The government announced a plan to remove ActiveX and unnecessary plugins as a national agenda from 2018 to 2020 and has been implementing related policies. Discussions about the problems of ActiveX and its discontinuation have continued for years, so I would like to explain why ActiveX became such a unique issue in Korea.

What’s Wrong with ActiveX?

ActiveX is a technology that allows web pages to go beyond static HTML and support multimedia functions. Most ActiveX components are used to create plugins for Internet Explorer. While there are various types of web browser plugins such as NPAPI and Java Applets, the most representative is ActiveX for Microsoft’s Internet Explorer. Since Windows is the most widely used operating system and Internet Explorer is its default browser, ActiveX naturally became synonymous with browser plugins.

To discuss the problems of ActiveX, we must also address Korea’s widespread use of public certificates.

During the IMF financial crisis (1997–early 2001), the Kim Dae-jung administration announced plans to make Korea an IT powerhouse, triggering rapid growth in the IT sector. Internet adoption surged, and with it, the need for secure online transactions. This led to the introduction of public certificates as a means of identity verification.

In 2002, the government mandated the use of public certificates to accelerate adoption. However, following the “Cheon Song-yi coat controversy,” the mandatory use was abolished in 2015. Private authentication systems such as KakaoPay and PASS emerged, offering simpler alternatives. Yet, services like the National Tax Service’s Hometax and Government24 still required public certificates. Finally, in December 2020, the government officially abolished public certificates—a process that took considerable time. Why was this change so eagerly awaited?

The mandatory use of public certificates exposed ActiveX’s biggest flaw: it only worked on Internet Explorer.

From the 2000s onward, other browsers (Firefox, Chrome, Safari, Opera) gained market share, and ActiveX could not run on non-Windows devices such as smartphones and tablets (OS X, Linux, Android, iOS), creating clear limitations.

Other drawbacks included security risks—malware and data leaks via ActiveX installations—and unwanted features bundled during installation. Excessive ActiveX installations also slowed PCs significantly.

Recognizing these issues, W3C and browser developers introduced HTML5, enabling banking, streaming, and gaming without plugins. Microsoft led the charge by releasing Internet Explorer 11 without ActiveX support, signaling the start of plugin removal.

Global browser market share shifted rapidly, as shown below:

[Figure 1. Browser Market Share Trends]

[Figure 2. Platform Usage Trends]

Google and Firefox also announced plans to remove NPAPI plugins. Despite these global moves, Korea clung to ActiveX. Government websites and online banking continued to rely on plugins. As of March 2020, Internet Explorer still held a 13.9% share domestically, making the transition difficult.

A 2014 survey by the Federation of Korean Industries found that 88% of respondents experienced inconvenience due to ActiveX, and 78.6% wanted it abolished. While the survey focused on ActiveX, the real frustration was with all installable plugins.

Microsoft declared in 2007 that it would reduce ActiveX support, yet both companies and government agencies failed to act, wasting valuable time.

Had public certificates been implemented without ActiveX, this controversy might never have arisen. While technical limitations at the time were understandable, continued reliance on outdated technology despite changing browser trends raises questions. Now that alternatives exist, we are approaching a future where secure, plugin-free access to government and web services is possible.

Moreover, on December 10, 2020, the government abolished the privileged status of public certificates. From that date, public certificates entered a competitive electronic signature market alongside private solutions. The public electronic signature system granting authority to six institutions was also abolished.

Public certificates were renamed “Joint Certificates” and now compete with private services such as KakaoPay, PASS, NHN Payco, Naver, and Toss. These can now be used for financial and public services. Starting January, workers can use private certificates for year-end tax settlements and resident registration issuance. On government websites, users simply click “Easy Signature” and select their private certificate.

ActiveX and public certificates were inseparable in Korea, but with the abolition of public certificates, a new era of convenient and secure authentication has begun through “Joint Certificates,” “Financial Certificates,” and private solutions.

[Figure 3. Pros and Cons of Certificate Types]

Details on new certificates will be covered in the next article. Significant effort and time will be needed to ensure these alternatives are more efficient and secure than the old system.

Seo Sang-In, Manager, PS2 Team, Solution Service Division, STEG Inc.