Regulators conduct inspections and issue non-compliance notice, and it is necessary to examine whether this is equivalent a corrective order. A corrective order imposes binding obligations on a business, and violations of it can result in sanctions such as fines, license revocation, or suspension. Therefore, if it is a corrective order, it must go through procedures such as prior notification under the Administrative Procedure Act. However, so far, no such procedures have been followed when issuing non-compliance notice. There are three possible interpretations of it: 1) the issuance of a non-compliance notice is not a corrective order but a part of an inspection, 2) the issuance of a non-compliance notice is a corrective order but not a disposition, and 3) the process of hearing opinions and prior notification was carried out during the inspection. However, if it is a part of an inspection, it should be issued by KINAC or KINS, which is entrusted with the inspection, but it is issued by the Nuclear Safety and Security Commission, and it is a disposition because it makes specific demands, and the corrective orders themselves have not gone through the procedure of hearing opinions. Therefore, in order for a non-compliance notice to be enforceable unlike a recommendation and to be issued by the Nuclear Safety and Security Commission instead of the inspection agency, the law should be amended and the procedure of prior notice and hearing opinions required by the Administrative Procedure Act should be carried out at the issuance stage.

It is still questionable if the Nuclear Damage Compensation Act can be applied to security accidents on nuclear facilities caused by hacking or drone attacks. If the Act is applied, the nuclear operator shall be liable for compensation for the damage even if there is no negligence, and no other person shall be liable. If it is not, victims must prove the negligence of nuclear operators and not only nuclear operators but also suppliers must be responsible. According to Article 5 of this Act, a nuclear operator cannot operate a reactor before signing liability insurance contract or a compensation contract or depositing in order to compensate for nuclear damage. The liability insurance contract includes the hacking accident, but it is not applied to drone attacks since only hacking accident is included in design basis accidents. However, Article 2 of this Act defines a nuclear accident as an event that may cause nuclear damage so it can be said that the ‘event’ includes intentional attacks. Article 3 stipulates that nuclear operators are not liable for compensation for damages caused by armed conflicts, hostile acts between countries, or civil war or rebellion. Therefore, if nuclear power plant is attacked by missiles from North Korea, the nuclear operator is not liable for compensation. And, it can be interpreted that the nuclear operator is liable for compensation for damages caused by actions of a third party that do not fall under this category. According to the Act on Indemnity Agreement For Nuclear Damage Compensation, nuclear damage caused during normal operation is included in the scope of compensation, but damage caused by actions of third parties is excluded. In the end, damage caused by actions of third parties is included in the scope of nuclear damage, but not included in the loss compensated by the government. According to the Act on Physical Protection, the Nuclear Safety & Security Commission is required to establish a design basis threat that is the standard for designing and evaluating physical protection systems. Therefore, it is reasonable to include the contents of design basis threats in liability insurance, or to apply the principle of no negligence liability and focus of responsibility to protect victims, if not.