1.

MSIT – Central Radio Management Service: 2024 FSP Audit

The Central Radio Management Service (the “CRMS”) under the MSIT conducts annual audits of FSPs to check their compliance with the applicable requirements (e.g., financial capability, technical personnel and user protection plan, among others) under Article 6 of the Telecommunications Business Act (the “TBA”) and Articles 8 and 10, among others, of the TBA Enforcement Decree. For this year’s audit, the CRMS sent audit checklists specifically to FSPs that do not own circuit facilities in late October.

In the checklists, the service providers are required to provide key information (e.g., address, representative, provided services, capital and technical personnel). Failing to submit the requested materials in a timely manner can lead to administrative fines of up to KRW 10 million in accordance with Article 104 of the TBA.

Furthermore, FSPs that fail to register changes in their key information may be subject to up to one year of imprisonment or criminal fines of up to KRW 50 million, pursuant to Article 97 of the TBA. Therefore, service providers with any changes in key information must immediately proceed with the registration of such changes, regardless of the audit. In particular, the MSIT/CRMS pay special attention to changes involving technical personnel, especially where there are new additional services provided by the FSPs. Therefore, it is crucial to proactively review compliance with relevant requirements and take appropriate actions.
 

2.

MSIT: 2024 VSP Survey

Pursuant to Article 34-2 (1) of the TBA, the MSIT conducts annual surveys of VSPs to assess the status of their operations. This year, the MSIT sent the relevant documents to the VSPs subject to the survey in early September. Notably, this year’s survey included additional investigations into e-commerce companies for more in-depth surveys.

The primary purpose of this survey is to understand the current operation status of VSPs and to use the findings as a basis for developing policies. However, the survey may also reveal potential compliance issues regarding various obligations under the TBA, so we advise careful attention to frequently raised issues, such as reporting of changes in value-added telecommunications services, reporting of value-added telecommunications service fees, reporting on the provision of confidential communications information and retention of relevant documents.
 

3.

KCC: Request for Monitoring and Improvement to App Access in 2024

The KCC (i) annually monitors online service providers to check their compliance with app access rights requirements under Article 22-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection (the “Network Act”), and (ii) tends to issue recommendations for improvement if it discovers non-compliance issues. In 2024, the monitoring was carried out until the end of September. Non-compliant service providers were informed of the remediation actions and requested to submit their remediation results by October.

Looking ahead to 2025, the KCC plans to monitor approximately 1,000 service providers to assess their compliance with various requirements including: (i) notifying users of app access rights, (ii) ensuring that the implemented permissions match those that are notified, (iii) distinguishing between necessary and optional permissions, (iv) obtaining user consent for app permissions, (v) allowing the use of services for users who choose to opt out of optional permissions, and (vi) allowing users to withdraw their consent for each permission. Particularly, any online service provider that refuses use of services for users who choose to opt out of optional permissions may be subject to an administrative fine of up to KRW 30 million for violating Article 22-2 (2) of the Network Act.