January 20, 2025

The Closing Act of 2024: South Korea’s AI Basic Act

by Pankhuri Malhotra, Hena Ayisha and Tanvi Nimje

in Articles
South Korea Ai Law Cover

KEY TAKEAWAYS

  • South Korea passed its AI Act, a comprehensive framework for AI regulation, effective January 2026. The Act aligns with the EU AI Act, adopting a similar risk-based approach
  • The law introduces obligations for AI business operators, particularly for high-impact AI and generative AI, emphasising risk management, user protection, and transparency.
  • Use of high-impact AI must be supported by adequate risk management mechanisms and human oversight.
  • Generative AI outputs must be clearly labelled, especially when mimicking real-world content.
  • The Ministry of Science and ICT (MSIT) will spearhead AI development, including infrastructure initiatives like AI data centres.

INTRODUCTION

South Korea’s National Assembly passed the Basic Law on the Development of Artificial Intelligence and Creation of Trust Base (“AI Act”) in December 2024 as a singular, unified framework governing the regulation of Artificial Intelligence (“AI“). The Ministry of Science and ICT (“MSIT”) has been working towards making South Korea a global leader in AI, and the AI Act sets the foundation for the development of a regulatory framework that can sustain South Korea’s momentum in the AI industry.1South Korea’s Ministry of Science and ICT, “Blueprint for Korea’s Leap to Become One of the Top Three Global AI Powerhouse” The purpose of the new law is the sound development of AI by creating a trustworthy foundation for its use, protecting the rights and interests of the people, while enhancing national competitiveness in AI.2South Korea National Assembly Information ,”Basic Law on the Development of Artificial Intelligence and Creation of Trust Base”, 22nd National Assembly, 433rd Session (Extraordinary Session).

SALIENT FEATURES OF THE AI ACT

The following provisions of the AI Act are noteworthy:

  1. Definitions

The AI Act lays down certain key definitions, namely that of an AI, a high-impact AI, generative AI, AI ethics and AI business operators.3Article 2, Basic Law on the Development of Artificial Intelligence and Creation of Trust Base

  1. Obligations for AI Business Operators:

High-impact AI: AI business operators are obligated to assess and identify whether their AI qualifies as a high-impact AI before offering it to customers. AI business operators offering high-impact AI are required to notify customers and undertake additional measures to ensure its trustworthiness by implementing risk management mechanisms, user protection protocols, and adequate human oversight.4Article 33, Basic Law on the Development of Artificial Intelligence and Creation of Trust Base

Generative AI: Businesses offering generative AI must explicitly notify users of its use and clearly label AI-generated outputs, especially when the output mimics real-world sounds, images, or videos. The obligation can be fulfilled in a manner that doesn’t interfere with the appreciation of works involving artistic or creative expression.5Article 31, Basic Law on the Development of Artificial Intelligence and Creation of Trust Base

Computational thresholds: AI systems exceeding certain computational thresholds are required to enforce risk management mechanisms throughout their lifecycle and ensure continuous monitoring and responsiveness to AI safety incidents.6Article 32, Basic Law on the Development of Artificial Intelligence and Creation of Trust Base

  1. Promotion of AI Development

As framework legislation, the AI Act focuses heavily on establishing an organisational system and supporting measures to foster AI development. The AI Act also mandates the MSIT to undertake certain activities to encourage AI developments, including the establishment of AI data centres and other initiatives aimed at supporting the adoption of AI technologies and research and development.7Article 25, Basic Law on the Development of Artificial Intelligence and Creation of Trust Base.

Businesses acting in violation of the AI Act face fines of up to 30 million Korean Won (approximately USD 20,500).

COMPARISON TO EU AI LAW

After the European Union introduced the EU Artificial Intelligence Act (“EU AI Act”) in March 2024, South Korea has become the second jurisdiction to adopt a comprehensive framework approach to the regulation of AI. Several elements of the Korean AI Act mirror those of the EU AI Act. The EU AI Act undertakes a risk-based approach to AI regulation, assessing whether the risk associated with certain applications of AI is so high that any corresponding benefit is not balanced, and subsequently, certain use cases are explicitly banned.

The Korean AI Act also takes a risk-based approach to identifying high-impact systems, defining them based on their impact and judging the end-use cases to determine their treatment. Where the EU AI Act classifies an AI system as “high risk” if it poses a significant risk to human safety, health, or fundamental rights,8Article 6, Regulation (EU) 2024/1689 of the European Parliament. the Korean AI Act follows a similar definition for “high-impact AI.”9Article 2(4), Basic Law on the Development of Artificial Intelligence and Creation of Trust Base. In both cases, additional obligations and safeguards are implemented through the law to ensure that this risk is adequately mitigated. However, in its current form, the Korean AI Act does not outright ban any AI systems, no matter how high their assessed risk level.

The Korean AI Act’s obligations of transparency and disclosure when offering high-impact or generative AI products similarly mirror the EU AI Act’s focus on deepfakes and other AI-generated content which may be used in a manipulative or deceptive manner.10Article 50, Regulation (EU) 2024/1689 of the European Parliament The Korean AI Act also imposes risk management and reporting obligations on AI systems exceeding certain set computational thresholds, which parallels the EU AI Act’s treatment of general-purpose AI models with systemic risk. The substantive law in this regard will provide more context as to the rigour with which this will be implemented, considering the EU AI Act’s definition of systemic risk greatly exceeds the ordinary processing capabilities of any AI in the market.11The TOP500, which lists the 500 most powerful commercially available computer systems, has named Hewlett Packard’s El Capitan as the world’s fastest supercomputer. Its speed is measured in exaFLOPs, which is in the range of 10^18 floating point operations per second (“FLOPs”). Available here: https://top500.org/. Article 51 of the EU AI Act has set the threshold for systemic risk as 10^25 FLOPs, which remains exponentially higher than any supercomputer available.

CONCLUSION

The AI Act is set to take effect in January 2026. While several specific details of the framework are pending to be clarified through executive decrees and notifications from the MSIT, the framework places obligations on the MSIT and other authorities to implement substantive laws soon. By aligning with the EU and setting a common trajectory for AI regulation, South Korea is paving the way for other leading jurisdictions to introduce frameworks addressing the complexities of AI governance.

***

DISCLAIMER: This article is provided for informational and educational purposes only and does not constitute legal advice. Readers should not act upon this information without seeking professional legal counsel tailored to their specific circumstances. The analysis presented herein reflects the authors’ interpretation of legal developments as of the date of publication and may not reflect subsequent changes in law or regulation.

At TLP Advisors, we are a legal consulting firm specialising in tokenised finance, agentic financial systems, digital assets, and emerging technologies. With deep roots in the financial services, Web3, and broader technology sectors, we offer unparalleled expertise and tailored support to navigate the unique challenges and opportunities of these rapidly evolving industries. TLP Advisors has consistently been the firm of choice for web3, fintech and other financial services companies. We have built a reputation for guiding clients through complex regulatory landscapes while supporting the development of innovative and compliant financial platforms.

www.techlawpolicy.com

***

© 2025 TLP Advisors

Terms and Conditions Privacy Policy