Korea MSIT releases AI Basic Act implementation guidelines with 2027 compliance timeline

South Korea's Ministry of Science and ICT (MSIT) published implementation guidelines for the AI Basic Act on April 16, fleshing out the law's risk classification framework that has been in draft since the Act's December 2023 passage.

The guidelines define three risk tiers for AI systems:

- **High-impact AI** (인공지능 고위험): Systems used in employment decisions, credit scoring, public benefit determination, medical diagnosis, and critical infrastructure. These face mandatory transparency obligations, human oversight requirements, and post-market monitoring within 24 months of deployment - **Generative AI**: Requires provenance labelling (AI-generated content must be labelled), model registration with MSIT for systems above specified capability thresholds, and incident reporting within 72 hours of a detected safety event - **General-purpose AI**: Sector-specific obligations apply only where the downstream deployment falls into a high-impact category

For Korean mid-market enterprises deploying AI in HR, finance, or customer-facing decision systems — the use cases AIMenta most commonly encounters — the 2027 deadline is tighter than it appears. Compliance documentation (AI system inventory, risk assessments, human oversight logs) typically takes 6–12 months to establish correctly from a standing start.

**AIMenta take:** Korea's risk-tier framework is substantively closer to the EU AI Act's approach than most APAC jurisdictions — which is unsurprising given the trade alignment. Enterprises operating in both the EU and Korea should be able to reuse compliance artifacts with modest localisation. The 72-hour incident reporting window is the provision most enterprises will find operationally challenging; few have AI incident response playbooks today.

The guidelines take full legal effect after a 60-day industry consultation period closing in mid-June 2026.