"Information Security Disclosure Obligation Expanded to All Listed Companies"... Enforcement Decree Open for Legislative Notice

The Ministry of Science and ICT announced on January 9 that it will hold a legislative notice period until January 19 for a proposed revision to the Enforcement Decree of the Act on the Promotion of the Information Security Industry, which expands the scope of entities required to publicly disclose their information security status.

This revision is one of the follow-up measures to the "Pan-Governmental Comprehensive Information Security Measures" jointly announced by relevant ministries in October of last year. Its aim is to address blind spots in the information security disclosure system and to strengthen the information security responsibilities of companies with significant social influence, such as listed companies.

Specifically, the revision removes the previous requirement of "annual sales of 300 billion won or more," which applied to listed companies, thereby expanding the disclosure obligation to all companies listed on the KOSPI and KOSDAQ markets. In addition, companies required to obtain Information Security Management System (ISMS) certification are now included in the disclosure obligation. The revision also eliminates the exemption clauses for public institutions, financial companies, small businesses, and electronic financial service providers, which had previously been excluded from the obligation. The full text of the proposed revision can be found on the Ministry of Science and ICT website, and opinions can be submitted through the National Legislative Information Center.

The Ministry of Science and ICT plans to hold a public hearing during the legislative notice period to gather feedback, and will proceed with subsequent procedures such as consultations with relevant ministries and review by the Ministry of Government Legislation. The goal is to apply the new requirements to information security disclosure entities starting next year. In addition, the ministry will distribute disclosure guidelines, offer customized consulting, and provide educational support to newly included companies and institutions.

Choi Woo-hyuk, Director General of Network Policy at the Ministry of Science and ICT, stated, "Information security disclosure is a key means for companies to fulfill their social responsibilities," adding, "This improvement to the system will provide an opportunity to monitor the information security status of more companies and encourage voluntary investment in security, thereby raising the overall level of information security in society."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.