The verification system for cloud companies seeking entry to the public sector market will be simplified. The government will unify the process under a single National Intelligence Service verification system to raise administrative efficiency and support service innovation by companies.

The Ministry of Science and ICT and the National Intelligence Service announced the plan to improve procedures for entering the public cloud market on April 20.

Until now, a cloud service company seeking to enter the public market had to first obtain the ministry's Cloud Security Assurance Program (CSAP) certification and then undergo the NIS security review.

The new plan would shift to a single NIS verification system. Products that obtained CSAP certification before the single system takes effect will keep their validity periods. Verification items will also be improved to match the characteristics of cloud technology, with a plan to strengthen the security level of public cloud services and ease the burden on companies.

The government will revise the National Cloud Computing Security Guidelines and other rules to reflect the changes in the first half of this year. After a one-year grace period, it will fully enforce the system from the second half of 2027.

To ensure smooth implementation, a public-private verification review committee made up of officials recommended by the ministry and experts from industry, academia and research will assess whether verification results are fair and valid. The expertise of existing CSAP assessment bodies will be linked to the new system to ensure administrative continuity.

The ministry plans to foster integration in the private sector by combining cloud service self-regulatory security certification into the Information Security Management System (ISMS), a corporate information protection management system. The goal of the transition is to integrate similar security standards across certifications into a single framework, maximize the efficiency of administrative procedures and create an environment in which companies can focus more on core service innovation.

Ryu Je-myeong (류제명), second vice minister at the ministry, said, "We will cooperate with the NIS to support our companies so they can overcome the security hurdle easily and quickly." He added, "We will provide a transition period for the system so that existing companies' investments do not go to waste and help the stable growth of the industry ecosystem."

Kim Chang-seop (김창섭), third deputy director at the NIS, said, "With this policy, we focused on resolving the difficulties of companies that have suffered inconvenience due to dual regulation and on raising the security level of public-use clouds." He added, "We will continue to communicate with the industry in a direction that eases the burden on companies."