A revision to South Korea’s Information and Communications Network Act that strengthens the full scope of measures from preventing cyber incidents to responding to them passed a cabinet meeting on Monday.

The Ministry of Science and ICT said the revision, which integrates more than 20 bills from ruling and opposition lawmakers, was approved at the cabinet meeting after passing a plenary session of the National Assembly on March 12. The move is a follow-up step as demands grew to strengthen cybersecurity after a series of hacking incidents last year. The government drew up a government-wide comprehensive information security plan under the lead of the Office of National Security in October last year.

Key provisions include strengthening the authority and role of chief information security officers and mandating the establishment and operation of corporate information security committees, introducing a security-level evaluation system in 2027, reinforcing the effectiveness of information security management system certifications, and setting a legal basis for on-site inspections before a company files a report when the government secures indications of a hacking incident. The revision also raises administrative fines for delayed reporting and intentional non-reporting, creates an enforcement fine for companies that fail to faithfully implement measures to prevent recurrence, and creates a penalty surcharge for companies with repeated cyber incidents.

The revision will take effect six months after promulgation. The ministry plans to promptly prepare subordinate regulations.

Science Minister and Deputy Prime Minister Bae Kyung-hoon (배경훈) said, "This revision will raise the prevention and response system for cyber incidents by one level, ease public anxiety, and provide a foundation for companies to continue growing under thorough security."