South Korea's AI Basic Act: Asia's first comprehensive AI law takes effect

For two years the EU AI Act stood alone as the only comprehensive, horizontal AI statute in the world. That changed on 22 January 2026, when South Korea's AI Basic Act entered into force. It is the second such law anywhere and the first in Asia — and because it reaches foreign providers above defined thresholds, it is not a development that European organisations operating in the region can treat as remote.

What the law is

The statute's full name translates as the Framework Act on the Development of Artificial Intelligence and the Creation of a Foundation for Trust (the Korean Ministry of Science and ICT renders it Basic Act on the Development of Artificial Intelligence and the Establishment of a Foundation for Trustworthiness); in practice it is called the AI Basic Act or AI Framework Act. The National Assembly passed it on 26 December 2024, it was promulgated on 21 January 2025, and — following the standard one-year preparation period — it took effect on 22 January 2026, together with its Presidential Enforcement Decree.

Its stated purpose is twofold and deliberately balanced: to systematically foster the AI industry and national competitiveness, and to prevent the risks of AI in advance through obligations on transparency, safety and operator responsibility. Where the EU AI Act leads with prohibition and conformity assessment, the Korean law leads with promotion and pairs it with a lighter, trust-oriented set of duties.

A risk-based core: high-impact and generative AI

Like the European model, the AI Basic Act is risk-based rather than blanket. It singles out high-impact AI — systems used in areas that may significantly affect human life, physical safety or fundamental rights. Operators of high-impact AI must give users a meaningful explanation of how an outcome was reached and on what criteria, maintain a user-protection plan, ensure a mechanism for human oversight and intervention, document the measures taken to secure safety and trust, and make efforts to assess the system's impact on fundamental rights before putting it into a product or service.

The Enforcement Decree adds a compute-based tier of the kind the EU also uses: AI trained with a cumulative compute of at least 10²⁶ floating-point operations is treated as advanced AI carrying additional safety obligations. The figure sits one order of magnitude above the EU's 10²⁵ FLOP systemic-risk threshold, but the approach — a compute trigger for the heaviest duties — is the same. The parallel with the AI Act's GPAI regime is not coincidental: Seoul studied the European text closely.

Generative AI must be labelled

The law's most consequential everyday rule concerns generative AI. Outputs that could be mistaken for real media — synthetic images, video and voice — must carry a clearly perceptible (visible or audible) indicator that they are AI-generated, a measure aimed squarely at deepfakes and disinformation. Other generative content, such as animation or webtoons, may instead carry an invisible digital watermark. This places Korea alongside the EU's Article 50 transparency duties as one of the first jurisdictions to make AI-content marking a hard legal requirement rather than a voluntary commitment.

Extraterritorial reach

The provision most relevant to non-Korean organisations is the domestic- representative rule. A foreign AI business operator may be required to appoint a representative inside Korea once it crosses one of three thresholds: prior-year total revenue of at least one trillion won, prior-year AI-service revenue of at least ten billion won, or an average of at least one million domestic daily users over the preceding three months. Like the AI Act's reach over providers placing systems on the EU market, the Korean law follows the service to its users rather than stopping at the border.

Enforcement: a soft landing in 2026

Although the Act provides for administrative fines, the Ministry of Science and ICT — the competent authority, supported by a National AI Committee and an AI Safety Institute — has announced a grace period of at least one year before fines are imposed, during which it will prioritise guidance, fact-finding and help-desk support over penalties, reserving enforcement for the gravest harms. The substance of the obligations is nonetheless live from day one, and Korea has published guidelines on high-impact AI determination, operator obligations, impact assessments and generative-AI transparency.

Where it sits in the global map

The AI Basic Act confirms the pattern traced in our analysis of international AI governance beyond the EU: the EU's risk-based, enforceable product law is being echoed — not copied — by other jurisdictions that graft their own emphasis onto a shared structure. Korea keeps the EU's risk tiering and transparency logic but front-loads industrial promotion and defers penalties; Japan has chosen a still lighter, promotion-oriented statute resting on guidance rather than binding duties; Singapore continues to rely on voluntary frameworks. For an organisation mapping its AI compliance, the lesson is the one the EU debate already taught: build governance on the shared risk-based grammar, and the jurisdiction-specific overlays — Korean labelling, European conformity assessment — become adaptations rather than rebuilds.