(Aug. 28, 2020) South Korea’s new Digital Signature Act was published in the Gwanbo (Official Gazette) on June 9, 2020. (Act No. 17354, June 9, 2020, Gwanbo No. 19768, pp. 147–57.) Most of the provisions of the new act will take effect on December 10, 2020.
Background to the Act
The current Digital Signature Act (Act No. 5792, Feb. 5, 1999) established a public certificate for use in electronic administrative services, such as those involving civil affairs documents, online banking, housing subscriptions, and electronic bidding. Although public certificates were widely used in the early stages of South Korea’s electronic signature system and contributed to the development of e-commerce, the system adopted and maintained by the government has hindered the development of electronic signature techniques and service innovations in recent years. The new law aims to create competition among private certificate businesses operated by internet companies, mobile carriers, and other information and communication technology firms that provide electronic signature services, thereby providing people with a greater choice of service providers. (Act No. 17354, Reasons for the Amendment, at 157.)
Major Contents of the Act
When an electronic signature is selected as a signature, signature and seal, or name and seal in a law or agreement between parties, the electronic signature carries the legal effect of that signature, signature and seal, or name and seal. (Art. 3.) The new act enjoins the government to endeavor to promote the use of various technologies for electronic signatures, such as biometric authentication and blockchain, and prohibits it from restricting the use of particular electronic signature systems, except for specific cases involving laws and certain decrees. (Art. 6.)
The act obligates the Ministry of Science and Information Communication Technology (MSIT) to prepare measures to enhance the reliability of electronic signatures and provide subscribers and users with information to enable them to make reasonably informed choices of digital signature authentication services. The MSIT is to establish the operational standards for electronic signature certification after considering internationally recognized standards. The operational standards must include the following:
- Countermeasures against counterfeiting and falsification of electronic signatures and electronic documents
- Procedures for signing up for and using the digital signature authentication service, and methods of verifying subscribers
- Procedures for the suspension/abolition of the electronic signature authentication service
- Standards for facilities involved with digital signature certification and data protection methods
- Measures to protect the rights and interests of subscribers and users
- Other matters related to the operation and management of digital signature authentication services (Art. 7.)
The MSIT is to task the Korea Internet & Security Agency (KISA) with ensuring that electronic signature certification business entities comply with official operating standards (art. 9, para. 1) and select institutions to perform such compliance evaluations (art. 10, para. 1). An electronic signature certification business entity may obtain recognition from KISA for compliance with operating standards after being evaluated by an evaluation institution. (Art. 8, para. 1.) To obtain recognition of compliance with operating standards, an electronic signature certification business entity must be a government institution, a local government, or a corporation. (Art. 8, para. 2.)
The MSIT may determine whether it deems internationally accepted assessment standards to be in conformity with its operational standards, and make public announcements to that effect. When an electronic signature certification business entity has received an evaluation according to internationally accepted assessment standards, the evaluation will be considered as equivalent to one provided by a Korean evaluation institution. (Art. 11.)