Korea AI Basic Act takes effect — high-impact AI obligations now binding

South Korea's AI Basic Act came into force, establishing the first legally binding obligations for AI developers, deployers, and users in the country. The Act creates a national AI governance framework, designates 'high-impact AI systems' (those affecting fundamental rights, public safety, or major economic interests), and imposes transparency, human oversight, and risk management obligations on organisations deploying high-impact systems. Korea joins the EU as the second jurisdiction globally with an enacted general-purpose AI governance law.

**What the Act requires of APAC enterprises.** Organisations deploying AI in Korea — whether Korean companies or international firms with Korean operations — face obligations across three tiers. First: all AI systems must disclose to users that they are interacting with AI when the AI has a 'significant impact' on the interaction. Second: high-impact AI systems (defined by Presidential Decree, with initial examples including credit scoring, employment decisions, and healthcare AI) must conduct and document risk assessments prior to deployment. Third: real-time surveillance AI and biometric identification AI in public spaces face additional restrictions requiring ministerial approval.

**Interaction with existing Korea data law (PIPA).** The AI Basic Act operates alongside Korea's Personal Information Protection Act (PIPA), which already governs AI training data and automated decision-making disclosures. The practical result is a two-layer compliance framework: PIPA governs the data inputs and outputs; the AI Basic Act governs the system-level risk management and transparency obligations. Organisations already PIPA-compliant must run an additional AI Basic Act gap assessment for each deployed AI system that falls in the high-impact categories.

**Timeline for compliance.** The Act's core transparency provisions are immediately in force. The high-impact AI risk assessment requirements follow a phased schedule with detailed obligations published in a Presidential Decree expected in Q3 2026. Organisations should begin identifying which deployed AI systems will fall in the high-impact categories now, rather than waiting for the Decree.

**AIMenta's editorial read.** Korea's AI Basic Act is the most significant APAC regulatory development of 2025 for enterprise AI deployments. For Korean operations specifically, begin the high-impact system inventory immediately and engage Korean legal counsel on the Presidential Decree timeline. For non-Korean APAC operations watching regional trends, Korea's Act signals that other APAC jurisdictions (Taiwan, Thailand, Vietnam) are likely to pass similar framework legislation within 24 months.