Information Security Disclosure System Approved at Cabinet Meeting on the 1st
Fines up to 10 Million KRW for Violations
Applicable from Second Half of the Year, Newly Established by Presidential Decree
[Asia Economy Reporter Minyoung Cha] The Ministry of Science and ICT announced that it will promote a mandatory information security disclosure system for companies above a certain scale to ensure safe internet use for the public and to encourage corporate investment in information security.
The Ministry stated that the amendment to the Act on the Promotion of the Information Security Industry (hereinafter referred to as the Information Security Industry Act), which includes this provision, passed the 387th National Assembly (extraordinary session) plenary session and was approved at the Cabinet meeting on the 1st. The amendment will take effect six months after its promulgation.
The information security disclosure system is a system under Article 13 of the Information Security Industry Act that allows companies to voluntarily disclose their information security status, including investments, personnel, and certification status. With the acceleration of digital transformation following the Fourth Industrial Revolution and COVID-19, the importance of information security has increased. There have been ongoing calls for a shift in perception to view information security investment not as a cost but as a necessity, and to promote related corporate investments.
Following the approval of the amendment to the Information Security Industry Act at this Cabinet meeting, companies above a certain scale will be required to disclose their information security status. Violations will result in fines of up to 10 million KRW.
Detailed criteria for selecting the target companies will be established through consultations with experts from academia, industry, and research, as well as stakeholders, and will be enacted as a presidential decree in the second half of the year. Factors such as business sector, sales revenue, and number of users will be considered. Although not mandatory, companies that voluntarily participate in the disclosure system will continue to receive benefits such as reduced fees for information security management system certification.
Hong Jin-bae, Director of Information Security Network Policy at the Ministry of Science and ICT, stated, “Once information security disclosure becomes mandatory, corporate investments and personnel in information security will be transparently disclosed to the general public, which is expected to protect users,” and added, “We anticipate effects in strengthening information security and promoting the information security industry.”
Meanwhile, the Korea Internet & Security Agency (KISA) is providing free consulting on the information security disclosure process, including data calculation and procedural guidance necessary for information security disclosure.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
