South Korea AI act "FRAMEWORK ACT ON THE DEVELOPMENT OF ARTIFICIAL INTELLIGENCE AND THE CREATION OF A FOUNDATION FOR TRUST"

In January, the South Korea AI Act became one of the most discussed developments in global AI regulation. Rather than reacting immediately, it was worth taking time to examine the structure and regulatory philosophy of the Act more closely. What emerges is a framework that differs meaningfully from the more compliance-heavy approaches seen elsewhere, particularly in the European Union.

One of the most notable features of the Act lies in its definitional architecture. The legislation distinguishes between “artificial intelligence” and “artificial intelligence systems,” and the latter definition is especially significant.

It emphasizes the output-oriented nature of AI systems and highlights two key characteristics: levels of autonomy and adaptability.

" an artificial intelligence-based system that

infers outputs such as predictions, recommendations, and decisions that affect real and

virtual environments for a given goal with various levels of autonomy and adaptability;"

This focus is important because not all AI systems are adaptive in practice. By foregrounding adaptability as a defining feature, the Korean framework implicitly narrows the category of systems that may trigger heightened regulatory attention.

The Act also introduces the concept of “high-impact artificial intelligence.”

"The term "high-impact artificial intelligence" means an artificial intelligence system that is likely to have a significant impact on or pause a risk to human life, physical safety, and

fundamental rights, and that is utilized in any of the following areas:(a) Supply of energy under subparagraph 1 of Article 2 of the Energy Act;(b) Production process of drinking water under subparagraph 1 of Article 3 of the

Drinking Water Management Act;(c) Establishment and operation of a system for providing and using health and medical

services under subparagraph 1 of Article 3 of the Framework Act on Health and Medical Care;Development and use of medical devices under Article 2 (1) of the Medical Devices Act and digital medical devices under subparagraph 2 of Article 2 of the Digital Medical Products Act;

(e) Safe management and operation of nuclear materials under Article 2 (1) 1 of the Act on Physical Protection and Radiological Emergency and nuclear facilities under subparagraph 2 of that paragraph;

(f) Analysis and utilization of biometric information (referring to personal information on physical, physiological, and behavioral characteristics by which an individual can be identified, such as facial, fingerprint, iris, and palm vein patterns) for criminal investigation or arrests;

(g) Judgments or evaluations that have a significant impact on the rights and obligations of individuals, such as hiring and loan screening;

(h) Major operation and management of means of transportation, traffic facilities, and traffic systems under subparagraphs 1 through 3 of Article 2 of the Traffic Safety Act; (i) Decision-making by the State, local governments, public institutions under Article 4 of

the Act on the Management of Public Institutions, and other such entities (hereinafter referred to as "State agencies, etc.") that have influence on citizens, such as the verification and determination of qualifications required for the provision of public services or the collection of expenses;

(j) Evaluation of students in early childhood education, elementary education, and secondary education under Article 9 (1) of the Framework Act on Education;

(k) Other areas prescribed by Presidential Decree, which have a significant impact on the protection of human life, physical safety, and fundamental rights;

 Functionally, this resembles the risk-based logic familiar from the EU AI Act. The law identifies domains in which high-impact AI may operate and attaches specific obligations to those use cases. However, the Korean approach remains less granular and less prescriptive than its European counterpart.

Perhaps the most distinctive element of the Korean model is its strong emphasis on state responsibility. While many AI frameworks focus primarily on developers, deployers, and providers, the South Korean Act explicitly foregrounds the role of the state in creating the conditions for responsible AI. From an AI governance perspective, this is a significant design choice. It reflects an understanding that trustworthy AI ecosystems do not emerge solely from private compliance efforts but require coordinated public-sector leadership.

The scope of the Act includes both territorial and extraterritorial application, signaling its relevance for international actors engaging with the Korean market.

Structurally, the Act devotes substantial attention to promotion and industrial development. Chapter 2 establishes institutional foundations for trustworthy AI, including responsibilities assigned to the Minister of Science and ICT to create governance structures and an Artificial Intelligence Institute. Chapter 3 continues this developmental orientation, focusing on building the AI industry ecosystem. It includes measures related to standardization, training data policy, support for small and medium enterprises, startup activation, professional workforce development, and international cooperation. The designation of AI clusters and demonstration initiatives further underscores the Act’s growth-oriented posture.

Only in Chapter 4 does the framework move more decisively into familiar regulatory terrain: ethics and trustworthiness assurance. Here the Act introduces principles, certification and verification mechanisms, transparency and safety expectations, and obligations for operators of high-impact AI systems, including impact assessment requirements and the designation of domestic agents. Even so, the regulatory tone remains measured rather than heavily prescriptive.

The supplementary provisions continue to emphasize promotion alongside enforcement. Penalties under the Act are relatively moderate by global standards, with potential criminal liability of up to three years’ imprisonment or fines up to 30 million won, in addition to administrative sanctions.

Taken as a whole, the South Korean AI Act represents a structurally different governance philosophy compared to the European Union’s AI Act. Whereas the EU model is highly detailed and compliance-driven, the Korean framework is clearly industry-enabling and state-orchestrated, with governance mechanisms layered to support trust rather than dominate the regulatory architecture.

full text: