In order to provide internet multimedia broadcasting services, an approval of the Broadcasting and the Communication Committee is required under the Internet Multimedia Broadcasting Business Act. This regime under Art. 4 has been in place since 2008.

Since 1998, Art. 4 of the Foreign Investment Promotion Act has provided that the national government has a right to decline a foreign investment if there is clear evidence that this investment poses a threat to the national security or public interest. This is not sector-specific but applies horizontally. A decision of the national government about restricting a foreign investment is followed by a notification of the Minister of Knowledge Economy including the categories of business and content of restriction. Korea uses a negative list system, which means that the country is open to foreign investments unless it is explicitly restricted.

Under Art. 18, the Telecommunications Business Act 2010 requires that foreign investors must obtain authorization for acquisitions or mergers of facilities-based telecommunications services providers.

Under the Telecommunications Business Act, telecommunications businesses are divided into two categories: namely, facilities-based telecommunications services (FTS) and value-added telecommunications services (VATS). FTS refers to businesses that install telecommunications line equipment and facilities and provide telecom services. VATS are online services using the FTS network, such as cloud computing services, email, e-commerce platforms, and internet search engines. Since 2009, the Act has prohibited foreigners from owning more than 49% of the stock of a telecom enterprise when it comes to FTS (Art. 8).

Under Art. 14 of the Broadcasting Act, no foreign ownership is allowed in terrestrial broadcasting business or community radio broadcasting entities. Only 20% of foreign ownership is allowed to a program provider engaging in general programming or a CATV relay broadcasting business entity. Up to 49% of foreign ownership is allowed to a CATV broadcasting entity, satellite broadcasting business entity, or a single transmission network business entity. This restriction has been in place since 2009.
Under Art. 9 of the Internet Multimedia Broadcasting Services Act, only up to 49% of foreign ownership is allowed for internet multimedia broadcasting service providers or internet multimedia broadcast contents business operators. Only up to 20% of foreign ownership is allowed for internet multimedia broadcast contents business operators engaged in general programming or specialized programming of news reports. This restriction has been in place since 2009.

Korea is a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA) and its commitments also cover the services sectors considered most important for digital trade, namely telecommunication services (CPC 752), telecommunication-related services (CPC 754), and computer and related services (CPC 84).

In 2016, Korea Internet Security Agency (KISA) developed a cloud security certificate (KCSC) system governing public-sector cloud service procurement. This is based on the 2016 Notice on Protection of Information for Cloud Computing Services promulgated pursuant to Art. 23-2 of the Act on the Development of Cloud Computing and Protection of Its Users, which was inserted to the statute in 2015. It is reported that this constitutes a key barrier for U.S. cloud service providers because they are unable to meet some requirements for the certification without creating a separate, Korean-unique product.

As of January 2021, pursuant to Art. 4 of the National Intelligence Service Korea Act (introduced by the amendment - Act No. 11104 - of 2011), and Art. 56 of the Electronic Government Act (introduced by the amendment - Act No. 10012 - of 2010), the National Intelligence Service (NIS) applies the Security Verification Scheme to network equipment and cyber-security software imported for government procurement. Generally, suppliers may satisfy this scheme in two ways: First, cyber-security software such as firewalls and intrusion prevention systems are certified at a Common Criteria Recognition Arrangement (CCRA) accredited lab outside of Korea. However, the Common Criteria (CC) certification may not be sufficient for two reasons. First, NIS may substitute the CC certification with other certification mechanisms that were internally developed (e.g., GS Certification). Second, NIS may reject a CC certification when it deems that the certification does not cover particular functions of the product that the government entity needs.

Second, network equipment must undergo a security function test. The equipment that has already passed this test may come in. NIS has been recently requiring even some of the cyber-security software that had been subject to the CCRA scheme to pass a security test report conducted by national test agencies. This software includes a software-based security USB (since January 2020), virtualization product (January 2020), host data leakage prevention product (January 2021), network data leakage prevention product (January 2021), and inter-network data transmission product (January 2022).

There are reported concerns, starting from 2014, over the additional verification requirement to network equipment, including equipment products that are "not normally considered as 'security' products, such as routers, switches, and IP-PBXs." It is also reported that the NIS has applied the verification scheme "in a non-transparent fashion."

Under Art. 69 of the Electronic Government Act, enacted in 2001, and Cryptographic Module Testing and Validation Guidelines (Guidelines), promulgated in 2004, the National Intelligence Service (NIS) operates the Korea Cryptographic Module Validation Program (KCMVP). KCMVP validates that software, network (such as VPN and SW USB series), and hardware equipment that deals with non-confidential yet important information complies with the Cryptographic Module Validation Standards, which were amended in 2015. Appropriate encryption standards are ones developed in Korea such as ARIA, SEED, LEA, and Hight. It is reported that the lack of recognition of other international encryption standards constitutes a barrier for foreign suppliers.

Under the Guidelines, suppliers of software, network (such as VPN and SW USB series), and hardware equipment that deals with non-confidential yet important information must also submit the source code of their products to pass the Cryptographic Module Validation Process. It is reported that source code could potentially be required as part of common criteria certification administered by the IT Security Certification Center, a requirement for public procurement of cloud computing services.

The Enforcement Decree of the Act on Contracts to Which the State is a Party, which was promulgated in 1995, provides some situations where a competitive bidding process is limited or does not apply. In light of factors such as the purpose, characteristics, and scale of the procurement contract, the government may restrict the participation of potential bidders (Art. 21), select certain bidders to engage in further bidding (Art. 23), or execute an at-will contract (Art. 26).
This is despite Since the Act on Contracts to which the State is a Party, under Article 5, has prohibited "any special term or condition, discriminative against nationals of contracting states to the Agreement on Government Procurement and goods produced or services provided by such States and in favor of nationals of the Republic of Korea and goods produced or services provided from the Republic of Korea, to international tendering procedures."
The Act on Contracts to Which a Local Government is a Party, under Article 6, has applied the same principle since 2005. Per Art. 12, the contracting agency may not restrict participation of bidders who have gone through a competitive bidding process.

According to Art. 48 of Software Industry Promotion Act, participation in government-led software procurement is limited to SMEs. The Act allows the participation of "large" companies in exceptional circumstances. It is reported that this has effectively limited certain bids on software procurement, leaving out multinational firms.

Since 1995, the Act on Contracts to Which the State is a Party has excluded, under Article 4, international biddings in certain public procurement tenders where:
- procurement is for goods or services necessary for manufacturing other goods or services that are later to be sold or resold;
- products from SMEs are manufactured and purchased pursuant to Act on Facilitation of Purchase of Small and Medium Enterprise-Manufactured Products and Support for Development of their Markets (Act on SMEs);
- a Presidential Decree forbids so in conformity with the Government Procurement Agreement.
Furthermore, since 2005, the Act on Contracts to Which a Local Government is a Party has regulated under Art. 5 international biddings to procurements from a local government in the same manner.
It is reported that the Act on Facilitation of Purchase of Small and Medium Enterprise-Manufactured Products and Support for Development of their Markets, enacted in 2009 and applying under these procurement legal frameworks, categorize foreign-invested enterprises as "large" companies simply by virtue of being foreign or multinational. As a result, "large" foreign companies are only able to bid projects larger than USD 220,000.

Korea is a signatory of the 1996 World Trade Organization (WTO) Information Technology Agreement (ITA) nor the 2015 expansion (ITA II).

Japan has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.