South Korea’s Act on the Development of Artificial Intelligence and Establishment of Trust (AI Basic Act) took effect on January 22, 2026, joining the European Union AI Act as a comprehensive AI regulatory regime. The AI Basic Act provides high-level requirements for transparency and addressing high-risk AI systems, and confirms its extraterritorial application. It also creates the framework for the development and promulgation of specific requirements via existing and new government organizations. The Ministry of Science and Information and Communication Technology (MSIT) is charged with finalizing the specific enforcement decrees that will provide the technical details for compliance. 

Overview

Scope

The AI Basic Act applies to both businesses that develop and provide AI (“AI development business operators”) and businesses that provide products or services that incorporate AI (“AI utilization business operators”). These definitions do not correlate to the EU AI Act’s “provider” or “deployer,” and either could be a development or utilization business operator. The AI Basic Act also defines artificial intelligence broadly as an electronic implementation of human intellectual abilities, such as learning, reasoning, perception, decision-making and language comprehension.

Requirements

The AI Basic Act sets forth specific requirements for operators of generative AI, defined as AI that mimics the input data’s structure and features to produce outputs (such as text, images, sound and video), and high-impact AI, defined as AI that significantly affects human life, safety or fundamental rights. In addition, all operators of “high-performance” AI – those systems that exceed a certain compute threshold (see more below) – are subject to additional safety obligations.

1. Transparency

AI operators that provide AI-generated sound, image or video that is difficult to distinguish from human-created content must provide clear notice that the content is an output of AI. Additionally, operators of both generative AI and high-impact AI are required to notify users in advance if their product or service is developed using AI. Operators of generative AI must also include a label that informs whether content has been produced by generative AI.

2. High-impact AI

The AI Basic Act defines high-impact AI to include AI applications in critical sectors, such as healthcare, energy, transportation, hiring and biometric analysis. Operators of high-impact AI are subject to the following additional requirements:

  • Confirm high-impact AI: Must assess whether their AI qualifies as “high-impact AI” before deployment. If necessary, the operator may request an assessment by MSIT.
  • Explainability: Must provide a “meaningful explanation” of the high-impact AI’s outcomes, key criteria and principles used for such outcome, and a summary of the AI’s training data.
  • User protection plan: Requires creation and deployment of a user protection plan.
  • Human oversight: Requires a mechanism for human intervention and supervision.
  • Documentation: Requires documentation of actions taken to secure trust and safety.

High-impact AI operators must also make efforts to assess their AI’s impact on fundamental rights (“impact assessments”) before incorporating the AI in products or services.

3. High-performance AI

In a legislative notice for the Enforcement Decree accompanying the AI Basic Act, MSIT clarified that AI systems trained with a cumulative compute of at least 10²⁶ floating-point operations (FLOPs) are designated as high-performance AI with associated safety obligations. According to the AI Basic Act, operators of such systems may be required to implement a risk management plan and user protection measures spanning the system’s life cycle and report implementation outcomes to MSIT.

More details on the requirements for high-performance AI are expected in forthcoming implementing regulations and guidelines.

Extraterritorial application and local representative

The law applies even to AI systems outside of South Korea, as long as the systems affect users or markets within the country.1 Any foreign AI business without a physical office in Korea that meets any of the following thresholds must designate a local agent:

  • Total revenue exceeding one trillion KRW in the previous year.2
  • Revenue from AI services exceeding 10 billion KRW in the previous year.
  • Average daily users in Korea exceeding one million users during the three months preceding the end of the previous year.

This agent will be legally responsible for responding to government inquiries and safety reports.

Enforcement and penalties

  • Corrective orders: MSIT can order the suspension of a service if it poses a threat to safety.
  • Administrative fines: Fines of up to 30 million KRW (about US$21,000) for:
    • Failing to notify users about the use of AI.
    • Failing to appoint a domestic representative.
    • Violating corrective orders or refusing government inspections.
  • Grace period: MSIT has indicated that it will grant subject businesses a grace period of one year before administrative fines are imposed to support effective implementation of the AI Basic Act and preparation by companies.

Governance and promotion

In addition, the AI Basic Act includes provisions that are geared toward promoting and supporting this comprehensive regulatory framework. Some examples include:

  • Establishment of several organizations:
    • National AI Committee – a control tower chaired by the president to oversee national policy.
    • AI Policy Center – responsible for the strategic and intellectual development of South Korea’s AI industry, as well as fostering international cooperation.
    • AI Safety Research Institute – tasked with evaluating AI risk and developing standards.
  • Industrial support: The law mandates government support for research and development, data centers, small/medium businesses and entrepreneurship.

Next steps

In light of this new global regulation, companies doing business in South Korea should review use of AI in their products and services to ensure alignment with the AI Basic Act. As AI regulation continues to evolve around the globe, companies will face increasing challenges with compliance. The Cooley team is ready to assist compliance teams with operationalizing a risk-based framework that accounts for these new global requirements.

Notes
  1. The law carves out an exception for AI systems for purposes of national security or those designated by presidential decree.
  2. As of this writing, this would roughly convert to more than US$681 million, an annual revenue figure that would implicate only the largest technology firms.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as "Cooley"). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction, and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. When advising companies, our attorney-client relationship is with the company, not with any individual. This content may have been generated with the assistance of artificial intelligence (Al) in accordance with our Al Principles, may be considered Attorney Advertising and is subject to our legal notices.