Ⅰ. Industry Overview (Sector Overview)

 

1) Industry Definition (Investor View)

The digital healthcare, medical AI, and medical device industries are high-risk, regulated sectors where software, data, and algorithms are directly linked to patient safety . From the perspective of U.S. investors, ESG is perceived not as a matter of ethics or reputation, but as a practical risk management system
for these industries , including :

  • Algorithm errors → misdiagnosis, patient harm, and lawsuits
  • Data breach → regulatory sanctions, class action lawsuits, and contract termination
  • Recalls and software defects → sales disruption and loss of trust.

(US FDA·SEC investor framework)

2) Korea's global position

  • Korea is rapidly growing in the convergence of medical IT, AI software, and medical devices , and a structure has been confirmed in
    which large game, content, and IT companies are expanding into the healthcare and AI fields .
  • However, global investors place more importance on “understanding the medical regulatory, safety, and liability structure” than on “whether a company has entered the technology market.”

3) Purpose of provision

This report is an industry-level global ESG persuasion
material that ① clearly presents the **US industry ESG baseline (Investor Practice)**,
②  visualizes the current position of the Korean digital healthcare industry compared to the US, and
encourages  Korean listed companies to prepare ESG reports at the ‘US level . ’

II. Summary of the Industry-Wide ESG Structure

Environment (E)

  • Although manufacturing-focused companies are relatively few in number,
    energy and power consumption due to data center and cloud use are becoming key issues.

Society (S)

  • Patient safety, algorithm reliability, and medical device recalls
  • Patient and Medical Data Protection
  • Healthcare Accessibility and Accountability

Governance Structure (G)

  • Medical Regulatory Response Governance
  • Software Quality and Ethics Control
  • Decision-making system in case of accidents, recalls, or violations
III. The US 'Baseline' – How We View Digital Healthcare ESG

There are four de facto benchmarks for American investors when evaluating this industry:

 

1) Medical AI is not a “technology,” but a “medical risk.”

  • We prioritize errors, biases, limitations, and audit systems over algorithm performance .
  • The FDA manages medical AI as **Software as a Medical Device (SaMD)** and
    continuously evaluates safety, change, and update risks (fda.gov).

2) Data Breach = Immediate Financial Risk

  • Medical and health data directly leads to SEC, state regulations, and class action lawsuits.
  • When a breach occurs, the key is to disclose the number of incidents, scope of impact, recovery period, and cost.

3) Recalls and software defects are key ESG issues.

  • Recall frequency, cause, remediation completion rate, and customer impact are KPIs.
  • The “zero accident principle” is meaningless →  only rely on incident-based management

4) ESG = Early Warning System for Losses

  • ESG is not a “good thing”;
    it is a system that shows in advance “where and how much loss may occur.”
Ⅳ. Current Status of Korean Industry Compared to the US – Disclosure Gap

division

US Baseline (Investor Practice)

A common condition in Korean industry

Disclosure Gap

Medical AI SafetyAlgorithm errors, biases, limitations, and revision history KPI-centered management ( FDA )Focus on technological excellenceLack of disclosure linking errors, incidents, patient impact, and liability to KPIs and financial risks.
Recall/DefectRecall, software patch, and service interruption history and cost management ( FDA )Quality Declaration CenterKPIs for incidents, frequency, costs, and recurrence prevention are not presented in a structured manner.
Data ProtectionDisclosure Practices for Breach, Simulation, Audit, and Incident Response KPIs ( SEC )Security Policy OverviewLack of incident-based data breach disclosure and impact statement
Accessibility and AccountabilityManaging healthcare access, pricing, and accountability as key industry issues ( SASB/ISSB )Processed as CSR activityNot recognizing accessibility and accountability as core business model outcomes
Regulatory responseFDA and State Regulatory Change Response System and Business Impact Explanation ( FDA )Declaration of ComplianceLack of explanation of the impact of regulatory changes on sales and business structure
V. Why Gaps Occur in Korea's System and Public Disclosure Structure

1. Lack of public disclosure experience regarding medical AI

  • Domestic ESG is still focused on manufacturing and the environment.
  • Lack of experience translating software and algorithmic thinking into ESG risks

2. Regulations focus on compliance, while investors focus on incidents.

  • Korea: "Did you follow the law?"
  • American Investors: "What Happened, and How Much Was Lost?"

3. Separation of ESG reporting and actual risk management.

  • Reports exist, but
    the internal ledger for managing recalls, breaches, and errors is not exposed externally.
Ⅵ. Cases of representative Korean listed companies

1. NCSoft

  • Strengths : Experience in data and security infrastructure
  • Supplement : The need to clarify regulatory and patient responsibility structures when applying medical data.
  • Evaluation : ESG Needs to Be Redefined as a "Responsibility Structure," Not a "Technology" in Healthcare Entry
    https://corporate.nc.com/kr/Sustainability/report.do

2. Netmarble

  • Strengths : Global service and security system
  • Supplement : Lack of SaMD, recall, and error management frameworks when applying medical AI.
  • Evaluation : A separate ESG structure is needed when entering the medical AI market.
    https://esg.netmarble.com/ko

3. Webzen

  • Strengths : IT and data management experience
  • Supplement : Insufficient disclosure of medical data and patient safety
  • Evaluation : Existing IT ESG is not enough in the medical field
    https://company.webzen.com/ko/about/ethics

4. CJ ENM

  • Strengths : Content and platform data management
  • Supplement : Regulatory, recall, and patient responsibility frameworks are needed when applying medical devices and AI.
  • Assessment : ESG Structure Redesign Needed as Healthcare Expands
    https://www.cjenm.com/en/esg/
VII. Why Korean Companies Should Adopt US-Level ESG Practices
  1. Foreign investors ask about a company's "accident history" first.
  2. Healthcare and AI face immediate litigation risks if ESG is inadequate.
  3. ESG in Exports and Partnerships = Proof of Trust
  4. ESG reports serve as supplementary data for overseas credit ratings.
  5. It's too late to respond after the regulatory transition.
Ⅷ. Summary of Foreign Investor Perspectives
  • Digital healthcare is not a technology industry, but a medical risk industry.
  • Investors should first check
    ① algorithm errors, recalls, and breach history
    ② data protection system
    ③ regulatory response governance
    ④ financial impact in case of an accident.
  • Korean companies have technological competitiveness, but
    there is a lack of event-based ESG disclosure across the industry.
Ⅸ. Notice

This document is a reference document that structured industry-level ESG information based on publicly available corporate disclosures, website data, and credible disclosure standards (e.g., ISSB/CSRD).
It is not intended for investment decisions, buy/sell recommendations, or valuations of specific companies.
The final decision and responsibility for any use of this material lies with the user.

Ⅹ. Analyzable results

To utilize this sector report for platform/overseas distribution/B2B purposes, it is efficient to divide the final output into the following three categories.

  • (A) 2-Page Sector Scorecard for Overseas Investors:
    Position of Korean Industries Compared to the US Baseline + Top 5 Key Gaps
  • (B) Writing Kit for Listed Company Professionals:
    Fixed 6 Sections + KPI Definition and Calculation Template
  • (C) Evidence Pack
    ISSB·SEC·FDA·SASB Evidence Link Set
    (IFRS Foundation)