South Korea sets tougher standards to revoke security, privacy certifications
( December 30, 2025, 03:21 GMT | Official Statement) -- MLex Summary: South Korea said it will tighten and standardize rules for cancelling ISMS and ISMS-P security and privacy certifications after hacking incidents or personal-data breaches, with the new criteria to take effect immediately. The Personal Information Protection Commission and the Ministry of Science and ICT said they agreed the updated framework during a meeting on Monday with certification bodies and private experts. Post-audits will focus on incident-linked core controls, including identifying internet-facing assets, access-rights management and patch management, and certifications can be revoked if companies refuse follow-up checks, fail to submit or falsify materials, or are judged to have serious defects after review. The agencies said revocation will also follow sanctions under privacy law — especially in cases affecting more than 10 million people, repeat violations, or intentional and grossly negligent misconduct — with mandatory certification holders facing a one-year reapplication ban but no fines for lacking certification during that period.The statement, in Korean, is attached....
Prepare for tomorrow’s regulatory change, today
MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.
Know what others in the room don’t, with features including:
Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline