Korea's High-Impact AI Duties: Loans, Hiring, Health | TLY

AI Regulation Tracker  /  Regulation in force

South Korea's AI Basic Act now requires explanation and human oversight for high-impact AI

Firms running AI that screens loans, resumes, or patients in South Korea now owe affected users a meaningful explanation and human oversight, plus a fundamental-rights impact assessment. The duties took effect January 22, 2026.

South Korea's AI Basic Act now requires explanation and human oversight for high-impact AI regulation briefing
The Leveraged Years AI Regulation Tracker

South Korea's AI Basic Act took effect on January 22, 2026, and its heaviest obligations land on a defined category the law calls "high-impact AI." Operators of these systems now owe affected people a meaningful explanation of AI decisions, must keep a human in the loop, must maintain documentation, and must carry out fundamental-rights impact assessments. For a large set of US and multinational vendors, the practical question is no longer whether Korea regulates AI, but whether a given product sits inside the high-impact list.

What counts as high-impact

The Act ties the high-impact label to use in enumerated high-stakes sectors rather than to the technology itself. Secondary analyses from Baker Botts and other firms list the covered domains as healthcare and medical devices, energy, drinking water, nuclear, transportation, recruitment and HR, loan and credit screening, biometric-based criminal investigation, public services, and primary and secondary education. The through-line is consequence. These are settings where an automated output can decide who gets hired, who gets credit, or how a patient is assessed. An operator that is unsure whether its system qualifies can ask the Ministry of Science and ICT (MSIT) for a formal applicability determination rather than guess.

The explanation duty

The most operationally distinctive obligation is the explanation duty. According to Baker Botts, an operator must be able to explain, in terms affected users can understand, what the system produced and the primary factors behind that result, the model's limitations and how to interpret its output, and what is known about the training data, including its types, sources, and representativeness. In practice this means a firm cannot treat the model as a closed box. It has to hold internal records that support a user-facing account, and keep the two consistent. That is a documentation and communications burden as much as a technical one.

Human oversight, records, and rights assessments

Alongside explanation, the provision requires a lifecycle risk-management plan, human oversight of the system, retained documentation, and a fundamental-rights impact assessment. Together these turn deployment into a governed process. A named human must be positioned to review or intervene, the risk plan has to run across the system's life rather than at launch only, and the rights assessment forces an operator to think through effects on the people subject to the decision before the system is switched on. For an operator, the practical effect is that a compliant deployment now generates a paper trail. There is a record of how the system was assessed, who is accountable for its outputs, and how affected users were informed, and that record has to be produced and kept current rather than assembled after a complaint arrives.

What it does not do

The Act does not ban high-impact AI, and it does not require that every decision be made by a human. It requires oversight, explanation, documentation, and assessment, not abstention. It is also worth being precise about the citing. The high-impact obligation is widely reported as Article 33, but firm analyses are not uniform, with at least one citing Article 34, and clean statute pages were not readable at the time of writing. The duties themselves are well corroborated across law-firm sources even where the exact article number is not settled. Readers building compliance programs should confirm the article reference against the official text before relying on it in filings.

The cross-border angle

For a US reader, this is a familiar shape with sharper edges. Korea's hiring and credit duties sit in the same family as New York City's Local Law 144, the Colorado AI Act, and the EU AI Act's high-risk regime, but Korea layers on its own explanation and human-oversight specifics. US HR-tech, fintech, and health-AI vendors selling into Korea, and US multinationals whose Korean subsidiaries run AI recruiting or credit tools, are squarely in scope. A firm that has already built for the EU or for US state AI laws has a head start, but it still needs to add Korea's explanation and rights-assessment mechanics rather than assume its existing controls transfer. The safer working assumption for any vendor with Korean users or a Korean entity is that a bias-audit posture or a model-risk framework built for a US regime will not, on its own, satisfy the explanation and documentation duties Korea now imposes.

Frequently Asked Questions

What changed under South Korea's AI Basic Act for high-impact AI?

As of January 22, 2026, operators of AI classified as high-impact in listed high-stakes sectors must run a lifecycle risk-management plan, give affected users a meaningful explanation of AI decisions, ensure human oversight, keep documentation, and conduct fundamental-rights impact assessments.

Who is affected by these duties?

Operators of AI in healthcare and medical devices, energy, drinking water, nuclear, transportation, recruitment and HR, loan and credit screening, biometric-based criminal investigation, public services, and primary and secondary education. That includes US vendors and Korean subsidiaries deploying these tools.

What exactly must an operator explain to affected users?

According to Baker Botts, the explanation must cover what the system produced and the main factors behind the result, the model's limitations and how to interpret it, and what is known about the training data, including its sources and representativeness.

What if we are not sure our system is high-impact?

Where classification is unclear, a firm can ask the Ministry of Science and ICT (MSIT) for a formal high-impact applicability determination rather than self-classify and risk getting it wrong.

Browse the full AI Regulation News tracker

Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel.