GITSN, INC

■ Telecommunications Business Act (Jan. 21, 2025)

Article 83 (Protection of Confidentiality of Communications) ① No person may infringe upon or disclose the confidentiality of communications handled by a telecommunications service provider. (Omitted)
Article 95 (Penalty Provisions) Any of the following persons shall be subject to imprisonment for up to three years or a fine not exceeding KRW 150 million.
7. A person who infringes upon or discloses the confidentiality of communications handled by a telecommunications service provider, in violation of Article 83 (1).

■ Protection of Communications Secrets Act (Jan. 23, 2024)

Article 3 (Protection of Confidentiality of Communications and Conversation) ① No person shall censor any mail, wiretap any telecommunications, provide communication data, or record or eavesdrop on any private conversation between others without authorization, except as permitted under this Act, the Criminal Procedure Act, or the Military Court Act. (Omitted)
Article 14 (Prohibition of Interference in Others' Conversation Secrets) ① No person shall record a conversation between others that is not open to the public or eavesdrop by employing electronic or mechanical devices.
Article 16 (Penalty Provisions) ① Any of the following persons shall be subjected to imprisonment for one year to 10 years, along with a suspension of qualifications for up to five years.
1. A person who censors mail, intercepts telecommunications, or records or eavesdrops on private conversations between others, in violation of the provisions of Article 3.
2. A person who discloses or divulges the contents of communications or conversations obtained under subparagraph 1.
Article 18 (Criminal Attempts) Attempts to commit crimes prescribed in Articles 16 and 17 shall be punished.

■ National Information Security Basic Guidelines (Jan. 31, 2023)

Article 93 (Eavesdropping Assessment) ① The head of each agency shall establish and implement administrative security measures, such as policies or plans to prevent information leaks through eavesdropping, as well as physical and technical security measures capable of preventing, detecting, or identifying eavesdropping, for any facility or location corresponding to any of the following.
   1. Agency buildings (new construction, relocation, extension, renovation, major repairs, etc.)
   2. Key work areas, including executive offices and meeting rooms
   3. Locations of important meetings, conferences, negotiations, and events
   4. Other facilities, locations, or equipment that may require eavesdropping monitoring
 ② The head of each agency shall conduct eavesdropping assessments for the facilities and locations specified in Paragraph 1, either internally or by utilizing unauthorized eavesdropping detection service providers in accordance with Article 10-3 of the Protection of Communications Secrets Act. However, for facilities or locations falling under any of the following items, the Director of the National Intelligence Service may be requested to conduct eavesdropping assessments.
   1. Facilities or locations managed by the head of a government agency or the head of a superior agency
   2. Facilities or locations managed by the head of a subordinate agency, which the head of the relevant superior agency deems necessary for the protection of national security and national interests
 ③ The head of an agency that has conducted assessments under Paragraph 2, either internally or by utilizing unauthorized eavesdropping detection service providers, shall notify the Director of the National Intelligence Service of any vulnerabilities discovered, via the head of the superior agency, and may request technical support or additional assessments.
 ④ If vulnerabilities are discovered as a result of an assessment conducted by the Director of the National Intelligence Service under Paragraph 2, the head of the relevant agency shall develop and implement corrective measures. (Omitted)