클라우드컴퓨팅서비스 보안인증 등급제와 법률유보의 원칙

With the development of the cloud computing industry, South Korea enacted the ACT ON THE DEVELOPMENT OF CLOUD COMPUTING AND PROTECTION OF ITS USERS in 2015 and introduced the Security Certification system to ensure the trustworthiness and usability of cloud computing services. While cloud computing services can be provided without obtaining Security Certification, public institutions are required to prioritize certified services, effectively making Security Certification a market entry barrier for the public sector. Initially operated as a single-tier system, Security Certification was revised into a three-tier classification—high, medium, and low—in 2023 after much debate. Public institutions categorize the importance of their information systems into these levels and may only utilize cloud computing services that meet or exceed the designated classification. For cloud service providers, obtaining a specific certification level determines the market scope in which their services can be supplied, making the certification level a crucial issue both in business operations and in the framework of Security Certification.