Korea's AI Basic Law Is Still in Its 'Grace Period' — But High-Impact Operators Should Prepare Now

"Enforcement Starts in June" Is Only Half True

Here's the deal: Korea's AI Basic Act took effect on January 22, 2026. Alongside the EU AI Act, it's one of the world's first comprehensive AI regulatory frameworks. Lately, though, the industry has buzzed with talk that "full enforcement begins in June." Bottom line: that's only half true.

Look at the facts precisely. The Ministry of Science and ICT (MSIT) is running a grace period of at least one year through 2026. During this period, fact-finding investigations and administrative fines are deferred in principle. Unless an exceptional case of "serious social harm" — loss of life or human-rights violations — arises, the government is weighting guidance over punishment. So "fines start raining down in June" simply isn't true.

Then why is now an important time? Because a grace period doesn't make the duties themselves disappear. Core provisions — high-impact AI operators' obligations, foreign companies' domestic-representative designation — are already defined in law, and the grace period is the stage for refining how to implement them. The government is gathering field feedback to calibrate the system. So now, while penalties are deferred, is the optimal time for companies to start preparing without pressure.

The Cast — Government, High-Impact Operators, and Foreign Companies

The first lead is the Korean government, especially MSIT. Having created one of the world's first comprehensive AI laws, it's walking a tightrope between criticism that "regulation kills innovation" and demands that "safeguards are needed." Its answer is the grace period: enact the law but defer punishment and refine the system with the field. It set up an "AI Basic Act Institutional Improvement Task Force" to find gaps during the one-year grace and feed them into policy.

Second are "high-impact AI operators." The law newly classifies AI used in sectors like healthcare, finance, energy, transportation, and education — where human life, rights, or welfare may be affected — as High-Impact AI. Operators in these areas enter a stage of duties: establishing risk-management plans, user-protection measures, AI impact assessment, and transparency. Separately, "high-performance AI" trained with massive compute (cumulative 10^26 FLOPs or more) carries additional safety obligations.

The third character is foreign AI companies. One of the law's most operationally important provisions is the domestic-representative designation. Foreign AI operators above certain thresholds must designate a legal representative in Korea. In other words, to do business in the Korean market, place an accountable party domestically. For global AI companies, it's an administrative "toll" for entering Korea — and one to handle regardless of the grace period.

The Core — What's Defined and What's Deferred

Item	Status
Effective date	January 22, 2026 (in force)
Grace period	At least one year in 2026 (fines/investigations deferred in principle)
High-impact duties	Risk management, user protection, impact assessment, transparency (defined, prep stage)
High-performance threshold	Models trained with ≥10^26 FLOPs
Foreign-company duty	Domestic representative designation
Exceptional enforcement	Applied without deferral for serious harm (life, human rights)
Calibration	"Institutional Improvement TF" running; briefings April–August

The table's key message: the definitions are done, and punishment is deferred. What you must do (high-impact duties, representative designation) is already spelled out in law. Only the sanctions for non-compliance are largely deferred during the grace period. So this isn't a "time you can ignore the duties" but a "time to prepare to meet the duties without penalty pressure." Those are completely different.

One more point: even during the grace period, if "serious harm like loss of life or human-rights violations" occurs, the law applies without deferral. Not everything gets a pass — the government can draw the sword immediately for serious risk. So the more an operator uses AI in high-risk areas (healthcare, finance), the less they should relax just because it's the grace period.

Who Gains What

For the government, the biggest win is buying time to balance innovation and safety. As the first to build a comprehensive AI law, starting with heavy punishment could chill the industry. The grace period sends the message "the law is set, but the industry can still breathe," while buying time to refine the system with field feedback — a clever design that splits the difference between leading on regulation and being industry-friendly.

For companies, the win is a "prep window with no penalty pressure." Had fines applied the moment the law took effect, companies would have faced sanctions while underprepared. Thanks to the grace period, they can build risk-management systems, create impact-assessment procedures, and designate representatives with relative breathing room. Companies that join government briefings and submit feedback during this period may even nudge the system in a direction favorable to their business.

For users and citizens, the win is that a framework of safeguards is in place. Impact assessment and user-protection duties for high-impact AI are mechanisms to keep AI from harming people in sensitive areas like healthcare, finance, and education. The effect will show slowly during the guidance phase, but it's meaningful that a "minimum accountability framework for AI" is now established in law.

History — AI and Data Regulation, Hits and Trial-and-Error

The most common comparison is the EU's GDPR and AI Act. GDPR went through deferral and guidance early, then gradually tightened enforcement, creating a "global standard for data protection." Korea's AI Basic Act is on a similar path: enact → guide → gradually enforce. If well refined, it has the potential to become "Asia's standard for AI regulation."

But trial-and-error cases are clear too. If regulation is too vague or burdensome, companies may simply avoid the country — "regulatory avoidance." Indeed, some global services have delayed launches or limited features in certain countries due to tough rules. If provisions like the foreign-operator domestic-representative duty operate too heavily, Korea risks becoming a lower priority for global AI service launches. That's why the grace period's "calibration" matters.

The lesson: AI regulation isn't about "exists or not" but "how clear and predictable it is." Companies need to clearly know what to do, by when, and how, so regulation doesn't kill innovation. How much Korea raises that clarity during the grace period will decide whether the law becomes an "AI power's safety net" or an "entry barrier."

Rivals' Counter-Play

Other countries are in the AI-regulation race too. The EU built the most comprehensive framework with its AI Act but is struggling with enforcement details, while the US sees a patchwork of state laws rather than unified federal regulation. Korea's "enact but guide" approach sits somewhere in between — laying AI safety standards first as a regulatory leader, while trying not to choke the industry. If it works well, it could become a benchmark for other countries.

Global AI companies' counter is "prepared compliance." Rather than avoiding tough rules, the strategy is to designate domestic representatives and build impact-assessment systems to position as "operators fit for the Korean market." The recent trend of several global AI companies opening Korean offices and strengthening local accountability isn't unrelated. Companies that accept regulation not as a cost but as an "entry qualification" will gain an edge in the Korean market.

Ultimately the big picture is how to reconcile AI regulation with industrial competitiveness. Too loose and safety is threatened; too tight and the industry contracts. Korea's grace period is an experiment in finding that balance with the field, and the result could influence other countries as a "regulatory model for the AI era."

So What Actually Changes — By Audience

For AI operators and startups, now is the golden time to prepare. Building risk-management systems, impact-assessment procedures, and (for foreign companies) a domestic representative during the penalty-deferred grace period means not scrambling once full enforcement arrives. Especially for high-impact operators in healthcare or finance, the right stance isn't "it's the grace period, so take it slow" but "start steadily now."

For legal and compliance teams, the key is precisely distinguishing what's defined from what's deferred. Rather than being swayed by the inaccurate "enforcement starts in June" rumor, accurately grasp the grace period's real scope (fine deferral vs. immediate application for serious harm) and tier your company's risks accordingly.

For general users, grab the picture that a minimum accountability framework for AI now exists. You won't see immediate changes, but with impact-assessment and user-protection duties for high-impact AI established in law, a framework now checks reckless use of AI in sensitive areas. How effective it proves will have to be watched after the grace period.

🥄 Three Things You're Probably Wondering

— So what does this mean for me? It matters if you build or run AI services — especially in high-impact areas like healthcare, finance, or education, where preparing risk-management and impact-assessment systems now, during the grace period, is wise. If you're just a user, there's little immediate change; understand it as "the AI I use now has an accountability framework."

— Is "enforcement starts in June" wrong? Only half. The law is in force, but a grace period of at least a year means fines are largely deferred. That said, serious harm (life, human rights) is applied without deferral, and provisions like high-impact duties and representative designation are already defined. See it as "prep mode in progress," not "punishment mode begins."

— Will foreign AI services get blocked in Korea? Not really. But foreign operators above certain thresholds must designate a domestic representative. If regulation operates too heavily, some services risk delaying launch — but with the government calibrating during the grace period, it's too early to call.

References

• South Korea's AI Basic Act: Overview and Key Takeaways — Cooley
• South Korea: Comprehensive AI Legal Framework Takes Effect — Library of Congress
• Korea's AI Law Enters Its Next Phase as Real-World Feedback Shapes Policy — KoreaTechDesk
• South Korea AI Basic Act — U.S. Dept. of Commerce (trade.gov)
• Global AI Governance Law and Policy: South Korea — IAPP

Details are as of announcement/effective date and may change.