The Ministry of Science and ICT announced on the 9th that it will pre-announce the amendment to the Enforcement Decree of the Act on the Promotion of Information Protection Industry (hereinafter referred to as the Information Protection Industry Act) until the 19th of next month. This amendment is one of the follow-up measures to the ‘Comprehensive Information Protection Measures’ announced jointly by related ministries in October last year to alleviate public anxiety caused by recent widespread hacking incidents and strengthen the nation’s information protection capabilities.
This measure aims to eliminate blind spots in the information protection disclosure system and strengthen the information protection responsibilities of companies with high social influence, such as listed companies. The condition of ‘sales of 3 trillion won or more’ previously applied to listed companies will be deleted, expanding the disclosure obligation to all listed corporations in the KOSPI and KOSDAQ markets. Additionally, companies obligated to obtain Information Security Management System (ISMS) certification will be newly included in the disclosure obligation.
Furthermore, the exception clauses for public institutions, financial companies, small businesses, and electronic financial operators, which were previously excluded from the obligation, will be deleted to enhance the fairness of the system’s application. The full text of the amendment to the Enforcement Decree of the Information Protection Industry Act can be found on the Ministry of Science and ICT’s website (www.msit.go.kr) under the ‘Legislation/Administrative Notice’ bulletin board, and opinions can be submitted through the National Participation Legislative Center (http://opinion.lawmaking.go.kr).
During the pre-announcement period, the Ministry of Science and ICT plans to fully collect opinions from stakeholders and the public through public hearings, and proceed with follow-up procedures such as consultations with related ministries and review by the Ministry of Government Legislation so that it can be applied to information protection disclosure subjects from 2027. To alleviate the burden on newly incorporated subjects (companies and institutions) when the system is implemented, the ministry plans to distribute disclosure guidelines, provide customized consulting, and support education.