South Korea's Ministry of Science and ICT on Thursday disclosed 693 companies subject to the information security disclosure system's disclosure requirement for 2026.

The information security disclosure system requires companies to disclose their information security investment, dedicated personnel and related activities. It is intended to encourage corporate spending on information security and strengthen user protection. Companies subject to mandatory disclosure are selected annually based on business area, revenue and user numbers, in line with relevant laws and regulations.

By business area, the list includes major telecommunications operators that own line facilities, internet data center operators, tertiary general hospitals and infrastructure-as-a-service providers. It also includes listed companies with more than 300 billion won in revenue and information and communications service providers with an average daily user count of at least 1,000,000 over the previous 3 months.

This year's list is up 27 companies from a year earlier. In particular, companies selected under the 300 billion won revenue threshold increased by 13, and those selected under the 1,000,000-user threshold increased by 10.

Companies subject to the requirement must submit their information security status to the integrated information security disclosure portal by June 30. If a company fails to comply with the disclosure requirement, it may be subject to an administrative fine of up to 10 million won under relevant laws and regulations. This year's list can be checked on the ministry's website and on the integrated information security disclosure portal.

Companies not subject to the requirement that voluntarily carry out disclosures are offered a 30 percent discount on certification assessment fees for information security and personal information protection management systems. If there are objections to the disclosed list, companies can submit an objection form and supporting documents by May 15. The ministry will reflect the review results and finalise this year's mandatory disclosure entities.

Separately, the ministry has issued an advance legislative notice for a revised enforcement decree of the Information Security Industry Act. It is pushing a plan to expand the disclosure requirement to all listed companies on the KOSPI and KOSDAQ markets by deleting the existing condition of "revenue of at least 300 billion won" that applied to listed companies. It is also providing disclosure guidelines to help companies comply smoothly.

Lim Jeong-gyu (임정규), director general for information security and network policy at the ministry, said the information security disclosure system is an important system that allows the public to check companies' information security status. He said the ministry will continue to work to guarantee the public's right to know, encourage companies to expand voluntary investment in information security and improve overall national information security standards.