CONTENTS
- 1. AI Framework Act | System Overview and Regulatory Environment
- - Legislation of the National Governance System
- - Combined Structure of Industry Promotion and Regulation
- - Core Pillars of Regulation
- 2. AI Framework Act | Determination of High-Impact Artificial Intelligence and Core Duties
- - Criteria for Determining High-Impact Artificial Intelligence
- - Importance of the Human Intervention Structure
- - Management Duties Borne by Operators
- 3. AI Framework Act | Risks Affecting Corporate Management
- - Administrative Risk
- - Civil Liability and Reputational Risk
- 4. AI Framework Act | Stage-by-Stage Corporate Response Strategy
- - Stage of Diagnosing the Current Status of Artificial Intelligence Use
- - Stage of Building a Compliance System
- - Stage of Responding to Disputes and Investigations and of Advancement
- 5. AI Framework Act | The Need for Risk Management and Legal Advisory
- - Advisory on Preliminary Diagnosis and Structural Design
- - Regulatory Response and Investigation Defense
- - Building Sustainable Artificial Intelligence Governance
- - Strengths of Daeryun Law Firm
1. AI Framework Act | System Overview and Regulatory Environment
The official title of the AI Framework Act is the Framework Act on the Development of Artificial Intelligence and the Establishment of a Foundation of Trust (abbreviated as the Artificial Intelligence Framework Act), and it took effect on January 22, 2026.
Its purpose is to protect the rights, interests, and dignity of the people and to strengthen national competitiveness by prescribing the basic matters necessary for the sound development of artificial intelligence and the establishment of a foundation of trust.
Legislation of the National Governance System
This Act establishes the National Artificial Intelligence Strategy Committee chaired by the President and provides that an artificial intelligence framework plan be formulated every three years, thereby creating a structure for integrated management of national-level artificial intelligence policy and regulatory standards.
This reflects the intent to secure consistency by tying together, into a single system, the policies and regulations that had been dispersed across individual ministries.
For companies, this means that clear standards are presented while, at the same time, the legal liability to comply with those standards has been formalized.
Combined Structure of Industry Promotion and Regulation
This Act does not pursue unconditional regulation but instead adopts a balanced model that runs industry-promotion policies in parallel, such as support for research and development (R&D), the creation of a foundation for demonstration, and the building of training data.
Accordingly, while companies gain the opportunity to make use of policy support, they bear legal liability for the use of artificial intelligence that fails to secure safety and reliability.
Core Pillars of Regulation
The core rules that have a direct impact on corporate practice consist of the duty to secure transparency, the duty to secure safety, and the responsibilities of high-impact artificial intelligence operators as specified by the Artificial Intelligence Framework Act.
Because this is a structure that is concretized in stages through subordinate statutes and guidelines, proactive preparation aligned with the structure of the provisions is important.
Duty to Secure Artificial Intelligence Transparency (Article 31)
Duty to Secure Artificial Intelligence Safety (Article 32)
Responsibilities of High-Impact Artificial Intelligence Operators (Article 34)
2. AI Framework Act | Determination of High-Impact Artificial Intelligence and Core Duties
The starting point for responding to the AI Framework Act is to determine in a structured manner whether “our service falls under high-impact artificial intelligence.”
Depending on the result of this classification, the level of risk management, notice and explanation, user protection, oversight and suspension, and documentation that a company must prepare will differ, and the company should first confirm the “scope of compliance” through a diagnosis of applicability and then design an implementation road map.
Criteria for Determining High-Impact Artificial Intelligence
The Artificial Intelligence Framework Act defines high-impact artificial intelligence as follows.
What Is High-Impact Artificial Intelligence? (Artificial Intelligence Framework Act, Article 2)
ex) cases where it is used in areas enumerated by the Act, such as energy supply, the production process of drinking water, the establishment and operation of a system for providing and using health and medical care, and the development and use of medical devices and digital medical devices
Accordingly, the company must also review whether its own AI function has a “substantial impact” on the core decision-making flow in the relevant area.
Particular caution is needed especially where automated evaluation, classification, or decision-making takes place in major industry sectors such as recruitment and personnel management, financial services, health and medical care, and energy.
Importance of the Human Intervention Structure
The scope of the applicable duties may differ depending on whether the artificial intelligence is structured to make the final decision without human intervention or is structured so that a human can review, modify, or suspend it.
Therefore, companies need to build work processes premised on the possibility of human control from the design stage of the artificial intelligence system.
Management Duties Borne by Operators
A company that operates high-impact artificial intelligence must establish a risk management system for the entire life cycle of the artificial intelligence and clearly notify users of the fact that artificial intelligence is being used and of the basis for its decisions.
In addition, the company must put in place specific protective measures, such as preventing algorithmic bias, providing procedures for remedying harm, and securing human oversight and an emergency suspension system, and must prepare and retain the content thereof as safety and trust related documents.
3. AI Framework Act | Risks Affecting Corporate Management
With the enforcement of the AI Framework Act, companies come to bear the responsibility of securing safety and reliability across all stages of artificial intelligence, including planning, development, training, operation, and use.
In particular, the success or failure of the regulatory response is likely to be determined less by “what was done” than by “whether it can be explained in documents what was done and by what standards.”
Administrative Risk
The Framework Act on Artificial Intelligence is explained as placing greater weight on administrative control methods, such as orders to cease and corrective measures for violations identified through investigation, rather than on criminal penalties.
In particular, when a company fails to disclose the use of high-impact artificial intelligence or generative artificial intelligence, or fails to fulfill the management obligations required by law, corrective orders, fact-finding investigations, and administrative sanctions may follow.
Main Types of Obligation Violations and Levels of Administrative Fines
Type of Violation | Main Content of Violation | Level of Administrative Fine |
Failure to Disclose the Use of Artificial Intelligence | When a company does not disclose to users that a result was generated, decided, or recommended through artificial intelligence | Up to 30 million won |
Failure to Designate a Domestic Representative | When a company fails to designate a domestic representative despite meeting the applicable requirements | |
Failure to Comply with a Cease Order or Corrective Order | When a company fails to comply with a cease order or corrective order issued by the supervisory authority |
In addition to the disposition itself, a company must faithfully carry out the organization of the facts, the submission of materials, and the implementation of orders to improve internal processes, which means that the costs of responding to investigations and corrective measures may turn directly into a management risk for the company.
Civil Liability and Reputational Risk
When a user's fundamental rights are infringed or personal information protection obligations are violated because of biased judgments or errors by artificial intelligence, a company may face a claim for damages.
Whether a company has complied with the Framework Act on Artificial Intelligence may also serve as an important standard in assessing the company's fault, and if ethical controversy arises, it may cause long-term damage to the company's credibility and brand value.
In particular, even a single incident involving artificial intelligence can easily trigger external risks that combine issues of ethics, discrimination, and safety.
For this reason, a strategy that embeds trust mechanisms, such as user disclosure, explainability, remedies for harm, and human oversight, into the product or service experience and operating policies is needed.
4. AI Framework Act | Stage-by-Stage Corporate Response Strategy
Responding to the AI Framework Act is more effective when approached in stages according to a company's level of artificial intelligence use, organizational structure, and service characteristics, rather than through a uniform checklist approach.
In particular, depending on whether a company responds early and on its level of preparation, the scope of liability and the severity of sanctions a company bears in future administrative investigations or disputes may differ.
Therefore, a company should accurately diagnose its current position and then establish a stage-by-stage response strategy.
Stage of Diagnosing the Current Status of Artificial Intelligence Use
A company that is not aware whether its own systems or external solutions contain artificial intelligence should first identify the current status of its artificial intelligence use by building an internal AI inventory.
At this stage, the key is to identify how artificial intelligence affects the company's decision-making structure and customers' rights and opportunities.
∙ Organizing the flow of data collection, processing, training, and use, and designating responsible departments
∙ An initial classification of the likelihood of qualifying as high-impact artificial intelligence (based on area, impact, and level of automation)
∙ Organizing the distinction between customer-facing services and systems used for internal decision-making
Stage of Building a Compliance System
A company that is expanding the adoption of artificial intelligence or preparing to launch a new service should design a company-wide compliance system through cooperation among the legal, IT, HR, and security departments.
It is important to review in advance whether a system qualifies as high-impact artificial intelligence and to organize internal rules covering the management of generative artificial intelligence outputs, data use standards, and human intervention procedures.
∙ Preparing procedures for disclosing the use of artificial intelligence and for explanation
∙ Establishing processes for safety inspection, bias management, and error response
∙ Building a system for reviewing generative artificial intelligence outputs, restricting their use, and managing logs
Stage of Responding to Disputes and Investigations and of Advancement
When complaints related to artificial intelligence have already arisen, an incident has occurred, or the possibility of an investigation by the supervisory authority has been raised, a strategic response that minimizes the level of sanctions is needed, by reviewing the possibility of applying a regulatory grace period and whether efforts to secure safety have been documented.
In the long term, a company should build sustainable artificial intelligence governance that does not stop at a one-time response, through regular ethics training, monitoring for model performance degradation, and a system for responding to revisions of laws and guidelines.
∙ Preparing scenarios for responding to a fact-finding investigation by the supervisory authority and an internal response system
∙ Holding regular artificial intelligence ethics and compliance training and operating internal review procedures
∙ Continuously updating internal rules in line with revisions of laws and guidelines
5. AI Framework Act | The Need for Risk Management and Legal Advisory
AI Framework Act risk management is a matter of building a management system that runs through artificial intelligence technology, data, and the overall operation of an organization.
However, there are practical limits to a company carrying out, on its own, the interpretation of laws, the understanding of technical structures, and even the design of an evidentiary system.
For this reason, it is important to prepare a systematic response strategy through professional legal advisory from the early stage.
Advisory on Preliminary Diagnosis and Structural Design
Daeryun Law Firm diagnoses whether a company's artificial intelligence systems qualify as high-impact artificial intelligence and provides advisory from the structural design stage so that legal risks can be minimized.
∙ Mapping obligations by responsibility for transparency, safety, and high impact, and setting the scope of compliance
∙ Reviewing the legal adequacy of structures for human intervention and suspension
∙ Reviewing the allocation of responsibility for structures involving the use of external solutions, APIs, and cloud services
Regulatory Response and Investigation Defense
In preparation for the possibility of a fact-finding investigation, a corrective order, or administrative sanctions by the supervisory authority, we systematically organize whether the company has fulfilled its obligations and establish an investigation response strategy and a legal defense rationale.
∙ Reviewing and organizing the evidentiary value of internal documents, logs, and reports
∙ Establishing a plan to implement corrective measures and designing measures to prevent recurrence
∙ Building a rationale for responding to civil claims for damages
Building Sustainable Artificial Intelligence Governance
Beyond short-term regulatory response, we support the stable growth of a company through the internalization of artificial intelligence ethics standards, the advancement of risk management systems, and continuous monitoring of changes in legislation and guidelines.
∙ Building a system for ongoing monitoring of model performance degradation and the occurrence of bias
∙ Monitoring revisions of laws and guidelines and reflecting them in internal rules
∙ Designing a system for regular inspections and audits of high-impact artificial intelligence
Strengths of Daeryun Law Firm
Daeryun Law Firm has established the AI and Data Intelligence Group, which is organized into a four department structure consisting of the AI Compliance Division, the Vertical AI Strategy Division, the Cybersecurity & Crisis Response Division, and the Digital Forensics & e-Discovery Division, allowing the firm to respond comprehensively to legal risks related to artificial intelligence.
Each division provides integrated support that ranges from compliance review during the adoption and operation of artificial intelligence, to the design of AI strategies that reflect the characteristics of each industry, to responses to cybersecurity incidents, to the analysis of electronic evidence and the review of large scale data.
Through this approach, the firm helps companies respond in practical terms to complex artificial intelligence disputes and regulatory environments where technology, data, and law converge.
For prepared companies, responding to the Framework Act on AI may present an opportunity, while for unprepared companies it can become a critical risk.
We recommend that you prepare a proactive assessment and a phased response strategy suited to the structure of your company's use of artificial intelligence.
Related News
