Database

According to the Korea Internet Security Agency Policy for Domain names, registrants must have a postal address of their place of residence in Korea.

Korea has a general de minimis rule which allows goods for personal consumption and samples not exceeding 103 SDR (USD 150) to be exempted from taxes and duties collected by customs.

As per the Korea-US FTA, trade with US and Puerto Rico is subject to a less stringent rule, with exemptions from taxes and duties starting at 142 SDR (200USD).

"Despite provisions in its FTAs with EU and US to allow sending financial data across borders, Korea prohibited outsourcing of data-processing activities to third parties in the financial services industry for several years and today certain restrictions still apply. Banks can therefore only process financial information related to Korean customers in-house, either in Korea or abroad and offshore outsourcing is restricted to a financial firm’s head office, branch or affiliates.

As a consequence, foreign e-commerce firms that set prices currencies other than Korean won are restricted from accepting Korean branded credit cards and have to develop specific payment systems for the Korean market.

In June 2015, the Korea Financial Services Commission has proposed revisions to its outsourcing policies by eliminating its requirements for (1) prior approval for the outsourcing of IT facilities; (2) offshore outsourcing to be restricted to a financial firm’s head office, branch or affiliates (thus permitting use of third parties); and (3) use of a standardized outsourcing contract form (thus permitting customized contracts provided they include certain obligatory terms). Such revisions were implemented in July 2015. Yet, certain conditions for processing abroad still apply today.

Korea has not adopted UNCITRAL (United Nations Commission on International Trade Law) model Law on e-commerce or e-signatures.

It is reported that, since 1996, online customers in Korea need Microsoft's Internet Explorer to make online purchases. This is because of an old system used in Korea that requires the plug-in ActiveX (a system developed by Microsoft) for their 'digital certificates' to work. These digital certificates are required by law when using online banking.

Digital certificates were phased out for online transactions in 2015, however they still apply for online banking. In early 2016, the Korean government announced that it will remove ActiveX, firstly from in the country’s 100 most popular web sites by 2017, with further plans to drive the change through government sites and remaining online payments systems.

Foreign individuals, corporations, organizations, government agencies and entities having a representative who is not a Korean national may not issue internet newspapers, newspapers or other print publications.

In Korea, there are security verification requirements for government procurement. The government requires that products certified at a Common Criteria Recognition Arrangement (CCRA) accredited lab outside of Korea must undergo an additional security verification process for every procurement, even when it is the same product being purchased by the same government customer. In contrast, products that are certified at a CCRA accredited lab in Korea are exempt from this additional security verification process. CCRA is an agreement on mutual acceptance of security evaluation and certification on the basis of common criteria.

Compliance with Korea's Minimum Energy Performance Standard (MEPS) has been required for external AC power adapters.

The Radio Research Agency (RRA) division of the Korea Communications Commission (KCC) issues type approval of telecommunications equipment. Approval is issued to a local Korean representative.

In order to reflect the changes in the Electrical Appliances Safety Control Act (EASCA) and the Radio Waves Act, a number of broadcasting communication and information technology equipment controlled under the Radio Waves Act were added to the product classification list covered under EASCA for safety certification. Certain products are required to obtain the Korea Customs (KC) Self-Regulatory Safety Confirmation or Declaration of Conformity, in addition to the KC Registration of Compatibility or KC Certification of Conformity certification. These products must obtain the applicable safety and/or Electromagnetic compatibility (EMC) certification and bear the KC Mark before they are imported to Korea. As per Article 58 of the Radio Waves Act, certification can be undertaken via accredited third parties.
Specifically, these products are:
- Radio equipment for a location based service
- Notebook PC (including tablet PC)
- Walkie-talkie for living radio station
- Radio equipment for transmission of voice, sound and other signals
- Portable wireless equipment (mobile phone, smart phone, TRS mobile phone etc.)

Manufacturers are required to have mandatory third party certification by a Korea Testing Laboratory (conformity assessment body) and to put the Korean EK mark on three ICT products: monitors, scanners and printers. The certification covers both electrical safety and EMC requirements.

Computers, vehicle equipment, radio equipment, broadcasting reception device, electric appliances and power tools, and other products must be tested in an independent laboratory and the importer must register test results on the Korea's National Radio Research Agency (RRA) website.

Components for electric equipment and connecting components are subject to the Safety Certification System and those products must be tested in a designated Korean testing agency.

Korea's FTAs with EU and US allow for self-certification for electromagnetic interference (EMI) and electromagnetic compatibility (EMC).

Korea adopts a mix of national standards and international standards. There are some examples of ICT standards where the national standard has been given priority treatment. For example, it is reported that the Korean government has supported the development of mandatory domestic radio frequency identification (RFID) standards, without international participation or consensus, despite the fact that global standards for RFID have long-existed.

In March 2015, the Korean National Assembly passed the Act on the Development of Cloud Computing and Protection of Users. The Act allows the use of cloud services in the public sector and set obligations for cloud service providers (CSP) that include among others:
- CSPs must report information leakage to their customers and the Minister and an investigation may then follow;
- CSPs must not provide their customers’ information to a third party or use it for purposes other than the designated purpose without the consent,
- If a CSP hosts a customer’s information outside of Korea, the customer may request the CSP to disclose the location,
- If a customer incurs losses due to the deliberate or negligent acts of a CSP which violate the Cloud Act, the customer may bring a claim for compensation against the CSP.

It is reported that Korea is implenting filtering of web content, mainly targeting online gaming.

Article 103 of the Copyright Act sets out a notice and takedown system according to which the Online Service Providers (OSPs) is exempt from liabilities if, immediately after receiving request for suspension, follow up and inform the claimant and the alleged infringer. In case of non-compliance with the notice, santions can go up to 10 million won (USD 9.000).