Republic of Korea: Personal Information Protection Commission concluded assessment of Amazon Web Services, Microsoft Azure, and Naver Cloud Platform on personal information protection

On 10 December 2025, the Personal Information Protection Commission (PIPC) concluded the review into cloud service providers, including Amazon Web Services, Azure, and Naver Cloud Platform. In June 2025, the PIPC assessed the services to test compliance with the Personal Information Protection Act and found that key security features required manual configuration and paid add-ons across the providers. The PIPC noted gaps in default log retention and access controls and recommended clearer guidance. The PIPC confirmed that the cloud service providers implemented all the improvement recommendations. The PIPC stated that the providers introduced additional technical and organisational safeguards, including new in-service settings and separate subscription-based solutions. The providers also issued the guidelines for users to ensure compliance with obligations under the Act.