SEOUL — South Korea has moved ahead of major economies in implementing a national framework for artificial intelligence governance, introducing a comprehensive law that places accountability, transparency, and risk control at the centre of real-world AI deployment.

The AI Basic Act, enacted in January 2025 and entering into force after a one-year transition period, positions South Korea among the first jurisdictions to operationalise AI governance at a national level. The move comes as global regulators continue to debate frameworks, with the European Union’s AI Act being introduced in stages through 2027 and the United States maintaining a largely market-driven approach.

The legislation reflects a deliberate policy direction. Rather than restricting development, it introduces structured obligations for organisations using AI in areas that materially affect safety, rights, and public outcomes.

High-impact applications — including healthcare diagnostics, financial decision-making, transport systems, and critical infrastructure — are subject to stricter expectations. Organisations deploying such systems are required to establish risk management processes, ensure human oversight, maintain documentation, and provide a level of explainability around system outputs.

The law also introduces mandatory disclosure requirements. Companies must inform users when AI is involved in delivering products or services and clearly indicate when outputs are generated by artificial intelligence, particularly in cases where content may be difficult to distinguish from real-world material.

The policy direction reflects a broader shift from voluntary principles to enforceable expectations. It moves the conversation from general commitments around “responsible AI” to demonstrable evidence of how systems are governed in practice.

Industry response has been mixed. Technology startups have raised concerns around ambiguity in definitions, particularly in determining whether systems qualify as “high-impact AI.” A survey conducted by a national startup alliance indicated that approximately 98% of AI startups were not prepared for compliance at the time of the law’s introduction.

At the same time, civil society groups have argued that the framework does not go far enough in protecting individuals affected by AI-driven decisions. Criticism has focused on the absence of explicitly prohibited use cases and perceived gaps in safeguards for end-users rather than system operators.

Government authorities have acknowledged these concerns, positioning the legislation as a developing framework. A grace period of at least 12 months has been introduced before enforcement of administrative penalties, alongside plans for guidance platforms and support mechanisms to assist organisations in adapting to the requirements.

While financial penalties remain relatively modest — with fines of up to 30 million Korean won (approximately USD 20,000) for non-compliance in areas such as disclosure — market observers note that the primary impact is unlikely to be punitive. Instead, the law is expected to influence procurement standards, due diligence processes, and cross-border partnerships, where demonstrable governance is becoming a prerequisite.

The introduction of verification and certification support mechanisms further reinforces this direction, signalling a shift towards formalised assurance models for AI deployment.

South Korea’s approach differs from other major regulatory models. It adopts a principles-based structure supported by administrative guidance, allowing flexibility in implementation while maintaining a baseline of accountability. This positions it between the European Union’s prescriptive, risk-tiered system and the United States’ sector-led, non-uniform approach.

The strategic intent is clear. South Korea has set an early operational benchmark, aiming to strengthen trust in AI while supporting its ambition to become one of the world’s leading AI economies.

The broader implication is equally direct. As AI adoption accelerates across industries, expectations are shifting from capability to control — and from statements to proof.

Key Provisions at a Glance

• Mandatory disclosure
  Organisations must inform users when AI is used in products or services and label AI-generated outputs clearly.
• High-impact AI oversight
  Systems affecting safety, finance, healthcare, and infrastructure require human oversight and structured governance controls.
• Risk management requirements
  Companies must identify, assess, and mitigate risks across the AI lifecycle.
• Documentation and explainability
  Operators are expected to maintain records of system design, data usage, and decision logic at a high level.
• Impact assessment (encouraged)
  Organisations are expected to evaluate potential effects on rights and societal outcomes, particularly for high-impact systems.
• Local accountability for foreign firms
  Overseas providers must appoint a domestic representative to ensure compliance within jurisdiction.
• Verification and certification support
  The government is promoting frameworks to validate AI safety and trustworthiness.

Key Figures and Indicators

• 98% of AI startups reported being unprepared for compliance at the time of introduction
• Up to 30 million KRW in administrative fines for non-compliance
• Minimum 12-month grace period before enforcement actions begin
• EU penalties for comparison: up to 7% of global annual turnover under the EU AI Act

South Korea’s move marks a transition point. The regulatory question is no longer whether AI should be governed, but how quickly organisations can adapt to a standard where governance is expected to be visible, structured, and verifiable.