Registration of Criminals (DNA Database, Identification Database and Register) Rules 2023

Statute Details

• Title: Registration of Criminals (DNA Database, Identification Database and Register) Rules 2023
• Act Code: RCA1949-S358-2023
• Legislation Type: Subsidiary Legislation (sl)
• Enacting Act: Registration of Criminals Act 1949
• Power to Make Rules: Section 49 of the Registration of Criminals Act 1949
• Commencement: 12 June 2023
• Current Version (as provided): Current version as at 27 Mar 2026
• Key Provisions (from extract): Sections 1–6
• Most Relevant Topics: Removal applications; prescribed timelines; safeguards for databases; prescribed purposes for DNA database use
• Notable Amendments (from timeline): Amended by S 127/2025; S 584/2025 (effective 08/09/2025); Amended by S 6/2026 (effective 13/01/2026)

What Is This Legislation About?

The Registration of Criminals (DNA Database, Identification Database and Register) Rules 2023 (“the Rules”) are subsidiary legislation made under the Registration of Criminals Act 1949 (“the Act”). In plain terms, the Rules operationalise how Singapore manages sensitive criminal justice records—particularly DNA and identifying information—by setting out (i) how individuals may apply to have information removed, (ii) the time limits for such applications, (iii) technical and procedural safeguards for database security, and (iv) the specific purposes for which DNA information may be used.

Although the Act provides the overarching legal framework for registration, retention, and removal of information, the Rules fill in the practical details that lawyers and affected individuals need to navigate. This includes the exact application channels (online via Singpass or otherwise), the prescribed deadlines tied to events in the criminal process, and compliance-oriented safeguards such as segregation of servers, access controls, monitoring, and audit trails.

Importantly, the Rules also specify “prescribed purposes” under section 32(h) of the Act. This matters because DNA data is highly sensitive: the law must clearly define the legitimate contexts in which DNA information may be used for forensic comparison. The Rules therefore help constrain and legitimise database use by enumerating particular investigations and processes—such as investigations under the Misuse of Drugs Act 1973, and certain military or internal security-related inquiries.

What Are the Key Provisions?

1. Citation and commencement (Section 1)
Section 1 provides the short title and commencement date. The Rules come into operation on 12 June 2023. For practitioners, this is relevant when assessing whether particular administrative actions (for example, database handling or removal application processing) were governed by the 2023 Rules or earlier instruments.

2. Definitions and scope of “specified database” (Section 2)
Section 2 defines key terms. Two definitions are central to understanding the Rules’ reach:

• “Specified database” means the DNA database, the identification database, or the register.
• “Database server” refers to a computer database that stores and maintains information or records of a specified database.

These definitions matter because the safeguards in Section 5 apply to “specified databases” and their servers, and the removal application provisions in Sections 3 and 4 apply to both the identification database and the DNA database.

3. Application for removal of information (Section 3)
Sections 3 and 4 implement the Act’s removal mechanism. Section 3 states that an application mentioned in section 37(2) or (4) of the Act must be made in one of two ways:

• If the applicant is a Singpass holder: the application must be made online using the form accessible through https://police.gov.sg/E-Services/Apply-for-Removal-of-DNA-and-Identifying-Information.
• If the applicant is not a Singpass holder: the application must be made in the form and manner specified on the same website.

This provision is practically important for counsel advising clients on procedural compliance. Failure to use the correct channel may lead to administrative rejection or delay. The Rules also reflect a modernised administrative process: Singpass holders are directed to an online workflow, while non-Singpass applicants follow the alternative instructions published by the Police.

4. Prescribed time limits for removal applications (Section 4)
Section 4 prescribes the “time” for purposes of section 37(4) of the Act. The prescribed time is either:

• 15 days after the date of occurrence of any one of the circumstances mentioned in section 37(3)(b) of the Act; or
• If the Registrar previously notified the individual under section 39(2) of the Act that certain circumstances exist, then:
  • 15 days after the ongoing prosecution or investigation is concluded where the circumstance in section 39(1)(a) exists (regardless of whether section 39(1)(b) also exists); and
  • Any time where the circumstance in section 39(1)(b) exists but the circumstance in section 39(1)(a) does not exist.

From a legal practice standpoint, Section 4 is often where disputes arise: the “clock” for filing a removal application depends on (i) the nature of the triggering circumstance and (ii) whether the Registrar has issued a notification under section 39(2). Counsel should therefore carefully map the client’s procedural history—charging, prosecution status, investigation status, and any Registrar notifications—against the statutory triggers to determine whether an application is timely.

5. Safeguards for specified databases (Section 5)
Section 5 imposes concrete security and governance obligations on the Registrar. It requires:

• Segregated backup infrastructure: information and records must be stored and maintained in a back-up database server that is separate and distinct from any server used for day-to-day operations.
• No internet accessibility: a database server must not be accessible from the internet.
• Physical/visual monitoring: there must be an adequate number of CCTV or other electronic visual monitoring devices at suitable locations where the database or its server is stored or located.
• Protection against loss and misuse: appropriate protocols and processes must protect against accidental or unlawful loss, modification, destruction, unauthorised access, disclosure, copying, use, or modification.
• Periodic monitoring and evaluation: the Registrar must periodically monitor and evaluate the protocols to ensure they are effective and complied with by persons who access the database.
• Secure audit trail: there must be an electronic record of any change made to the DNA database or identification database, and that record must be secured against interference or tampering.

These safeguards are significant because they translate abstract privacy and security expectations into enforceable administrative requirements. For practitioners, Section 5 also provides a benchmark for assessing whether database handling practices are defensible if challenged—whether in administrative review contexts, in litigation, or in complaints.

6. Prescribed purposes for DNA database use (Section 6)
Section 6 is the Rules’ “use limitation” provision. It specifies the prescribed purposes for which information stored in the DNA database may be used under section 32(h) of the Act. The purposes are limited to forensic comparison in defined contexts:

• Forensic comparison with other DNA information during an investigation of an offence conducted by an officer of the Bureau as defined in section 2 of the Misuse of Drugs Act 1973.
• Forensic comparison during investigations of offences under the Misuse of Drugs Act 1973 or the Penal Code 1871, conducted by a military policeman serving as an investigating officer under section 177(b) of the Singapore Armed Forces Act 1972.
• Forensic comparison during an inquiry into any matter relevant to orders or directions by the President or Minister under section 8 of the Internal Security Act 1960, conducted by a person designated by the Minister as an intelligence officer under section 65(4) of the Police Force Act 2004.

This provision is crucial for counsel advising on the legality of DNA data access and use. It indicates that DNA database information is not a general-purpose resource; rather, its use is tied to forensic comparison and to specific investigative or intelligence-related processes.

How Is This Legislation Structured?

The Rules are structured as a short instrument with six sections:

• Section 1: Citation and commencement.
• Section 2: Definitions (including “specified database” and “database server”).
• Section 3: How to apply for removal of information from the identification database or DNA database (Singpass online route versus non-Singpass route).
• Section 4: Prescribed time limits for making such removal applications, including special timing where the Registrar has issued notifications.
• Section 5: Safeguards for specified databases, covering technical segregation, access restrictions, monitoring, protective protocols, periodic evaluation, and secure audit trails.
• Section 6: Prescribed purposes for DNA database use under section 32(h) of the Act, limiting use to forensic comparison in enumerated contexts.

Who Does This Legislation Apply To?

The Rules primarily apply to the Registrar (and, by extension, the administrative and operational bodies responsible for maintaining the DNA database, identification database, and register). The obligations in Section 5—such as server segregation, non-internet accessibility, monitoring, and secure audit records—are directed at the entity managing the databases.

They also apply to individuals seeking removal of information from the identification database or DNA database. Section 3 and Section 4 set out procedural requirements and deadlines that affect affected persons and their legal representatives. While the Rules do not themselves determine substantive eligibility for removal (that is governed by the Act), they govern the process and timing for making removal applications.

Why Is This Legislation Important?

First, the Rules provide a legally enforceable framework for handling extremely sensitive biometric data. DNA and identifying information implicate privacy, data integrity, and potential misuse concerns. By requiring segregation of backup servers, restricting internet access, mandating monitoring, and requiring secure audit trails, Section 5 helps ensure that database operations meet minimum security standards.

Second, the Rules clarify the removal process in a way that can materially affect outcomes for individuals. Removal applications are time-sensitive and depend on the procedural posture of a person’s case. Section 4’s prescribed timelines—particularly the “15 days after conclusion” and “any time” scenarios tied to Registrar notifications—are critical for practitioners assessing whether a client’s application is late and whether any procedural remedies or arguments are available.

Third, Section 6’s prescribed purposes reinforce the principle of lawful limitation on database use. For counsel, this is a key compliance point: DNA data should only be used for forensic comparison in the specified investigative and inquiry contexts. This can be relevant in challenges to the admissibility or relevance of forensic evidence, in internal compliance reviews, and in oversight or accountability discussions.

Related Legislation

• Registration of Criminals Act 1949
• Misuse of Drugs Act 1973
• Penal Code 1871
• Internal Security Act 1960
• Police Force Act 2004
• Singapore Armed Forces Act 1972

Source Documents

• Official Text — Singapore Statutes Online
• Archived Copy — Litt Law CDN

This article provides an overview of the Registration of Criminals (DNA Database, Identification Database and Register) Rules 2023 for legal research and educational purposes. It does not constitute legal advice. Readers should consult the official text for authoritative provisions.