Korea's AI Basic Act implementation guidelines clarify high-impact AI obligations and sector-specific risk classifications, setting a 2027 compliance deadline that enterprise AI teams should begin planning for now.
South Korea's Ministry of Science and ICT (MSIT) published implementation guidelines for the AI Basic Act on April 16, fleshing out the law's risk classification framework that has been in draft since the Act's December 2023 passage.
The guidelines define three risk tiers for AI systems:
- **High-impact AI** (인공지능 고위험): Systems used in employment decisions, credit scoring, public benefit determination, medical diagnosis, and critical infrastructure. These face mandatory transparency obligations, human oversight requirements, and post-market monitoring within 24 months of deployment - **Generative AI**: Requires provenance labelling (AI-generated content must be labelled), model registration with MSIT for systems above specified capability thresholds, and incident reporting within 72 hours of a detected safety event - **General-purpose AI**: Sector-specific obligations apply only where the downstream deployment falls into a high-impact category
For Korean mid-market enterprises deploying AI in HR, finance, or customer-facing decision systems — the use cases AIMenta most commonly encounters — the 2027 deadline is tighter than it appears. Compliance documentation (AI system inventory, risk assessments, human oversight logs) typically takes 6–12 months to establish correctly from a standing start.
**AIMenta take:** Korea's risk-tier framework is substantively closer to the EU AI Act's approach than most APAC jurisdictions — which is unsurprising given the trade alignment. Enterprises operating in both the EU and Korea should be able to reuse compliance artifacts with modest localisation. The 72-hour incident reporting window is the provision most enterprises will find operationally challenging; few have AI incident response playbooks today.
The guidelines take full legal effect after a 60-day industry consultation period closing in mid-June 2026.
How AIMenta helps clients act on this
Where this story lands in our practice — explore the relevant service line and market.
Beyond this story
Cross-reference our practice depth.
News pieces sit on top of working capability. Browse the service pillars, industry verticals, and Asian markets where AIMenta turns these stories into engagements.
Other service pillars
By industry
Other Asian markets
Related stories
-
Company ·
NAVER HyperCLOVA X Expands APAC Enterprise Offering with Korean and Japanese Language AI Models
NAVER expands HyperCLOVA X to target APAC enterprise markets with Korean and Japanese-native LLM, offering an alternative to US providers with in-region data residency. Significant for Korean and Japanese enterprises where English-primary models underperform.
-
Regulation ·
MAS confirms AI model risk management guidelines mandatory for Singapore's largest financial institutions by end-2026
The Monetary Authority of Singapore published its formal response to the AI in Finance industry consultation, confirming that AI model risk management guidelines will become mandatory for D-SIBs (Domestic Systemically Important Banks) and major insurers by Q4 2026, with an expectation of industry-wide adoption for all MAS-regulated entities by mid-2027.
-
Regulation ·
Japan METI updates AI governance guidelines: supply chain transparency now required for enterprise procurement
Japan's Ministry of Economy, Trade and Industry updated its AI Governance Guidelines to version 3.0, introducing supply-chain transparency requirements for enterprises procuring AI systems and aligning the framework with G7 Hiroshima AI process principles. The guidelines are advisory rather than mandatory but carry significant regulatory expectation weight.
-
Regulation ·
EU finalizes GPAI Code of Practice ahead of August deadline
With the August 2026 GPAI obligations approaching, the European Commission published the final Code of Practice for general-purpose AI providers, setting expectations on documentation, copyright due diligence, and systemic-risk assessment.