Archivos de la etiqueta: electronic intrusions

02Nov/21

Act nº 6383, Jan. 26, 2001, Act on the Protection of Information and Communications Infrastructure

CHAPTER I.- GENERAL PROVISIONS

Article 1 (Purpose)
The purpose of this Act is to operate cirtical information and communications infrastructure in a stable manner by formulating and implementing measures concerning the protection of such infrastructure, in preparation for intrusion by electronic means, thereby contributing to the safety of the nation and the stability of the life of people.

Article 2 (Definitions)
The terms used in this Act shall be defined as follows: (Amended by Act nº 8777, Dec. 21, 2007)

1. The term “information and communications infrastructure” means electronic control and management system related to the national security, administration, defense, public security, finance, communications, transportation, energy, etc. and information and communications network under Article 2 (1) 1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.;

2. The term “electronic intrusions” means acts of attacking information and communications infrastructure by hacking, computer viruses, logic or email bombs, denial of service, or high power electromagnetic waves, etc.;

3. The term “intrusion incident” means a situation where any incidents takes place by electronic intrusions.

CHAPTER II.- SYSTEM FOR PROTECTING CRITICAL INFORMATION AND COMMUNICATIONS INFRASTRUCTURE

Article 3 (Committee for Protection of Information and Communications Infrastructure)

(1) The Committee for Protection of Information and Communications Infrastructure (hereinafter referred to as the “Committee“) shall be established under the control of the Prime Minister, so as to deliberate on matters concerning the protection of critical information and communications infrastructure (hereinafter referred to as “critical information and communications infrastructure”) designated under Article 8.

(2) The Committee shall be comprised of 25 or fewer members, including a Chairperson.

(3) The Chairperson of the Committee shall be the Minister of the Office for Government Policy Coordination, and members shall be public officials holding a rank equivalent to that of a Vice Minister of a central administrative agency prescribed by Presidential Decree, and persons commissioned by the Chairperson. (Amended by Act nº 8777, Dec. 21, 2007; Act nº. 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(4) Working committees in charge of the public and private sectors shall be established under the control of the Committee for the efficient operation of the Committee. (Amended by Act nº 8777, Dec. 21, 2007)

(5) Necessary matters concerning the composition, operation, etc. of the Committee and working committees shall be prescribed by Presidential Decree.

Article 4 (Functions of Committee)
The Committee shall deliberate on the following matters: (Amended by Act nº 8777, Dec. 21, 2007)

1. Matters concerning the coordination of policies for protecting critical information and communications infrastructure;

2. Matters concerning the integration and coordination of protection plans on critical information and communications infrastructure under Article 6 (1);

3. Matters concerning the outcomes of implementing protection plans on critical information and communications infrastructure under Article 6 (1);

4. Matters concerning the improvement of systems related to the protection of critical information and communications infrastructure;

5.Other major policies concerning the protection of critical information and communications infrastructure that are submitted by the Chairperson for consideration.

Article 5 (Establishment of Measures to Protect Critical Information and Communications Infrastructure)

(1) The head of an organization which manages critical information and communications infrastructure (hereinafter referred to as a “management organization“) shall formulate and implement management measures (hereinafter referred to as “measures to protect critical information and communications infrastructure“), including physical and technological measures to protect critical information and communications infrastructure under its his/her jurisdiction in a safe manner, depending on the results outcomes of the analysis and evaluation of vulnerabilities under Article 9 (1).

(2) The head of a management organization shall, when he/she establishes formulates measures to protect critical information and communications infrastructure under paragraph (1), submit details of such measures to the head of a central administrative agency in charge of critical information and communications infrastructure (hereinafter referred to as “relevant central administrative agency“): However this shall not apply to cases where the head of a management organization is the head of the relevant central administrative agency.

(3) Details of measures to protect critical information and communications infrastructure of a management organization controlled and supervised by the head of a local government, shall be submitted to the Minister of Security and Public Administration by the head of the local government. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(4) The head of a management organization shall designate a person in general charge of affairs concerning the protection of critical information and communications infrastructure under its jurisdiction (hereinafter referred to as “chief information security officer“): Provided, That this shall not apply to cases where the head of a management organization is the head of the relevant central administrative agency.

(5) Necessary matters concerning the designation, affairs, etc. of a chief information security officer shall be prescribed by Presidential Decree.

Article 5-2 (Ascertaining Implementation of Measures to Protect Critical Information and Communications Infrastructure)

(1) The Minister of Science, Information and Communications Technology (ICT) and Future Planning and the heads of national organizations prescribed by Presidential Decree, such as the Director of the National Intelligence Service (hereinafter referred to as the “Director of the National Intelligence Service and head of an equivalent agency“) may ascertain whether a management organization implements measures to protect critical information and communications infrastructure. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(2) The Minister of Science, Information and Communications Technology (ICT) and Future Planning, Director of the National Intelligence Service, and head of an equivalent agency may request the head of the relevant central administrative agency to submit data, including details of measures to protect critical information and communications infrastructure submitted to him/her under Article 5 (2), when necessary for ascertainment under paragraph (1). (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(3) The Minister of Science, Information and Communications Technology (ICT) and Future Planning, Director of the National Intelligence Service, and head of an equivalent agency may notify the head of the relevant central administrative agency of whether measures to protect critical information and communications infrastructure confirmed under paragraph (1) are implemented. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(4) Necessary measures concerning procedures for ascertaining the implementation of measures to protect critical information and communications infrastructure under paragraph (1) shall be prescribed by Presidential Decree.
(Article Inserted by Act nº 8777, Dec. 21, 2007)

Article 6 (Establishment, etc. of Plans for Protecting Critical Information and Communications Infrastructure)

(1) The heads of relevant central administrative agencies shall establish and implement plans for protecting critical information and communications infrastructure in areas under their jurisdiction (hereinafter referred to as “plans for protecting critical information and communications infrastructure“), by integrating and coordinating measures to protect critical information and communications infrastructure submitted under Article 5 (2).

(2) The heads of relevant central administrative agencies shall submit details on outcomes of implementing plans for protecting critical information and communications infrastructure of the previous year and plans for protecting critical information and communications infrastructure for the following year to the Committee for deliberation: However, this shall not apply to matters that are deemed confidential by the Chairperson of the Committee.

(3) Plans for protecting critical information and communications infrastructure shall include the following matters:

1. Matters concerning the analysis and evaluation of vulnerabilities of critical information and communications infrastructure;

2. Matters concerning prevention against intrusion incidents against critical information and communications infrastructure and measures for the restoration thereof;

3. Other necessary matters concerning the protection of critical information and communications infrastructure.

(4) The Minister of Science, Information and Communications Technology (ICT) and Future Planning and the Director of the National Intelligence Service may establish guidelines for formulating measures to protect critical information and communications infrastructure and plans for protecting critical information and communications infrastructure, following consultation with each other, and notify the heads of relevant cental administrative agencies of such guidelines. (Amended by Act nº 8777, Dec. 21, 2007; Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(5) The heads of relevant central administrative agencies shall designate a person in general charge of affairs related to the protection of critical information and communications infrastructure in areas under their jurisdiction (hereinafter referred to as “officer in charge of information protection“).

(6) Necessary matters concerning the establishment and implementation of plans for protecting critical information and communications infrastructure and the designation, affairs, etc. of an officer in charge of information protection shall be prescribed by Presidential Decree.

Article 7 (Support for Protection of Critical Information and Communications Infrastructure)

(1) The heads of management organizations may request the Minister of Science, Information and Communications Technology (ICT) and Future Planning, the Director of the National Intelligence Service, and head of an equivalent agency or, if deemed necessary, the heads of specialized institutions prescribed by Presidential Decree to provide technological support to the following duties, where the heads of the relevant management organizations deem it necessary to do so, or where the Chairperson of the Committee believes that inadequate measures to protect critical information and communications infrastructure of a specific management organization are likely to cause harm to national security and the economy and society as a whole and therefore issues an order to supplement such measures. (Amended by Act nº 8777, Dec. 21, 2007; Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)


1. Formulation of measures to protect critical information and communications infrastructure;

2. Prevention of intrusion incidents against critical information and communications infrastructure and the restoration thereof;

3. Compliance with an order or recommendation for protection measures under Article 11.

(2) When the head of a management organization, in charge of the following critical information and communications infrastructure which has significant influence on national security, requests for technological support under paragraph (1), he/she shall preferentially make such request to the Director of the National Intelligence Service: However, the Director of the National Intelligence Service may provide such support, in consultation with the heads of the relevant central administrative agencies, in cases where a substantial and imminent threat to national security exists and it is impossible to recover from damage if he/she waits for the head of a management organization to make such request: (Amended by Act nº 8777, Dec. 21, 2007)

1. Critical transportation facilities, such as roads, railroads, subways, airports and harbors;

2. Facilities for water resources and energy, including electricity, gas and oil;

3. Relay broadcast facilities and the national command control communication network;

4. Research facilities of government-funded research institutes related to nuclear energy, the national defense and science, or advanced defense industry.

(3) The Director of the National Intelligent Service shall not provide technological support to any information and communications infrastructure which stores personal information, such as financial information and communications infrastructure, notwithstanding paragraphs (1) and (2). (Amended by Act nº 8777, Dec. 21, 2007)

CHAPTER III.- DESIGNATION AND ANALYSIS OF VULNERABILITIES OF MAJOR INFORMATION AND COMMUNICATIONS INFRASTRUCTURE

Article 8 (Designation, etc. of Critical Information and Communications Infrastructure)

(1) The heads of central administrative agencies may designate information and communications infrastructure under their jurisdiction, which are deemed to require protection from electronic intrusions, as critical information and communications infrastructure, by taking into account the following matters:

1. The national and social importance of duties performed by an organization which manages the relevant information and communications infrastructure;

2. The dependence of affairs conducted by an organization under subparagraph 1 on information and communications infrastructure;

3. The inter-connection with other information and communications infrastructure;

4. The areas and extent of damage caused by intrusion incidents to the national security, economy and society, if any;

5. The probability of intrusion incidents and the easiness of restoration thereof.

(2) The heads of central administrative agencies may request the relevant management organization to submit data necessary for making a decision on designation under paragraph (1).

(3) The head of the relevant central administrative agency may revoke the designation of critical information and communications infrastructure either ex officio or upon request of the relevant management organization when a management organization abolishes, suspends or changes the relevant affairs.

(4) The Minister of Security and Public Administration may designate information and communications infrastructure of an organization managed and supervised by the head of a local government as critical information and communications infrastructure, in consultation with the head of the local government, or revoke such designation. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(5) The head of a central administrative agency shall, when he/she intends to make a designation or revoke such designation under paragraphs (1) and (3), submit it for deliberation by the Committee. In such cases, the Committee may order the head of a management organization subject to designation or the revocation thereof under paragraphs (1) and (3) to appear before the Committee and listen to his/her opinions.

(6) The head of a central administrative agency shall, when he/she designates critical information and communications infrastructure or revokes such designation under paragraphs (1) and (3), publicly announce such fact: However, he/she may not publicly announce such fact, after deliberation by the Committee, when necessary for guaranteeing national security.

(7) Necessary matters concerning the designation of critical information and communications infrastructure and the revocation of such designation shall be prescribed by Presidential Decree.

Article 8-2 (Recommendation for Designation of Critical Information and Communications Infrastructure)

(1) The Minister of Science, Information and Communications Technology (ICT) and Future Planning, Director of the National Intelligence Service, and head of an equivalent agency may recommend the head of a central administrative agency to designate specific information and communications infrastructure as critical information and communications infrastructure, when they reach a conclusion that such information and communications infrastructure needs to be designated as critical information and communications infrastructure. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(2) The Minister of Science, Information and Communications Technology (ICT) and Future Planning, Director of the National Intelligence Service, and head of an equivalent agency may request the head of a central administrative agency to submit data on the relevant information and communications infrastructure, when necessary for making a recommendation under paragraph (1). (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(3) Procedures for recommending the designation of critical information and communications infrastructure under paragraph (1) and other necessary matters shall be prescribed by Presidential Decree.
(Article Inserted by Act nº 8777, Dec. 21, 2007)

Article 9 (Analysis and Evaluation of Vulnerabilities)

(1) The head of a management organization shall analyze and evaluate the vulnerabilities of critical information and communications infrastructure under its jurisdiction on a regular basis as prescribed by Presidential Decree.

(2) The head of a management organization shall, when he/she intends to analyze and evaluate vulnerabilities under paragraph (1), form a task force team to analyze and evaluate the vulnerabilities as prescribed by Presidential Decree.

(3) The head of a management organization may, when he/she intends to analyze and evaluate vulnerabilities under paragraph (1), require the following institutions to analyze and evaluate vulnerabilities of critical information and communications infrastructure under its jurisdiction: However, in such case, he/she may choose not to form a task force team under paragraph (2): (Amended by Act nº 6796, Dec. 18, 2002; Act nº 8777, Dec. 21, 2007; Act nº 9708, May 22, 2009; Act nº 11690, Mar. 23, 2013)

1. The Korea Internet and Security Agency (hereinafter referred to as the “KISA“) under Article 52 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.;

2. Information sharing and analysis centers under Article 16 (limited to information sharing and analysis centers which meet the standards prescribed by Presidential Decree);

3. Consulting companies specializing in knowledge and information security, designated under Article 33 of the Information and Communications Technology Industry Promotion Act;

4. The Electronics and Telecommunications Research Institute under Article 8 of the Act on the Establishment, Operation, and Fostering of Government-Funded Research Institutes.

(4) The Minister of Science, Information and Communications Technology (ICT) and Future Planning shall determine standards concerning the analysis and evaluation of vulnerabilities under paragraph (1), in consultation with the heads of relevant central administrative agencies and the Director of the National Intelligence Service, and notify the heads of the relevant central administrative agencies of such standards. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(5) Necessary matters concerning methods of and procedures for analyzing and evaluating the vulnerabilities of critical information and communications infrastructure shall be prescribed by Presidential Decree.

CHAPTER IV.- PROTECTION OF CRITICAL INFORMATION AND COMMUNICATIONS INFRASTRUCTURE AND RESPONSE TO INTRUSION INCIDENTS

Article 10 (Protection Guidelines)

(1) The heads of relevant central administrative agencies may establish protection guidelines on critical information and communications infrastructure under their jurisdiction and recommend the head of a management organization in the relevant area to follow such guidelines.

(2) The heads of the relevant central administrative agencies shall revise and supplement protection guidelines under paragraph (1) on a regular basis, taking into account technological advancements, etc.

Article 11 (Orders etc. for Protection Measures)
The heads of relevant central administrative agencies may order or recommend the head of the relevant management organization to take measures to protect critical information and communications infrastructure, in any of the following cases:

1. When it is deemed that special protection measures need to be taken after details of measures to protect critical information and communications infrastructure submitted under Article 5 (2) are analyzed;

2. When it is deemed that special protection measures need to be taken after the implementation of measures to protect critical information and communications infrastructure notified under Article 5-2 (3) are analyzed.
(Article Amended by Act nº 8777, Dec. 21, 2007)

Article 12 (Prohibition against Intrusion, etc. of Critical Information and Communications Infrastructure)
No one shall commit any act falling under any of the following subparagraphs:

1. Accessing critical information and communications infrastructure by any person who has no access authority, or manipulating, destroying, concealing or leaking stored data by any person who exceeds his/her access authority;

2. Destroying the data of critical information and communications infrastructure, or using programs, such as computer viruses and logic bombs, with the intention of obstructing the operation of critical information and communications infrastructure;

3. Abruptly sending large amounts of signals with the intention of obstructing the operation of critical information and communications infrastructure, or causing a fallacy in information processing by means, such as inducing the processing of a wrong order.

Article 13 (Notification of Intrusion Incidents)

(1) The head of a management organization shall, when he/she recognizes that the occurrence of intrusion incidents has led to the disturbance, paralysis or destruction of critical information and communications infrastructure under its jurisdiction, notify a relevant administrative agency, an investigation agency, or the Internet and Security Agency (hereinafter referred to as the “relevant organization, etc.”) of such fact. In such cases, the relevant organizations, etc. shall take necessary measures to prevent the spread of damage caused by intrusion incidents and swiftly respond to such incidents. (Amended by Act nº 11690, Mar. 23, 2013)

(2) The Government may provide financial support, including expenses incurred in restoring damage, to a management organization that has contributed to preventing the spread of damage by notifying intrusion incidents under paragraph (1), within the budgetary limits

 Article 14 (Restoration Measures)

(1) The head of a management organization shall take necessary measures to restore and protect relevant information and communications infrastructure in a swift manner when intrusion incidents against critical information and communications infrastructure under its jurisdiction occur.

(2) The head of a management organization may request the head of a relevant central administrative agency or the head of the Internet and Security Agency to provide support when necessary for taking measures for restoration and protection under paragraph (1): Provided, That this shall not apply to cases falling under Article 7 (2). (Amended by Act nº 11690, Mar. 23, 2013)

(3) The head of the relevant central administrative agency or the head of the Internet and Security Agency shall, when they receive requests for support under paragraph (2), provide necessary support for the fast restoration of damage, such as technological support, and take appropriate measures to prevent the spread of damage, in cooperation with the head of a management organization. (Amended by Act nº 11690, Mar. 23, 2013)

Article 15 (Organization, etc. of Headquarters for Countermeasures, etc.)

(1) When intrusion incidents against critical information and communications infrastructure occur in a wide range, the Chairperson of the Committee may establish the Headquarters for Countermeasures against Intrusion Incidents in Information and Communications Infrastructure (hereinafter referred to as the “Countermeasure Headquarters“) under the control of the Committee, fixing a period for taking emergency measures, providing technological support and restoring damage, etc.

(2) The Chairperson of the Committee may request the dispatch of public officials related to the affairs of the Countermeasure Headquarters to the head of a relevant administrative agency.

(3) The Chairperson of the Committee shall appoint the head of the Countermeasure Headquarters, in consultation with the head of a central administrative agency in charge of information and communications infrastructure, against which intrusion incidents occurred.

(4) The head of the Headquarters for Countermeasures may request the head of the relevant administrative agency, the head of a management organization and the head of the Internet and Security Agency to provide cooperation and support to respond to intrusion incidents against critical information and communications infrastructure. (Amended by Act nº 11690, Mar. 23, 2013)

(5) The head of the relevant administrative agency, etc. shall, upon a request for cooperation and support under paragraph (4), comply with such request, unless any extraordinary ground exists to the contrary.

(6) Necessary matters concerning the organization and operation of the Countermeasure Headquarters shall be prescribed by Presidential Decree.

Article 16 (Information Sharing and Analysis Center)

(1) Any person who intends to perform the following affairs to protect information and communications infrastructure by area, such as finance and communications, may establish and operate an information sharing and analysis center:

1. Provision of information concerning vulnerabilities, intrusion factors, and countermeasures;

2. Operation of the real-time alarm and analysis system, if intrusion incidents occur.

(2) The head of an information sharing and analysis center under paragraph (1) shall notify the heads of the relevant central administrative agencies of matters prescribed by Presidential Decree, such as information of persons engaged in duties. The same shall apply to revisions to the notified matters.

(3) The heads of the relevant central administrative agencies shall notify the Minister of Science, Information and Communications Technology (ICT) and Future Planning of matters notified under paragraph (2). (Amended by Act nº 8852, Feb. 29, 2008; Act nº 11690, Mar. 23, 2013)

(4) The Government may encourage the establishment of an information sharing and analysis center, which performs duties falling under each subparagraph of paragraph (1), and provide technological support thereto.

(5) Necessary matters concerning methods of and procedures for notification under paragraph (2) shall be prescribed by Presidential Decree.

CHAPTER V.- Deleted.

Articles 17 through 23 Deleted. (by Act nº 9708, May 22, 2009)

CHAPTER VI.- TECHNOLOGICAL SUPPORT AND PRIVATE COOPERATION

Article 24 (Technological Development, etc.)

(1) The Government may formulate implementation policies for the development of technology necessary for protecting information and communications infrastructure and the fostering of specialized human resources.

(2) The Government may require research institutes and private organizations related to the development of information protection technology to develop technology on its behalf, when necessary for efficiently advancing development of technology necessary for the protection of information and communications infrastructure. In such cases, the Government may wholly or partially subsidize expenses incurred in such development.

Article 25 (Support for Management Organization)
The Government may, with respect to a management organization, transfer technology necessary for protecting critical information and communications infrastructure, and provide equipment and other necessary support.

Article 26 (International Cooperation)

(1) The Government shall ascertain international trends concerning the protection of information and communications infrastructure and promote international cooperation.

(2) The Government may provide support for international exchanges of related technologies and human resources and projects for international standardization and international joint research and development, so as to promote international cooperation for the protection of information and communications infrastructure.

Article 27 (Duty of Confidentiality)
No one who is or has been employed in any of the following organizations shall divulge any confidential information obtained in the course of his/her performance of duties: However, this shall not apply to cases where special provisions exist in other Acts: (Amended by Act nº 8777, Dec. 21, 2007)

1. The Committee and the working committees under Article 3;

2. Any organization in charge of the analysis and evaluation of the vulnerabilities of critical information and communications infrastructure under Article 9 (3);

3. Any relevant organization which performs duties related to the acceptance of notification of intrusion incidents and restoration measures under Article 13;

4. Any information sharing and analysis center which performs duties falling under any subparagraph of Article 16 (1).

CHAPTER VII.- PENALTY PROVISIONS

Article 28 (Penalty Provisions)

(1) Any person who disturbs, paralyzes or destroys critical information and communications infrastructure, in violation of Article 12, shall be punished by imprisonment with labor for not more than 10 years or by a fine not exceeding 100 million won.

(2) Any person who has attempted a crime under referred to in paragraph (1) shall be subject to punishment.

Article 29 (Penalty Provisions)
Any person who divulges any confidential information secret, in violation of Article 27, shall be punished by imprisonment with labor for not more than five years, by suspension of qualifications for not more than ten years or by a fine not exceeding 50 million won.

Article 30 (Administrative Fines)

(1) Any person falling under any of the following subparagraphs shall be punished by an administrative fine not exceeding 10 million won: (Amended by Act nº 8777, Dec. 21, 2007)

1. Any person who violates an order to take protection measures under Article 11;

2. Any person who fails to issue a notice under Article 16 (2);

3. through 5. Deleted (by Act nº 9708, May 22, 2009)

(2) An administrative fine under paragraph (1) shall be imposed and collected by the heads of the relevant central administrative agencies or the Minister of Science, Information and Communications Technology (ICT) and Future Planning (hereinafter referred to as the “levying authority”) as prescribed by Presidential Decree. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9708, May 22, 2009; Amended by Act nº 11690, Mar. 23, 2013)

(3) Any person who is dissatisfied with an administrative fine imposed under paragraph (2), may raise an objection to the levying authority within 30 days after being informed of such imposition.

(4) If a person subject to the imposition of an administrative fine under paragraph (2) raises an objection under paragraph (3), the levying authority shall, without delay, notify the competent court, which, in turn, shall proceed to trial on the administrative fine pursuant to the Non-Contentious Case Procedure Act. (Amended by Act nº 8777, Dec. 21, 2007)

(5) If neither an objection is raised nor an administrative fine is paid within a period prescribed in paragraph (3), the administrative fine shall be collected in the same manner as delinquent national taxes are collected.

ADDENDUM
This Act shall enter into force on July 1, 2001.

ADDENDA (Act nº 6796, Dec. 18, 2002)

(1) (Enforcement Date) This Act shall enter into force on the date of its promulgation.

(2) (Transitional Measures concerning the Change of Names of Companies Specializing in Information Protection) Companies specializing in information protection designated under the previous provisions at the time this Act enters into force shall be deemed consulting companies specializing in information protection designated under this Act.

ADDENDA (Act nº 7428, Mar. 31, 2005)

Article 1 (Enforcement Date)
This Act shall enter into force one year after the date of its promulgation.

Articles 2 through 6 Omitted.

ADDENDA (Act nº 8777, Dec. 21, 2007)

(1) (Enforcement Date) This Act shall enter into force six months after the date of its promulgation.

(2) (Applicability) The amended provisions of Article 5-2 shall apply to measures to protect critical information and communications infrastructure which were formulated in 2007 and thereafter.

ADDENDA (Act nº 8852, Feb. 29, 2008)

Article 1 (Enforcement Date)
This Act shall enter into force on the date of its promulgation (Proviso Omitted.).

Articles 2 through 7 Omitted.

ADDENDA (Act nº 9708, May 22, 2009)

Article 1 (Enforcement Date)
This Act shall enter into force three months after the date of its promulgation (Proviso Omitted.).

Articles 2 through 12 Omitted.

ADDENDA (Act nº 11690, Mar. 23, 2013)

Article 1 (Enforcement Date)
This Act shall enter into force on the date of its promulgation.

Articles 2 through 7 Omitted.