Republic of Korea: Personal Information Protection Commission investigation into Amazon Web Services, Azure, and Naver Cloud Platform over Personal Information Protection Act compliance
Progress
Current status
concluded
10 Dec 2025 concluded
11 Jun 2025 under investigation
Scope
Implementers
Republic of Korea
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: cloud computing, storage and databases
Government Branch
executive
Government Body
data protection authority
Implementation Level
national
Timeline of events
Personal Information Protection Commission concluded assessment of Amazon Web Services, Microsoft Azure, and Naver Cloud Platform on personal information protection
On 10 December 2025, the Personal Information Protection Commission (PIPC) concluded the review into cloud service providers, including Amazon Web Services, Azure, and Naver Cloud Platform. In June 2025, the PIPC assessed the services to test compli…
SourceEvent type
investigation
Action type
closure
Government branch
executive
Government body
data protection authority
Personal Information Protection Commission issued a report following security assessment of AWS, Azure, and NCP
On 11 June 2025, the Personal Information Protection Commission (PIPC) of the Republic of Korea announced the results of its security assessment concerning Amazon Web Services (AWS), Azure, and Naver Cloud Platform (NCP) cloud services. The assessme…
SourceEvent type
investigation
Action type
interim ruling
Government branch
executive
Government body
data protection authority