The government will raise safety standards for government and public institutional sector data centers to at least the private-sector level and shut down the Daejeon headquarters of the National Information Resources Service, which caused a massive IT outage due to a fire last year, by 2030.
The Presidential Committee on AI on the 25th reviewed and approved the "AI government infrastructure governance innovation roadmap" at its second plenary meeting.
The committee determined that the Daejeon headquarters for national information resources falls short of private-sector safety standards and has reached its limits in disaster response capability and capacity. It also pointed out as a problem that there is a lack of a disaster recovery (DR) system capable of real-time response in the event of disasters such as fires, and that each agency has built DR without unified standards.
In response, the government set new recovery standards by classifying public IT systems by importance. National core systems (A1) will use "active-active DR" for recovery in real time to within one hour; essential public-facing systems (A2) will use "active-standby DR" for recovery within 3 to 12 hours; other key administrative systems will use "storage DR" for recovery within 1 to 5 days.
This year, DR will be built first for 134 out of 693 systems at the Daejeon headquarters. Of these, 13 will use "active-active," and 121 will use the "storage DR" method. The dBrain, Postal Information System, and Safety Stepping-stone system will also be transitioned to private cloud.
Data management will also change. Depending on importance, the government will keep confidential data in government and public data centers and promote a plan to migrate sensitive data and above to private cloud.
Governance will also be restructured. A joint AI government infrastructure task unit under the vice minister of the Ministry of Science and ICT (MSIT) will be established to examine the appropriateness of building and operating public IT systems and to draw up mid- to long-term reform plans referencing overseas cases.
In cybersecurity, a "vulnerability reporting, remediation, and disclosure system" will be introduced to reduce legal burdens when white-hat hackers continuously find and report security weaknesses in corporations and institutions. The system will be mandatory in the public sector, while in the private sector, participation will be encouraged through measures such as extra points in certifications, linkage to public procurement, and reductions in the penalty surcharge.
Along with this, the committee launched an "AI democracy subcommittee" and a legal task force (TF), and approved the details of the "Republic of Korea AI action plan (AI Action Plan)," finalizing it as a statutory plan under the Basic AI Act.