Activity Tracker

The DPA Activity Tracker provides our latest information on developments in legislatures, judiciaries and the executive branches of G20, EU member states and Switzerland.

22 events advancing 17 policy or regulatory changes:

Most active jurisdictions Number of policy changes

Graph

Table

Most active policy areas Number of policy changes
Targeted economic activity Number of policy changes
Reset filters
22 events advancing 17 policy or regulatory changes:
adopted

Bill amending Personal Information Protection Act (Bill No. 2216765/Act No. 21445)

Latest event Date: 2027-07-01 law implementation

Mandatory personal information protection certification provisions of Personal Information Protection Act (Act No. 21445) entered into force

On 1 July 2027, the amended Article 32-2(1) proviso and Article 75(2) item 15 of Act No. 21445, amending the Personal Information Protection Act, entered into force. Under the amended Article 32-2(1) proviso, personal information processors meeting …

Implementer
Republic of Korea
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity cross-cutting
adopted

Bill amending Network Act including incident response obligations and enforcement measures (Bill No. 2214896/Law No. 21500)

Latest event Date: 2027-04-01 law implementation

Information Security Level Evaluation obligations in Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force

On 1 April 2027, the Information Security Level Evaluation obligations in the Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force. The Korea Ministry of Science and ICT m…

Implementer
Republic of Korea
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity infrastructure provider: internet and telecom services
under deliberation

Consumer protection authority governance in Partial Amendment to Act on Consumer Protection in Electronic Commerce (Act No. 21312)

Latest event Date: 2027-02-07 law implementation

Partial Amendment to the Act on Consumer Protection in Electronic Commerce (Law No. 21312) including consumer protection authority governance enters into force

On 7 February 2027, the amendment to Article 39(3) of the Act on Consumer Protection in Electronic Commerce (Law No. 21312) enters into force. The Act applies to businesses under investigation or review by the Korea Fair Trade Commission (KFTC) for …

Implementer
Republic of Korea
Policy area Consumer protection
Policy or regulatory element Consumer protection authority governance
Economic activity platform intermediary: e-commerce, other service provider, platform intermediary: other
adopted

Local operations requirement in amendments to Enforcement Decree of Act on Consumer Protection in E-Commerce

Latest event Date: 2027-01-21 order implementation

Enforcement Decree of Act on Consumer Protection in E-Commerce including local operations requirement enters into force

On 21 January 2027, the amendment to the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, including local operations requirement, enters into force. Article 25-4 of the Decree includes provisions on foreign businesses wit…

Implementer
Republic of Korea
Policy area Other operating conditions
Policy or regulatory element Local operations requirement
Economic activity cross-cutting
under deliberation

Local operations requirement in Partial Amendment to the Act on Consumer Protection in Electronic Commerce (Act No. 21312)

Latest event Date: 2027-01-20 law implementation

Partial Amendment to the Act on Consumer Protection in Electronic Commerce (Act No. 21312) including local operations requirement enters into force

On 20 January 2027, the local operations requirement from the Act on Consumer Protection in Electronic Commerce (Law No. 21312) enter into force, 1 year after promulgation on 20 January 2026. The Act applies to overseas mail-order businesses and onl…

Implementer
Republic of Korea
Policy area Other operating conditions
Policy or regulatory element Local operations requirement
Economic activity platform intermediary: e-commerce
in force

Content moderation regulation in Amended Enforcement Decree of Network Act (Decree No. 36502)

Latest event Date: 2027-01-01 order implementation

Amended Enforcement Decree of Network Act including content moderation regulation for large scale information and communications service providers enters into force

On 1 January 2027, the provisions under the Amended Enforcement Decree of the Network Act regarding content moderation requirements for large-scale information and communications service providers enter into force. The amended Decree establishes tha…

Implementer
Republic of Korea
Policy area Content moderation
Policy or regulatory element Content moderation regulation
Economic activity platform intermediary: user-generated content, platform intermediary: other
in force

Personal Information Protection Commission revised Standards for Measures to Ensure the Safety of Personal Information

Latest event Date: 2026-10-31 order implementation

Articles 4, 5, 6, and 8 of Personal Information Protection Commission amendment to Standards for Measures to Ensure the Safety of Personal Information enter into force

On 31 October 2026, Articles 4, 5, 6, and 8 of the Personal Information Protection Commission amendment to the Standards for Measures to Ensure the Safety of Personal Information enter into force. Article 4 requires organisations to create and imple…

Implementer
Republic of Korea
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity cross-cutting
adopted

Consumer review disclosure in amendments to Enforcement Decree of Act on Consumer Protection in E-Commerce

Latest event Date: 2026-10-21 order implementation

Grace period for compliance with the review disclosure requirements under Enforcement Decree of Act on Consumer Protection in E-Commerce ends

On 21 October 2026, the 3-month grace period for compliance with the review-disclosure requirements under Article 27-3 of the amended Enforcement Decree of the Act on Consumer Protection in Electronic Commerce ends. From this date, e-commerce operat…

Implementer
Republic of Korea
Policy area Consumer protection
Policy or regulatory element Fair marketing and advertising practice requirement
Economic activity platform intermediary: e-commerce, other service provider, platform intermediary: other
under deliberation

EU-South Korea equivalence recognition system enabling mutual data transfer framework

Latest event Date: 2026-09-16 order implementation

European Union-Korea mutual data equivalence recognition agreement for personal data transfers entered into force

On 16 September 2025, the Personal Information Protection Commission of Korea (PIPC) recognised the European Union's (EU) personal data framework as equivalent. The arrangement covers both public authorities and private companies transferring data b…

Implementer
Republic of Korea
Policy area Data governance
Policy or regulatory element Cross-border data transfer regulation
Economic activity cross-cutting
adopted

Amendment to enforcement decree of the Personal Information Protection Act including provisions on restructuring data portability framework

Latest event Date: 2026-08-20 order implementation

Amendments to enforcement decree of Personal Information Protection Act including provisions on restructuring data portability framework enters into force

On 20 August 2026, the amendments to the enforcement decree of the Personal Information Protection Act, including provisions on restructuring the data portability framework enters into force. The amendments split the previously unified category of i…

Implementer
Republic of Korea
Policy area Data governance
Policy or regulatory element Data protection regulation
Economic activity cross-cutting
Page
1
2