Status of the AI Regulations

The AI Act, together with its Presidential Decree (the "Enforcement Decree"), entered into force on January 22, 2026. The Enforcement Decree – enacted by the Korean Cabinet on January 21, 2026, following a public notice and comment process conducted by the Ministry of Science and ICT (MSIT) – provides operational details regarding certain core obligations under the AI Act. Key provisions include:

• Computation threshold for high-impact AI operators. The Enforcement Decree sets the computation threshold triggering the AI Act's enhanced risk management and user protection obligations at 1026 floating-point operations per second (FLOPS). Operators below this threshold remain subject only to the general advance notice obligation.²
• Domestic representative designation. The Enforcement Decree specifies the criteria triggering the designation obligation for foreign AI operators. A foreign AI operator without a registered address or place of business in Korea must designate a domestic representative if it meets any one of the following thresholds: (i) total annual revenue in the preceding year of KRW 1 trillion or more (approx.US$662 million); (ii) annual revenue from AI services in the preceding year of KRW 10 billion (approx. US$6.6 million) or more; or (iii) a daily average of one million or more domestic users of its AI products or services over the three months preceding the end of the prior year. The obligation also applies to foreign operators that have been subject to an administrative fine for violation of a corrective order. The domestic representative – who must have a registered address or place of business in Korea - is authorized to act on the foreign operator's behalf in submitting results of safety measures for large-scale AI, requesting confirmation of high-impact AI status, and supporting compliance with safety and reliability measures for high-impact AI.³
• Generative AI obligations. The Enforcement Decree provides further detail on the advance notice obligations applicable to operators of generative AI, including the form and content of disclosures required to be made to users.⁴

Other laws affecting AI

There are existing laws and proposed amendments to such laws that do not aim to directly regulate AI but may impact the use and/or development of AI in South Korea. A non-exhaustive list of examples includes the following:

• Framework Act on Intelligent Informatization: referenced throughout the AI Act as a foundational policy framework legislation, this Act provides relevant definitions and aims to promote an intelligent information society.
• Act on Promotion of Information and Communications Network Utilization and Information Protection: Amendments promulgated in January 2026 (taking effect six months later) (i) require notification to the Korean Communications Commission when providing AI-based recommendation services, and (ii) broaden the definition of "information and communication service provider" to include "a person who provides information or mediates the provision of information using AI technology", subjecting such persons to regulation under this Act.
• Personal Information Protection Act: Amendments were introduced to allow the Personal Information Protection Commission to request information in case personal information is leaked by an AI company's algorithm.
• Fair Hiring Procedure Act: Amendments have been proposed to require companies to give prospective employees notice when using AI in hiring.
• Content Industry Promotion Act: Amendments have been proposed to require a disclosure stating that content was generated using AI technology.
• Copyright Act: Amendments have been proposed to establish standards for the use of copyrighted works for automated information analysis using computers to clarify the boundaries of copyright infringement and the scope of permissible use of copyrighted works in the context of AI technology.
• Public Official Election Act: Amendments have been proposed to prohibit: (i) the use of AI to manipulate polls by inputting false information or commands, or by transmitting election results for electioneering purposes; and (ii) the use of AI to restrict commentary or reporting on election results.

Korean government authorities have further issued guidelines relating to the AI Act and its subject matter:

• Korea Communications Commission – Guidelines on the Protection of Users of Generative AI Services adopted on February 28, 2025.
• Personal Information Protection Commission – Guidelines for Generative AI Development and Use issued on August 6, 2025.

Definition of “AI”

Under the AI Act, AI is defined as "electronic embodiment of human intellectual abilities such as learning, reasoning, perception, judgment, and language comprehension". In addition, the AI Act establishes definitions for "high-impact AI" and "generative AI".⁵

• "High-impact AI"- AI systems that pose significant risks to human life, physical safety, and fundamental rights, including AI applications in: energy supply; drinking water production; healthcare system operation; development and use of medical devices; safety and operation of nuclear power; criminal investigations using biometric data; decisions impacting rights and obligations (e.g., hiring decisions and loan approvals); transport systems; government decision-making affecting public services or taxes; student evaluation in education; and any other critical areas affecting safety and fundamental rights.
• "Generative AI" - AI that generates outputs such as text, images, sound, and video based on input data.

Territorial scope

The AI Act applies to foreign entities whose AI systems affect users or markets in Korea. The criteria triggering the obligation to designate a domestic representative are now specified in the Enforcement Decree (effective January 22, 2026) – see "Status of the AI Regulations" and "Key compliance requirements" sections.

Sectoral scope

The AI Act applies across sectors. The definition of "high-impact AI" (set out under "Definition of AI" above) identifies the following sectors of elevated public concern: energy supply, water production, healthcare, medical devices, nuclear energy, biometric investigations, employment, credit decisions, transport safety, public administration and education.

Compliance roles

The AI Act establishes a multi-stakeholder governance framework, involving the following:

• AI Development Operators – Entities that design, develop, or provide AI systems.
• AI Utilization Operators – Entities deploying or applying AI systems in their products or services.
• National AI Committee – Chaired by the President, serving as Korea's top-level decision-making body on AI policy.
• AI Safety Institute – An independent research and oversight body tasked with AI risk evaluation, testing, and certification. MSIT has indicated it will prioritize the Institute's establishment as a key post-enactment step.
• MSIT – The lead regulatory ministry, responsible for enforcement and for setting overall AI policy direction.
• Foreign Entities – Entities meeting the criteria specified in the Enforcement Decree must designate a domestic representative in Korea.

Core issues that the AI Regulations seek to address

The AI Act is explicitly designed around a dual mandate: promoting AI innovation and industry competitiveness while establishing a framework for safety and trustworthiness.⁶ It focuses on the following key areas:

• Classifying AI used in areas directly impacting human life and safety as "high-impact AI" and outlining measures to ensure its reliability.
• Creating a legal foundation for the "AI Ethical Principles" with a view to protecting human dignity, rights and safety.
• Providing support measures for innovative companies within the AI industry.
• Developing an AI Plan and forming a National AI Committee supervised by the President of Korea.
• Requiring AI operators to comply with notification, risk management and user protection requirements, as further detailed under Key compliance requirements below.

Risk categorization

Under the AI Act, high-impact areas are those that may have a significant impact on the safety, health, and protection of fundamental rights of the public. As reflected in the definition of "high-impact AI", these areas span energy, healthcare, medical devices, nuclear facilities, and biometric information in criminal investigations. They also include AI-assisted decisions significantly affecting individual rights and obligations (such as recruitment or loan screening), transportation systems, and AI used by the state, local governments, and public institutions to make decisions that affect the public.

Key compliance requirements

As detailed in the "Status of the AI regulations" section, The AI Act and the Enforcement Decree impose the following principal obligations on AI operators:

• Operators of high-impact AI or generative AI must provide advance notice to users of relevant products or services (including, for generative AI, in the form and content now specified in the Enforcement Decree).
• Operators of high-impact AI exceeding the 1026 FLOPS computation threshold specified in the Enforcement Decree must implement enhanced risk management and user protection measures. Operators below this threshold remain subject to the advance notice obligation only.
• Foreign entities meeting Enforcement Decree criteria must designate a domestic representative in Korea.

Regulators

Several government bodies and ministries are involved in regulating and overseeing the use and development of AI in South Korea. These regulators include:

• MSIT - the primary body responsible for setting AI policy and strategic direction, overseeing initiatives to promote AI technology across sectors, and serving as the lead enforcement authority under the AI Act.
• Korea Communications Commission (KCC) - regulates the use of AI in communications and media, including ensuring AI-based recommendation services comply with relevant regulations.
• Personal Information Protection Commission (PIPC) - oversees the protection of personal data in AI applications, including compliance with the Personal Information Protection Act.
• Korea Fair Trade Commission (KFTC) - monitors the fair use of AI in business practices to prevent anti-competitive behavior and protect consumers, including overseeing AI algorithms used in pricing, advertising, and other business operations.
• Ministry of Health and Welfare (MOHW) - regulates the use of AI in the healthcare sector, including AI applications in medical devices, diagnostics, and patient care.

Enforcement powers and penalties

Under the AI Act and its Enforcement Decree, MSIT has the authority to investigate non-compliant operators and impose corrective orders and administrative penalties. Where a service poses a threat to safety, MSIT may order its suspension. Administrative fines up to KRW 30 million (approx. US$20,000) may apply to failure to notify users of AI use, failure to appoint a domestic representative, and violation of corrective orders or refusal of government inspections. Notably, MSIT has indicated that it will grant a one-year grace period before administrative fines are imposed, to support effective implementation and allow businesses time to prepare. For the full scope of compliance obligations to which these penalties attach, see "Key compliance requirements" above.

Jiwoo Kim (Paralegal, White & Case, Seoul) contributed to this publication.

_{1 See MSIT Press Release (Jan. 2026)
2  See MSIT Press Release (Nov. 2025)
3 See Enforcement Decree (Korean only) and MSIT press release
4 See Enforcement Decree (Korean only) and MSIT press release
5 See Framework Act on the Development of Artificial Intelligence and the Creation of a Foundation for Trust here
6 See MSIT press release}

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2026 White & Case LLP}