In 2026, South Korea has upgraded MIC Certification to include strict cybersecurity, tiered management, and heavier penalties.
Enforcement of the IoT Security Act has made cybersecurity a mandatory pass/fail item.
All smart wireless devices must:
1.Ban default weak passwords; force user‑defined strong passwords.
2.Support secure OTA updates: min 3 years for general IoT, 5 years for medical/V2X.
3.Use TLS 1.3+ encryption; biometric data must be stored locally in Korea.
4.Report vulnerabilities to KCC within 24 hours and release patches within 72 hours.
II. Expanded Scope & Tiered Management
1.General TierLow‑power short‑range devices; simplified online declaration, 1–2 weeks.
2.High‑Risk TierMedical IoT, V2X, industrial wireless; annual re‑certification, all documents in Korean.
3.Critical Infrastructure TierPower, transport; quarterly security assessments + annual penetration testing.
Change:Even some receive‑only IoT devices now require cybersecurity compliance.
III. Streamlined Process & New Documents
·Low‑power devices: fully online, faster.
·New mandatory documents:Cybersecurity Assessment Report + Vulnerability Response Plan.
·Still required: Korean local agent with legal responsibility.
IV. Severe Penalties in 2026
·Selling without certification: up to ₩500 million per unit + 4% of global revenue.
·Unfixed vulnerabilities: up to ₩100 million per day.
·Shortening update period: up to ₩300 million + product recall.
·Data breach: up to 3% of global revenue.
For more updates, follow BLUEASIA.Contact: +86 13534225140 (WeChat same)
Related News
