South Korea's AI Basic Act: "High-Impact" vs. EU "High-Risk" — Innovation-Friendly but Liability Gaps Remain

South Korea's Framework Act on Artificial Intelligence (AI Basic Act), enacted in January 2025 and effective January 2026, represents a fundamentally different regulatory philosophy from the EU AI Act — with significant implications for APAC enterprise exposure. A comprehensive comparative legal analysis published in the journal Laws identifies key structural risks in the Korean framework:

The core distinction: "high-impact" vs. "high-risk." The EU uses "high-risk AI" tied to measurable harm and preventive obligations. Korea uses "high-impact AI," a broader, more neutral term designed to avoid stigma and reduce barriers for domestic startups. But "impact" is harder to measure than "risk," and the specific criteria for high-impact classification are largely delegated to presidential decrees and guidelines rather than specified in the law itself — creating regulatory uncertainty for businesses.

Self-regulation carries the substantive burden. Unlike the EU model, where codes of conduct and standards operate within a framework of mandatory legal duties, Korea's law places much of the compliance burden on businesses through effort-based responsibilities rather than hard legal requirements backed by strong sanctions. The Ministry of Science and ICT both promotes the AI industry and supervises its risks — a dual mandate that raises concerns about regulatory impartiality.

The "liability lightning rod" problem. The Korean law includes a human intervention exception: if a person intervenes and controls the final decision, the system may avoid high-impact classification. Practically, this could allow companies to push liability onto frontline workers (HR staff approving biased AI recommendations, loan officers signing off on AI credit decisions) even when the AI system materially shaped the outcome. This is compounded by information asymmetry — victims of AI harm often lack access to training data, model weights, and decision logic needed to prove causation under ordinary civil liability rules.

The research proposes five legislative fixes: (1) codify high-impact criteria in the law itself; (2) create periodic re-evaluation of categories; (3) strengthen parliamentary oversight of regulatory expansions; (4) gradually convert effort-based responsibilities into mandatory obligations; and (5) introduce harmonized safety standards with a presumption of conformity. Civil liability reform — including causation presumptions and clearer liability allocation across developers, deployers, and practitioners — is also called for.

Enterprise takeaway for APAC exposure: Companies deploying AI in South Korea face a lighter-touch regime than the EU, but with greater legal uncertainty. The liability-shifting risk means frontline decision-makers may bear personal exposure for AI-assisted outcomes. Robust documentation of AI system influence on decisions and clear allocation of responsibility between developer and deployer — potentially exceeding statutory minimums — is advisable.