A fight over who gets to store South Korea’s government data is turning into something bigger, one that could ripple into unrelated talks about nuclear submarines.
Specifically, U.S. cloud providers, including Amazon Web Services, Microsoft Azure, and Google Cloud, are asking Washington to intervene against South Korea’s plan to overhaul how it certifies cloud vendors for public sector use. To that end, industry representatives recently met with State Department officials, including Assistant Secretary Michael G. DeSombre, to lay out their concerns, according to sources familiar with the discussions.
At the center of the dispute is South Korea’s move to fold its current two-track certification process, currently split between the Ministry of Science and ICT and the National Intelligence Service, into a single system the NIS would run alone. Officials announced the plan in April and expect to roll it out in stages, with full implementation targeted for the second half of next year.
However, U.S. companies say the bigger problem lies in what the new guidelines might actually require: physical network separation, meaning cloud providers would need to build entirely separate data centers and hardware in South Korea rather than isolating client data logically within shared infrastructure, the standard approach used almost everywhere else. As a result, industry sources argue that requirement alone could make the cost of entering the Korean market prohibitive.
South Korea, for its part, frames the change as a national security necessity, citing its proximity to North Korea. Still, U.S. firms counter that Taiwan and Israel face comparable threats yet still let global cloud providers operate under logical separation, without forcing them to duplicate infrastructure locally.
On top of that, U.S. cloud companies are raising a separate fairness complaint. Namely, some of them already meet Korea’s existing low-risk certification standard, yet the NIS automatically added only Korean firms to its approved provider list, leaving U.S. companies to navigate an extra application process their local competitors skip entirely.
Meanwhile, the dispute is landing at an already tense moment. It follows a U.S. House Judiciary Committee report accusing Seoul of unfairly targeting Coupang, plus a separate White House statement calling South Korea’s treatment of the e-commerce company discriminatory. In response, Seoul has denied both allegations.
Beyond that, one diplomatic source suggested the cloud fight could eventually bleed into other bilateral talks, including discussions around South Korea’s ambitions for nuclear-powered submarines, if U.S. companies don’t get equal treatment.
For now, South Korea hasn’t released its revised cloud security guidelines. Ultimately, whether they include the physical separation requirement U.S. firms fear will likely determine how far this dispute goes.
