This newsletter covers the latest issues in the mobility industry concerning the Automotive Cybersecurity Management Framework and autonomous vehicles.

Opening of the Automotive Cybersecurity Center
Establishment of a Core Facility to Oversee the Automotive Cybersecurity Management Framework

The Ministry of Land, Infrastructure and Transport (MOLIT) announced that the Minister of MOLIT held the completion ceremony for the Automotive Cybersecurity Center on November 6, 2025.

The Automotive Cybersecurity Center is a core facility that oversees the operation of the Automotive Cybersecurity Management Framework, which came into effect on August 14, 2025, as well as certification and evaluation therefor. It is equipped with systems for manufacturer certification and management, cyber threat monitoring, and real vehicle-based security evaluation. It monitors and responds in real-time to cyber threats, such as personal information theft, external hacking, and driving interference, that may occur throughout the entire lifecycle of a vehicle—development, production, and operation.

According to the Automotive Cybersecurity Management Framework, any automotive manufacturer, etc., seeking self-certification for its vehicles is obligated to establish an Automotive Cybersecurity Management System (CSMS) and secure certification from the Minister of MOLIT (Article 30-9). Furthermore, once this certification has been obtained, the certified manufacturer, etc., is required to promptly report to the Minister of MOLIT any incidents concerning automotive cyberattacks and threats (Article 30-12). To ensure the effective execution of duties pertaining to the certification of the CSMS, the Minister of MOLIT is authorized to delegate the related functions—including assessment, certificate issuance, and management, etc.—to a performance testing agency. To facilitate this, the Minister shall provide contributions or financial support necessary for the establishment of requisite facilities (Article 30-9, paragraph 5).

With the completion of the Automotive Cybersecurity Center and the forthcoming implementation of the "Notice on Certification, etc., of Automotive Cybersecurity Management System," of which the Minister made an administrative announcement on July 9, 2025, the Ministry has successfully established the foundational infrastructure for operating the national Automotive Cybersecurity Management Framework. It is anticipated that the newly established Automotive Cybersecurity Center will proceed to assess the CSMS established by each automotive manufacturer, etc., adhering to the certification criteria stipulated in the aforementioned Notice (Notice Article 6, Annex 1).


Roundtable Held with Domestic Autonomous Driving Companies
Indication of Support Measures for Autonomous Vehicle Development and Demonstration

On October 22, 2025, the Minister of MOLIT held a roundtable with domestic autonomous vehicle companies, including Autonomous A2Z, RideFlux, PonyLink, and Kakao Mobility.

Participants in the roundtable requested the Minister to expand demonstration spaces, provide financial support for the development and facilitate the market entry for Level 4 unmanned autonomous vehicles, improve regulations, and establish preemptive systems. In response, the Minister stated that the Ministry will promote infrastructure development and demonstration expansion, which includes establishing dedicated data centers for the development and training of autonomous driving AI, creating autonomous driving demonstration cities, and expanding autonomous driving services to areas with limited transportation access. Furthermore, he committed to institutional improvements to enable the use of original video data from autonomous vehicles, as mentioned during the 1st Strategy Meeting for Core Regulatory Rationalization hosted by the President.

In particular, the remarks by the Minister regarding the utilization of original video data from autonomous vehicles are highly significant. Currently, the Act on the Promotion of and Support for Commercialization of Autonomous Vehicles (hereinafter, the “Autonomous Vehicles Act”) stipulates that information derived from personal data collected during the operation of autonomous vehicles is exempt from the application of the Personal Information Protection Act (PIPA) if it is utilized after being anonymized so that a specific individual can no longer be identified even when combined with other information, through the entire or partial deletion or replacement of the collected personal data (Article 20 of the Autonomous Vehicles Act). Conversely, this implies that video personal data that has not been anonymized remains subject to the application of the PIPA. Since video information is considered personal data, autonomous vehicle companies must anonymize such data for its legal utilization.

Currently, original video data is being utilized through a special regulatory exemption for demonstration granted by the Personal Information Protection Commission (PIPC). However, absent the establishment of a institutional foundation, the utilization of original video data by autonomous vehicle companies will inevitably remain dependent on this unstable regulatory exemption.

As the government, including the Minister of MOLIT, has signaled regulatory improvements for the utilization of original video data from autonomous vehicles, it is imperative to continuously monitor the trends of related regulations in the future.
 

LIN LLC has extensive experience in providing advisory and litigation services in the mobility industry, particularly in areas such as administrative regulations, and patent and trade secret disputes related to motor vehicles. Our Mobility Team consists of attorneys and experts with a distinctive interest and passion for automobiles.

Should you wish to learn more about this newsletter or have any other inquiries, please do not hesitate to contact LIN’s Mobility Team.