The National Assembly passed the Act on the Development of Artificial Intelligence and Establishment of Trust (the “AI Basic Act”) on December 26, 2024 and promulgated it on January 21, 2025. The AI Basic Act will become effective on January 22, 2026. Accordingly, the Ministry of Science and ICT (the “MSIT”) has launched the AI Basic Act Lower Statute Alignment Bureau (the “Bureau”) to deliver the tangible effects of the enactment of the AI Basic Act as soon as possible to the private sector.
Led by three working groups composed of experts from the MSIT as well as relevant industries, academic circles and legal circles, the Bureau plans to specify the draft details of each provision of the Enforcement Decree. Then, after reflecting the AI Committee Legal Task Force’s advice, it will collect opinions from relevant experts and stakeholders. Dedicated teams (i.e., five Task Forces (“TFs”), each with about ten civil experts) are also in operation to establish key guidelines based on the AI Basic Act.
We understand that the Bureau and the Guidelines TFs are mainly focusing on the following issues among those delegated by the AI Basic Act to its lower statutes. For more details on the AI Basic Act, please refer to our previous newsletter (Link).
Working Group 1
|
Key Contents of AI Basic Act |
Relevant Enforcement Decree and Guidelines |
|
Obligation to Secure AI Safety (Article 32): AI business operators with AI systems surpassing a predetermined threshold of cumulative computation used for training are required to (i) identify, assess and mitigate risks throughout the AI lifecycle, and (ii) establish risk management systems |
Enforcement Decree: Specify the threshold of “cumulative computation used for training” to establish the standard for determining relevant business operators Guidelines: Establish guidelines on the obligation to secure AI safety (administrative agency: AI Safety Institute) to specify the standards for determining relevant business operators, measures for risk identification, assessment and mitigation, methods to implement the establishment of risk management systems, and procedures to submit implementation results Key Issue: As the above mentioned regulations on high-performance AI impose strong obligations on business operators, the standards and scope of relevant business operators will be important |
|
Appointment of a Local Agent (Article 36): AI business operators without an address or business place in Korea that meet certain standards, such as the number of users and sales, are required to appoint a local agent in writing and report this to the Minister of the MSIT |
Enforcement Decree: Specify applicable standards, such as the number of users and sales, to establish standards for determining relevant business operators Key Issue: Important to understand the differences compared to the existing standards for designation of a local agent under the Personal Information Protection Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection |
Working Group 2
|
Key Contents of AI Basic Act |
Relevant Enforcement Decree and Guidelines |
|
Obligation to Secure AI Transparency (Article 31):
|
Enforcement Decree: Specify the methods of and exceptions from the prior notification obligation regarding high-impact AI and generative AI, the generative AI-related labeling obligation, and the deep fake-related notification and labeling obligations Guidelines: Establish guidelines on the obligation to secure AI transparency (administrative agency: Telecommunications Technology Association (“TTA”)) to specify the detailed implementation methods and exceptions Key Issue: The required levels of the notification and labeling obligations and exceptions will be important |
|
AI Impact Assessment (Article 35): A business operator that provides products or services using high-impact AI is required to make efforts to conduct prior impact assessment on human basic rights |
Enforcement Decree: Specify the standards and procedures of impact assessment Guidelines: Establish guidelines on AI impact assessment (administrative agency: Korea Information Society Development Institute (“KISDI”)) to establish the details and methods of impact assessment Key Issue: Understand the scope of impact assessment, the types of relevant basic rights, and follow-up management measures, etc. |
|
Verification and Certification of AI Reliability (Article 30 (3)): When an AI business operator provides high-impact AI, he/she shall make efforts to obtain necessary verification and certification |
Enforcement Decree: Specify the scope of relevant businesses whose verification and certification activities are supported by the MSIT and the details of administrative and financial support for SMEs Key Issue: Understand what benefits are provided for businesses’ voluntary implementation of verification and certification activities |
Working Group 3
|
Key Contents of AI Basic Act |
Relevant Enforcement Decree and Guidelines |
|
High-Impact AI (Article 2 (4)): AI systems that could significantly affect human life, physical safety and fundamental rights are utilized in the areas prescribed by the proposal |
Guidelines: Establish guidelines of the standards and examples of high-impact AI (administrative agency: National Information Society Agency (“NIA”)) to specify the scope of high-impact AI and detailed judgment criteria Key Issue: As the standards and examples will be specified for each industrial sector (energy, drinking water, health and medical systems, medical devices, nuclear power, criminal investigation, arrest, employment, loan appraisal and others, transportation, public service, and education), review the impacts on each area |
|
Review on High-Impact AI (Article 33): An AI business operator has to conduct a prior review on whether his/her system constitutes a high-impact AI, and if necessary, he/she may request for confirmation by the Minister of the MSIT |
Enforcement Decree and Key Issue: It is advisable to note the legislative direction of the presidential decree because high-impact AI verification procedures will be specified in the presidential decree |
|
High-Impact AI Business Operators’ Obligations (Article 34): A business operator that provides high-impact AI or products or services using it has the obligation to take measures to secure a certain level of safety and reliability |
Enforcement Decree: Specify safety and reliability assurance measures and cases where measures required by other laws can be recognized as safety and reliability assurance measures Guidelines: Establish guidelines on high-impact AI business operators’ obligations (administrative agency: the TTA) to specify the measures to ensure safety and reliability Key Issue: Understand the specifics and implementation measures of each implementation obligation |
|
Fact-Finding Investigation (Article 40): On any case of violation of a certain obligation, the Minister of the MSIT may issue a suspension or corrective order through fact-finding investigation |
Enforcement Decree and Key Issue: The legislative direction of the presidential decree will be important as the scope, method, procedures and corrective order of fact-finding investigation will likely be specified in the presidential decree |
The AI Basic Act imposes various obligations on AI business operators, and a violation of the AI Basic Act may be subject to direct sanctions, such as fact-finding investigation, suspension and corrective orders and administrative fine. As AI business operators’ specific obligations under the AI Basic Act will be further specified through the Enforcement Decree and the Guidelines, corporations are encouraged to follow any legislative development regarding the Enforcement Decree and the Guidelines and provide comments as appropriate.
Related Topics
#MSIT #AI Act #Technology Media & Telecommunications #2025 Issue 1 #Newsletter
