Law Viewer

Back Home

ACT ON THE PROTECTION OF INFORMATION AND COMMUNICATIONS INFRASTRUCTURE

Act No. 6383, Jan. 26, 2001

Amended by Act No. 6769, Dec. 18, 2002

Act No. 7428, Mar. 31, 2005

Act No. 8777, Dec. 21, 2007

Act No. 8852, Feb. 29, 2008

Act No. 9708, May 22, 2009

Act No. 11690, Mar. 23, 2013

Act No. 12844, Nov. 19, 2014

Act No. 13013, Jan. 20, 2015

Act No. 13343, jun. 22, 2015

Act No. 13590, Dec. 22, 2015

Act No. 14579, Mar. 14, 2017

Act No. 14839, Jul. 26, 2017

Act No. 15376, Feb. 21, 2018

CHAPTER I GENERAL PROVISIONS
 Article 1 (Purpose)
The purpose of this Act is to operate critical information and communications infrastructure in a stable manner by formulating and implementing measures concerning the protection of such infrastructure, in preparation for intrusion by electronic means, thereby contributing to the safety of the nation and the stability of the life of people.
 Article 2 (Definitions)
The definitions of the terms used in this Act shall be as follows: <Amended by Act No. 8777, Dec. 21, 2007>
1. The term "information and communications infrastructure" means electronic control and management system related to the national security, administration, defense, public security, finance, communications, transportation, energy, etc. and information and communications network under Article 2 (1) 1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection;
2. The term "electronic intrusion" means any act of attacking information and communications infrastructure by hacking, computer viruses, logic or email bombs, denial of service, or high power electromagnetic waves, etc.;
3. The term "intrusion incident" means a situation where any incident takes place by electronic intrusions.
CHAPTER II SYSTEM FOR PROTECTING CRITICAL INFORMATION AND COMMUNICATIONS INFRASTRUCTURE
 Article 3 (Committee for Protection of Information and Communications Infrastructure)
(1) The Committee for Protection of Information and Communications Infrastructure (hereinafter referred to as the "Committee") shall be established under the control of the Prime Minister, so as to deliberate on matters concerning the protection of critical information and communications infrastructure (hereinafter referred to as "critical information and communications infrastructure") designated under Article 8.
(2) The Committee shall be comprised of 25 or fewer members, including a Chairperson.
(3) The Chairperson of the Committee shall be the Minister of the Office for Government Policy Coordination, and members shall be public officials holding a rank equivalent to that of a Vice Minister of a central administrative agency prescribed by Presidential Decree, and persons commissioned by the Chairperson. <Amended by Act No. 8777, Dec. 21, 2007; Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013>
(4) Working committees in charge of the public and private sectors shall be established under the control of the Committee for the efficient operation of the Committee. <Amended by Act No. 8777, Dec. 21, 2007>
(5) Necessary matters concerning the composition, operation, etc. of the Committee and working committees shall be prescribed by Presidential Decree.
 Article 4 (Functions of Committee)
The Committee shall deliberate on the following matters: <Amended by Act No. 8777, Dec. 21, 2007; Act No. 15376, Feb. 21, 2018>
1. Matters concerning the coordination of policies for protecting critical information and communications infrastructure;
2. Matters concerning the integration and coordination of protection plans on critical information and communications infrastructure under Article 6 (1);
3. Matters concerning the outcomes of implementing protection plans on critical information and communications infrastructure under Article 6 (1);
4. Matters concerning the improvement of systems related to the protection of critical information and communications infrastructure;
4-2. Matters concerning the designation of critical information and communications infrastructure or revocation thereof under Article 8 (5);
4-3. Matters concerning whether to designate critical information and communications infrastructure under the latter part of Article 8-2 (1);
5. Other major policies concerning the protection of critical information and communications infrastructure that are submitted by the Chairperson for consideration.
 Article 5 (Establishment of Measures to Protect Critical Information and Communications Infrastructure)
(1) The head of an organization which manages critical information and communications infrastructure (hereinafter referred to as "management organization") shall formulate and implement management measures, including physical and technological measures for intrusion prevention, backup, restoration, etc. to protect critical information and communications infrastructure and management information under his/her jurisdiction in a safe manner (hereinafter referred to as "measures to protect critical information and communications infrastructure"), based on the outcomes of the analysis and evaluation of vulnerabilities under Article 9 (1). <Amended by Act No. 13013, Jan. 20, 2015>
(2) When the head of a management organization establishes measures to protect critical information and communications infrastructure under paragraph (1), he/she shall submit details of such measures to the head of a central administrative agency in charge of critical information and communications infrastructure (hereinafter referred to as "relevant central administrative agency"): Provided, That this shall not apply where the head of a management organization is the head of the relevant central administrative agency.
(3) Details of measures to protect critical information and communications infrastructure of a management organization controlled and supervised by the head of a local government, shall be submitted to the Minister of the Interior and Safety by the head of the local government. <Amended by Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 12844, Nov. 19, 2014; Act No. 14839, Jul. 26, 2017>
(4) The head of a management organization shall designate a person in general charge of affairs concerning the protection of critical information and communications infrastructure under its jurisdiction (hereinafter referred to as "chief information security officer"): Provided, That this shall not apply where the head of a management organization is the head of the relevant central administrative agency.
(5) Necessary matters concerning the designation, affairs, etc. of a chief information security officer shall be prescribed by Presidential Decree.
 Article 5-2 (Ascertaining Implementation of Measures to Protect Critical Information and Communications Infrastructure)
(1) The Minister of Science and ICT and the heads of national organizations prescribed by Presidential Decree, such as the Director of the National Intelligence Service (hereinafter referred to as the "Director of the National Intelligence Service and head of an equivalent agency") may ascertain whether a management organization implements measures to protect critical information and communications infrastructure. <Amended by Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017>
(2) The Minister of Science and ICT, Director of the National Intelligence Service, and head of an equivalent agency may request the head of the relevant central administrative agency to submit data, including details of measures to protect critical information and communications infrastructure submitted to him/her under Article 5 (2), when necessary for ascertainment under paragraph (1). <Amended by Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017>
(3) The Minister of Science and ICT, Director of the National Intelligence Service, and head of an equivalent agency may notify the head of the relevant central administrative agency of whether measures to protect critical information and communications infrastructure confirmed under paragraph (1) are implemented. <Amended by Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017>
(4) Necessary measures concerning procedures for ascertaining the implementation of measures to protect critical information and communications infrastructure under paragraph (1) shall be prescribed by Presidential Decree.
[This Article Newly Inserted by Act No. 8777, Dec. 21, 2007]
 Article 6 (Establishment of Plans for Protecting Critical Information and Communications Infrastructure)
(1) The heads of relevant central administrative agencies shall establish and implement plans for protecting critical information and communications infrastructure in areas under their jurisdiction (hereinafter referred to as “plans for protecting critical information and communications infrastructure"), by integrating and coordinating measures to protect critical information and communications infrastructure submitted under Article 5 (2).
(2) The heads of relevant central administrative agencies shall submit details on outcomes of implementing plans for protecting critical information and communications infrastructure of the previous year and plans for protecting critical information and communications infrastructure for the following year to the Committee for deliberation: Provided, That this shall not apply to matters deemed confidential by the Chairperson of the Committee.
(3) Plans for protecting critical information and communications infrastructure shall include the following: <Amended by Act No. 13013, Jan. 20, 2015>
1. Matters concerning the analysis and evaluation of vulnerabilities of critical information and communications infrastructure;
2. Matters concerning measures for prevention of intrusion incidents against critical information and communications infrastructure and management information, backup, and restoration;
3. Other matters necessary for the protection of critical information and communications infrastructure.
(4) The Minister of Science and ICT and the Director of the National Intelligence Service may establish guidelines for formulating measures to protect critical information and communications infrastructure and plans for protecting critical information and communications infrastructure, following consultation with each other, and may notify the heads of relevant cental administrative agencies of such guidelines. <Amended by Act No. 8777, Dec. 21, 2007; Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017>
(5) The heads of relevant central administrative agencies shall designate a person in general charge of affairs related to the protection of critical information and communications infrastructure in areas under their jurisdiction (hereinafter referred to as "officer in charge of information protection").
(6) Matters necessary for the establishment and implementation of plans for protecting critical information and communications infrastructure and the designation, affairs, etc. of an officer in charge of information protection shall be prescribed by Presidential Decree.
 Article 7 (Support for Protection of Critical Information and Communications Infrastructure)
(1) The heads of management organizations may request the Minister of Science and ICT, the Director of the National Intelligence Service, and head of an equivalent agency or, if deemed necessary, the heads of specialized institutions prescribed by Presidential Decree to provide technological support to the following duties, where the heads of the relevant management organizations deem it necessary to do so, or where the Chairperson of the Committee believes that inadequate measures to protect critical information and communications infrastructure of a specific management organization are likely to cause harm to national security and the economy and society as a whole and therefore issues an order to supplement such measures: <Amended by Act No. 8777, Dec. 21, 2007; Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017>
1. Establishment of measures to protect critical information and communications infrastructure;
2. Prevention of intrusion incidents against critical information and communications infrastructure and the restoration thereof;
3. Compliance with an order or recommendation for protection measures under Article 11.
(2) When the head of a management organization, in charge of the following critical information and communications infrastructure which has significant influence on national security, requests for technological support under paragraph (1), he/she shall preferentially make such request to the Director of the National Intelligence Service: Provided, That the Director of the National Intelligence Service may provide such support, in consultation with the heads of the relevant central administrative agencies, where a substantial and imminent threat to national security exists and it is impossible to recover from damage if he/she waits for the head of a management organization to make such request: <Amended by Act No. 8777, Dec. 21, 2007>
1. Critical transportation facilities, such as roads, railroads, subways, airports and harbors;
2. Facilities for water resources and energy, including electricity, gas and oil;
3. Relay broadcast facilities and the national command control communication network;
4. Research facilities of government-funded research institutes related to nuclear energy, the national defense and science, or advanced defense industry.
(3) The Director of the National Intelligent Service shall not provide technological support to any information and communications infrastructure which stores personal information, such as financial information and communications infrastructure, notwithstanding paragraphs (1) and (2). <Amended by Act No. 8777, Dec. 21, 2007>
CHAPTER III DESIGNATION AND ANALYSIS OF VULNERABILITIES OF MAJOR INFORMATION AND COMMUNICATIONS INFRASTRUCTURE
 Article 8 (Designation of Critical Information and Communications Infrastructure)
(1) The heads of central administrative agencies may designate information and communications infrastructure under their jurisdiction which is deemed to require protection from electronic intrusions, as critical information and communications infrastructure, by taking into account the following:
1. The national and social importance of duties performed by an organization which manages the relevant information and communications infrastructure;
2. The dependence of affairs conducted by an organization under subparagraph 1 on information and communications infrastructure;
3. The inter-connection with other information and communications infrastructure;
4. The areas and extent of damage caused by intrusion incidents to the national security, economy and society, if any;
5. The probability of intrusion incidents and the easiness of restoration thereof.
(2) The heads of central administrative agencies may request the relevant management organization to submit data necessary for making a decision on designation under paragraph (1).
(3) The head of the relevant central administrative agency may revoke the designation of critical information and communications infrastructure either ex officio or upon request of the relevant management organization when a management organization abolishes, suspends or changes the relevant affairs.
(4) The Minister of the Interior and Safety may designate information and communications infrastructure of an organization managed and supervised by the head of a local government as critical information and communications infrastructure, in consultation with the head of the local government, or may revoke such designation. <Amended by Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 12844, Nov. 19, 2014; Act No. 14839, Jul. 26, 2017>
(5) When the head of a central administrative agency intends to make a designation or revoke such designation under paragraphs (1) and (3), he/she shall submit it for deliberation by the Committee. In such cases, the Committee may order the head of a management organization subject to designation or the revocation thereof under paragraphs (1) and (3) to appear before the Committee and listen to his/her opinions.
(6) When the head of a central administrative agency designates critical information and communications infrastructure or revokes such designation under paragraphs (1) and (3), he/she shall give public notice of such fact: Provided, That he/she need not give public notice of such fact, after deliberation by the Committee, when necessary for guaranteeing national security.
(7) Matters necessary for the designation of critical information and communications infrastructure and the revocation of such designation shall be prescribed by Presidential Decree.
 Article 8-2 (Recommendation for Designation of Critical Information and Communications Infrastructure)
(1) The Minister of Science and ICT, Director of the National Intelligence Service, and head of an equivalent agency may recommend the head of a central administrative agency to designate specific information and communications infrastructure as critical information and communications infrastructure, when they reach a conclusion that such information and communications infrastructure needs to be designated as critical information and communications infrastructure. In such cases, the head of a central administrative agency who has been recommended to make a designation shall determine whether to make the said designation following resolution of the Committee. <Amended by Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017; Act No. 15376, Feb. 21, 2018>
(2) The Minister of Science and ICT, Director of the National Intelligence Service, and head of an equivalent agency may request the head of a central administrative agency to submit data on the relevant information and communications infrastructure, when necessary for making a recommendation under paragraph (1). <Amended by Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017>
(3) Procedures for recommending the designation of critical information and communications infrastructure under paragraph (1) and other necessary matters shall be prescribed by Presidential Decree.
[This Article Newly Inserted by Act No. 8777, Dec. 21, 2007]
 Article 9 (Analysis and Evaluation of Vulnerabilities)
(1) The head of a management organization shall analyze and evaluate the vulnerabilities of critical information and communications infrastructure under its jurisdiction on a regular basis as prescribed by Presidential Decree.
(2) When the head of a management organization intends to analyze and evaluate vulnerabilities under paragraph (1), he/she shall form a task force team to analyze and evaluate the vulnerabilities as prescribed by Presidential Decree.
(3) When the head of a management organization intends to analyze and evaluate vulnerabilities under paragraph (1), he/she may require the following institutions to analyze and evaluate vulnerabilities of critical information and communications infrastructure under its jurisdiction: Provided, That in such cases, he/she need not form a task force team under paragraph (2): <Amended by Act No. 6796, Dec. 18, 2002; Act No. 8777, Dec. 21, 2007; Act No. 9708, May 22, 2009; Act No. 11690, Mar. 23, 2013; Act No. 13343, Jun. 22, 2015>
1. The Korea Internet and Security Agency (hereinafter referred to as "KISA") under Article 52 of the Act on Promotion of Information and Communications Network Utilization and Information Protection;
2. Information sharing and analysis centers under Article 16 (limited to information sharing and analysis centers which meet the standards prescribed by Presidential Decree);
3. Companies specializing in information security services, designated under Article 23 of the Act on the Promotion of Information Security Industry;
(4) The Minister of Science and ICT shall determine standards concerning the analysis and evaluation of vulnerabilities under paragraph (1), in consultation with the heads of relevant central administrative agencies and the Director of the National Intelligence Service, and shall notify the heads of the relevant central administrative agencies of such standards. <Amended by Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017>
(5) Matters necessary for the methods of and procedures for analyzing and evaluating the vulnerabilities of critical information and communications infrastructure shall be prescribed by Presidential Decree.
CHAPTER IV PROTECTION OF CRITICAL INFORMATION AND COMMUNICATIONS INFRASTRUCTURE AND RESPONSE TO INTRUSION INCIDENTS
 Article 10 (Protection Guidelines)
(1) The heads of the relevant central administrative agencies may establish protection guidelines on critical information and communications infrastructure under their jurisdiction and recommend the head of a management organization in the relevant area to follow such guidelines.
(2) The heads of the relevant central administrative agencies shall revise and supplement protection guidelines under paragraph (1) on a regular basis, taking into account technological advancements, etc.
 Article 11 (Orders for Protection Measures)
The heads of the relevant central administrative agencies may order or recommend the head of the relevant management organization to take measures to protect critical information and communications infrastructure, in any of the following cases:
1. Where it is deemed that special protection measures need to be taken after the details of measures to protect critical information and communications infrastructure submitted under Article 5 (2) are analyzed;
2. Where it is deemed that special protection measures need to be taken after the implementation of measures to protect critical information and communications infrastructure notified under Article 5-2 (3) is analyzed.
[This Article Wholly Amended by Act No. 8777, Dec. 21, 2007]
 Article 12 (Prohibition against Intrusion of Critical Information and Communications Infrastructure)
No one shall commit any of the following acts:
1. Accessing critical information and communications infrastructure by any person who has no access authority, or manipulating, destroying, concealing or leaking stored data by any person who exceeds his/her access authority;
2. Destroying the data of critical information and communications infrastructure, or using programs, such as computer viruses and logic bombs, with the intention of obstructing the operation of critical information and communications infrastructure;
3. Abruptly sending large amounts of signals with the intention of obstructing the operation of critical information and communications infrastructure, or causing a fallacy in information processing by means, such as inducing the processing of a wrong order.
 Article 13 (Notification of Intrusion Incidents)
(1) When the head of a management organization recognizes that the occurrence of intrusion incidents has led to the disturbance, paralysis or destruction of critical information and communications infrastructure under its jurisdiction, he/she shall notify a relevant administrative agency, an investigation agency, or KISA (hereinafter referred to as "relevant organization, etc.") of such fact. In such cases, the relevant organizations, etc. shall take necessary measures to prevent the spread of damage caused by intrusion incidents and swiftly respond to such incidents. <Amended by Act No. 11690, Mar. 23, 2013>
(2) The Government may provide financial support, including expenses incurred in restoring damage, to a management organization that has contributed to preventing the spread of damage by notifying intrusion incidents under paragraph (1), within the budget.
 Article 14 (Restoration Measures)
(1) The head of a management organization shall take necessary measures to restore and protect relevant information and communications infrastructure in a swift manner when intrusion incidents against critical information and communications infrastructure under its jurisdiction occur.
(2) The head of a management organization may request the head of a relevant central administrative agency or the head of KISA to provide support when necessary for taking measures for restoration and protection under paragraph (1): Provided, That this shall not apply in the case of Article 7 (2). <Amended by Act No. 11690, Mar. 23, 2013>
(3) When the head of the relevant central administrative agency or the head of KISA receives requests for support under paragraph (2), he/she shall provide necessary support for the fast restoration of damage, such as technological support, and shall take appropriate measures to prevent the spread of damage, in cooperation with the head of a management organization. <Amended by Act No. 11690, Mar. 23, 2013>
 Article 15 (Organization of Headquarters for Countermeasures)
(1) When intrusion incidents against critical information and communications infrastructure occur in a wide range, the Chairperson of the Committee may establish the Headquarters for Countermeasures against Intrusion Incidents in Information and Communications Infrastructure (hereinafter referred to as the "Countermeasure Headquarters") under the control of the Committee, fixing a period for taking emergency measures, providing technological support and restoring damage, etc.
(2) The Chairperson of the Committee may request the dispatch of public officials related to the affairs of the Countermeasure Headquarters to the head of a relevant administrative agency.
(3) The Chairperson of the Committee shall appoint the head of the Countermeasure Headquarters, in consultation with the head of a central administrative agency in charge of information and communications infrastructure against which intrusion incidents occurred.
(4) The head of the Headquarters for Countermeasures may request the head of the relevant administrative agency, the head of a management organization and the head of KISA, to provide cooperation and support to respond to intrusion incidents against critical information and communications infrastructure. <Amended by Act No. 11690, Mar. 23, 2013>
(5) Upon a request for cooperation and support under paragraph (4), the head of the relevant administrative agency, etc. shall comply with such request, unless there is a compelling reason not to do so.
(6) Matters necessary for the organization and operation of the Countermeasure Headquarters shall be prescribed by Presidential Decree.
 Article 16 (Information Sharing and Analysis Center)
(1) Any person who intends to perform the following affairs to protect information and communications infrastructure by area, such as finance and communications, may establish and operate an information sharing and analysis center:
1. Provision of information concerning vulnerabilities, intrusion factors, and countermeasures;
2. Operation of the real-time alarm and analysis system, if intrusion incidents occur.
(2) and (3) Deleted. <by Act No. 13590, Dec. 22, 2015>
(4) The Government may encourage the establishment of an information sharing and analysis center which performs duties falling under each subparagraph of paragraph (1) and may provide financial and technological support thereto. <Amended by Act No. 13590, Dec. 22, 2015>
(5) Deleted. <by Act No. 13590, Dec. 22, 2015>
CHAPTER V (Articles 17 through 23) DELETED.
CHAPTER VI TECHNOLOGICAL SUPPORT AND PRIVATE COOPERATION
 Article 24 (Technological Development)
(1) The Government may formulate implementation policies for the development of technology necessary for protecting information and communications infrastructure and the fostering of specialized human resources.
(2) The Government may require research institutes and private organizations related to the development of information protection technology to develop technology on its behalf, when necessary for efficiently advancing development of technology necessary for the protection of information and communications infrastructure. In such cases, the Government may fully or partially subsidize expenses incurred in such development.
 Article 25 (Support for Management Organization)
With respect to a management organization, the Government may transfer technology necessary for protecting critical information and communications infrastructure and may provide equipment and other necessary support.
 Article 26 (International Cooperation)
(1) The Government shall ascertain international trends concerning the protection of information and communications infrastructure and promote international cooperation.
(2) The Government may provide support for international exchanges of related technologies and human resources and projects for international standardization and international joint research and development, so as to promote international cooperation for the protection of information and communications infrastructure.
 Article 27 (Duty of Confidentiality)
No one who is or has been employed in any of the following organizations shall divulge any confidential information obtained in the course of his/her performance of duties: Provided, That this shall not apply where any other statute provides otherwise: <Amended by Act No. 8777, Dec. 21, 2007>
1. The Committee and the working committees under Article 3;
2. Any organization in charge of the analysis and evaluation of the vulnerabilities of critical information and communications infrastructure under Article 9 (3);
3. Any relevant organization which performs duties related to the acceptance of notification of intrusion incidents and restoration measures under Article 13;
4. Any information sharing and analysis center which performs duties referred to in the subparagraphs of Article 16 (1).
CHAPTER VII PENALTY PROVISIONS
 Article 28 (Penalty Provisions)
(1) Any person who disturbs, paralyzes or destroys critical information and communications infrastructure, in violation of Article 12, shall be punished by imprisonment with labor for not more than 10 years or by a fine not exceeding 100 million won.
(2) Any person who has attempted a crime referred to in paragraph (1) shall be subject to punishment.
 Article 29 (Penalty Provisions)
Any person who divulges any confidential information secret, in violation of Article 27, shall be punished by imprisonment with labor for not more than five years, by suspension of qualifications for not more than ten years or by a fine not exceeding 50 million won.
 Article 30 (Administrative Fines)
(1) Any of the following persons shall be subject to an administrative fine not exceeding 10 million won: <Amended by Act No. 8777, Dec. 21, 2007>
1. Any person who violates an order to take protection measures under Article 11;
2. Deleted; <by Act No. 13590, Dec. 22, 2015>
3. through 5. Deleted. <by Act No. 9708, May 22, 2009>
(2) An administrative fine under paragraph (1) shall be imposed and collected by the heads of the relevant central administrative agencies or the Minister of Science and ICT (hereinafter referred to as "levying authority") as prescribed by Presidential Decree. <Amended by Act No. 8852, Feb. 29, 2008; Act No. 9708, May 22, 2009; Act No. 11690, Mar. 23, 2013; Act No. 14839, Jul. 26, 2017>
(3) through (5) Deleted. <Amended by Act No. 14579, Mar. 14, 2017>
ADDENDUM
This Act shall enter into force on July 1, 2001.
ADDENDA <Act No. 6796, Dec. 18, 2002>
(1) (Enforcement Date) This Act shall enter into force on the date of its promulgation.
(2) (Transitional Measures concerning the Change of Names of Companies Specializing in Information Protection) Companies specializing in information protection designated under the previous provisions as at the time this Act enters into force shall be deemed consulting companies specializing in information protection designated under this Act.
ADDENDA <Act No. 7428, Mar. 31, 2005>
Article 1 (Enforcement Date)
This Act shall enter into force one year after the date of its promulgation.
Articles 2 through 6 Omitted.
ADDENDA <Act No. 8777, Dec. 21, 2007>
(1) (Enforcement Date) This Act shall enter into force six months after the date of its promulgation.
(2) (Applicability) The amended provisions of Article 5-2 shall apply to measures to protect critical information and communications infrastructure which were formulated in 2007 and thereafter.
ADDENDA <Act No. 8852, Feb. 29, 2008>
Article 1 (Enforcement Date)
This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)
Articles 2 through 7 Omitted.
ADDENDA <Act No. 9708, May 22, 2009>
Article 1 (Enforcement Date)
This Act shall enter into force three months after the date of its promulgation. (Proviso Omitted.)
Articles 2 through 12 Omitted.
ADDENDA <Act No. 11690, Mar. 23, 2013>
Article 1 (Enforcement Date)
(1) This Act shall enter into force on the date of its promulgation.
(2) Omitted.
Articles 2 through 7 Omitted.
ADDENDA <Act No. 12844, Nov. 19, 2014>
Article 1 (Enforcement Date)
This Act shall enter into force on the date of its promulgation: Provided, That the amendments to the statutes to be amended pursuant to Article 6 of the Addenda, which were promulgated before this Act enters into force but the enforcement dates of which have yet to arrive, shall enter into force on the enforcement date of the relevant statute.
Articles 2 through 7 Omitted.
ADDENDUM <Act No. 13013, Jan. 20, 2015>
This Act shall enter into force six months after the date of its promulgation.
ADDENDA <Act No. 13343, Jun. 22, 2015>
Article 1 (Enforcement Date)
This Act shall enter into force six months after the date of its promulgation.
Articles 2 and 3 Omitted.
ADDENDUM <Act No. 13590, Dec. 22, 2015>
This Act shall enter into force on the date of its promulgation.
ADDENDUM <Act No. 14579, Mar. 14, 2017>
This Act shall enter into force on the date of its promulgation.
ADDENDA <Act No. 14839, Jul. 26, 2017>
Article 1 (Enforcement Date)
This Act shall enter into force on the date of its promulgation: Provided, That the amendments to the statutes, which were promulgated before this Act enters into force but the enforcement dates of which have yet to arrive, shall enter into force on the enforcement date of the relevant statute.
Articles 2 through 6 Omitted.
ADDENDUM <Act No. 15376, Feb. 21, 2018>
This Act shall enter into force three months after the date of its promulgation.