South Korea's Basic AI Act Takes Extraterritorial Effect, Reshaping Global AI Compliance

South Korea's AI Basic Act formally entered enforcement earlier this year, marking a watershed moment in global AI regulation. What began as a December 2024 legislative passage and January 2025 publication has now crossed from implementation phase into active enforcement, creating immediate compliance obligations for every AI company offering services to Korean users, whether or not they maintain offices there.

The extraterritorial reach of the law represents its most consequential feature. Unlike regulations that typically bind only domestic companies, South Korea's framework applies to any entity, foreign or domestic, that offers AI services affecting the Korean market or Korean citizens. OpenAI, Anthropic, Google, and other foreign AI providers now operate under an expanded legal jurisdiction that extends Seoul's regulatory authority across borders.

Foreign companies exceeding certain thresholds face mandatory compliance burdens. Those with annual revenues exceeding 1 trillion won (approximately $750 million), AI-sector revenue exceeding 10 billion won, or more than 1 million daily active users in South Korea must appoint a domestic representative accountable for regulatory adherence. This creates a new gatekeeping mechanism that effectively forces major foreign AI operators into structural compliance partnerships with local entities.

Risk-Based Framework with High-Impact Designations

The Basic Act adopts a risk-based regulatory model comparable to the EU's AI Act but with a simpler, more streamlined structure. Rather than creating broad sectoral restrictions, the law identifies high-impact AI systems, those affecting human safety, physical security, or fundamental rights in critical domains, and imposes stringent safety measures on those systems alone.

High-impact AI categories include applications in healthcare diagnostics, transportation control systems, financial credit evaluation, nuclear power management, and employment screening. For these applications, operators must conduct AI risk assessments, maintain comprehensive documentation, implement human oversight mechanisms, and provide meaningful explanations of outcomes to affected users.

The transparency obligations extend broadly to generative AI. All AI service providers must disclose when outputs have been AI-generated. When synthetic images, videos, or audio could be mistaken for authentic content, they must carry visible or audible watermarks or labels. Non-deceptive uses, such as webtoons or animations, may employ invisible watermarks, but the intent remains: users should not be deceived about content provenance.

Penalties, Grace Periods, and Enforcement Strategy

Violations carry financial penalties up to 30 million Korean won per infraction, approximately $22,000. However, the Ministry of Science and ICT has announced a grace period extending through January 2027, deferring administrative fines while providing guidance and allowing companies time to adapt. This measured enforcement approach aims to prevent sudden market disruption while establishing clear compliance expectations.

Oversight rests with the Ministry of Science and ICT and a newly formed AI Policy Committee, which has authority to investigate suspected violations, issue corrective orders, and mandate remediation. This centralized governance structure reflects the government's intention to treat AI regulation as a strategic policy domain rather than fragmented sectoral oversight.

Comparative Standing and Global Implications

The Basic Act joins the EU's AI Act as comprehensive, principle-based AI governance frameworks. Where the EU law emphasizes prohibited practices and prescriptive requirements, South Korea's approach prioritizes risk assessment, transparency, and ex-post supervision. Both apply extraterritorially to foreign operators, but Korea's thresholds for foreign representative appointment are more accessible to smaller companies than EU equivalents.

Domestic South Korean tech giants, Samsung, LG, Naver, Kakao, and SK Telecom, are positioning themselves strategically within this new landscape. Samsung emphasizes on-device processing to align with privacy-centric requirements. Naver champions local large language model development through government-backed sovereign AI initiatives. The Ministry has allocated $381 million to five industry consortia competing for domestic AI dominance, effectively using regulation as industrial policy.

For foreign AI companies, the extraterritorial application presents both risk and opportunity. Those with significant Korean user bases face immediate compliance obligations but gain competitive clarity. The grace period through January 2027 provides a runway, but only for companies that begin compliance planning immediately.

The Foundation Argument

Kim Kyeong-man, Deputy Minister of the Office of AI Policy at the Ministry of Science and ICT, framed the law's intent plainly: the goal is not to stop AI development through regulation, but to ensure that people can use it with a sense of trust. He added that the legislation represents a starting point rather than a finished regulatory edifice.

This framing reveals Seoul's pragmatic calculus. By establishing clear baseline rules now, before a chaotic patchwork of conflicting national regulations emerges, South Korea aims to shape global AI governance while maintaining its own domestic innovation capacity. The extraterritorial application serves a dual purpose: ensuring foreign companies don't circumvent local safeguards while positioning Korea as a standards-setter rather than a mere rule-taker.

As enforcement begins, the test will lie in execution. Whether the Ministry applies penalties consistently, how quickly guidance clarifies ambiguities, and whether foreign companies cooperate or challenge the extraterritorial scope will determine whether the Basic Act becomes a model for responsible AI governance or a cautionary tale in regulatory overreach.