Republic of Korea: Information Security Level Evaluation obligations in Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force

On 1 April 2027, the Information Security Level Evaluation obligations in the Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force. The Korea Ministry of Science and ICT must conduct an annual evaluation of qualifying information and communications service providers to assess their compliance with statutory obligations and the stability and reliability of their information and communications networks. Qualifying providers are determined by Presidential Decree on the basis of business type, revenue scale, and number of users. The Korea Ministry of Science and ICT may publish evaluation results. Qualifying providers must submit relevant data to the Minister upon request and must not refuse or submit false information. Where the evaluation finds that a provider's information security level is insufficient, the Korea Ministry of Science and ICT may issue improvement recommendations, and providers must make sincere efforts to implement those recommendations and submit a report on measures taken to the Minister.