Overview
South Korea has earned a reputation as a leading global digital technology center. With its cutting-edge ICT infrastructure boasting the world’s fastest internet speeds and tech-savvy customers, the country is home to global leading digital companies such as Samsung, SK, LG and Naver. Korea is a global digital powerhouse and invests heavily in innovative technologies such as advanced semiconductors, next-generation networks, Artificial Intelligence, big data, quantum computing, and cybersecurity. Despite strong Korean domestic competition, a growing number of U.S. companies are successfully doing business in Korea’s digital market leveraging cutting edge technologies and innovative business models.
Market Challenges
Cross-Border Data Transfer by Reinsurance Institutions
Reinsurance firms are not able to transfer information outside Korea as required in their ordinary course of business and as they should be able to do under Korea’s KORUS obligations. Korea’s Financial Services Commission (FSC) informed the U.S. Government in 2021 and in 2022 that it changed its interpretation of relevant rules under the User Protection and Credit Information Act such that U.S. reinsurance companies can send personal information of primary insurance policy holders outside Korea for purposes of data processing, risk management, and underwriting. However, U.S. reinsurance companies reported in 2022 that they had not seen such a change in practice, and, absent sufficient legal certainty, they have not been able to send information cross-border. In October 2022, progress was made in clarifying important outstanding questions, including: the allowable purposes for such information transfers; the locations to which information may be sent; and, the interaction of the User Protection and Credit Information Act and the Insurance Business Act, both of which regulate the insurance industry. These clarifications indicated that the transfer of such information by reinsurance companies would be allowed in most cases; however, there is no public written documentation of this upon which industry could rely for legal certainty.
Cybersecurity
Encryption and Security Requirements for Public Procurement of Information Communication Technology Equipment: Korea and the United States are both members of the Common Criteria Recognition Arrangement (CCRA), under which products certified at any CCRA-accredited laboratory in any member country should be accepted as meeting the certification requirements in any other member country. Korea’s National Intelligence Service (NIS), however, has imposed additional domestic cybersecurity certification requirements through its Security Evaluation Scheme (SES) since October 2014. Korea has broadly imposed the SES for common criteria (CC)-certified information technology products to be sold to the public sector. In October 2022, the NIS introduced a three-tiered scheme dividing all public institutions into three sensitivity tiers. The NIS now allows institutions in the middle and lower tiers, such as universities and public schools, to use CC-certified information and communication technology products without additional domestic security verification. However, the SES still applies to most major public institutions, which account for over 90 percent of the public sector market, including all central administrative institutions such as ministries and metropolitan local governments. The United States has urged Korea to abide by its obligations as a CCRA member. Korea requires network equipment procured by public sector agencies (i.e., government agencies and quasigovernment agencies) to incorporate encryption functionality certified by the NIS. However, the NIS only certifies encryption modules based on the Korean-developed ARIA and SEED encryption algorithms (which, although they align with ISO standards, are in practice primarily used in Korea), rather than the internationally standardized Advanced Encryption Standard (AES) algorithm in widespread use worldwide. This restriction has de facto significantly limited U.S. suppliers’ access to this market as it requires the development of a Korea-specific product line, which may not be commercially viable. The United States has urged Korea to ensure that equipment based on widely used standards has full access to Korea’s public sector market.
Public Sector Procurement
Cloud Security Assurance Program (CSAP): The Cloud Security Assurance Program (CSAP) was created by the Korea Internet and Security Agency in 2016 and elevated from administrative guidance to a legal requirement through a March 2022 revision to the Cloud Computing Promotion Act. The CSAP, which applies to Korea’s central, provincial, and local public sector with very limited exceptions, creates significant barriers to foreign cloud service providers (CSPs) seeking to sell to Korea’s public sector. CSPs are required to create physically segregated facilities for exclusive use by government-owned customers, comply with data localization of cloud systems, create backup systems and data, and ensure that operations and management personnel of cloud service providers are located within the territory of Korea to obtain the low-tier certification. CSPs must also use only NIS-certified encryption algorithms (ARIA or SEED). The potential market from which U.S. providers are being excluded is large and growing. In August 2022, Korea began a review of the CSAP with a view to reform it in a way that would open market access possibilities for foreign service providers, indicating it would benchmark the U.S. Federal Risk and Authorization Management Program (FedRAMP). In January 2023, Korea revised the Notification of the Security Certification for Cloud Computing Services to introduce a three-tiered scheme dividing all public networks into three risk tiers under the CSAP, which still creates significant barriers to U.S. CSPs seeking to sell to Korea’s public sector. Only those CSPs that have at least the mid-tier CSAP certification can effectively participate in the government’s digital transformation initiative. The United States raised this issue in June 2023 and in November 2023 and urged Korea to align its cloud security certification requirements with other internationally accepted standards.
Digital Trade Barriers
Data localization
Korea’s Act on the Establishment and Management of Spatial Data places restrictions on the export of location-based data and has led to a competitive disadvantage for international suppliers seeking to incorporate such data into cloud computing services offered from outside Korea. For example, foreign-based suppliers of interactive services incorporating location-based functions, such as traffic updates and navigation directions, cannot fully compete against Korean companies because locally based competitors typically are not dependent on foreign data processing centers and do not need to export location-based data. Korea is the only significant market in the world that maintains such restrictions on the export of location-based data. While there is no general legal prohibition on exporting location-based data, exporting such data requires a license. As of December 2023, Korea has never approved a license to export cartographic or other location-based data, despite receiving numerous applications from foreign suppliers.
Technology barriers
Barriers to Internet Servies
Digital Trade Opportunities
Cybersecurity
ITA Code: ICT
NAICS Code: 541511
Year | 2019 | 2020 | 2021 | 2022 |
System & Product | 1,896.6 | 2,029.7 | 2,728.5 | 3,104.0 |
Consulting & Service | 1,209.6 | 1,293.5 | 1,246.4 | 1,228.0 |
Total Market Size | 3,106.2 | 3,323.2 | 3,975.0 | 4,351.0 |
Exchange Rate: 1 USD | 1,165 | 1,180 | 1,445 | 1,291 |
Source: Ministry of Science and ICT, Korea Information Security Industry Association, 2023, Unit: $ million
As the world becomes more interconnected, cyberattacks have become more serious and sophisticated. Due to the focus of global hacker groups and cyber terrorists, cyberattacks are better organized, more persistent and executed on a larger scale. Attacks have broadened to include not just critical infrastructure but also private sector assets. The borderless nature of the internet is contributing to the vulnerabilities of certain devices and data storage.
With South Korea’s high degree of network connectedness, high penetration of mobile devices, and significant intellectual property, the country has become a prime target for cyberattacks. Cyberattacks in South Korea continue to increase in both frequency and complexity. South Korea was hit by a daily average of 1.2 million hacking attempts in 2022 according to a report published by the National Intelligence Service. The latest attacks on South Korea include the use of advanced malwares and ransomwares, supply chain attacks, crypto-jacking and zero-day attacks.
Not surprisingly, as the awareness of cyber vulnerabilities has increased, the market demand for cybersecurity products and services in Korea has grown. According to a Korean government survey in 2023, for the past four years, the cybersecurity market grew at a CAGR of 12 percent reaching $4.3 billion in 2022. Also, the expansion of cloud computing, the multiplication of digital devices, and the increased digital activity since the COVID-19 pandemic has contributed to the growth of the cybersecurity market.
South Korea deems cybersecurity as a matter of national security. Although the country boasts one of the world’s fastest IT infrastructures, it also has an infrastructure that is vulnerable to cyberattacks. The frequency and gravity of recent cyberattacks prompted the South Korean government to re-evaluate its cybersecurity strategy. In 2019, led by the office of the President, the ROK government announced its first National Cybersecurity Strategy. This strategy includes strengthening partnerships with foreign countries and companies and expanding investment to the domestic cybersecurity industry. In 2024, the ROK office of National Security announced the new National Cybersecurity Strategy. The paper laid out the plans to shift the cybersecurity paradigm to offensive responses to threats, reinforce cybersecurity partnerships with allies, and enhance cyber resilience for critical infrastructure.
There is a growing number of domestic and U.S. companies providing cybersecurity services in Korea. There are 737 cybersecurity firms registered in Korea. While most of these firms have developed their own products, some are open to partnering with small and medium sized exporters from the United States. These Korean companies are interested in filling gaps in technology and product/service line-up, to help their companies meet a wider range of cybersecurity needs.
For sales to the Korean public sector, U.S. cybersecurity companies must understand local requirements. For example, local public agencies require companies to receive additional verification even if the products received CCRA certification outside of the country. Also, depending on the product type and end-users, foreign companies should obtain a “security clearance”, such as the Korea Cryptographic Module Validation Program (KCMVP) and the Security Function Test Report, before they can supply to Korean public agencies.
Due to its advanced ICT infrastructure and geopolitical factors, South Korea is an attractive market for U.S. firms seeking to test cybersecurity solutions before deployment in other markets in Asia. While firms that produce sophisticated products for critical infrastructure and edge devices are more likely to succeed, there are also opportunities for firms that provide cybersecurity related consulting and training services. Overall, the Korean market favors the quality and reliability of U.S. technologies and demand for American products is expected to continue.
To enter the Korean cybersecurity market, the U.S. Commercial Service Korea recommends that U.S. technology firms to partner with qualified and capable South Korean companies that maintain existing sales networks in both private/public sectors and have a full understanding of local market characteristics and unique regulatory requirements. In the long term, it is recommended to consider employing a local hire or establishing a local office to provide prompt technical support and overcome possible communication issues with end customers.
Artificial Intelligence (AI)
ITA Code: ICT
NAICS Code: 541715
More companies in South Korea are using AI to accelerate their digital transformation efforts by increasing automation of tasks to reduce costs. According to a report from the International Data Corporation (IDC) in 2023, the country’s spending on AI which includes hardware, software and service was expected to reach $2 billion in 2023. IDC also forecasted that the spending would grow at a CAGR of 15 percent reaching $3.4 billion in 2027.
Major Korean ICT companies are aggressively pursuing AI technologies. Korea’s two leading electronics companies, Samsung and LG Electronics; Korea’s two top internet companies, Kakao and Naver; and the two major telecom companies, SK and KT; have invested significantly in AI. For example:
- Samsung Electronics opened seven AI centers in five countries and is working on various projects such as advanced machine learning algorithms, AI chips, large language modeling.
- Naver, Korea’s largest search engine and portal site, acquired the Xerox AI Research Center Europe in 2017 and is developing its own core AI engines for large language modeling, speech/image recognition, and text analytics, etc.
- KT, the second largest mobile carrier in Korea, committed $1.2 billion in investment for its AI/robot business through 2027.
Also, startups are driving AI adoption in South Korea. Many in the country see the creation and development of AI startups and businesses as vital to building a strong, indigenous AI ecosystem. Consequently, ROK government agencies have created AI-oriented startup incubation programs to help develop emerging AI businesses. Also, the country’s thriving VC ecosystem is funding AI startups’ expansion. Currently, South Korea is home to approximately 400 AI startups.
Regardless of firm size or the solution’s country of origin, Korean companies seek cutting-edge technology and applications to enhance their AI capabilities and implement AI technologies in their products and services. Also, increasingly Korean companies are looking for technology/business partnerships with foreign AI companies and startups.
The ROK government seeks to position itself as a global contender in AI technology markets. ROK officials see AI as a crucial element for the country’s overall prowess in the ICT sector and are committed to making Korea an AI powerhouse. In support of this goal, in 2019, the ROK Government announced its first national AI strategy which includes heavy investment in AI infrastructure and greater use of AI technologies in all industries. In an effort to build AI talent, as a part of the strategy, the ROK government designated local universities as AI specialized institutions. As of 2024, the country designated fifteen local universities as AI engineering schools and four national universities as AI research centers. The ROK also plans to realign national R&D capabilities to specialized in various AI research fields such as AI ethics, data science, and AI’s convergence with other industries.
In 2022, the government released the Digital Strategy of Korea, which envisions state-led industrial and educational efforts to promote AI. Per the strategy, Korea will invest $1 billion in researching core AI and AI semiconductor technologies.
Sub-Sector Best Prospects
- Large Language Model/Generative AI: More Korean companies are interested in leveraging LLM in various applications such as search engines, contents, healthcare, and finance.
- Explainable AI: As the influence of AI technology spreads across sectors such as healthcare, finance and defense, companies are looking for AI models that provide greater interpretability to users and guarantee reliability.
Cloud Computing
ITA Code: ICT
NAICS Code: 548210, 541512
With Korean enterprises adopting cloud services with increasing frequency, the cloud computing market in Korea is expected to grow at a faster rate than other IT services market sectors. According to Gartner, the South Korea cloud computing market was estimated at $5.0B in 2023, a 24 percent increase over the previous year.
Global cloud service providers such as Amazon Web Services, Microsoft, and Google have led the cloud computing market in Korea. To further increase their market share, global players have accelerated investments in Korea, building new data centers on the peninsula.
The recent boost in demand for cloud computing has also caught the attention of Korean companies, and major Korean IT companies (Naver, NHN) and mobile carriers (KT) have entered the market. Currently, the U.S. CSPs are estimated to have about 80% of the market share while the local players have 20%. Also, as more information infrastructure and company data are migrated to the cloud, more Korean companies are starting to use software/services on the cloud.
As more local private companies seek to adopt various and customized applications and services on their cloud, there will be increasing opportunities in the SaaS sector. U.S. SaaS companies will be able to extend their businesses to the Korean market by using local cloud service providers. Also, cloud management service is another promising sector as a smooth cloud migration is critical for local companies new to cloud computing.
Digital Economy-related trade events.
Cybersecurity
SECON & eGISEC: First hosted in 2001, SECON & eGISEC is Korea’s largest security exhibition covering all sectors of both cyber and physical security. In 2023, 355 companies from 10 countries attended the event and exhibited their products and solutions.
International Security Conference: Hosted by Ministry of Interior and Safety, ISEC is the largest cybersecurity conference in South Korea. The conference provides 35 sub-sessions and opportunities to engage with relevant domestic ministries and companies.
Artificial Intelligence (AI)
AI EXPO Korea: Organized by the Korea AI Association, AI Expo is the largest annual AI exhibition in South Korea. In 2024, 258 Korean/global companies with 479 booths, and over 39,000 participants attended the event. The exhibition was mainly focused on solutions for implementing AI (Hardware, Data Service, Cloud Service, etc.) and AI converged product/platform (Healthcare, Smart-Farm, Robotics, etc.).
AI Korea/AI World Congress: AI Korea, hosted in Busan City, focuses on Korea’s AI capabilities and provides a platform for global companies to convene and discuss trends in AI. This year’s theme will include AI application for smart cities, mobility, healthcare, manufacturing, and government policy in AI.
Cloud Computing
Grand Cloud Conference
Cloud Expo Korea
Semiconductor
SEDEX: Organized by Korea Semiconductor Industry Association (KSIA), the exhibition covers the full spectrum of the semiconductor industry supply chain and products including logic, memory, sensor, equipment, and material. During the 2023 event, 320 companies including Samsung Electronics and SK hynix presented their products to more than 50,000 participants.
SEMICON KOREA: Focusing on semiconductor equipment and materials, SEMICON is one of the major trade events for semiconductor industry in Korea. In 2024, more than 500 global companies exhibited at the event.