A number of bills were proposed to the National Assembly in the wake of the fire at the Pangyo data center on October 15, 2022. Of these bills, the following three bills have passed the review of the subcommittee of the National Assembly’s Science, ICT, Broadcasting, and Communications Committee (the “Proposed Amendments”). The following is an overview of the Proposed Amendments and the recent developments in the government’s policy discussions. As the scope of the Proposed Amendments go beyond the data center service providers and include regulations on value-added telecommunications service providers (“VSPs”) that provide online services through the websites and/or apps, the relevant service providers should carefully monitor the progress of the Proposed Amendments and, if necessary, prepare to comply with potential new obligations.
[Summary of the Proposed Amendments]
|
Legislation |
Current |
Proposed Amendment |
|
Framework Act on Broadcasting Communications Development (“Framework Act”) |
“Major broadcasting communications service providers” consist mainly of facilities-based telecommunications services (“FSPs”) and terrestrial broadcasting service providers |
Major broadcasting communications service providers will also include VSPs and data center operators above certain size |
|
Master plan for the management of disasters in broadcasting communications includes disaster broadcasting and securing alternate routes for broadcasting communications, among other things |
Physical/technical protective measures, such as decentralization and multiplexing of servers, storage, networks, and power supplies, and establishment of information systems for emergency recovery of broadcasting communications services will be added to the necessary items of the master plan |
|
|
Telecommunications Business Act (“TBA”) |
VSPs above certain thresholds are obligated to secure service stability |
Obligation to submit materials on the status of implementation and plans for measures to secure service stability (once per annual) will be added and order to submit materials may be issued in case of service failure or suspension |
|
Act on Promotion of Information and Communications Network Utilization and Information Protection (“Network Act”) |
Only persons that provide data center services to others are subject to obligation to take protective measures |
Same obligation to take protective measures will apply to the service providers who operate data centers for their own services |
|
No provisions relating to compliance inspections by regulatory authorities |
Regulators will be authorized to conduct compliance inspections and issue corrective orders after such inspections and reporting obligations for data center operators (including data center operator for their own services) will be added |
|
|
Only data center operators are subject to obligations |
Data centers lessees will be required to cooperate with the data center operators’ implementation of protective measures |
1. Proposed Partial Amendment to the Framework Act
According to Article 36 and 36-2 of the current Framework Act, “major broadcasting communications service providers” are required to formulate, submit, and implement a master plan for the management of disasters in broadcasting communications.
The Proposed Amendment to the Framework Act (i) adds VSPs and data center operators above certain size as major broadcasting communications service providers, and (ii) adds to the master plans for management of disasters in broadcasting telecommunications, physical and technical protective measures such as decentralization and multiplexing of servers, storage, networks, and power supplies.
The thresholds for major broadcasting communications service providers will be specified in the Presidential Decree, and it is expected that the number of users per day and traffic share for VSPs and the facility size and sales for data center operators will be taken into account.
Pursuant to the Proposed Amendment, VSPs and data center operators above certain size can be deemed as the major broadcasting communications service provider, and therefore will be required to formulate, submit, and implement a master plan for the management of disasters in broadcasting communications, including designation of a manager in charge of disasters in broadcasting communications services, establishment of systems for securing alternate routes and for emergency recovery in the event of a disaster in broadcasting communications services, and technical protective measures such as multiplexing of servers and networks.
2. Proposed Partial Amendment to the TBA
Pursuant to Article 22-7 of the current TBA, VSPs that meet a certain threshold (daily average of 1 million users and traffic share of 1% or more) are required to “secure service stability.”
The Proposed Amendment will additionally (i) require the VSPs meeting such threshold to submit materials on the plan for and status of implementation of measures to secure service stability to the Ministry of Science and ICT (“MSIT”) once a year, and (ii) authorize the MSIT to request such VSPs to submit materials on the status in the event of service failure or suspension such as slowdown of transmission speed.
3. Proposed Partial Amendment to the Network Act
Under Article 46 of the current Network Act, a provider of information and communications services that operates and manages a data center for a third party’s provision of information and communications services must take protective measures to ensure the stable operation of such data centers.
The Proposed Amendment (i) expands the scope of this requirement to impose the obligation to take protective measures on those that directly operate and manage data centers to provide their own information and communications services; (ii) strengthens MSIT’s regulatory and supervisory authority by allowing the MSIT to regularly inspect and request submission of materials on the implementation of protective measures by both types of data center operators and issue corrective orders upon such inspections; (iii) if the provision of information and communications services is suspended for a certain period, requires both types of data center operators to submit a report including information on the status of suspension, the cause for suspension, emergency measures, and recovery plans to the MSIT without delay; and (iv) requires providers of information and communications services who leased data centers to fully cooperate with data center operators in implementing protective measures.
In effect, the Proposed Amendment is expected to (i) strengthen the existing regulations on data center operators, (ii) require certain additional data center operators that directly operate and manage data centers to provide their own information and communications services to also comply with the regulations, and (iii) require service providers that lease data centers to cooperate in relation to data centers’ compliance.
4. The Government’s Policy Trends on Data Centers
After the Pangyo data center fire incident on October 15, 2022, the MSIT held an emergency inspection meeting of domestic data center operators (October 20, 2022) and an emergency service stability inspection meeting of domestic VSPs (October 21, 2022) as part of its systematic review of the current disaster response system.
From November 1 to November 24, the MSIT conducted joint disaster safety management inspections on about 90 data centers with the National Fire Agency. For the joint inspection, the MSIT organized five cooperative inspection teams to inspect the data center operators’ overall status of protective measures such as the measures to prevent disasters (e.g., business continuity plans (BCP) and mock drills) and adequacy of operation of power redundancy facilities. The MSIT also announced that it plans to develop and implement strategies on technologies to improve the stability and safety of digital services (solid-state batteries and satellite internet technology) and to operate a full time digital crisis management headquarter to create a continuous inspection and management system for digital infrastructure and service disaster prevention, training, response and recovery (Press Release dated October 21, 2022).
The Korea Communications Commission (“KCC”) also announced that it plans to promptly promote improvement of the overall system for damage relief for users by imposing stricter responsibilities on service providers in the event of suspension of services and expanding user notification duties as well as the methods of notification (Press Release dated October 17, 2022). The KCC also plans to formulate measures for relief in case of online platform’s failure through analysis of the relevant terms and conditions, and for improvement of the regulatory system to expand the social responsibility of large platform service providers and protect users’ rights and interests (Press Release dated October 17, 2022).
In sum, due to the recent fire incident, there is a high likelihood of the VSPs and data center operators of certain size being imposed with disaster management obligations and obligations to take measures to secure network stability. Further, regulatory improvements on areas that are difficult to be addressed by the current regulations, such as the MSIT’s additional authority to conduct inspections, are expected. As administrative dispositions may be imposed on service providers for non-compliance during such inspections, the service providers should review their compliance with the current regulations as well as the Proposed Amendments to timely make necessary preparations. Lastly, as the government may also issue specific guidelines on compensation for user damages caused by service failures, the service providers should carefully monitor the regulatory trend and assess the risks and obligations with respect to the changing compensation obligations.
