Licentium

AI Regulation Hub

South Korea

South Korea has adopted a comprehensive national AI law — the Framework Act on the Development of Artificial Intelligence and the Creation of a Foundation for Trust — effective from 22 January 2026. It distinguishes ordinary AI from generative AI and high-impact AI, and creates duties for AI providers and business users.

Key provisions

AI Framework Act

In force

Promotes AI development while creating trust and safety rules for AI products and services. Distinguishes ordinary AI, generative AI, and high-impact AI (AI that may significantly affect life, safety or fundamental rights).

User notification (high-impact & generative AI)

In force

Providers must notify users in advance that AI is being used. Notification must be provided before or during use in a way users can recognise.

AI-generated content labelling

In force

Where AI output (including deepfake-style content) may be hard to distinguish from reality or create social risks, users must be clearly informed. May involve visible labels, UI notices, metadata, watermarks or other technical means.

High-impact AI safety & trustworthiness measures

In force

Transparency, safety, operator responsibility, voluntary AI safety & trust verification, certification and AI impact assessments. Compliance burden depends on use case, sector and affected persons.

Enforcement decree + transparency grace period

Draft

Enforcement decree addresses the national AI strategy committee, AI clusters, high-impact AI confirmation procedures and operator duties. Official guidance confirms the transparency obligation has a grace period of at least one year.

Detailed overview

South Korea has adopted a comprehensive national AI law: the Framework Act on the Development of Artificial Intelligence and the Creation of a Foundation for Trust. The Act is effective from 22 January 2026. It is designed both to promote AI development and to create trust and safety rules for AI products and services.

Scope and definitions

South Korea's framework distinguishes between ordinary AI, generative AI and high-impact AI. High-impact AI generally refers to AI that may significantly affect life, physical safety or fundamental rights. Generative AI refers to AI that creates new outputs such as text, images, audio, video or other content. The law is important because it creates duties not only for AI developers, but also for businesses that provide AI-based products or services to users.

Notification and labelling

Providers of products or services using high-impact AI or generative AI must notify users in advance that AI is being used. This means that users should not be left unaware that a product, service, decision-support process or generated output is AI-based where the law requires disclosure. The notification must be provided before or during the use of the AI product or service in a way that users can recognise.

Generative AI outputs may also require labelling. Where AI-generated output, including deepfake-style content, may be difficult to distinguish from reality or may create social risks, users must be clearly informed that the content was generated by AI. Depending on the type of content, this may involve visible labels, user-interface notices, metadata, watermarks or other appropriate technical means.

Safety and trustworthiness

High-impact AI operators must take safety and trustworthiness measures. The South Korean framework refers to transparency, safety, operator responsibility, voluntary AI safety and trust verification, certification and AI impact assessments. The exact compliance burden depends on the AI use case, the sector, the affected persons and whether the AI qualifies as high-impact or generative AI.

Enforcement and grace period

The Act is supported by an enforcement decree and official guidance. Official transparency guidance confirms that the transparency obligation will be subject to a grace period of at least one year, during which fact-finding investigations and penalties under the transparency provision are deferred.

South Korea's AI penalties are connected to the Framework Act and its implementing rules, but practical enforcement is phased. Companies using high-impact or generative AI should treat user notification, AI-generated content labelling, safety management, internal documentation and human oversight as core compliance points from the start of the 2026 framework.

Practical requirements & details

Sourced from the Framework Act on the Development of AI and Establishment of Trust (법률 제20676호; in force 22 Jan 2026), its Enforcement Decree, PIPC personal-data guidance, and MSIT transparency guidelines.

Scope and key definitions

  • Applies to AI businesses — developers, providers and AI-using businesses (operators) — supplying products or services to Korean users.
  • High-impact AI: AI that may significantly affect human life, physical safety or fundamental rights (energy, healthcare, transport, justice, hiring, credit, public welfare, biometrics).
  • Generative AI: AI that creates new outputs (text, images, audio, video, content).

User notification

  • Providers using high-impact or generative AI must notify users in advance that AI is being used.
  • Notification must be given before or during use, in a way users can recognise.

Labelling of AI-generated content

  • Where AI output (including deepfakes) may be difficult to distinguish from reality or create social risks: must clearly inform users that content is AI-generated.
  • Acceptable methods: visible labels, UI notices, metadata, watermarks, other technical means.

High-impact AI safety and trust

  • Operators must take measures for transparency, safety, operator responsibility.
  • Voluntary AI safety and trust verification and certification available through MSIT.
  • High-impact AI impact assessments required — scope and detail set by the Enforcement Decree.

Enforcement decree highlights

  • Establishes the national AI Strategy Committee, AI clusters, confirmation procedures for high-impact AI status.
  • Sets duties for high-impact AI operators on documentation, safety management, internal governance.

Transparency guidance + grace period

  • Official guidance confirms the transparency obligation has a grace period of at least one year from 22 Jan 2026 — fact-finding investigations and penalties under the transparency provision are deferred during the grace period.
  • Compliance is still expected; companies should ready notification mechanisms and labelling.

Personal data overlay (PIPA)

  • PIPC's AI and personal information protection guide applies where AI processes personal data: lawful basis, transparency, automated-decision rights, security.
  • Korea's right to refuse automated decisions (PIPA Art. 37-2, since 2024) applies to AI-driven decisions with significant impact — explanation and human review must be offered.

Penalties

  • Framework Act fines: administrative penalties for breach of substantive duties — details in the Enforcement Decree (typically up to KRW 30 million per violation for major breaches).
  • PIPA fines: up to 3% of total turnover for serious personal-information breaches.

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation. We'll map your AI or licensing path and tell you exactly what's required, in plain language.

Get Started