Korea has signed but not ratified the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

According to Art. 32 of the Act on Promotion of Information and Communications Network Utilization and Information Protection etc., foreign IT services providers with no office in Korea must designate a local agent responsible for data privacy compliance.

The Act on Consumer Protection in Electronic Commerce Transactions provides a comprehensive framework for consumer protection that also applies to online transactions. In addition, it is reported that for business-to-business transactions, the Regulation of Terms and Conditions Act and the Fair Trade Act are the main frameworks applied.

According to Art. 4 of the Domain Name Management Rules set forth by the Korea Internet & Security Agency (KISA), domain name registrants must have a postal address of their place of residence in Korea. In addition, it is reported that a Copy of Company registration in Korea with proof of company address in both English and Korean languages is required for registration and that a Korean-based administrative contact is mandatory.

It is reported that under the Regulation on Supervision of Credit-Specialized Financial Business, electronic commerce firms operating on a cross-border basis have been prevented from either selling in Korean won or storing domestic consumers’ credit card information unless they have registered in Korea as a Payment Gateway (PG) supplier or use a local PG company service for won-denominated transactions. In the absence of a PG registration (which requires firms to develop Korea-specific payment systems and customer interfaces, and to have a local presence in Korea), foreign electronic commerce sites can only process dollar-denominated transactions for which customers enter their credit card information anew each time, which puts them at a competitive disadvantage as compared to local merchants. However, the Electronic Finance Supervisory Regulations do not impose the registration requirement for subsidiary electronic financial business entities which include PG services. It imposes such a requirement only on electronic financial business entities.

According to Art. 8 of the Notice of Import Customs Clearance for Express Goods, as amended in 2016 increasing the value of the de minimis rule, Korea has a de minimis rule that allows goods for personal consumption and samples not exceeding USD 150 (and USD 200 only for trade with the US and Puerto Rico as per Korea-US FTA) to be exempted from taxes and duties collected by customs.

If software systems or hardware equipment such as virtual private network and firewall systems deal with non-confidential yet important information and are to be used in the government, they must pass verification for appropriate encryption modules under the auspices of National Intelligence Service (NIS). Appropriate encryption standards are ones developed in Korea such as ARIA, SEED, LEA, and Hight. The suppliers need to submit the source code of their products to receive the verification test. The same encryption standards also apply to certain network equipment such as VPN and SW USB series.

Pursuant to Art. 4 of the National Intelligence Service Korea Act and Art. 56 of the Electronic Government Act, National Intelligence Service (NIS) impose security verification requirements on network equipment and cyber-security software in government procurement. Generally, they may satisfy the requirement by showing that the products are certified at a Common Criteria Recognition Arrangement (CCRA) accredited lab outside of Korea. However, certain network equipment must undergo an additional security verification process. Furthermore, the Common Criteria (CC) certification may not be sufficient for two reasons. First, NIS may substitute the CC certification with other certification mechanisms that were internally developed (e.g., GS Certification). Second, NIS may reject a CC certification when it deems that the certification does not cover particular functions of the product that the government entity needs.

The Electrical Appliances Safety Control Act authorizes the Korean Agency for Technology and Standards to develop safety certification schemes for the import of electronic appliances. The agency has created three certification schemes: KC Safety Certification, KC Safety Confirmation, and SDoC.
The requirements are the following:
- Type 1 products must go through certification procedure that includes factory inspection (initial and regular) with mandatory product testing every two years in order to get KC Certification. Type 1 products include electric wire, cords, switches for electrical appliances, motor-oriented electric tools, breakers, insulated transformers, and lighting appliances;
- Type 2 products, which are considered less dangerous, must overcome certification procedure that includes safety testing without factory inspection. Type 2 products include electric switch, electric appliances, audio and video electronic apparatus, lighting appliances, insulated transformers, and information technology equipment;
- Type 3 products are qualified to be clear of mandatory certification procedures with a showing of SDoC. Except for products that qualify for SDoC, the other two procedures that include local testing could be burdensome. Type 3 products include fluorescent lamps starter, DC power supplies, and electric charger connected to the electric appliances as well as some electric appliances, audio and video electronic apparatus, and information technology equipment.

The Ministry of Science, ICT & Future Planning (MSIP) is an authority that conducts EMC and wireless communication certification. KC certification is issued by Korea’s National Radio Research Agency (RRA) and requires testing at an RRA-approved laboratory. There are three mandatory certification mechanisms for imported broadcasting and communications equipment to test the safety of radio waves (Article 58-2):
- Certain equipment must receive certification of conformity from the Ministry of Science, ICT and Future Planning after undergoing a test by a designated third-party laboratory. Such equipment includes wireless telephone alarm automatic receiver, radar equipment for ships, telephone, and modem;
- Equipment that is not subject to this certification may come in only with a showing of confirmation that verifies the compatibility after undergoing a test either by a designated third-party testing body or self-tests. The equipment that falls in this category includes Computing device and peripheral, broadcasting set-top box, measuring instrument, industrial device, and connector.
- Equipment that is not subject to neither of these schemes must have interim of conformity after passing a test showing conformity with domestic or international standards. Equipment that is newly development but whose conformity assessment criteria have not been developed fall in this category.
Korea has entered into a mutual recognition arrangement with the United States, Canada, EU, Vietnam, and Chile. However, except for Canada, the import of broadcasting and communications equipment from the other countries must still receive certification of conformity from the South Korean government even if a conformity test has been conducted in the exporting countries.

Since 2008, the Foreign Trade Act has required a license prior to export of strategic items. These items include dual-use items. Among them, electronics (category 3), computers (category 4), telecommunications and information security (category 5), and sensors and lasers (category 6) are relevant to digital goods. These categories are controlled by the Ministry of Trade, Investment, and Energy.

Per Art. 5 of the Location Information Use and Protection Act, any person who intends to engage in location information business shall obtain permission from the Korea Communications Commission. According to Art. 18 of the Act, even if permitted to do such business, location information providers or location-based service providers cannot collect location information of individuals without individuals' consent. It is reported that, although a supplier may export location information once acquiring a permit, Korea has never approved such a permit despite numerous applications by foreign suppliers over the past decade.

Under Art. 13 of the Act on the Promotion of Newspapers, a person who is not a national of Korea shall not be qualified as a publisher or editor of an online newspaper, or as a news article layout manager of an online news service. This requirement has been in place since 2009.

The amendment of the Telecommunications Business Act by Act no. 12761 on 15 October 2014, included Article 22-3. According to Art. 22-3, value-added telecommunication service providers, encompassing all online hosts of applications and content, must implement technical measures as outlined in the Presidential Decree to counteract the dissemination of explicit materials.

According to Arts. 12-3 of the Game Industry Promotion Act, users are required to verify the real names and ages of users of game products when they join as members and self-authenticate. This requirement has been in place since 2011 within the amendment of the Game Industry Promotion Act through Law No. 10879 of July 2011.