The amendment to the Telecommunications Business Act (the “Amendment”), which is primarily aimed at strengthening measures to prevent telecommunications-based financial fraud, including voice phishing, and ensuring the public-service nature and stability of facilities-based telecommunications businesses, was passed by the National Assembly at a plenary session and subsequently approved by the Cabinet on May 12. The provision of the Amendment prohibiting the manufacture and importation of caller ID spoofing devices will, in light of its urgency, take effect immediately upon promulgation, while the remaining provisions will enter into force six months thereafter. The Ministry of Science and ICT (“MSIT”) plans to promptly establish subordinate legislations in consultation with relevant industry stakeholders and experts.

The Amendment centers on improving frameworks to enhance public safety, specifically by prohibiting the distribution of SIM boxes—a primary tool for voice phishing—and expanding the ‘Subscription Restriction Service’ nationwide to prevent the opening of fraudulent accounts through identity theft. Additionally, it strengthens the institutional framework for the stable operation of facilities-based telecommunications networks, which constitute national critical infrastructure, including by addressing regulatory gaps arising from involuntary changes in the largest shareholder of facilities-based telecommunications business operators.

The key provisions are as follows:

 

1. Prohibition on the Manufacture, Import, Distribution, Sale and Leasing of SIM Boxes

SIM Boxes* have been widely exploited to facilitate voice phishing schemes by enabling the use of fraudulently activated mobile phones. Under the new Amendment, the manufacture, import, distribution, sale, and leasing of SIM boxes are prohibited, and violations are punishable by up to three years’ imprisonment or a fine of up to KRW 100 million.

 * A device that masks incoming overseas internet (070) or international calls and transmits them as domestic mobile calls whose phone numbers begin with “010.”

※ According to data on the 'Current Status of Caller ID Spoofing Reports' provided by the Korea Internet & Security Agency (KISA) to the Office of Representative Cho Incheul, the number of reported cases rose from 29,681 in 2022 to 34,674 in 2023, and surged to 59,365 in 2024, indicating a sustained escalation in crime attempts utilizing SIM boxes (Link to News Article).

 

2. Implementation of a Default Application System for the Subscription Restriction Service

Identity theft has been a primary avenue for the creation of fraudulently activated mobile phones. However, the existing Subscription Restriction Service* was limited in that it operated on an opt-in basis requiring users to apply manually.

The Amendment addresses this limitation by introducing an automatic application mechanism,** under which the Subscription Restriction Service is applied by default without the need for a separate application, thereby providing universal protection against the risks of identity theft.

* A free security service that allows individuals to block new mobile subscriptions in advance to prevent others from fraudulently activating mobile phones using their identity without their knowledge.
** The Subscription Restriction Service is provided by default to all users at the time of entering into a mobile communications service contract, with prior notice given regarding the provision of such service. Users may opt out if they do not wish to subscribe to or receive the service.

 

3. Mandatory Ministerial Approval for Involuntary Changes in the Largest Shareholder

The Amendment requires that any person who becomes the largest shareholder of a facilities-based telecommunications business operator due to a reduction in the company’s capital or the disposal of shares held by other shareholders must also obtain approval from the Minister of Science and ICT (the “Minister”) pursuant to Article 18(1) of the Act (Article 18(1)4 of the Amendment). In such cases, a person who becomes the largest shareholder involuntarily in this manner must, upon becoming aware of such fact, apply for approval in accordance with procedures prescribed by Presidential Decree (Article 18(11) of the Amendment).

In this regard, a provision has also been newly introduced requiring any shareholder who holds or comes to hold 5% of more of the total number of issued shares of a facilities-based telecommunications business operator to notify the relevant operator of any changes in the number of shares held or the purpose of holding such shares. Where the operator becomes aware of a change in its largest shareholder as a result, it must immediately report such change to the Minister (Article 10(8) of the Amendment).

A person who becomes the largest shareholder involuntarily in this manner may not, prior to obtaining approval, engage in acts such as appointing officers (Article 18(9) of the Act). In addition, a change in the largest shareholder is subject to a public interest review pursuant to Article 10 of the Act. If, as a result of such review, the change is deemed to pose a risk of harming the public interest, orders may be issued to suspend the exercise of voting rights or to dispose of the shares (Article 10(6) of the Act).

Meanwhile, the Amendment also introduces a new provision allowing, where necessary to protect the public interest—including national security, public safety, and the maintenance of public order—the imposition of conditions based on the results of the public interest review, including requirements to implement certain obligations or measures (Article 10(5) of the Act).

 

Key Implications

  • This Amendment reflects a strong commitment by the National Assembly and the government to protect the public from telecommunications-based financial fraud and to reinforce the public-service nature of the telecommunications industry as a key national infrastructure.  
  • In particular, new compliance obligations will be imposed on telecommunications business operators, including the management of SIM box distribution channels and the implementation of an opt-out system for Subscription Restriction Services. 
  • Given that necessary conditions may now be imposed based on the results of the public interest review, more rigorous legal review will be required going forward in connection with corporate governance decisions, such as M&A transactions and equity investments involving a facilities-based telecommunications business operator. 
  • Furthermore, as situations may arise in which a person who becomes the largest shareholder involuntarily of a facilities-based telecommunications business operator may be required to undergo entirely unforeseen ministerial approval processes and a public interest review, second-largest shareholders should also take these considerations into account in advance. 
  • It is crucial for affected companies to gain a precise understanding of the objectives and scope of the Amendment to prioritize the alignment of internal policies and implementation of necessary systems in preparation for its enforcement. Particularly, as the newly introduced regulations may involve interpretive ambiguity in their application, it would be prudent to pre-emptively assess their potential impact from a compliance perspective.

 

About Shin & Kim’s ICT Group

Shin & Kim’s ICT Group provides comprehensive, one-stop legal services by leveraging the firm's distinctive expertise and extensive professional network in the ICT sector, having consistently earned the highest client recognition in recent years. Drawing upon our deep-seated capabilities in broadcasting, telecommunications, personal information protection, and internet IT, we deliver the highest level of legal advisory services encompassing regulatory trend analysis in broadcasting, telecommunications, and ICT; government affairs and legislative improvement & consulting; regulatory impact assessment; and corporate strategic planning. Furthermore, we possess extensive experience and exceptional expertise in personal information/AI compliance and risk management, providing holistic analysis and strategic responses to legal issues and regulatory risks associated with AI adoption and deployment across diverse industry sectors. Please feel free to contact us with any questions or if you require our assistance on any ICT-related legal matters.

 

[Korean version] 전기통신사업법 개정안 국무회의 의결(5.12.)- 보이스피싱 방지 강화 및 기간통신사업 공공성 확보 중심 -