Skip to content
Not-yet echoes

What Korean law hasn’t codified yet.

The practice is already here — arriving through foreign platforms and global standards. Korean domestic law hasn’t caught up. That gap is what these forecasts read as codification pressure.

These are forecasts, not law.

None of the 25 items below is enacted Korean law. Each is a hypothesis that a global trend — already reaching Koreans through foreign rails — will eventually be codified domestically. Every prediction shows its reasoning, evidence, and the signals to watch. Open the sources and judge the gap yourself.

Very high
8
forecasts
High
11
forecasts
Medium
6
forecasts
Very high likelihood8 forecasts
ForecastRegulatory Emulation
Very high

AI-Generated Content Labeling → Korean Domestic Mandate (EU AI Act / C2PA driven)

Global trend

EU AI Act Article 50 mandates transparency obligations: AI-generated content must be labeled, deepfakes must be disclosed, and providers must mark AI outputs in a machine-readable format. The Coalition for Content Provenance and Authenticity (C2PA) standard is being adopted by OpenAI (DALL-E 3, Sora), Google (SynthID), Meta, Adobe, and Microsoft. China's CAC already mandates AI content labeling (2023). California's AB 3211 (2024) requires AI watermarking. The global norm is shifting from voluntary to mandatory.

EU AI ActC2PAOpenAI/Google/Meta
Already happening — via foreign rails

Korean users of ChatGPT (estimated 3M+ MAU), Google Gemini, Claude, and Midjourney already receive AI-labeled content because these global platforms apply labeling globally. Korean creators using DALL-E 3 get C2PA-embedded images. Korean YouTube viewers see 'Altered or synthetic content' labels. Korean news consumers encounter AI-generated content on Naver and Kakao that is NOT labeled — the de facto labeling happens only on foreign platforms, creating an asymmetry where foreign-platform content is labeled but domestic-platform AI content is not.

De-facto evidenceopenai.comdeepmind.google
The domestic gap

Korea's AI Basic Act (인공지능 발전과 신뢰 기반 조성에 관한 기본법, enacted Dec 2024) includes transparency principles but does NOT mandate specific content labeling or watermarking standards. There is no domestic C2PA adoption mandate, no machine-readable watermarking requirement, and no enforcement mechanism for AI-generated content disclosure. The Korea Communications Commission (KCC) has issued guidelines but no binding regulation.

Gap sourceslaw.go.kr
The forecast — reasoning

The asymmetry is unsustainable: foreign platforms label AI content, domestic platforms don't. This creates (1) a consumer protection gap — Koreans can't distinguish AI content on Naver/Kakao; (2) an election integrity risk — unlabeled AI deepfakes in Korean elections (already seen in 2024 legislative elections); (3) a trade friction risk — EU AI Act will require Korean exporters to label AI content. The de facto channel is the strongest of all patterns: every Korean ChatGPT user already experiences AI labeling. Domestic codification is a matter of when, not if.

Expected vector

Amendment to AI Basic Act or new Presidential Decree mandating C2PA-compatible content provenance for AI systems operating in Korea, enforced by KCC and MSIT, with phased compliance starting with large platforms.

Estimated window

2025–2027

Watch signals
KCC announces AI content labeling rulemakingNaver or Kakao voluntarily adopts C2PA labelingNational Election Commission recommends AI labeling for election contentEU-Korea Digital Trade Council discusses AI labeling interoperabilityMSIT budget for AI content provenance R&D
ForecastRegulatory Emulation
Very high

Crypto-Asset Tax Reporting (CARF) → Korean Domestic Codification (OECD CARF driven)

Global trend

The OECD Crypto-Asset Reporting Framework (CARF), adopted in 2023, establishes a global standard for automatic exchange of tax information on crypto-asset transactions. It requires crypto-asset service providers to report customer transactions to tax authorities, who then automatically exchange this information with partner jurisdictions. The EU has integrated CARF into DAC8 (2023). 48 jurisdictions have committed to CARF implementation by 2027.

OECD CARFEU DAC8FATF
Already happening — via foreign rails

Korean users on foreign exchanges (Binance, Bybit, Coinbase) are already subject to those exchanges' tax reporting obligations under CARF/DAC8 — their transaction data will be reported to Korean tax authorities via automatic exchange starting 2027. Korean users on domestic exchanges (Upbit, Bithumb) already have their transactions tracked by the NTS via the Financial Intelligence Unit (FIU). The de facto channel is dual: foreign exchanges will report Korean users' data regardless of domestic law, and domestic exchanges already collect the data.

De-facto evidenceoecd.org
The domestic gap

Korea's crypto tax (20% on gains exceeding 2.5M KRW) has been repeatedly delayed — originally scheduled for 2022, then 2023, 2025, now 2027. The current legal framework (Income Tax Act amendment) is not yet in force. There is no domestic CARF implementation legislation, no crypto-specific tax reporting standard for VASPs, and no legal basis for automatic exchange of crypto transaction data with other jurisdictions.

Gap sourceslaw.go.kr
The forecast — reasoning

The CARF deadline (2027) creates a hard commitment: Korea is one of 48 jurisdictions that committed to CARF implementation. The de facto channel is already operational — foreign exchanges will report Korean users' data starting 2027 regardless of domestic law. If Korea does not implement CARF domestically, it will (1) receive data from foreign exchanges but have no legal basis to use it; (2) be unable to reciprocate, violating its commitment; (3) create a regulatory arbitrage where domestic exchanges have lower reporting burdens than foreign ones. The crypto tax delay is political, but CARF implementation is a separate technical commitment that is harder to walk back.

Expected vector

New CARF Implementation Act or amendment to Income Tax Act / International Tax Adjustment Act, mandating VASP transaction reporting to NTS, establishing automatic exchange framework, and aligning with DAC8/CARF timeline (2027).

Estimated window

2026–2027

Watch signals
NTS publishes CARF implementation roadmapNational Assembly passes crypto tax legislation (finally)Korea signs CARF Competent Authority Agreement (CAA)FIU and NTS establish joint crypto transaction reporting systemUpbit/Bithumb announce CARF compliance preparations
ForecastRegulatory Emulation
Very high

ESG Supply Chain Due Diligence → Korean Domestic Mandate (EU CSDDD driven)

Global trend

The EU Corporate Sustainability Due Diligence Directive (CSDDD), adopted in 2024, requires large companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts in their operations and supply chains. Companies must adopt transition plans aligned with the Paris Agreement. Germany's Supply Chain Due Diligence Act (LkSG) has been in force since 2023. France's Duty of Vigilance Law (2017) established judicial remedy for supply chain harms. The global norm is shifting from voluntary CSR to mandatory human rights and environmental due diligence (mHREDD).

EU CSDDDGermany LkSGFrance Duty of Vigilance
Already happening — via foreign rails

Korean companies in the EU supply chain — Samsung Electronics, Hyundai Motor, LG Energy Solution, SK hynix, POSCO — are already preparing CSDDD compliance because their EU customers (automakers, electronics brands) will require it contractually. Korean battery manufacturers supplying EU automakers are already conducting supply chain due diligence for cobalt, lithium, and nickel under the EU Battery Regulation. The de facto channel is B2B contractual: Korean exporters must comply with EU supply chain requirements to maintain market access.

De-facto evidencecommission.europa.eu
The domestic gap

Korea has NO mandatory human rights and environmental due diligence (mHREDD) legislation. The Framework Act on Sustainable Development (지속가능발전기본법) is aspirational. The National Human Rights Commission has recommended mHREDD legislation but no bill has passed. Korean companies' supply chain due diligence is driven by foreign customer requirements, not domestic law. There is no domestic legal remedy for supply chain harms, no mandatory transition plan requirement, and no civil liability for supply chain failures.

Gap sourceslaw.go.kr
The forecast — reasoning

The de facto channel is the strongest of all patterns: Korea's largest companies (Samsung, Hyundai, LG, SK, POSCO) are ALREADY implementing CSDDD-compliant supply chain due diligence because their EU customers demand it. This creates an irreversible compliance infrastructure. Three drivers: (1) market access — without domestic mHREDD legislation, Korean SMEs in the supply chain lack legal cover; (2) competitive parity — large Korean companies already bear the cost, and domestic legislation levels the playing field; (3) international alignment — Korea's OECD membership and EU FTA create normative pressure. The question is not whether Korea will adopt mHREDD, but when and in what form.

Expected vector

New Supply Chain Due Diligence Act (공급망 실사법) modeled on EU CSDDD and German LkSG, requiring large companies to conduct human rights and environmental due diligence, adopt climate transition plans, and establish grievance mechanisms, enforced by Ministry of Justice and National Human Rights Commission.

Estimated window

2025–2027

Watch signals
Ministry of Justice announces supply chain due diligence billNational Human Rights Commission NAP (National Action Plan) includes mHREDDSamsung/Hyundai publicly supports domestic mHREDD legislationKorea-EU FTA committee discusses CSDDD alignmentCivil society/NGO campaign for supply chain due diligence law
ForecastAI & Digital
Very high

AI Safety Testing & Red-Teaming → Korean Domestic Mandate (EU AI Act / US EO 14110 driven)

Global trend

Mandatory AI safety testing, red-teaming, and pre-deployment risk assessments for high-risk and general-purpose AI systems, driven by the EU AI Act (Article 55), US Executive Order 14110, and the UK AI Safety Institute framework.

EU AI ActUS NIST AI RMFUK AISI
Already happening — via foreign rails

Korean enterprises deploying AI (Samsung, Naver, Kakao) already conduct internal red-teaming to meet global enterprise customer requirements and comply with foreign platform policies (OpenAI, Google Cloud enterprise agreements). Korean AI startups seeking global investment undergo safety audits modeled on NIST AI RMF.

The domestic gap

Korea's AI Basic Act (인공지능발전과신뢰기반조성에관한기본법) establishes high-level trust principles but does not mandate specific red-teaming protocols, pre-deployment safety testing, or third-party auditing for high-risk AI systems. The Act delegates detailed safety requirements to subordinate regulations still under development.

Gap sourceslaw.go.kr
The forecast — reasoning

Korea's AI Basic Act explicitly references 'safety' and 'reliability' as core principles. The EU AI Act's red-teaming requirements will apply to Korean companies exporting AI systems to the EU market, creating immediate compliance pressure. Korean enterprises already conduct red-teaming voluntarily for global customers.

Expected vector

Enforcement decree (시행령) under the AI Basic Act, likely modeled on NIST AI RMF and EU AI Act Article 55

Estimated window

2026–2027

Watch signals
PIPC or MSIT notice on AI safety testing standardsKorea AI Safety Institute establishmentNAVER/Samsung public red-teaming reports
ForecastFinance
Very high

Tokenized Securities / Security Token Offering (STO) → Korean Domestic Legal Framework

Global trend

Switzerland (DLT Act 2021), Japan (revised FIEA 2020), EU (DLT Pilot Regime 2023), and UK (FCA Sandbox) have established legal frameworks for tokenized securities. Hong Kong and Singapore have issued STO-specific guidance. The global tokenized securities market is projected to reach $5T+ by 2030.

Swiss DLT ActJapan FIEAEU DLT Pilot Regime
Already happening — via foreign rails

Korean investors already access tokenized securities via foreign platforms (ADDX in Singapore, Sygnum in Switzerland). Korean securities firms (Mirae Asset, KB Securities) have conducted STO pilot programs. The Korea Exchange is developing a tokenized securities trading platform.

The domestic gap

Korea's Capital Markets Act (자본시장법) does not recognize blockchain-based securities or provide a legal framework for STOs. The FSC issued STO guidelines in 2023 but these are non-binding. There is no legal basis for tokenized securities issuance, trading, or custody. The Electronic Securities Act (전자증권법) covers dematerialized securities but not blockchain-based tokens.

Gap sourceslaw.go.kr
The forecast — reasoning

FSC has publicly committed to STO legalization. The Korea Exchange's tokenized securities platform is under development. Multiple securities firms have completed STO pilots. The global competitive pressure (Japan, Switzerland, EU already live) is intense. Legislative bills are already in the National Assembly.

Expected vector

Amendment to the Capital Markets Act and Electronic Securities Act, establishing STO issuance, trading, and custody rules

Estimated window

2026–2027

Watch signals
STO bill passage in National AssemblyKorea Exchange STO platform launchFirst licensed STO issuance
ForecastAI & Digital
Very high

AI/ML-Based Medical Devices (SaMD) → Korean MFDS Regulatory Framework (FDA/IMDRF driven)

Global trend

FDA has authorized 1,000+ AI/ML-enabled medical devices and issued guidance on change control plans for adaptive AI. IMDRF published SaMD risk categorization and clinical evaluation frameworks. EU MDR includes specific provisions for AI-based medical devices.

FDAIMDRFEU MDR
Already happening — via foreign rails

Korean hospitals (Seoul National University Hospital, Asan Medical Center, Samsung Medical Center) already deploy FDA-cleared AI diagnostic tools (Lunit, Vuno, DeepBio). Korean AI medical device companies export to the US and EU, complying with FDA/IMDRF standards. Korean radiologists routinely use AI-assisted diagnosis tools.

De-facto evidencefda.govimdrf.org
The domestic gap

Korea's Medical Devices Act (의료기기법) does not have specific provisions for adaptive/continuously-learning AI medical devices. MFDS guidelines for AI medical devices exist but are not legally binding and do not address change control for model updates. The regulatory pathway for SaMD is adapted from traditional medical device rules, creating uncertainty for AI-specific features like continuous learning.

Gap sourceslaw.go.kr
The forecast — reasoning

Korea is a global leader in AI medical imaging (Lunit, Vuno). MFDS has been actively participating in IMDRF and has issued draft AI medical device guidelines. The FDA's final guidance on change control plans (2024) provides a template. Korean AI medical device exports to the US/EU require compliance with FDA/IMDRF standards, creating domestic regulatory pressure.

Expected vector

Amendment to the Medical Devices Act or MFDS notice establishing AI-specific SaMD classification, clinical evaluation, and change control requirements

Estimated window

2026–2028

Watch signals
MFDS AI medical device guideline finalizationIMDRF AI SaMD working group Korea leadershipFirst Korean adaptive AI device MFDS approval
ForecastESG & Disclosure
Very high

Anti-Greenwashing Regulation → Korean Domestic Mandate (EU SFDR/CSRD driven)

Global trend

EU SFDR (2021) requires financial products to disclose sustainability risks and classify products by ESG ambition. EU CSRD (2023) mandates detailed sustainability reporting with third-party assurance. UK FCA anti-greenwashing rule (2024) requires ESG claims to be 'fair, clear and not misleading.' Australia ASIC and US SEC have issued greenwashing enforcement actions.

EU SFDREU CSRDUK FCA
Already happening — via foreign rails

Korean exporters (Samsung, Hyundai, LG, SK) already comply with EU CSRD/SFDR for their European operations and supply chains. Korean asset managers marketing ESG funds in Europe must comply with SFDR. Korean consumers increasingly encounter ESG-labeled financial products (ESG bonds, green deposits) and demand verification of claims.

The domestic gap

Korea's ESG disclosure regime is voluntary. The FSC's ESG disclosure guidelines (2021) are non-binding. The Environmental Technology and Industry Support Act (환경기술산업법) includes green certification but not anti-greenwashing enforcement. There is no statutory definition of 'greenwashing' or penalties for misleading ESG claims. Korea's sustainable finance taxonomy (K-Taxonomy) is still partial.

Gap sourceslaw.go.kr
The forecast — reasoning

EU CSRD directly applies to Korean companies with significant EU operations. FSC has announced plans for mandatory ESG disclosure starting 2026. The Korea Exchange's ESG disclosure framework is being upgraded. Greenwashing enforcement cases in the US and EU create precedent and pressure. Multiple ESG-related bills are pending in the National Assembly.

Expected vector

Amendment to the Financial Investment Services and Capital Markets Act (자본시장법) establishing mandatory ESG disclosure and anti-greenwashing provisions, plus FSC enforcement guidelines

Estimated window

2026–2028

Watch signals
FSC mandatory ESG disclosure timeline announcementFirst Korean greenwashing enforcement actionK-Taxonomy completion and legal codification
ForecastAI & Digital
Very high

AI Training Data Transparency → Korean Domestic Mandate (EU AI Act Art 53 driven)

Global trend

EU AI Act Article 53 requires providers of general-purpose AI models to publish a sufficiently detailed summary of training data. The US Copyright Office is examining AI training data transparency. Japan's AI guidelines recommend training data disclosure. China's generative AI regulations require training data to respect IP rights.

EU AI Act Art 53US Copyright OfficeJapan METI
Already happening — via foreign rails

Korean AI developers (Naver HyperCLOVA, LG ExaOne) already face training data transparency demands from enterprise customers and global partners. Korean content creators and webtoon artists have protested AI training on their works without consent. Korean users of foreign AI services (ChatGPT, Midjourney) are subject to those platforms' training data policies.

The domestic gap

Korea's AI Basic Act (인공지능발전과신뢰기반조성에관한기본법) does not require training data transparency or summaries. The Copyright Act (저작권법) has a TDM (text and data mining) exception but no transparency obligation. There is no requirement for AI developers to disclose what data was used for training, whether copyrighted works were included, or whether personal data was used.

Gap sourceslaw.go.kr
The forecast — reasoning

EU AI Act Article 53 creates a direct compliance obligation for Korean AI companies exporting to the EU. Korean content creator protests are generating political pressure. The Copyright Act TDM exception is controversial and may be revised. The AI Basic Act's enforcement decree is the natural vehicle for training data transparency rules.

Expected vector

Enforcement decree under the AI Basic Act or amendment to the Copyright Act, requiring training data summaries and opt-out mechanisms for rights holders

Estimated window

2026–2027

Watch signals
AI Basic Act enforcement decree draft with training data provisionsCopyright Act TDM amendment proposalNaver/Kakao voluntary training data disclosure
High likelihood11 forecasts
ForecastRegulatory Emulation
High

Biometric Face KYC → Korean Domestic Mandate (FATF Travel Rule / eIDAS 2.0 driven)

Global trend

FATF Recommendation 16 (Travel Rule) and EU eIDAS 2.0 are driving global adoption of biometric identity verification for financial services. The EU Digital Identity Wallet mandates biometric binding. Major crypto exchanges (Binance, Bybit, OKX, Coinbase) now require facial recognition KYC for all users globally, including Korean users. Singapore, Japan, UAE, and EU member states have already codified biometric KYC requirements in their AML/CTF frameworks.

FATFEU eIDAS 2.0Global Crypto Exchanges
Already happening — via foreign rails

Korean users of global crypto exchanges (Binance, Bybit, OKX, KuCoin) already complete facial recognition KYC as a condition of using those platforms. Korean users on Upbit and Bithumb (domestic exchanges) also complete KYC but without biometric facial matching — the domestic standard is still document-image + SMS verification. An estimated 2-3 million Korean users are on foreign exchanges that require biometric KYC, creating a de facto biometric identity verification channel that operates entirely outside Korean domestic law.

De-facto evidencebinance.comfatf-gafi.org
The domestic gap

Korea's Act on Reporting and Using Specified Financial Transaction Information (특정금융정보법) mandates KYC for virtual asset service providers but does NOT require biometric verification. The current domestic standard is document-image upload + mobile phone SMS verification. There is no legal basis for facial recognition KYC, no biometric data protection framework specific to financial KYC, and no interoperability standard with EU eIDAS or FATF biometric guidelines.

Gap sourceslaw.go.kr
The forecast — reasoning

Three converging forces: (1) FATF mutual evaluation pressure — Korea's next MER will flag the biometric gap vs. FATF Rec 16 expectations; (2) EU eIDAS 2.0 interoperability — Korean financial institutions doing business in EU will need biometric-compatible KYC; (3) competitive pressure — domestic exchanges losing users to foreign platforms with stronger security. The de facto channel (2-3M Korean users already doing biometric KYC on foreign exchanges) is the strongest predictor — once a critical mass of citizens are already enrolled in a foreign biometric system, domestic codification becomes a consumer-protection and sovereignty issue.

Expected vector

Amendment to 특정금융정보법 (Specific Financial Information Act) or FSC/FIU guideline mandating biometric verification for virtual asset service providers, with phased implementation starting with large exchanges.

Estimated window

2026–2028

Watch signals
FSC/FIU announces biometric KYC pilot or regulatory sandboxUpbit or Bithumb voluntarily introduces facial recognition KYCFATF Korea MER (Mutual Evaluation Report) flags biometric gapEU adequacy decision for Korean digital ID under eIDAS 2.0National Assembly bill proposing biometric KYC amendment
ForecastRegulatory Emulation
High

Stablecoin Regulatory Framework → Korean Domestic Codification (FATF / EU MiCA driven)

Global trend

EU MiCA (Markets in Crypto-Assets Regulation) Title IV establishes a comprehensive stablecoin framework: e-money tokens (EMTs) and asset-referenced tokens (ARTs) require authorization, reserve requirements, redemption rights, and prudential safeguards. Japan's 2022 Payment Services Act revision already regulates stablecoins. Singapore's MAS published a stablecoin regulatory framework (2023). UK FCA is consulting on stablecoin rules. The FATF updated its virtual asset guidance to include stablecoin-specific risks.

FATFEU MiCAJapan FSASingapore MAS
Already happening — via foreign rails

Korean retail investors are significant holders of USDT and USDC, accessed through foreign exchanges (Binance, Bybit) and DeFi protocols. The 'Kimchi Premium' — where Korean exchange prices trade at a premium to global prices — is arbitraged using stablecoins as the bridge currency. Korean remittance users increasingly use stablecoins for KRW-USD and KRW-PHP corridors via foreign fintech apps. An estimated $2-3B in stablecoin value is held by Korean residents through foreign platforms, entirely outside Korean regulatory perimeter.

De-facto evidencefatf-gafi.org
The domestic gap

Korea has NO stablecoin-specific legislation. The Act on Reporting and Using Specified Financial Transaction Information regulates VASPs but does not address stablecoin issuance, reserve requirements, redemption rights, or prudential standards. The Bank of Korea has conducted CBDC pilots (digital won) but has not proposed a stablecoin regulatory framework. Korean won-pegged stablecoins cannot be legally issued in Korea.

Gap sourceslaw.go.kr
The forecast — reasoning

Three drivers: (1) FATF pressure — Korea's next MER will flag the stablecoin regulatory gap; (2) financial stability concern — $2-3B in unregulated stablecoin holdings by Korean residents is a systemic risk; (3) competitive pressure — Japan and Singapore already have frameworks, and Korean won stablecoins issued abroad (e.g., KRW-pegged tokens on foreign chains) will force regulatory response. The de facto channel is massive: Korean stablecoin usage is already at institutional scale, just invisible to domestic regulators.

Expected vector

New standalone Stablecoin Act or amendment to the Act on Reporting and Using Specified Financial Transaction Information, establishing licensing for stablecoin issuers, reserve requirements (1:1 backing), redemption rights, and interoperability with BOK CBDC.

Estimated window

2026–2028

Watch signals
FSC announces stablecoin regulatory framework consultationBank of Korea publishes stablecoin financial stability reportKorean won-pegged stablecoin launched on a foreign blockchainFATF Korea MER flags stablecoin gapNational Assembly holds hearing on virtual asset investor protection including stablecoins
ForecastStandard Adoption
High

Digital Identity Wallet → Korean Domestic Mandate (EU eIDAS 2.0 / ISO 18013-5 driven)

Global trend

EU eIDAS 2.0 (Regulation 2024/1183) mandates EU Digital Identity Wallets for all member states by 2026. ISO/IEC 18013-5 (mobile driving license) is being adopted by 30+ jurisdictions including US states, Australia, and Japan. Apple and Google have integrated digital ID storage in Wallet apps. The global standard is converging on W3C Verifiable Credentials and ISO mDL as the interoperable digital identity format.

EU eIDAS 2.0ISO/IEC 18013-5W3C
Already happening — via foreign rails

Korean travelers to the EU will need EU-compatible digital identity wallets by 2026. Korean iPhone users already store boarding passes, car keys, and hotel keys in Apple Wallet. Korean Samsung users have Samsung Wallet with digital student ID at some universities. Korean residents use Kakao/Naver/PASS certificate for domestic digital identity — but these are NOT interoperable with EU eIDAS or ISO 18013-5. The de facto channel is travel and platform exposure: Koreans abroad already encounter digital ID wallets and will demand domestic equivalents.

The domestic gap

Korea's digital identity infrastructure (PASS app, Kakao/Naver certificate, i-PIN) is domestically functional but internationally non-interoperable. There is no ISO 18013-5-compatible mobile driving license, no W3C Verifiable Credential-based identity wallet, and no legal framework for cross-border digital identity recognition. The Digital Government Act (전자정부법) does not address international interoperability of digital identity.

Gap sourceslaw.go.kr
The forecast — reasoning

EU eIDAS 2.0 creates a hard deadline: by 2026, EU member states must accept EU Digital Identity Wallets for cross-border services. Korean citizens and businesses operating in the EU will need interoperable digital identity. The de facto channel (Korean travelers/businesspeople encountering EU digital ID requirements) creates demand pull. Additionally, ISO 18013-5 adoption by Korea's peers (Japan, Australia, US) creates normative pressure. The domestic gap is not technical — Korea has strong digital infrastructure — but legal and standards-based.

Expected vector

Amendment to Digital Government Act (전자정부법) or new Digital Identity Act establishing ISO 18013-5-compatible mobile ID, W3C Verifiable Credential support, and mutual recognition framework with EU eIDAS.

Estimated window

2025–2027

Watch signals
MOIS (Ministry of Interior and Safety) announces digital ID wallet pilotKorea-EU digital partnership agreement includes digital ID interoperabilityKorean mobile driving license (mDL) pilot launchedSamsung Wallet or PASS app adds ISO 18013-5 supportNational Assembly bill for Digital Identity Act
ForecastRegulatory Emulation
High

Algorithmic Transparency & Platform Accountability → Korean Domestic Mandate (EU DSA driven)

Global trend

EU Digital Services Act (DSA) Articles 27, 38 requires Very Large Online Platforms (VLOPs) to provide clear, accessible explanations of their recommender systems, offer at least one non-profiling-based option, and conduct systemic risk assessments. The EU AI Act extends algorithmic transparency to high-risk AI systems. Brazil, India, and Canada are developing similar requirements. Global platforms (Meta, TikTok, YouTube) already publish EU-mandated transparency reports that include algorithmic parameters.

EU DSAEU AI Act
Already happening — via foreign rails

Korean users of YouTube, Instagram, TikTok, and Netflix already experience algorithmic transparency features that these platforms implemented for EU compliance — but those features are served globally, including to Korean users. Korean users can already access 'Why am I seeing this?' explanations on Meta platforms and YouTube. The de facto channel is platform-level: global platforms already provide algorithmic transparency to Korean users because it's cheaper to apply EU standards globally than to maintain separate Korean configurations.

De-facto evidencecommission.europa.eu
The domestic gap

Korea's Telecommunications Business Act (전기통신사업법) was amended in 2024 to address platform regulation but does NOT mandate algorithmic transparency, recommender system explanations, or non-profiling-based content options. The Act focuses on user protection and content moderation but lacks the algorithmic accountability provisions of the EU DSA. Domestic platforms (Naver, Kakao) are not required to explain their recommendation algorithms.

Gap sourceslaw.go.kr
The forecast — reasoning

The asymmetry is stark: global platforms already provide algorithmic transparency to Korean users (because of EU DSA global application), while domestic platforms (Naver, Kakao) do not. This creates (1) a competitive disparity — domestic platforms appear less transparent; (2) a consumer protection gap — Korean users can't understand domestic platform algorithms; (3) regulatory arbitrage risk — platforms may route content through Korea to avoid EU transparency rules. The de facto channel (Koreans already experiencing algorithmic transparency on foreign platforms) normalizes the expectation.

Expected vector

Amendment to Telecommunications Business Act adding algorithmic transparency provisions: recommender system explanations, non-profiling option, algorithmic risk assessment for large platforms, enforced by KCC.

Estimated window

2025–2027

Watch signals
KCC proposes algorithmic transparency rules for large platformsNaver or Kakao voluntarily publishes recommender system explanationNational Assembly bill on 'Algorithmic Justice Act'Korea-EU digital cooperation includes DSA alignmentCivil society lawsuit demanding algorithmic transparency from domestic platforms
ForecastRegulatory Emulation
High

AI Training Data Opt-Out Rights → Korean Domestic Codification (EU AI Act / GDPR driven)

Global trend

The EU AI Act requires providers of general-purpose AI models to implement a policy to respect the opt-out of text and data mining (TDM) by rights holders, expressed in machine-readable form (Article 53(1)(c)). The EU Copyright Directive (CDSM) Article 4 already establishes the TDM opt-out right. Major AI companies (OpenAI, Google, Meta) now offer opt-out mechanisms for training data. Japan's 2024 AI guidelines recommend opt-out mechanisms. The global norm is shifting from 'scrape first, opt-out later' to 'respect opt-out by default.'

EU AI ActEU CDSM DirectiveOpenAI/Google
Already happening — via foreign rails

Korean creators, artists, and webtoon authors already use opt-out mechanisms provided by global AI platforms (OpenAI's GPTBot opt-out, Google-Extended, DeviantArt's noai tag). Korean news publishers (Chosun, JoongAng, Hankyoreh) have begun blocking AI crawlers in robots.txt. The de facto channel is technical: Korean content creators are already exercising opt-out rights on foreign platforms, but these opt-outs have no legal force under Korean law — they depend entirely on foreign platforms' voluntary compliance.

De-facto evidenceopenai.com
The domestic gap

Korea's Copyright Act does NOT include a text and data mining (TDM) exception or opt-out right. The AI Basic Act does not address training data opt-out. Korean creators have no domestic legal mechanism to prevent their work from being used for AI training. The PIPC has issued guidelines on AI and personal data but has not addressed the copyright/TDM dimension. Korean webtoon artists and writers — a major creative industry — have no legal opt-out right.

Gap sourceslaw.go.kr
The forecast — reasoning

Korea has one of the world's largest webtoon/web-novel industries, and creators are already organizing against unauthorized AI training. The de facto channel (creators using foreign opt-out mechanisms) demonstrates demand. Three drivers: (1) EU AI Act compliance — Korean AI companies exporting to EU must implement opt-out anyway; (2) creator industry pressure — webtoon artists are a politically influential constituency; (3) PIPC/Copyright Act alignment — Korea's data protection framework already recognizes data subject rights, and extending this to creative works is a natural progression.

Expected vector

Amendment to Copyright Act introducing TDM opt-out right in machine-readable form, aligned with EU CDSM Article 4 and EU AI Act Article 53(1)(c), enforced by Ministry of Culture and KCC.

Estimated window

2025–2027

Watch signals
Ministry of Culture announces Copyright Act amendment for AI eraWebtoon/web-novel industry association demands TDM opt-out legislationKCC or PIPC issues AI training data guidelinesKorean AI company (Naver HyperCLOVA) voluntarily implements opt-outNational Assembly hearing on AI and creator rights
ForecastStandard Adoption
High

Digital Product Passport → Korean Domestic Mandate (EU ESPR driven)

Global trend

The EU Ecodesign for Sustainable Products Regulation (ESPR), in force since July 2024, mandates Digital Product Passports (DPP) for products sold in the EU, starting with batteries (2027), textiles, electronics, and construction materials. The DPP contains sustainability, circularity, and compliance data accessible via QR code or NFC. The EU Battery Regulation (2023) already requires battery passports with carbon footprint, recycled content, and due diligence data. China is developing its own DPP standard.

EU ESPREU Battery Regulation
Already happening — via foreign rails

Korean battery manufacturers (LG Energy Solution, Samsung SDI, SK On) are already developing battery passport systems for EU compliance by 2027. Korean electronics exporters (Samsung, LG Electronics) are preparing DPP for electronics. Korean textile exporters are engaging with EU DPP standards. The de facto channel is B2B: Korean manufacturers exporting to the EU must implement DPP to maintain market access, and this implementation is already underway regardless of domestic law.

De-facto evidencecommission.europa.eu
The domestic gap

Korea has NO Digital Product Passport legislation or standard. The Resource Recycling Act (자원재활용법) addresses recycling but does not mandate digital product information. There is no domestic DPP infrastructure, no QR/NFC-based product information standard, and no legal requirement for manufacturers to provide sustainability data to consumers. Korean consumers cannot access DPP data for domestically sold products.

Gap sourceslaw.go.kr
The forecast — reasoning

The de facto channel is strong: Korea's largest export industries (batteries, electronics, textiles) are already building DPP systems for EU compliance. Three drivers: (1) market access — EU DPP is mandatory for Korean exports; (2) domestic consumer benefit — once DPP infrastructure exists for exports, extending it to domestic products is low marginal cost; (3) circular economy policy — Korea's Circular Economy Act (2024) creates a policy framework that DPP would complement. The EU deadline (batteries 2027) creates a hard timeline.

Expected vector

Amendment to Resource Recycling Act or new Digital Product Passport Act, establishing DPP requirements aligned with EU ESPR, starting with batteries and electronics, enforced by Ministry of Environment and KATS.

Estimated window

2026–2028

Watch signals
Ministry of Environment announces DPP pilot programKATS develops KS standard for Digital Product PassportSamsung/LG publicly demonstrates battery passport systemKorea-EU regulatory cooperation on DPP interoperabilityCircular Economy Act implementation includes DPP provisions
ForecastFinance
High

Open Banking / PSD3-Style Data Sharing → Korean Domestic Mandate (EU PSD2/PSD3 driven)

Global trend

EU PSD2 (2018) mandated banks to open payment accounts to licensed third-party providers via APIs. PSD3 (proposed 2023, expected 2026) expands this to broader financial data sharing with stronger customer control. UK, Australia, Brazil, and Japan have adopted similar open banking frameworks.

EU PSD2/PSD3UK Open BankingAustralia CDR
Already happening — via foreign rails

Korean consumers already use foreign fintech apps (Wise, Revolut) that aggregate multi-bank data via open banking APIs. Korean fintechs (Toss, KakaoPay) offer account aggregation via screen-scraping, which is less secure than API-based open banking. MyData (마이데이터) provides some data portability but is not a full open banking mandate.

The domestic gap

Korea's MyData system (신용정보법) allows credit data portability but does not mandate banks to open payment accounts to licensed third-party providers via standardized APIs. Screen-scraping remains the dominant data access method, creating security and reliability risks. There is no statutory right for consumers to share their banking data with authorized fintechs.

Gap sourceslaw.go.kr
The forecast — reasoning

FSC has signaled interest in expanding MyData to payment accounts. The global trend toward API-based open banking (PSD3, UK, Australia) creates competitive pressure. Korean fintechs are already building the technical infrastructure. However, bank resistance and data security concerns may slow adoption.

Expected vector

Amendment to the Credit Information Act (신용정보법) or a new Open Banking Act, establishing API standards and third-party provider licensing

Estimated window

2027–2029

Watch signals
FSC open banking task force announcementBank of Korea open banking API pilotToss/KakaoPay API-based account aggregation launch
ForecastFinance
High

CBDC Cross-Border Interoperability → Korean Domestic Legal Framework (BIS mBridge / IMF XC driven)

Global trend

BIS Innovation Hub's mBridge project (China, Hong Kong, Thailand, UAE) demonstrated real-value cross-border CBDC transactions. The IMF's XC platform aims for multi-currency CBDC interoperability. 130+ countries are exploring CBDCs, with 11 already live.

BIS mBridgeIMF XC PlatformBIS Innovation Hub
Already happening — via foreign rails

Bank of Korea is an observer in mBridge and has completed its own CBDC pilot (2023-2024). Korean banks process billions in cross-border remittances annually. Korean enterprises (Samsung, Hyundai) conduct massive cross-border trade settlements that would benefit from CBDC efficiency.

De-facto evidencebis.orgbis.org
The domestic gap

The Bank of Korea Act (한국은행법) does not authorize the issuance of digital currency or cross-border CBDC interoperability. The BOK's CBDC pilot was conducted under a limited legal mandate. There is no statutory framework for cross-border CBDC transactions, foreign CBDC recognition, or CBDC-based trade settlement.

Gap sourceslaw.go.kr
The forecast — reasoning

BOK has completed CBDC pilots and is actively exploring cross-border use cases. The global momentum (mBridge, IMF XC) is strong. Korea's export-dependent economy would benefit significantly from CBDC-based trade settlement. However, legal changes to the Bank of Korea Act require National Assembly action, which may face political hurdles.

Expected vector

Amendment to the Bank of Korea Act authorizing CBDC issuance and cross-border interoperability, plus subordinate regulations on foreign CBDC recognition

Estimated window

2027–2029

Watch signals
BOK CBDC legal amendment proposalKorea joins mBridge as full participantCross-border CBDC pilot with Japan or China
ForecastAI & Digital
High

Right to Opt-Out of Automated Decision-Making → Korean Domestic Codification (GDPR Art 22 driven)

Global trend

GDPR Article 22 provides the right not to be subject to solely automated decisions producing legal or significant effects. EU AI Act extends this to high-risk AI systems. California CPRA, Brazil LGPD, and Canada's proposed AI and Data Act include similar provisions.

EU GDPR Art 22EU AI ActCalifornia CPRA
Already happening — via foreign rails

Korean consumers are already subject to automated decisions by foreign platforms (Google, Meta, Apple) that offer opt-out mechanisms to comply with GDPR. Korean users of global platforms can request human review of automated content moderation, credit decisions, and ad targeting. Korean fintechs using AI credit scoring face increasing consumer demand for explanation and human review.

The domestic gap

Korea's Personal Information Protection Act (개인정보보호법) includes rights to explanation of automated decisions (Article 37-2) but does not provide a right to opt out of automated decision-making entirely or to obtain human intervention. The provision is limited to 'decisions that significantly affect the data subject's rights or obligations' and only requires explanation, not the ability to contest or opt out.

Gap sourceslaw.go.kr
The forecast — reasoning

PIPA already has a foundation (Article 37-2 on automated decisions). The EU adequacy decision for Korea requires ongoing alignment with GDPR standards. Consumer advocacy groups are increasingly vocal about AI-driven decisions in credit, hiring, and insurance. The AI Basic Act's trustworthiness provisions create additional pressure.

Expected vector

Amendment to PIPA Article 37-2 or a new provision in the AI Basic Act enforcement decree, establishing the right to human intervention and opt-out from automated decisions

Estimated window

2027–2028

Watch signals
PIPC automated decision-making guidelinesPIPA amendment bill with opt-out rightConsumer class action on AI credit scoring
ForecastDigital ID / DPI
High

Quantum-Safe Cryptography Migration → Korean Domestic Mandate (NIST PQC driven)

Global trend

NIST published final post-quantum cryptography (PQC) standards in August 2024 (FIPS 203, 204, 205). US NSM-10 mandates federal agency migration to PQC by 2035. Germany's BSI, France's ANSSI, and UK NCSC have issued PQC migration guidance. The EU's PQ-REACT project coordinates European PQC transition.

NIST PQC StandardsUS NSM-10EU PQ-REACT
Already happening — via foreign rails

Korean tech companies (Samsung, LG, SK) already participate in NIST PQC standardization and are developing quantum-safe chips and protocols. Korean banks and telecoms use encryption that will need PQC migration. Global cloud providers (AWS, Google Cloud, Azure) serving Korean enterprises are beginning PQC migration, creating downstream pressure.

De-facto evidencenist.govbsi.bund.de
The domestic gap

Korea's NIS (국가정보원) has issued PQC guidelines but these are non-binding recommendations, not mandates. The Electronic Signature Act (전자서명법) and Digital Government Act (전자정부법) do not reference PQC standards. There is no statutory timeline for government agency or critical infrastructure PQC migration. Korea's cryptographic standards (KCMVP) still rely on pre-quantum algorithms.

Gap sourceslaw.go.kr
The forecast — reasoning

NIST PQC standards are now final, creating a clear technical path. Korea's heavy reliance on digital infrastructure (e-government, fintech, 5G) makes PQC migration a national security priority. NIS has been actively researching PQC. However, the migration timeline is long (10+ years) and initial mandates may be limited to government systems.

Expected vector

NIS notice mandating PQC for government systems, followed by amendments to the Electronic Signature Act and sector-specific regulations for finance and telecom

Estimated window

2027–2030

Watch signals
NIS PQC migration mandate for government agenciesKCMVP PQC algorithm certificationBank of Korea PQC migration timeline
ForecastFinance
High

DeFi KYC/AML Requirements → Korean Domestic Codification (FATF DeFi Guidance driven)

Global trend

FATF's 2023 DeFi guidance identifies entities exercising 'control or sufficient influence' over DeFi arrangements as obliged entities. EU MiCA requires CASPs to apply AML/CFT rules. US FinCEN has proposed DeFi reporting rules. Japan's JFSA requires DeFi protocols serving Japanese users to register.

FATFEU MiCAUS FinCEN
Already happening — via foreign rails

Korean crypto users already interact with DeFi protocols (Uniswap, Aave, Compound) that are implementing KYC/AML for users from regulated jurisdictions. Korean VASPs (Upbit, Bithumb) are subject to strict KYC/AML but DeFi protocols accessed directly by Korean users fall outside the regulatory perimeter.

The domestic gap

Korea's Specific Financial Information Act (특정금융정보법) regulates VASPs (virtual asset service providers) but does not address DeFi protocols, decentralized exchanges, or lending platforms. There is no legal framework for identifying 'control or sufficient influence' over DeFi arrangements. Korean users can access DeFi protocols without KYC, creating a regulatory gap.

Gap sourceslaw.go.kr
The forecast — reasoning

FATF mutual evaluation of Korea (2025-2026) will examine DeFi regulatory coverage. The FIU (금융정보분석원) has signaled interest in DeFi regulation. EU MiCA and FATF guidance provide a regulatory template. However, the technical complexity of DeFi regulation and industry resistance may slow implementation.

Expected vector

Amendment to the Specific Financial Information Act or FIU notice, establishing criteria for DeFi protocol regulation and KYC/AML obligations

Estimated window

2027–2029

Watch signals
FATF Korea mutual evaluation report on DeFiFIU DeFi regulatory noticeFirst Korean DeFi protocol registration
Medium likelihood6 forecasts
ForecastRegulatory Emulation
Medium

Online Age Verification → Korean Domestic Mandate (UK OSA / EU DSA / Australia driven)

Global trend

The UK Online Safety Act 2023 mandates age verification for online pornography and harmful content. The EU DSA requires VLOPs to assess systemic risks to minors. Australia's Online Safety Act empowers the eSafety Commissioner to mandate age verification. France's SREN law requires age verification for adult content. The global trend is moving from self-declaration ('I am 18+') to hard age verification (ID document, facial age estimation, or third-party age assurance).

UK Online Safety ActEU DSAAustralia eSafety
Already happening — via foreign rails

Korean users of global platforms (YouTube, Instagram, TikTok) already encounter age-gating and age verification features deployed for EU/UK compliance. Korean users of Apple App Store and Google Play Store already undergo age-rating-based content restrictions. Korean teenagers on foreign gaming platforms (Roblox, Fortnite) are subject to those platforms' parental consent and age verification systems. The de facto channel is platform-level: global age verification is already applied to Korean users.

De-facto evidenceofcom.org.uk
The domestic gap

Korea's Youth Protection Act (청소년보호법) and Game Industry Promotion Act require age verification for games (the infamous 'shutdown law' was abolished in 2021) but do NOT mandate hard age verification for social media, adult content, or online platforms generally. The current system relies on mobile phone number verification (which children can circumvent using parents' phones) and self-declaration. There is no legal framework for third-party age assurance providers or facial age estimation.

Gap sourceslaw.go.kr
The forecast — reasoning

The de facto channel is weaker than other patterns — global age verification is less visible to Korean users than AI labeling or algorithmic transparency. However, three drivers push toward codification: (1) child safety concerns — Korea has high youth smartphone penetration (95%+) and growing concern about social media harm; (2) international alignment — Korea's digital regulation increasingly tracks EU/UK standards; (3) platform compliance — global platforms will apply age verification to Korean users anyway, creating the same asymmetry dynamic. Likelihood is medium because Korea's domestic political focus on age verification has been on games, not broader platforms.

Expected vector

Amendment to Youth Protection Act or new Online Safety Act mandating age verification for adult content and large social media platforms, with KCC as enforcement body and recognition of third-party age assurance providers.

Estimated window

2026–2029

Watch signals
KCC or Ministry of Gender Equality and Family proposes online age verification billHigh-profile incident involving minor access to harmful content triggers legislative responseKorea Communications Commission age verification pilotGlobal platform (Meta/TikTok) voluntarily extends age verification to Korean usersConstitutional Court ruling on age verification and privacy
ForecastRegulatory Emulation
Medium

Decentralized Finance (DeFi) Regulation → Korean Domestic Codification (FATF / IOSCO driven)

Global trend

FATF's 2023 Updated Guidance on Virtual Assets and VASPs addresses DeFi arrangements, stating that the Travel Rule applies where a person exercises control or sufficient influence over a DeFi arrangement. IOSCO's 2023 DeFi Policy Recommendations call for identifying 'responsible persons' in DeFi. The EU MiCA explicitly excludes fully decentralized DeFi but the European Commission is mandated to report on DeFi regulation by 2025. The US SEC and CFTC are actively pursuing enforcement against DeFi protocols.

FATFIOSCOEU MiCA
Already happening — via foreign rails

Korean users are among the most active DeFi participants globally. Korean-language DeFi protocols (Klaytn-based, Kaia) have significant Korean user bases. Korean users access Uniswap, Aave, Compound, and other major DeFi protocols through MetaMask and other non-custodial wallets. The 'Kimchi Premium' arbitrage is executed through DeFi bridges. An estimated 500K-1M Korean users interact with DeFi protocols, entirely outside Korean regulatory perimeter.

De-facto evidencefatf-gafi.org
The domestic gap

Korea has NO DeFi-specific regulation. The Act on Reporting and Using Specified Financial Transaction Information regulates centralized VASPs but does not address decentralized protocols, DAOs, liquidity pools, or automated market makers. There is no legal framework for identifying 'responsible persons' in DeFi arrangements, no DeFi-specific AML/CTF obligations, and no consumer protection for DeFi users. The FSC has not issued DeFi guidance.

Gap sourceslaw.go.kr
The forecast — reasoning

DeFi regulation is technically complex and globally still nascent. The de facto channel (Korean DeFi usage) is significant but harder to measure than centralized exchange usage. Three drivers: (1) FATF pressure — Korea's next MER will need to address DeFi; (2) consumer protection — DeFi hacks and rug pulls affecting Korean users will trigger regulatory response; (3) tax enforcement — DeFi transactions are invisible to Korean tax authorities. Likelihood is medium because the global regulatory framework is still evolving, and Korea typically waits for international consensus before acting on complex financial regulation.

Expected vector

FSC/FIU guideline on DeFi arrangements under the Specific Financial Information Act, identifying 'control or sufficient influence' test for DeFi protocols, followed by legislative amendment establishing DeFi-specific obligations.

Estimated window

2027–2029

Watch signals
FSC/FIU publishes DeFi risk assessment or guidanceMajor DeFi hack affecting Korean users triggers regulatory responseFATF Korea MER flags DeFi gapKlaytn/Kaia-based DeFi protocol subject to enforcement actionNational Assembly hearing on virtual asset investor protection including DeFi
ForecastRegulatory Emulation
Medium

AI Liability Framework → Korean Domestic Codification (EU AI Liability Directive driven)

Global trend

The EU AI Liability Directive (proposed 2022, expected adoption 2025) establishes civil liability rules for AI-caused harm, including: rebuttable presumption of causality where fault is established and a causal link to AI output is reasonably likely, disclosure of evidence obligations for AI providers, and harmonized liability for AI systems. The EU Product Liability Directive revision (2024) extends strict liability to software and AI. The US is developing AI liability through case law and state legislation.

EU AI Liability DirectiveEU Product Liability Directive
Already happening — via foreign rails

Korean users of AI systems (ChatGPT, Google Gemini, Naver HyperCLOVA) are already exposed to AI-caused harm — misinformation, biased decisions, privacy violations — but have no clear legal remedy. Korean companies deploying AI (banks using AI credit scoring, hospitals using AI diagnosis, platforms using AI content moderation) face liability uncertainty. The de facto channel is exposure: Korean citizens and businesses are already in AI-mediated relationships where harm can occur, but the legal framework hasn't caught up.

The domestic gap

Korea has NO AI-specific liability legislation. The Civil Act (민법) general tort provisions (Article 750) could theoretically apply to AI harm but have never been tested. The Product Liability Act (제조물책임법) was amended in 2024 to include software but does not specifically address AI. The AI Basic Act focuses on industry promotion and ethical principles but does not establish civil liability rules, burden of proof, or disclosure obligations for AI providers.

The forecast — reasoning

AI liability is a second-wave regulatory issue — countries typically establish AI governance frameworks first (AI Basic Act) and liability rules second. The de facto channel (AI exposure) is universal but diffuse — it creates background pressure rather than a specific trigger. Three drivers: (1) EU alignment — Korea's AI regulation tracks EU standards, and the AI Liability Directive will create a model; (2) litigation pressure — the first major AI harm case in Korea will expose the legal gap; (3) industry demand — Korean AI companies need liability clarity to manage risk. Likelihood is medium because liability reform is politically complex and typically follows, not leads, regulatory development.

Expected vector

Amendment to Product Liability Act or new AI Liability Act, establishing rebuttable presumption of causality for AI harm, disclosure obligations for AI providers, and harmonized liability rules aligned with EU AI Liability Directive.

Estimated window

2027–2029

Watch signals
First major AI harm lawsuit filed in Korean courtsMinistry of Justice announces AI liability law reviewEU AI Liability Directive adopted (triggering Korean alignment)Korean AI industry association requests liability clarityNational Assembly bill on AI liability
ForecastDigital ID / DPI
Medium

Digital Inheritance & Post-Mortem Data Access → Korean Domestic Legal Framework

Global trend

EU GDPR Recital 27 excludes deceased persons but member states can legislate. France (Loi République Numérique 2016), Germany (BGH ruling 2018), and several US states (Revised UFADAA 2015) have established digital inheritance rights. Japan's 2018 amended Civil Code addresses digital assets in inheritance.

EU GDPRFrance Digital Republic ActGermany BGH
Already happening — via foreign rails

Korean platform users (KakaoTalk, Naver, Google, Apple) already face digital inheritance issues when family members die — accounts, cloud storage, cryptocurrency wallets become inaccessible. Korean courts have handled digital inheritance cases ad hoc. Korean law firms increasingly offer digital estate planning services.

The domestic gap

Korea's Civil Code (민법) inheritance provisions do not address digital assets, online accounts, or post-mortem data access. The Personal Information Protection Act (개인정보보호법) does not provide for post-mortem data rights. Platform terms of service govern account access after death, with no statutory override. Cryptocurrency inheritance is particularly uncertain.

Gap sourceslaw.go.kr
The forecast — reasoning

Digital inheritance is a growing social issue as Korea's digital-native population ages. Court cases are accumulating. However, legislative action has been slow — no specific bill has gained traction. The issue cuts across multiple ministries (MOJ, MSIT, PIPC), creating coordination challenges.

Expected vector

Amendment to the Civil Code or a new Digital Assets Inheritance Act, establishing post-mortem data access rights and digital asset succession rules

Estimated window

2028–2030

Watch signals
Digital inheritance bill introduced in National AssemblySupreme Court digital inheritance rulingPIPC post-mortem data guidelines
ForecastAI & Digital
Medium

AI Workplace Surveillance & Algorithmic Management → Korean Domestic Regulation (EU AI Act / GDPR driven)

Global trend

EU AI Act classifies emotion recognition and biometric categorization in the workplace as high-risk. GDPR restricts automated employee monitoring. Several EU member states (Germany, Netherlands, Spain) have specific laws on algorithmic management. The UK ICO has issued guidance on monitoring at work. The US NLRB has addressed algorithmic management in union contexts.

EU AI ActGDPRUK ICO
Already happening — via foreign rails

Korean workers at global companies (Amazon, Google, Meta Korea offices) are already subject to algorithmic management systems used by their employers globally. Korean platform workers (delivery, ride-hailing) are managed by AI algorithms (Baedal Minjok, Coupang Eats). Korean call centers use AI-powered performance monitoring.

The domestic gap

Korea's Labor Standards Act (근로기준법) and Personal Information Protection Act do not specifically address AI-powered workplace surveillance or algorithmic management. There are no restrictions on emotion recognition or biometric monitoring in the workplace. Platform workers are not classified as employees under current law, leaving them outside labor protections against algorithmic management.

Gap sourceslaw.go.kr
The forecast — reasoning

Platform worker protection is a hot political issue in Korea, with multiple bills pending. The EU AI Act's workplace provisions create a model. However, labor law reform is politically contentious and algorithmic management regulation is a new frontier with no domestic precedent. The platform worker classification issue must be resolved first.

Expected vector

Amendment to the Labor Standards Act or a new Platform Worker Protection Act, incorporating restrictions on AI workplace surveillance and algorithmic management

Estimated window

2028–2030

Watch signals
Platform worker protection bill passagePIPC workplace AI monitoring guidelinesLabor union algorithmic management collective bargaining
ForecastFinance
Medium

Digital Euro / Cross-Border CBDC Retail Interoperability → Korean Domestic Framework

Global trend

ECB is developing the Digital Euro (expected launch 2027-2028) with offline functionality and pan-European reach. China's e-CNY is live with 260M+ users. India's e-Rupee and Brazil's Drex are in advanced pilots. The BIS is developing cross-border CBDC interoperability standards (Project Nexus, mBridge).

ECB Digital EuroBISIMF
Already happening — via foreign rails

Korean tourists and business travelers to China already encounter e-CNY. Korean exporters trading with China face e-CNY settlement scenarios. Korean fintechs (KakaoPay, Naver Pay) are expanding into markets with active CBDC programs. BOK's CBDC pilot included cross-border simulation with a foreign central bank.

De-facto evidenceecb.europa.eubis.org
The domestic gap

The Bank of Korea Act does not authorize retail CBDC issuance. There is no legal framework for foreign CBDC recognition or interoperability. Korean payment systems (KFTC, BOK Wire+) are not designed for CBDC interoperability. The Foreign Exchange Transactions Act (외국환거래법) does not address CBDC-based cross-border payments.

Gap sourceslaw.go.kr
The forecast — reasoning

BOK is actively researching CBDC but has not committed to retail issuance. The Digital Euro and e-CNY will create de facto interoperability pressure for Korean travelers and businesses. However, retail CBDC issuance is a sovereign decision requiring National Assembly approval, and BOK has been cautious about timeline.

Expected vector

Amendment to the Bank of Korea Act authorizing retail CBDC, plus amendments to the Foreign Exchange Transactions Act for CBDC cross-border interoperability

Estimated window

2028–2031

Watch signals
BOK retail CBDC decision announcementKorea-China CBDC interoperability pilotDigital Euro-Korean Won bridge project