South Korea’s AI Basic Act classifies AI systems in 11 sectors as “high-impact” (Goyanghyang Inji Neung), triggering mandatory transparency, risk management, and human oversight obligations. If your AI system operates in healthcare, finance, transportation, education, or government services in Korea, this classification determines your compliance requirements.
This article maps each sector with the specific legal reference, real Korean companies operating in the space, and the obligations that apply.
Key Takeaways
- The AI Basic Act defines 11 high-impact sectors in Article 2(4)(a)-(k). Each references a specific enabling statute that defines the sector’s boundaries.
- Category (g) is the broadest: it covers employment, loan screening, and “any decision significantly affecting individual rights and obligations.” Most B2B AI products in Korea qualify under this category.
- High-impact operators face six mandatory duties under Article 34, including risk management plans that must be published on their website and human oversight with a named contact person.
- Impact assessments (Art. 35) are a soft duty (“noryeok hayeoya” / should endeavor), not mandatory. But the government prioritizes products from organizations that have conducted them.
- Korea’s 11 sectors overlap significantly with the EU AI Act’s 8 Annex III areas, but Korea adds nuclear facilities and excludes migration/asylum. Three areas are Korea-only, two are EU-only.
[Source: AI Basic Act Art. 2(4); Decree Art. 25-28]
What Does “High-Impact AI” Mean Under Korean Law?
High-impact AI is defined in Article 2(4) as AI systems “posing significant risk to life, physical safety, and fundamental rights” across 11 designated domains. Korea deliberately uses “high-impact” rather than “high-risk” to distinguish its approach from the EU. [Source: AI Basic Act Art. 2(4)]
Classification triggers three consequences. First, the six mandatory operator duties under Article 34 apply. Second, transparency obligations under Article 31(1) require notifying users before deployment. Third, operators can request formal MSIT confirmation of their classification under Article 33, with a 50-member expert committee available for advisory. [Source: AI Basic Act Art. 31, 33, 34]
The confirmation process works through the Implementing Decree (Art. 25): submit a request to MSIT, receive a decision within 30 days (extendable by 30 more), appeal within 10 days. Five evaluation factors determine the classification. [Source: Decree Art. 25]
What Are the 11 High-Impact Sectors?
(a) Energy Supply
AI systems managing energy generation, transmission, or distribution. References the Energy Act Art. 2(1). Korea Electric Power Corporation (KEPCO) uses AI for grid management and load prediction. [Source: AI Basic Act Art. 2(4)(a)]
(b) Drinking Water Production
AI in water treatment, quality monitoring, or distribution systems. References the Drinking Water Management Act Art. 3(1). K-Water operates AI water quality monitoring across Korea’s water infrastructure. [Source: AI Basic Act Art. 2(4)(b)]
(c) Healthcare Provision
AI in clinical decision support, patient triage, or health system management. References the Healthcare Basic Act Art. 3(1). Korean hospitals deploy AI-assisted diagnosis platforms across radiology, pathology, and emergency triage. [Source: AI Basic Act Art. 2(4)(c)]
(d) Medical Devices and Digital Medical Products
AI-powered medical devices, including software as a medical device (SaMD). References both the Medical Device Act Art. 2(1) and the Digital Medical Product Act Art. 2(2). Lunit’s INSIGHT CXR achieves 97-99% accuracy for chest X-ray analysis and received MFDS approval in October 2019. VUNO’s Med-Chest X-ray was designated an Integrated Innovative Medical Device in February 2025. Korea’s MFDS approved the country’s first generative AI medical device in 2025, auto-generating draft X-ray interpretations for 42 thoracic diseases. [Source: AI Basic Act Art. 2(4)(d); Lunit; VUNO; MFDS]
(e) Nuclear Facilities Management
AI monitoring nuclear materials, reactors, or waste. References the Nuclear Safety Act Art. 2(1). Korea Hydro and Nuclear Power uses AI for safety monitoring across its nuclear fleet. This category has no EU equivalent in Annex III. [Source: AI Basic Act Art. 2(4)(e)]
(f) Biometric Identification for Criminal Investigation
AI using face, fingerprint, iris, or palm vein recognition specifically for law enforcement investigations and arrest. This is narrower than the EU’s Annex III Area 1, which covers all remote biometric identification. Korea limits this high-impact category to criminal justice contexts. [Source: AI Basic Act Art. 2(4)(f)]
(g) Employment, Loan Screening, and Rights-Affecting Decisions
The broadest category. Covers any AI system used for hiring, credit assessment, or “other decisions significantly affecting individual rights and obligations.” Kakao Bank, K-Bank, and Toss use AI credit scoring. CrePASS Solutions offers alternative credit scoring using non-financial data. Samsung SDS runs HR analytics. Coupang uses algorithmic workforce management. Naver evaluates SmartStore seller creditworthiness. [Source: AI Basic Act Art. 2(4)(g)]
Our view: if your AI product makes or informs a decision about a person’s employment, money, or legal rights in Korea, assume it qualifies under category (g).
(h) Transportation Systems
AI operating vehicles, traffic management, or logistics systems. References the Transport Safety Act Art. 2(1)-(3). Hyundai develops autonomous driving AI. Naver Labs operates autonomous delivery robots. Sejong City and Pangyo serve as autonomous vehicle testing zones. [Source: AI Basic Act Art. 2(4)(h)]
(i) Government Decisions Affecting Citizens
AI used for public service eligibility, cost assessments, or administrative decisions. This covers welfare eligibility algorithms, immigration processing, tax assessment AI, and Korea Exchange (KRX) AI market surveillance (launched February 2026). [Source: AI Basic Act Art. 2(4)(i)]
(j) K-12 Student Evaluation
AI evaluating students from early childhood through secondary education. References the Education Basic Act Art. 9(1). Covers AI tutoring platforms, automated essay grading, and student performance prediction. Korea limits this to K-12, unlike the EU which extends to vocational training. [Source: AI Basic Act Art. 2(4)(j)]
(k) Other Areas by Presidential Decree
An open-ended expansion clause allowing the President to add new high-impact sectors without legislative amendment. No additional areas have been designated as of April 2026. [Source: AI Basic Act Art. 2(4)(k)]
What Obligations Apply to High-Impact AI?
Article 34 imposes six mandatory duties on operators.
| Obligation | What It Requires | Must Publish? |
|---|---|---|
| Risk management plan | Identify, assess, and mitigate AI risks | Yes, on website |
| Explanation mechanism | Explain AI outputs, main criteria, training data overview | Yes, methodology |
| User protection plan | Measures protecting users from AI harm | Yes, on website |
| Human oversight | Designate a person responsible for supervision | Yes, name and contact |
| Documentation retention | Maintain records for 5 years (electronic included) | Internal (trade secrets excluded) |
| Committee-determined matters | Additional obligations as decided by the AI Committee | TBD |
[Source: AI Basic Act Art. 34; Decree Art. 27]
Article 35 adds impact assessments as a soft duty. If conducted, seven items must be covered: affected groups, rights types, social and economic scope, usage patterns, evaluation methodology, mitigation measures, and improvement plan. Government agencies must prioritize products from organizations that have completed assessments. [Source: AI Basic Act Art. 35; Decree Art. 28]
Article 31 requires transparency: operators must notify users before deployment that the product or service is AI-based.
Article 32 adds safety obligations for systems exceeding the compute threshold: cumulative training compute of 10^26 FLOPs, state-of-the-art technology, and broad risk. All three must be met simultaneously.
How Do Korea’s 11 Sectors Map to the EU’s 8 Annex III Areas?
| Korea Category | EU Annex III Equivalent | Overlap? |
|---|---|---|
| (a) Energy supply | Area 2(a) Critical infrastructure | Yes |
| (b) Drinking water | Area 2(b) Critical infrastructure | Yes |
| (c) Healthcare | Area 5(a)-(c) | Yes |
| (d) Medical devices | Area 5 + Art. 6(1) MDR | Yes |
| (e) Nuclear facilities | No equivalent | Korea only |
| (f) Biometric ID (criminal) | Area 1 Remote biometric | Partial: EU broader |
| (g) Employment/loans/rights | Areas 3-4 | Partial: Korea broader |
| (h) Transportation | Area 2(c) Transport | Yes |
| (i) Government decisions | Area 8 | Yes |
| (j) K-12 student evaluation | Area 3(a) Education | Partial: EU broader |
| (k) Presidential Decree expansion | Delegated acts | Similar mechanism |
| N/A | Area 6: Law enforcement (beyond biometric) | EU only |
| N/A | Area 7: Migration/asylum/border | EU only |
[Source: AI Basic Act Art. 2(4); Regulation (EU) 2024/1689 Annex III]
Systems can be high-impact in Korea but not high-risk in the EU (nuclear AI), and vice versa (migration AI). Both frameworks must be checked independently for dual compliance. For a full comparison, see our South Korea vs EU AI Act analysis.
How Do You Classify Your AI System?
Step 1: Check if your AI system operates in any of the 11 sectors listed in Article 2(4)(a)-(k). Category (g) is the catch-all for rights-affecting decisions.
Step 2: If yes, the Article 34 obligations apply. Determine whether you are an AI Development Operator (builds the system) or AI Utilization Operator (deploys it). Obligations differ by role.
Step 3: Check if your system exceeds the compute threshold (10^26 FLOPs triple-criteria). If yes, Article 32 safety obligations apply in addition to the high-impact duties.
Step 4: Optionally, request formal MSIT confirmation under Article 33. The 50-member expert committee provides advisory classification within 30 days.
Step 5: If uncertain, request MSIT guidance. Unlike the EU (where self-assessment is the default with no equivalent guidance mechanism), Korea provides a formal path for classification questions.
What Should You Do Now?
- Audit your Korean AI deployments against all 11 categories. Pay special attention to category (g), which captures most B2B AI touching people’s rights.
- Build the six Article 34 compliance artifacts. Risk management plan, explanation mechanism, user protection plan, human oversight designation, documentation system, and publish them on your website.
- Consider conducting a voluntary impact assessment (Art. 35). Although soft duty, it gives procurement preference and demonstrates good faith during the grace period.
- Track the compute threshold. If your training compute approaches 10^26 FLOPs, Article 32 safety obligations will apply. MSIT has not yet published the compute calculation methodology.
- Map overlap with EU Annex III. If you operate in both Korea and the EU, identify where your system is classified in both frameworks. Three sectors are Korea-only, two are EU-only. See our comparison guide and our EU Annex III explainer.
For enforcement trends showing how Korea’s PIPC uses model deletion and billion-won fines against AI companies, see our PIPC enforcement analysis.
Reg Intel is not a law firm and does not provide legal services. This content is for informational purposes only and does not constitute legal advice. Consult qualified Korean legal counsel for jurisdiction-specific compliance guidance.
Last verified: April 7, 2026
Sources
Official Sources
- AI Basic Act (Law No. 20676) Art. 2(4)(a)-(k) via law.go.kr
- Presidential Decree No. 36053, Art. 25-28
- CSET Georgetown, English translation (July 2025) — Link
Analysis and Commentary
- Kim and Chang, “PIPC Guidelines on AI” (January 2026) — Link
- Baker McKenzie, “South Korea AI Basic Act” (February 2026) — Link
- IAPP, “South Korea PIPA Overhaul” (March 2026) — Link
- Littler, “South Korea’s New AI Law: Key Considerations” (2026) — Link
- DLA Piper, “High-risk AI in South Korea” (2026) — Link
Data Sources
- Lunit official product page (INSIGHT CXR, INSIGHT DBT)
- VUNO official product page (Med-Chest X-ray)
- Korea Exchange (KRX), AI market monitoring launch (February 2026)
Compare: EU vs South Korea
For the global keystone comparison across twelve dimensions — high-impact vs high-risk classification, mandatory vs voluntary conformity, KRW 30M vs €35M penalties, Korea’s innovation chapter, and a five-step dual-market compliance baseline — see EU vs South Korea AI Act: High-Impact vs High-Risk Compared (2026).