FRAMEWORK

Korea AI Basic Act compliance, generated from your own systems.

Korea's Framework Act on the Development of AI and Establishment of a Foundation for Trust (인공지능 기본법) creates the country's first horizontal AI regime, with elevated duties on 'high-impact AI', generative-AI labelling and a domestic-representative requirement for foreign operators.

Request a demo See coverage

Coverage updated2 min ago

Coverage · Korea AI Basic Act

Framework coverage

88%

Coverage

Obligations mapped

+4% wk

Files on record

Live · synced 2 min ago · 7-day trend

Recent activity

Annex IV v4Approved

FRIA v2Approved

Monitoring plan v1Draft

THE OBLIGATION

The Act layers risk-and-safety duties on top of standard AI development. High-impact AI carries documentation, risk-management and user-rights obligations; generative AI carries labelling and pre-use notice; foreign operators above thresholds must appoint a domestic representative.

Article 2 defines 'high-impact AI' as AI used in life, safety or fundamental-rights-sensitive domains — explicitly including healthcare, energy, public services, criminal justice, finance, social welfare, transport, education and biometric identification, with implementing rules to be set by Presidential Decree. Domain assignment is the gating analysis.

Operators of high-impact AI must (i) establish a risk-management plan across the AI lifecycle, (ii) maintain documentation of training data, model design, evaluations and limitations, (iii) provide pre-use information to users, (iv) ensure human oversight and recourse, and (v) report serious safety incidents to MSIT (Ministry of Science and ICT). These duties parallel — but are not identical to — the EU AI Act's Articles 9–15.

Generative AI carries a separate set of obligations: clear pre-use notice that the user is interacting with generative AI, and identifiable labelling of generated output as AI-generated. The 22 September 2025 Mandatory Labelling Measures provide implementation detail.

Foreign AI operators whose users in Korea exceed thresholds defined by Presidential Decree must appoint a domestic representative for the purpose of MSIT correspondence and enforcement. The National AI Committee, chaired by the President, sets cross-government policy.

At a glance

Applies toAny operator providing AI services to users in Korea — domestic or foreign, with thresholds triggering the domestic-representative duty

Your likely roleOperator (developer or deployer) — the duty attaches to whoever provides the AI service to the user

Key deadlinePromulgated 21 January 2025. Effective 22 January 2026. Implementing Presidential Decrees and MSIT notices continue to roll out through 2026.

Penalty exposureAdministrative fines up to ₩30,000,000 (~US$22,000) per category of breach; corrective orders and public disclosure of non-compliance; supplementary penalties under the Personal Information Protection Act and the Telecommunications Business Act for overlapping breaches

ARTEFACTS

The files this framework actually requires.

The Act names the duties but not the document set. Hael generates the artefacts MSIT will request from a high-impact-AI operator.

Files · Evidence pack

PDFHigh-Impact AI Risk-Management Planv2updated 2 min agoApproved

PDFTechnical Documentation (Training / Eval)v2updated 14 MayApproved

PDFUser Pre-Use Information & Oversight Recordv1updated 11 MayApproved

PDFGenerative-AI Labelling & Notice Policyv1updated 04 MayApproved

PDFSerious-Incident Reporting Procedure (MSIT)v1updated 02 MayDraft

GRC tools tell you these are missing. Hael generates them — from each system's real configuration.

THE DIFFERENCE

A checklist tells you what's missing. Hael puts it on record.

The Act asks for the operator's plan, documentation, notice and labelling. Hael holds them in the shape MSIT will recognise.

Typical GRC tool

High-Impact AI Risk-Management Planupload required

Technical Documentation (Training / Eval)upload required

User Pre-Use Information & Oversight Recordupload required

Generative-AI Labelling & Notice Policyupload required

Serious-Incident Reporting Procedure (MSIT)upload required

Tracks the gap. You still author every document.

Hael

High-Impact AI Risk-Management Planv2Generated 2 min agoview

Technical Documentation (Training / Eval)v2Generated · Approvedview

User Pre-Use Information & Oversight Recordv1Generated · Approvedview

Generative-AI Labelling & Notice Policyv1Generated · Approvedview

Serious-Incident Reporting Procedure (MSIT)v1Generated · Draftview

Generated from each system's real configuration, versioned, and kept current as it changes.

HOW HAEL WORKS

Discover, classify, produce — for Korea AI Basic Act.

01DISCOVER

Find the systems in Korea AI Basic Act scope, including embedded third-party AI.

Inventory · 14 systems

Credit scoring enginehigh

HR screening bothigh

Salesforce Einsteinlimited

02CLASSIFY

Assess each against Korea AI Basic Act's risk tiers and obligations.

Risk tier

Prohib.HighLimitedMin.

Role: ProviderArt. 9 · 11 · 14

03PRODUCE

Generate the Korea AI Basic Act records, versioned and current.

Generated files

Annex IV v4Approved

FRIA v2Approved

Monitoring v1Draft

COVERAGE

Every obligation, mapped to the control that satisfies it.

Rows are the framework's clauses.

Columns are the controls and files that satisfy them.

Cells update as the underlying configuration changes.

Explore the platform

Coverage Map

Obligation → Control

6 obligations · 5 controls

88%

covered

Risk Plan

Tech Docs

Notice

Labelling

Rep.

Art. 2 High-impact classification

—

Art. 32 Risk-management plan

✓

—

Art. 35 Technical documentation

—

✓

—

Art. 36 User information & oversight

—

✓

—

Art. 40 Generative-AI labelling

—

✓

—

Art. 41 Domestic representative

—

✓

Art. 2 High-impact classification

Risk Plan

v3 · sealed

Approvedopen file →

MAPPING

Clause by clause.

Obligation
What it requires
Hael control / file
Status

Art. 2 / DecreeDetermine whether the AI is high-impact (domain-list test)High-Impact ClassificationApproved

Art. 32Lifecycle risk-management plan for high-impact AIRisk-Management PlanApproved

Art. 35Documentation of training data, model design, evaluations, limitationsTechnical DocumentationApproved

Art. 36Pre-use information to users; human oversight and recourseUser Information & OversightApproved

Art. 40Generative-AI: pre-use notice and identifiable labelling of AI outputGenerative-AI Labelling & NoticeApproved

Art. 41Foreign operators above thresholds: appoint a Korea domestic representativeDomestic RepresentativeIn progress

REUSE

Author once. Satisfy many.

Korea's high-impact AI risk-management plan and technical documentation overlap substantially with the EU AI Act Article 9 risk-management process and Annex IV technical file, and with a NIST AI RMF Profile. The generative-AI labelling obligation parallels Article 50 of the EU AI Act. Build the substantive artefacts once; render to MSIT's format.

→ shared evidenceEU AI ActNIST AI RMFISO/IEC 42001China Generative AI / Algo

Trust & Security

SOC 2 Type IIISO/IEC 27001EU & US data residencySSO / SCIMEncryption in transit & at restAudit logging

Be ready for the Korea AI Basic Act, ahead of 22 January 2026.

Bring an AI system serving Korean users. We'll register it, run the high-impact classification, and show the risk-management plan, technical documentation, user-information record and (where relevant) generative-AI labelling Hael would generate.

Request a demo Explore the platform