intermediary.
27. Interestingly,²⁷Paragraph 19.7 https://www.pdpc.gov.sg/-/media/files/pdpc/pdf-files/advisory-guidelines/ag-on-key-concepts/advisory-guidelines-on-key-concepts-in-the-pdpa-17-may-2022.pdf if a data exporter is unable to rely on a legally enforceable obligation, binding corporate rules or certification, the data exporter could rely on any of these disjunctive options to legitimize the export:
    1. the individual has given consent with proper notice on why data needs to be transferred overseas and after having been notified as to how his Personal Information will be protected in the recipient country; or
    2. the transfer is considered necessary for the performance of a contract with the data subject; or
    3. when the Personal Information is publicly available.
28. In essence, a company bound by the PDPA in Singapore could transfer Personal Information to an overseas recipient (data importer) or a vendor based overseas for a variety of reasons with either a data transfer agreement in place with the recipient/vendor, or established certification or binding corporate rules (provided recipient is an affiliate company) or with data subject’s written consent or under a contract with the data subject.
29. Compared to the PIPL in China which is highly prescriptive when it comes to cross-border transfers, the PDPA’s approach is comparatively more flexible. There are flipsides to being flexible. For example, it would appear that where a transfer is necessary for the performance of a contract with the data subject, its not technically necessary to document privacy standards and security protections in a contract with the overseas recipient or have to carefully consider how the Personal Information will be protected (since there is no need to notify the data subject and receive consent). Would this mean that the data exporter might not need to make a carefully considered decision before undertaking overseas transfers? Technically speaking, the PDPA imposes the duty of protecting Personal Information and a couple of other obligations²⁸Retention Obligation and Data Breach Notification (Section 4(2) of the PDPA) on data intermediaries. The whole host of obligations under the PDPA are also imposed on organisations. Interestingly, the definitions of “organization”²⁹”organization” includes any individual, company, association or body of persons, corporate or unincorporated, whether or not —(a) formed or recognized under the law of Singapore; or(b) resident, or having an office or a place of business, in Singapore. and “data intermediary”³⁰”data intermediary” means an organization which processes personal data on behalf of another organization but does not include an employee of that other organization. under the PDPA imply that entities outside of Singapore could be covered. Therefore, data intermediaries or organisations based overseas acting as data importers are subjected to the PDPA but whether they will respond to enforcement action in Singapore is a whole other question. Or perhaps all is not lost because, the data exporter, an organisation bound by the PDPA will still in any case ensure the necessary protections are in place before transfer since it could be taken to task in Singapore.

Stay Connected

30. Connection is key. Businesses thrive on staying connected. Data must move borders. Even in China, laws prohibiting data transfers and mandating data localization, are slim to none. There is always a mechanism that can be leveraged to facilitate the data transfer. What businesses need to understand is the types of data they need to move, the recipients’ locations, the legal arrangements surrounding the transfer. Having requirements in place is not synonymous with an outright data transfer prohibition. Though the laws in China are less flexible than that of Singapore, I welcome that difference as it makes my work interesting.

The post Cross-border Conundrums: The Chinese Deep Dive Against a Home Team Perspective appeared first on The Singapore Law Gazette.