Oxaide
Back to blog
Regulatory Compliance

BESS Safety Monitoring Under IM8What Singapore Grid Operators Must Now Prove

Following Singapore EMA technical updates, grid operators need a clearer record of how battery safety is monitored, reviewed, and documented beyond basic BMS alarms.

February 15, 2026
7 min read
Oxaide Team
BESS Safety Monitoring Under IM8: What Singapore Grid Operators Must Now Prove

BESS Safety Monitoring Under IM8: What Singapore Grid Operators Must Now Prove

The 2021 VivoCity carpark fire, in which a grid-tied solar BESS installation triggered a thermal runaway cascade, marked a regulatory inflection point for battery energy storage in Singapore. Since then, EMA and BCA expectations have hardened, and GeBIZ tenders increasingly ask for evidence that safety monitoring is real rather than merely claimed.

For operators, developers, and EPCCs managing BESS installations in Singapore, the question is no longer whether safety monitoring matters. The question is what documentation standard will still look credible after a serious incident review.

The IM8 Context

The Instruction Manual 8 (IM8) framework governs critical infrastructure in Singapore across sectors including energy, water, and communications. For BESS assets connected to the national grid or co-located with critical facilities, IM8 Clause 6 (Operational and Security Monitoring) establishes requirements for:

  • Continuous monitoring of systems with potential for cascading failure
  • Audit trails demonstrating timely response to anomalous states
  • Documentation of monitoring methodology sufficient for independent review

IM8 does not prescribe one specific software stack. It sets an outcomes and documentation standard: operators must be able to show that their monitoring methodology would detect precursor states before they escalate.

This is where most current BESS safety monitoring falls short.

What BMS Safety Monitoring Cannot Prove

A standard BESS deployment with commercial BMS (BYD, CATL, Sungrow, or similar) provides:

  • Pack-level voltage and current monitoring
  • Module-level (sometimes cell-level) temperature sensors
  • Battery pack State-of-Charge and State-of-Health estimates
  • Basic alarm thresholds (over-voltage, over-temperature, under-voltage)

For routine operations, this can be adequate. For post-incident scrutiny, it leaves three very uncomfortable blind spots:

Gap 1: No Detection of Electrochemical Precursors

BMS alarms trigger on threshold exceedances, temperature above setpoint, voltage below cutoff. They do not detect the electrochemical states that precede threshold events by hours or days.

Lithium plating, the primary thermal runaway precursor mechanism in LFP cells, produces no voltage alarm and no temperature alarm during its progression. By the time a temperature alarm fires on a cell undergoing internal short from a mature lithium dendrite, propagation is potentially seconds away.

If an IM8 auditor or investigator sees only threshold alarms in the record, the next question is obvious: what was the monitoring regime supposed to catch before those alarms fired? If the honest answer is "nothing," that is the gap.

Gap 2: No Independent Verification of BMS Health Claims

BESS vendors certify their own BMS. The BMS calculates its own SoH. When a safety incident occurs, the first question from EMA or BCA investigators will be: what independent verification did you have of the asset's actual degradation state?

Third-party forensic records from independent physics-based analysis, showing that the operator was monitoring degradation modes rather than simply trusting BMS outputs, are much easier to defend. A BMS printout signed off by the same OEM that built the asset is not the same thing.

Gap 3: Cycling History Is Not a Safety Record

SCADA historian logs showing voltage, current, temperature, and availability are operational records. They are not safety records by themselves. A safety record requires interpretation, meaning analysis that connects the data to degradation and risk conclusions.

Without documented analysis methodology and findings, raw SCADA logs are discovery material in an incident investigation, not protection from liability.

What a Defensible Safety Record Requires

Under IM8 and EMA Technical Reference TR 56 (for BESS installations), a defensible safety record should include:

1. Independent Degradation State Assessment

A physics-informed analysis of battery health, performed by a party independent of the OEM and EPC, that classifies:

  • Dominant degradation mode (capacity fade, lithium plating, impedance rise)
  • Thermal runaway risk score at the rack/cluster level
  • Whether the cycling protocol used creates elevated lithium plating risk

This corresponds exactly to the Oxaide Verify forensic audit output.

Recommended frequency: at commissioning, at 24 months, and before any significant cycling protocol change.

2. Documented Monitoring Methodology

A written methodology document specifying:

  • What parameters are monitored and at what resolution
  • What analytical methods are applied to detect precursor states (not just thresholds)
  • Who reviews findings and on what schedule
  • What triggers an operational restriction or shutdown

This document becomes the standard against which post-incident compliance is evaluated.

3. Incident-Ready Data Architecture

All monitoring data, including BMS logs, SCADA historian records, and third-party forensic reports, must be:

  • Retained for a minimum period consistent with IM8 audit requirements
  • Reproducible (queryable by date and asset ID without manual assembly)
  • Accessible to authorized investigators

For operators using on-premise BESS management systems, this typically requires verifying that BMS raw logs (not just SCADA aggregates) are retained and exportable.

The GeBIZ Opportunity

Government procurement through GeBIZ, including EMA technical service frameworks, BCA building safety assessments, and statutory board BESS installations, has increasingly included BESS safety monitoring capability as a selection criterion.

Consultancies and EPCCs that can demonstrate a documented forensic audit methodology, with third-party independent analysis, are in a differentiated position for:

  • EMA-related BESS deployment and monitoring contracts
  • BCA building safety for BESS co-located with public buildings (hospitals, schools, HDB)
  • MOD and public infrastructure resilience projects

Oxaide Verify forensic reports are formatted with chain-of-custody documentation and independent analysis certification so they can be submitted as part of a GeBIZ pre-qualification package or as an appendix to a safety case.

Practical Steps for Operators

If you currently operate a grid-tied BESS in Singapore:

  1. Commission a Verify forensic audit for assets commissioned more than 18 months ago. This establishes an independent safety baseline.
  2. Request your BMS raw log export format and confirm your data retention architecture covers IM8 periods
  3. Draft a monitoring methodology document using the forensic audit findings as the technical foundation. The Verify report gives you language that is much easier to defend.
  4. Establish re-audit schedule at 24-month intervals or following significant cycling protocol changes

If you are tendering for GeBIZ BESS-related work:

Review the BESS safety monitoring requirements in the ITT carefully. Third-party independent forensic analysis (rather than OEM self-certification) is increasingly the standard of proof that evaluators expect.

Regulatory expectations for BESS safety documentation have permanently shifted post-VivoCity. Operators who wait until the next routine maintenance cycle to establish independent safety records are carrying a compliance gap today, not someday.

Commission an IM8-Ready Safety Audit → | Contact for GeBIZ Pre-Qualification Support

V

Independent forensic review

Oxaide Verify

Scoped forensic review for BESS assets

Review focus

Establish the asset baseline clearly

We review telemetry, operating history, and the physical signals standard reporting tends to miss.

Root cause, not just symptoms
Yield and safety blind spots surfaced
Clear report for operators and investors
Independent scopeRoot-cause analysisOperator-ready summary

Brief the asset, share available telemetry, and we’ll scope the review from there.

Continue Reading

View all posts
BESS Audit

Singapore BESS Audit: What an Independent Forensic Review Should Cover

A practical guide for Singapore operators, investors, and O&M teams evaluating what a defensible BESS audit should include beyond OEM dashboards and BMS health claims.

Mar 11, 20268 min read
Asset Management

Annual BESS Monitoring for Asset Owners: When Reactive Maintenance Stops Working

Annual BESS monitoring gives asset owners a cleaner way to catch yield gaps, resistance drift, warranty pressure, and operating-risk changes before reactive maintenance gets expensive.

Mar 1, 20266 min read
Grid Analytics

BESS Dispatch Optimization for IPPs: How SoH Errors Create Revenue Leakage

For IPPs operating utility-scale BESS in Singapore's frequency regulation and energy arbitrage markets, SoH errors become revenue leakage. Inaccurate battery health assumptions distort bids, cycling depth, and operating limits.

Feb 16, 20268 min read
Operating posture

Scope first

Defined review scope

Boundary, telemetry window, and mandate question are pinned down before conclusions move.

Encrypted handling

Protected review workflow

Review traffic and operating data are handled with encrypted transfer and controlled access.

Customer boundary

Customer-controlled deployment

Managed, private, and isolated deployment paths are available when the environment requires them.

Direct accountability

Principal sign-off

Technical accountability stays close to the method rather than disappearing into a generic workflow.