This is a follow up to our previous newsletter titled “Update on the MSIT’s Measures to Strengthen the Stability of Digital Services” (Link) dated August 14, 2023.
On August 9, 2023, the Ministry of Science and ICT (the “MSIT”) had issued an administrative notice of the proposed amendments to the Guidelines for Protection of Internet Data Center Facilities (the “Proposed Amendments”), which aims to specify the standards of protective measures that data center operators would be required to implement. Following a further opinion-gathering stage, the MSIT announced the final version of the Proposed Amendments on May 23, 2024 (available in Korean, Link), which was set to come into effect starting from June 1, 2024.
While the changes in the final Proposed Amendments are minimal, the obligation to enable individual uninterruptible power supply (“UPS”) shutdowns has been removed. The MSIT is expected to launch an inspection on whether businesses have implemented the protection measures required under the Proposed Amendments from around July, and to this end, the MSIT plans to publish guidelines for businesses to review their implementation status in the near future (the “Implementation Guidelines”).
The MSIT may inspect businesses’ implementation status on a regular basis and issue corrective orders for areas that require improvement. Non-compliance with such corrective orders could subject businesses to an administrative fine of up to KRW 30 million, while non-compliance with the regulator’s requests for information without justifiable reasons could lead to an administrative fine of up to KRW 10 million.
As the Proposed Amendments have strengthened the obligation to implement protection measures, businesses are advised to thoroughly review the MSIT’s Implementation Guidelines in advance and consult with the MSIT in responding to its requests for information during the inspection.
In addition, the Proposed Amendments provide that, notwithstanding the anticipated amendments to the Annex of the Guidelines for Protection of Internet Data Center Facilities, for data center facilities built before the Proposed Amendments become effective, businesses will be deemed to have implemented the detailed protection measures in the Annex only if they propose and fulfil a plan for alternative measures approved by the Minister of the MSIT. Therefore, businesses may need to prepare a plan for alternative measures based on the existing practice and the examples given in the the Implementation Guidelines, and to consult with the MSIT before and after its inspection.
