---
title: "Singapore PDPA + PDPC AI Guidelines + Agentic AI Governance 2026"
description: "Singapore's PDPA-plus-Model-AI-Governance-Framework approach now includes the IMDA's 2026 framework for Agentic AI. Voice and chat operators get clear PDPC guidelines on consent, transparency, and accountability."
canonical: https://callsphere.ai/blog/vw6f-singapore-pdpa-ai-2026-pdpc
category: "AI Strategy"
tags: ["Singapore", "PDPA", "PDPC", "Agentic AI", "AI Governance"]
author: "CallSphere Team"
published: 2026-04-10T00:00:00.000Z
updated: 2026-05-07T16:46:09.023Z
---

# Singapore PDPA + PDPC AI Guidelines + Agentic AI Governance 2026

> Singapore's PDPA-plus-Model-AI-Governance-Framework approach now includes the IMDA's 2026 framework for Agentic AI. Voice and chat operators get clear PDPC guidelines on consent, transparency, and accountability.

> Singapore takes the high-flexibility, high-clarity approach: PDPA at the law layer, PDPC and IMDA at the guidance layer. The 1 March 2024 Advisory Guidelines on AI and the 2026 Agentic AI Governance Framework give voice and chat a usable rulebook.

## What the law says

The Personal Data Protection Act 2012 (PDPA), administered by the Personal Data Protection Commission (PDPC), governs collection, use, and disclosure of personal data in Singapore. The PDPA's nine main obligations are Consent, Purpose Limitation, Notification, Access and Correction, Accuracy, Protection, Retention Limitation, Transfer Limitation, and Accountability. Sensitive personal data has heightened expectations under PDPC guidance though not a separate statutory class. Penalties were uplifted to S$1M or 10% of annual turnover in Singapore, whichever is higher, for serious breaches.

PDPC's Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems (1 March 2024) clarify how PDPA applies across development, testing, and deployment. The guidelines recognise business-improvement and research exceptions for limited training use, require organisations to be transparent about AI use, and emphasise consent baselines. IMDA's Model AI Governance Framework — extended to a 2026 Model AI Governance Framework for Agentic AI — adds traceability, bounding, accountability, and human-decision-maker attribution as design principles. Cross-border transfers require comparable protection per Section 26.

## What AI voice/chat must do

A Singapore-facing voice or chat agent gives notice of AI use at collection, captures purpose-limited consent (or relies on a PDPA exception with documentation), supports access and correction within 30 days, retains personal data only as long as the purpose requires, and applies reasonable security. PDPC's AI guidelines push organisations to disclose whether AI is used in recommendation or decision systems and how. The 2026 Agentic AI framework requires that every action taken by an AI agent be logged and attributable to a human decision-maker, and that agents be bounded — restricted from sensitive silos unless explicitly authorised.

## CallSphere posture

CallSphere — 37 agents, 90+ tools, 115+ DB tables, 6 verticals, 50+ businesses, 4.8/5, HIPAA and SOC 2 aligned — gives Singapore tenants a PDPA-aligned consent, notification, and access-correction stack with a 30-day SLA. Every agent action is logged and attributed to a tenant administrator (the human decision-maker per the IMDA framework). Tools are bounded by tenant policy — sensitive silos require explicit authorisation. The cross-border transfer module documents recipient protection. Pricing $149 / $499 / $1,499; [14-day trial](/trial); 22% [affiliate](/affiliate); see [/pricing](/pricing) and [/contact](/contact).

```mermaid
flowchart LR
A[SG Caller] --> B[Voice Agent]
B --> C[Notification]
B --> D[Consent + Purpose]
B --> E[Action Log]
E --> F[Human Attribution]
B --> G[Tool Bounding]
G --> H[Sensitive Silo\nAuth]
```

## Compliance checklist

1. Issue a notification at collection that AI is used in recommendation or decision systems.
2. Capture purpose-limited consent or document a PDPA exception.
3. Build access-and-correction workflows with a 30-day response SLA.
4. Apply retention-limitation policy per workflow.
5. Implement reasonable protection — encryption, access control, audit log.
6. Log every agent action and attribute it to a named human decision-maker.
7. Bound tools so sensitive-data silos require explicit authorisation per task.
8. Document cross-border transfers and the recipient's comparable protection.
9. Adopt the IMDA Model AI Governance Framework for Agentic AI.
10. Run a periodic Data Protection Impact Assessment for AI deployments.

## FAQ

**Is consent always required?**
Several PDPA exceptions exist — business-improvement, research, legal obligation. Document the exception or default to consent.

**Are voice biometrics special?**
PDPC treats biometrics as data needing strong protection; consent is the safer default.

**What is "human attribution"?**
Every AI-agent action must be traceable to a human decision-maker who configured or authorised the action — IMDA's 2026 framework treats this as fundamental.

**Are penalties strict?**
Up to S$1M or 10% of annual Singapore turnover; PDPC has been increasingly active.

**Does the AI Verify framework apply?**
AI Verify is voluntary but encouraged for high-risk AI. Aligning with it strengthens accountability defences.

## Sources

- PDPC Singapore: [https://www.pdpc.gov.sg/](https://www.pdpc.gov.sg/)
- PDPA Full Text: [https://sso.agc.gov.sg/Act/PDPA2012](https://sso.agc.gov.sg/Act/PDPA2012)
- PDPC Advisory Guidelines on AI Recommendation and Decision Systems: [https://www.pdpc.gov.sg/-/media/files/pdpc/pdf-files/advisory-guidelines/advisory-guidelines-on-the-use-of-personal-data-in-ai-recommendation-and-decision-systems.pdf](https://www.pdpc.gov.sg/-/media/files/pdpc/pdf-files/advisory-guidelines/advisory-guidelines-on-the-use-of-personal-data-in-ai-recommendation-and-decision-systems.pdf)
- IMDA Model AI Governance Framework: [https://www.imda.gov.sg/resources/digital-strategy-and-policy/model-ai-governance-framework](https://www.imda.gov.sg/resources/digital-strategy-and-policy/model-ai-governance-framework)
- Chambers Singapore Data Protection 2026: [https://practiceguides.chambers.com/practice-guides/data-protection-privacy-2026/singapore](https://practiceguides.chambers.com/practice-guides/data-protection-privacy-2026/singapore)

---

Source: https://callsphere.ai/blog/vw6f-singapore-pdpa-ai-2026-pdpc