Digital Policy Alert logo

Republic of Korea: Incident response and user notification obligations in Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force

Policy overview

Description

Incident response and user notification obligations in Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force

On 1 October 2026, the incident response, user notification, and organisational obligations in the Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force. Major information …

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: internet and telecom services
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2025-11-24
under deliberation

On 24 November 2025, a Bill amending the Network Act was introduced to the National Assembly. The B…

2026-03-20
adopted

On 20 March 2026, the Bill amending the Network Act, including incident response obligations and en…

2026-03-31
adopted

On 31 March 2026, the President of Korea promulgated the Act on Promotion of Information and Commun…

2026-10-01
in grace period

On 1 October 2026, the incident response, user notification, and organisational obligations in the …

2027-04-01
in force

On 1 April 2027, the Information Security Level Evaluation obligations in the Act on Promotion of I…