Information Security Industry Act to Take Effect Next Month
Payment Service Providers Already Submitted to FSC
Additional Costs and Time Investment Inevitable
[Asia Economy Reporter Kiho Sung] With less than a month remaining before the enforcement of the "Partial Amendment Act on the Promotion of the Information Security Industry (Information Security Industry Act)," controversy is arising over overlapping regulations on electronic financial service providers. Although authorities have stated that they will resolve the controversy through enforcement ordinances when the related bill is reviewed by the National Assembly, the overlapping regulation provisions have been left intact. The industry is expressing concerns, anticipating that additional costs and time investments will be inevitable.
According to the National Assembly and political circles on the 15th, the Information Security Industry Act will take effect on July 9. The bill passed the plenary session of the National Assembly on May 21 and was approved at the Cabinet meeting on June 1.
The Information Security Industry Act aims to promote safe internet use by information and communication service users and encourage corporate investment in information security by mandating information security disclosures for companies above a certain size. Companies exceeding a certain scale must disclose information security measures, and failure to comply will result in a fine of up to 10 million KRW.
The problem lies in the fact that the exemption clause for electronic financial service providers, which authorities initially promised, was omitted from the enforcement ordinance. Electronic financial service providers already submit related information annually to the Financial Services Commission under the current Electronic Financial Transactions Act. This issue was also controversial during the National Assembly review. On March 23, when lawmakers Seongjung Park and Eun-ah Heo of the People Power Party pointed out the overlapping regulation issue at the Science, Technology, Information and Communications Committee’s bill review subcommittee, Deputy Minister Seokyoung Jang of the Ministry of Science and ICT stated, "We plan to exclude those subject to the Electronic Financial Transactions Act when revising the enforcement ordinance." When Subcommittee Chair Park questioned again whether exclusion would be difficult with only an enforcement ordinance revision, Deputy Minister Jang promised to reflect the related content by modifying the wording of the enforcement ordinance. However, the enforcement ordinance disclosed by the Ministry of Science and ICT mandates that electronic financial service providers also comply with disclosure obligations under this law.
The industry points out that additional costs and considerable time will be required. Besides the issue of overlapping regulations, the burden of data submission and disclosure, as well as the need for prior and subsequent verification of disclosure content, will inevitably require additional personnel, time, and costs.
Furthermore, it is also criticized that the Ministry of Science and ICT did not actively gather opinions from electronic financial service providers or related associations during the preparation of the bill or enforcement ordinance.
A fintech industry official said, "Electronic financial service providers are already obligated under the Electronic Financial Transactions Act to conduct information security activities beyond the disclosure system, such as vulnerability analysis and evaluation, and breach response training," adding, "If the Ministry of Science and ICT’s enforcement ordinance amendment passes as is, it will clearly result in overlapping and excessive regulation." He also noted, "There are voices suggesting that the Ministry of Science and ICT included related content in the enforcement ordinance to expand its jurisdiction."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
