South Korea’s first comprehensive AI law, the Framework Act on the Development of Artificial Intelligence and Establishment of Trust, takes effect January 22, 2026.
The legislation sets national standards for AI safety, transparency, and ethics, targeting high-impact systems with significant effects on human life, rights, or public operations. It establishes obligations such as risk assessments, user notification, documentation, and human oversight for qualifying AI systems.
The law reportedly includes a grace period of at least one year, which will give organizations time to prepare while further guidance from the government is finalized.
What Qualifies as High-Impact AI Under South Korea’s AI Law
The AI Basic Law establishes a national framework for transparency, safety, and accountability. It defines high-impact AI as systems trained with massive computational power or used in designated high-risk sectors.
According to The Korea Times, systems exceeding 10^26 floating-point operations fall into this high-risk category, which suggests the threshold is designed for next-generation AI systems. Meanwhile, high-risk sectors include 11 sectors, such as employment, loan assessments, healthcare, and government operations, among others.
Organizations under these categories must conduct risk assessments, maintain human oversight, notify users of AI-generated decisions, and document operational data.
However, many details remain unclear. The Korea Times reported that implementation guidance remained under review, while supervisory frameworks have not been released. Forthcoming guidance from the Ministry of Science and ICT may address these concerns.
How Businesses Can Prepare During South Korea’s AI Law Grace Period
After the AI Basic Law takes effect on January 22, organizations reportedly have at least one year to prepare, a window that favors guidance over penalties. During this period, businesses should assess how the law may apply to AI used in their systems.
ERP users face unique questions under the AI Basic Law because it does not appear to explicitly assign compliance responsibility between software vendors and their clients. It also does not clarify how pre-trained or integrated AI models are treated.
However, ERP users may consider three practical steps to prepare:
- Audit AI Components: Identify which ERP modules use AI, their function, and whether they operate in high-risk sectors. Focus especially on modules that influence decisions affecting rights, safety, or public operations.
- Establish Governance Frameworks: Create internal policies for risk assessment, human oversight, documentation, and user notification. Having these processes in place demonstrates good faith and supports rapid adaptation once authorities issue guidance.
- Engage Vendors Early: Clarify with ERP providers how pre-trained AI models are implemented, who manages updates, and who will be responsible for compliance documentation. Document roles to reduce ambiguity and potential liability.
By taking these steps, ERP users can prepare to meet obligations, reduce operational risk, and respond quickly once authorities issue final regulations and guidance notes.
What This Means for ERP Insiders
Regulatory gaps require proactive governance. The AI Basic Law sets broad obligations for high-impact AI but leaves key questions, such as compliance responsibility and treatment of pre-trained models, unresolved. ERP users should start building governance frameworks to manage risk and remain adaptable ahead of final regulations.
High-impact classification will drive focused compliance. Not all AI within ERP systems will be high impact. However, modules influencing employment, finance, healthcare, or government decisions may trigger obligations. Understanding which modules fall into these categories allows organizations to prioritize compliance resources effectively.
Vendor engagement is critical for risk management. Early collaboration with ERP providers is essential as government refines the AI Basic Law over the next year. Clarifying model updates, documentation duties, and operational oversight reduces uncertainty, mitigates liability, and ensures readiness for enforcement once regulations are finalized.
