South Korea is a civil law jurisdiction. Codified legislation is the primary source of law, with the legal hierarchy headed by the Constitution, followed by Acts of the National Assembly, presidential decrees, ministerial rules and local ordinances.
The principal areas of private and public law are governed by statutes, including:
Judicial decisions are not formally binding under the doctrine of stare decisis. In practice, however, Supreme Court decisions carry significant persuasive authority and are generally followed by lower courts. Academic commentary also plays an important role in statutory interpretation.
The ordinary court system has a three-tier structure. District Courts serve as the principal courts of first instance, High Courts hear appeals and the Supreme Court is the court of final appeal. South Korea also has specialised courts, including the Patent Court, Family Courts, the Administrative Court and Bankruptcy Courts.
Separate from the ordinary judiciary, the Constitutional Court has jurisdiction over constitutional review of statutes, constitutional complaints, impeachment proceedings, dissolution of political parties and competence disputes between state organs.
Accordingly, South Korea’s judicial system is best characterised as a civil law system with a three-tier ordinary court hierarchy, supplemented by specialised courts and a separate Constitutional Court.
Foreign investment in South Korea generally does not require prior governmental approval. Under the Foreign Investment Promotion Act (“FIPA”), most foreign investments are implemented through a filing or notification process rather than an approval regime.
To qualify as a “foreign investment” under the FIPA, an investment must generally be at least KRW100 million and result in either:
A foreign investment report is ordinarily filed before completion, although certain transactions – including listed share acquisitions, mergers, stock-for-stock exchanges, inheritance, gifts, dividend reinvestment and conversions or exercises of convertible securities – may instead be reported after completion.
Prior approval or enhanced review is required only in limited circumstances, principally where national security or specially regulated industries are involved.
A foreign investor acquiring shares in a defence industry company must obtain prior approval from the Ministry of Trade, Industry and Energy (“MOTIE”). Even where no sector-specific approval is required, an investment may be subject to national security review if it results in effective managerial control over an existing Korean company and raises concerns such as:
Such investments may be reviewed by MOTIE and the Foreign Investment Committee, which may impose corrective measures or require divestment.
South Korea also maintains a limited list of sectors wholly or partially restricted to foreign investment through prohibitions, foreign ownership caps or sector-specific approval or licensing requirements. These include defence-related businesses, broadcasting and certain media industries, air transport, financial services and businesses involving national core technologies or national high-tech strategic technologies. In some cases, approval from the relevant sector regulator is also required.
As noted in 2.1 Approval of Foreign Investments, most foreign investments in South Korea are subject not to substantive approval but to a foreign investment reporting requirement under the Foreign Investment Promotion Act (“FIPA”). A foreign investor must generally file a foreign investment report with the relevant authority (typically a designated foreign exchange bank or KOTRA) before completing the investment. Once the report is accepted and a filing certificate issued, the investor may subscribe for or acquire shares and remit the investment funds. Upon completion and payment of capital, the foreign-invested company must complete the required post-closing registration procedures.
Certain transactions – including listed share acquisitions, mergers, comprehensive share exchanges or transfers, inheritance, gifts, dividend reinvestment and conversions or exercises of convertible securities – may instead be reported after completion within the statutory period.
A different regime applies to investments in defence industry companies. A foreign investor acquiring shares in such a company must obtain prior approval from the Ministry of Trade, Industry and Energy (“MOTIE”), following consultation with the Ministry of National Defence. The statutory review period is generally 15 days, extendable once and approval may be granted subject to conditions.
An investment may also be subject to national security review if it would result in effective managerial control over an existing Korean company and raise concerns such as the leakage of national core technologies, national high-tech strategic technologies or other matters affecting national security. Such investments may be reviewed by MOTIE and the Foreign Investment Committee.
The consequences of non-compliance depend on the nature of the breach.
Where a foreign investor acquires shares in a defence industry company without the required approval or in breach of approval conditions, the investor may not exercise the voting rights attached to those shares. MOTIE may also order the disposal of the shares and criminal sanctions, including imprisonment or criminal fines, under the FIPA may apply.
Failure to file a required foreign investment report for an ordinary investment may result in an administrative fine. Criminal penalties may also apply where false documents are submitted in connection with a report or approval application.
Foreign investment approval in South Korea is generally not subject to extensive undertakings because the Foreign Investment Promotion Act (“FIPA”) adopts a notification-based rather than approval-based regime. However, where an investment involves a sensitive sector or the investor seeks investment incentives, the authorities may impose conditions or require specific commitments.
The clearest example is an investment in a defence industry company. A foreign investor seeking prior approval to acquire shares in such a company may receive approval from the Ministry of Trade, Industry and Energy (“MOTIE”), following consultation with the Ministry of National Defence, subject to conditions designed to protect national security and continuity of defence operations. These may include:
Compliance with these conditions is required on an ongoing basis. Where the disposal of defence facilities is required, the investor may be restricted from participating in management until the disposal is completed.
Commitments also commonly arise where a foreign investor establishes operations in a Foreign Investment Zone (“FIZ”) or seeks state or local investment incentives. These typically relate to:
Preferential treatment, such as reduced rent for state-owned or public land within an FIZ, is generally conditional on implementing the approved investment substantially in accordance with the submitted business plan. Failure to do so may result in:
Where an investment is reviewed from a national security or strategic technology perspective, the authorities may also require safeguards, including restrictions on access to sensitive facilities, technology or information, governance-related limitations or other measures to ring-fence strategic assets or know-how.
If the Korean authorities refuse to authorise a foreign investment, the investor may, in principle, challenge the decision before the administrative courts.
Under Korean law, a refusal to grant approval, a permit or a similar authorisation may be challenged by an administrative cancellation action, provided it constitutes an administrative disposition affecting the applicant’s legal interests. In the foreign investment context, this includes refusals under the Foreign Investment Promotion Act (“FIPA”) or sector-specific legislation, including refusals to approve investments in defence industry companies.
The principal remedy is an action seeking cancellation of the refusal decision. The investor may argue that:
The scope of judicial review depends on the nature of the administrative act. Where approval is essentially non-discretionary, the court reviews compliance with the statutory requirements. Where broader administrative discretion is involved (particularly in matters concerning defence, national security or strategic technology), the court generally reviews whether the authority acted within the lawful bounds of its discretion rather than substituting its own policy judgment.
An action must generally be filed within 90 days after the investor becomes aware of the refusal and in any event within one year of the decision. Where an administrative appeal is pursued first, the limitation period runs from the date of notification of the appeal decision.
If the court annuls the refusal, the investment is not automatically deemed approved. Instead, the authority must reconsider the application and issue a new decision in accordance with the court’s judgment.
The Korean Commercial Code recognises several corporate forms. In practice, however, the principal vehicles for business operations and foreign investment are:
As a general rule, there is no statutory minimum capital requirement and most entities may be established by a single shareholder or member, except partnership-type entities. For foreign investors, however, an investment of at least KRW100 million is generally required to qualify as a “foreign investment” under the Foreign Investment Promotion Act.
Chusik Hoesa (Joint-Stock Company)
The chusik hoesa is Korea’s standard corporate form and the vehicle most commonly used for medium-sized and large businesses. It is the only form that may be publicly listed and is therefore the default structure for IPOs and equity fundraising. Shareholders’ liability is limited to their capital contribution.
Its governance structure comprises:
A chusik hoesa may be established by a single shareholder without any minimum capital requirement. Owing to its familiarity with investors and lenders and its suitability for capital raising, it is commonly used for large operating businesses, multi-investor joint ventures, holding company structures and businesses contemplating future public offerings or external investment.
Yuhan Hoesa (Limited Company)
The yuhan hoesa is a closely held limited liability company. Members’ liability is limited to their contributions and no minimum capital is required. Compared with a chusik hoesa, it is intended for a closed ownership structure, with membership interests that are less freely transferable. It is therefore commonly used for wholly owned Korean subsidiaries, closely held businesses, closed joint ventures and companies with no expectation of accessing public capital markets.
Yuhan Chaegim Hoesa (Limited Liability Company)
Introduced in 2012, the yuhan chaegim hoesa is often compared to a US-style LLC, although it is treated as a corporation rather than a tax-transparent entity under Korean law. Its principal attraction is governance flexibility, with management arrangements largely determined by the articles of incorporation rather than a formal board structure. It is frequently used for negotiated joint ventures, start-ups, project-based enterprises and other investment structures that require contractual flexibility.
Less Common Forms
The Korean Commercial Code also recognises hapmyeong hoesa (general partnership) and hapja hoesa (limited partnership). Because these forms involve unlimited liability for at least some participants, they are rarely used in mainstream commercial practice or inbound foreign investment.
Companies in Korea are incorporated through a registration-based process rather than by governmental charter.
For foreign investors, the most common corporate forms are chusik hoesa, yuhan hoesa and yuhan chaegim hoesa, all of which follow broadly similar incorporation procedures.
Where the investment is intended to qualify as a foreign investment under the Foreign Investment Promotion Act (“FIPA”), the process generally begins with a foreign investment report filed with a designated foreign exchange bank or KOTRA. Once accepted, the investor remits the capital contribution to a Korean bank.
The company is then organised under the Korean Commercial Code through:
For a chusik hoesa, this ordinarily includes an inaugural shareholders’ meeting and, where applicable, appointment of the representative director by the board.
Following payment of capital, the company files for incorporation registration with the competent court registry. Legal personality arises upon registration, typically within two to three business days.
The company must then obtain business registration from the tax office, generally within a further five business days. Where applicable, post-closing registration as a foreign-invested company must also be completed.
The usual sequence is:
Absent regulatory approvals, in-kind contributions or document execution delays, incorporation can often be completed within one to two weeks, although additional time may be required for regulated businesses or when foreign documents must be notarised, apostilled or translated.
Although private companies in Korea are subject to fewer disclosure obligations than listed companies, they remain subject to ongoing corporate, accounting and registration requirements.
The principal obligations arise under the commercial registry system. Certain corporate changes must be registered and become publicly accessible, including:
These changes must generally be registered within two weeks.
Private companies must also prepare annual financial statements and obtain approval in accordance with the applicable corporate procedures. For a chusik hoesa, approval is generally obtained at the annual shareholders’ meeting, although board approval is permitted in limited circumstances. Companies must also maintain accounting books and records.
Certain companies meeting statutory thresholds are subject to external audit requirements, including:
Korea does not maintain a general public register of beneficial ownership for private companies. Beneficial ownership information nevertheless remains relevant for anti-money laundering and KYC compliance, regulated industries and certain sector-specific reporting obligations.
Accordingly, although private companies are not subject to the continuous market disclosure obligations applicable to listed companies, they remain subject to significant registry, reporting and financial compliance requirements.
The governance structure of a Korean company depends on its corporate form. In practice, the principal forms are chusik hoesa, yuhan hoesa and yuhan chaegim hoesa.
Chusik Hoesa
The chusik hoesa has the most formal governance structure, comprising:
The board makes major management decisions and supervises directors, while the representative director manages the company’s day-to-day affairs and represents it externally. The structure broadly resembles a one-tier board supplemented by a separate audit function.
For companies with paid-in capital below KRW1 billion, the governance structure may be simplified and a board or statutory auditor is generally not required.
Yuhan Hoesa
A yuhan hoesa is managed by one or more directors without a board of directors. Management authority is vested directly in the director(s), subject to matters reserved to the members’ meeting. A statutory auditor is optional.
Yuhan Chaegim Hoesa
The yuhan chaegim hoesa provides the greatest contractual flexibility. Management is vested in one or more managers designated in the articles of incorporation and governance arrangements, including management authority and representation rights, may be extensively customised without a statutory board.
Directors owe duties of care and loyalty to the company. A director who intentionally or negligently breaches the law, the articles of incorporation or those duties may be liable to the company for resulting damages.
Where a wrongful act is approved by board resolution, directors voting in favour may be jointly and severally liable. Directors participating in the resolution are presumed to have approved it unless their objection is recorded in the minutes.
Directors also owe supervisory duties and may be liable for failing adequately to supervise the affairs of the company, including the conduct of fellow directors and officers. Outside or non-executive directors are not automatically exempt. Directors may also incur liability to third parties where damage is caused through wilful misconduct or gross negligence.
Korean law further recognises liability for de facto directors who effectively direct or control the company’s affairs. Statutory auditors and audit committee members may likewise incur liability for failing properly to perform their supervisory functions.
As a general rule, shareholders of a chusik hoesa, yuhan hoesa and yuhan chaegim hoesa enjoy limited liability up to the amount of their contributions.
Korean courts nevertheless recognise a limited doctrine of piercing the corporate veil. A company’s separate legal personality may be disregarded where the corporate form is abused to evade legal obligations or the company functions merely as an instrumentality of its controlling shareholder. The doctrine is applied sparingly. Sole ownership, close control or parent-subsidiary status alone are insufficient; courts generally require exceptional circumstances such as:
Accordingly, limited liability remains the general rule, although directors, de facto managers and, in exceptional circumstances, controlling shareholders may incur liability where the corporate form is abused.
Employment relationships in Korea are governed by statutory law, case law, collective bargaining agreements, work rules and individual employment contracts. Statutory law is the primary source and many employment protections are mandatory.
The principal statute is the Labour Standards Act (“LSA”), which establishes minimum standards for wages, working hours, overtime, annual leave, dismissal, disciplinary measures and other working conditions. Any contractual or internal provision falling below these standards is generally invalid and replaced by the applicable statutory rule.
Other key legislation includes:
Collective labour rights are governed by the Trade Union and Labour Relations Adjustment Act, which regulates trade unions, collective bargaining, collective agreements, industrial action and unfair labour practices. Collective agreements may have a normative effect on covered employees and, in some circumstances, other employees within the same workplace and employee category.
Many employers must also maintain work rules governing working conditions and workplace discipline. These cannot provide terms less favourable than those set by mandatory legislation or applicable collective agreements and adverse amendments generally require employee consent under the statutory procedure.
Individual employment contracts define matters such as duties, wages, workplace and working hours. However, contractual freedom is limited by mandatory employment legislation, collective agreements and valid work rules, with more favourable contractual terms generally prevailing over less favourable work rules.
Although Korea is a civil law jurisdiction in which statutes are the primary source of employment law, Supreme Court precedents are highly influential, particularly in determining employee status, assessing dismissals, interpreting ordinary wages, evaluating amendments to work rules and distinguishing employment from independent contractor relationships.
Accordingly, Korean employment law is best characterised as a mandatory statutory framework supplemented by collective agreements, work rules, individual contracts and influential case law, with statutory minimum standards forming the baseline of the employment relationship.
The employer must specify matters including wages, prescribed working hours, holidays and annual paid leave, together with the components, calculation method and payment method of wages. Failure to comply with these written notification requirements may result in statutory sanctions, but does not invalidate the employment relationship.
Additional written requirements apply to certain categories of employees. Fixed-term and part-time employees must receive written terms covering the employment period, working hours, wages, holidays, leave, place of work and duties. Separate written formalities also apply to dismissal notices, which must generally state the reason for dismissal and its effective date.
Employment contracts may be either indefinite-term or fixed-term. A fixed-term employee may generally be employed for up to two years, after which the employment is deemed indefinite unless a statutory exception applies, including project-based employment, replacement of an absent employee, education or vocational training, employment of certain senior employees or other grounds recognised by law.
Even where a contract specifies a fixed term, Korean courts may examine its substance. If the fixed term is merely formal or the employee has a legitimate expectation of renewal based on the contract, work rules, a collective agreement, repeated renewals or other circumstances, refusal to renew without reasonable grounds may constitute an unfair dismissal.
Probationary periods are permitted, but the employment relationship is regarded as having commenced from the outset. Refusal to confirm employment following probation must be supported by reasonable grounds relating to the employee’s suitability, performance or qualifications and the statutory written notice requirements for dismissals may also apply.
Under the Labour Standards Act, standard working hours are limited to 40 hours per week and eight hours per day, excluding recess periods. A “week” means seven days, including holidays and time during which an employee remains under the employer’s direction or supervision, including certain waiting time, constitutes working time.
Korean law does not prescribe a statutory minimum working time for ordinary employees. However, employees whose prescribed working hours average less than 15 hours per week over a four-week period are generally excluded from statutory weekly paid holidays, annual paid leave and, in some cases, retirement benefit coverage.
Overtime is permitted only within statutory limits. With the employee’s agreement, an employer may require up to 12 hours of overtime per week, resulting in a maximum 52-hour working week.
Overtime must be compensated at a premium of at least 50% above ordinary wages. The same premium generally applies to night work between 10pm and 6am. Holiday work attracts a premium of at least 50% for the first eight hours and 100% thereafter.
Work exceeding contractual hours but remaining within the statutory maximum does not automatically attract the statutory overtime premium unless otherwise provided by the employment contract, work rules or a collective bargaining agreement.
Employers must provide statutory rest breaks of at least 30 minutes after four hours of work and one hour after eight hours, including where working hours are extended.
The Labour Standards Act also recognises flexible, selective, deemed and discretionary working-hour systems, together with special rules for certain industries and categories of employees, subject to statutory requirements.
Accordingly, the basic rule in Korea is a 40-hour working week with a 12-hour weekly overtime limit, subject to mandatory overtime premiums and limited statutory exceptions.
Korea is not an employment-at-will jurisdiction. Under the Labour Standards Act, an employer may not dismiss, suspend, transfer, reduce wages or otherwise discipline an employee without just cause. Employer-initiated termination is therefore subject to substantive and procedural requirements.
Employment may terminate by expiry of a fixed-term contract, retirement, resignation, mutual agreement or dismissal. A unilateral termination generally constitutes a dismissal and must be supported by just cause, assessed by reference to whether continued employment would be socially unreasonable in the circumstances.
Dismissal must comply with statutory procedures. The employer must provide written notice stating the reason and effective date of dismissal; otherwise, the dismissal is generally invalid. In addition, the employer must give at least 30 days’ notice or 30 days’ ordinary wages in lieu, unless a statutory exception applies, such as employment of less than three months or serious wilful misconduct.
Employees are also protected during specified periods, including leave for work-related injury or illness and maternity leave, as well as the applicable post-leave protection periods.
An unfair dismissal is generally invalid. Employees may seek relief before the Labour Relations Commission, generally within three months of dismissal or pursue court proceedings. Remedies include reinstatement, back pay and, exceptionally, tort damages.
Upon termination, employers must settle unpaid wages and other statutory payments, generally within 14 days unless otherwise agreed. Employees with at least one year of continuous service are generally entitled to statutory severance or retirement benefits of at least 30 days’ average wages for each year of service.
Collective Redundancies
Collective redundancy (dismissal for managerial reasons) is separately regulated under the Labour Standards Act. The employer must satisfy four requirements:
Where a majority trade union exists, it acts as the employee representative; otherwise, consultation must take place with a representative of the majority of employees. The redundancy plan must generally be notified at least 50 days before the intended dismissal date and, where statutory thresholds are met, reported to the Ministry of Employment and Labour.
Unless otherwise provided by a collective bargaining agreement, work rules, an employment contract or a voluntary separation programme, no separate statutory redundancy payment is required beyond ordinary termination entitlements. Employees remain entitled to accrued wages, payment in lieu of notice where applicable, unused statutory leave payments and statutory severance or retirement benefits.
Failure to satisfy these statutory requirements may render the dismissals invalid, entitling affected employees to reinstatement and back pay.
Korean law requires employee representation, information or consultation in specified circumstances. The principal mechanisms are:
These operate separately from, but may coexist with, trade unions.
A labour-management council must be established at any business or workplace ordinarily employing 30 or more employees. It consists of an equal number of employer and employee representatives, generally between three and ten on each side. Employee representatives are elected by direct, secret ballot unless a trade union representing a majority of employees exists, in which case the union appoints them.
The council promotes labour-management cooperation rather than replacing collective bargaining. Employers must report or explain specified management matters and the council exercises consultation and, in some cases, resolution functions in areas such as productivity, training, welfare, occupational safety and labour-management policies.
Separately, the Labour Standards Act requires consultation or written agreement with an employee representative in specified circumstances. Where a majority trade union exists, it acts as the employee representative; otherwise, a representative must be democratically selected by the majority of employees.
Employee representative involvement is required for:
Depending on the statute, the employer may be required to consult in good faith or obtain a written agreement or consent. Failure to do so may affect the validity of the employer’s action, particularly in relation to collective redundancies and adverse amendments to work rules.
Trade unions remain distinct from both the labour-management council and the statutory employee representative system. They conduct collective bargaining and conclude collective agreements with normative effect, whereas the labour-management council primarily serves as a cooperative consultation body.
Accordingly, Korean law does not require employee representation for ordinary management decisions but mandates employee information, consultation or consent for specified matters, particularly workforce restructuring, working-time arrangements and adverse changes to employment conditions.
In Korea, the principal tax and social security obligations arising from employment are the individual income tax, the local income tax and mandatory social insurance contributions.
Employees are subject to Korean income tax on employment income. Korean tax residents are generally taxed on worldwide income, while non-residents are taxed only on Korean-source income. Employment income includes salary, wages, bonuses, allowances and other employment-related compensation. Employers must withhold and remit income tax and conduct a year-end tax settlement.
Employment income is taxed at progressive national rates of 6% to 45%, depending on taxable income after applicable deductions. Local income tax is levied at 10% of the national income tax, resulting in a combined top marginal rate of 49.5% before deductions, credits or special tax regimes. Certain foreign employees may qualify for preferential tax treatment, subject to statutory conditions.
Employees and employers must also contribute to the:
National Pension and National Health Insurance contributions are generally shared equally. Employment Insurance is funded by both parties for unemployment benefits, with additional employer contributions for employment security programmes, while Industrial Accident Compensation Insurance is borne entirely by the employer.
Employers are responsible for withholding employees’ taxes and social insurance contributions and remitting both the employee’s and employer’s portions to the relevant authorities. Failure to comply may result in surcharges, penalties or other sanctions.
Accordingly, employees bear income tax, local income tax and their share of social insurance contributions, while employers act as withholding agents and bear their own contributions, including the full cost of Industrial Accident Compensation Insurance.
A company doing business in Korea may be subject to corporate income tax, local income tax, value-added tax (“VAT”), withholding tax and other transaction- or industry-specific taxes.
A Korean company is generally taxed on its worldwide income, while a foreign company is generally taxed only on Korean-source income, including income attributable to a permanent establishment in Korea.
Corporate income tax is imposed at progressive rates:
Local income tax is imposed at 10% of the corporate income tax liability, resulting in a combined top marginal rate of approximately 27.5%.
VAT is levied at the standard rate of 10% on the supply of goods, services and imports, although exports and certain goods or services are zero-rated or exempt.
Companies may also have withholding obligations. Dividends, interest and royalties paid to non-residents or foreign companies without a Korean permanent establishment are generally subject to Korean withholding tax, subject to any applicable tax treaty. Dividends and interest paid to residents are likewise generally subject to withholding tax.
Other taxes may apply depending on the company’s activities and assets, including securities transaction tax, acquisition tax, property tax, stamp duty, customs duties and, where applicable, the special tax for rural development.
Korea has implemented the OECD Pillar Two global minimum tax regime, generally applying to multinational enterprise groups with consolidated annual revenue of at least EUR750 million and a minimum effective tax rate of 15%. The Income Inclusion Rule applies from fiscal years beginning on or after 1 January 2024. Korea has also introduced or is implementing, a Qualified Domestic Minimum Top-Up Tax regime, although its qualification for the OECD QDMTT safe harbour remains subject to OECD peer review.
Korea offers a range of tax credits and incentives, primarily under the Restriction of Special Taxation Act. These are interpreted strictly and taxpayers must satisfy the applicable statutory requirements and retain supporting documentation.
A principal incentive is the research and development (“R&D”) tax credit. Companies incurring qualifying R&D or human resources development expenses may be eligible for corporate income tax credits, with preferential rates for SMEs and certain qualifying technologies. Eligibility generally requires that both the activities and expenses satisfy the statutory criteria.
Korea also provides incentives for SMEs, including partial reductions of corporate or individual income tax for qualifying businesses, depending on company size, business type and location.
Investment-related incentives include tax credits for qualifying investments in facilities, equipment and other business assets, particularly those that promote productivity, strategic industries, energy efficiency, digital transformation and regional investment.
Employment-related incentives are available to companies that increase employment, convert non-regular employees to regular employees, retain employees returning from childcare leave or otherwise satisfy statutory employment requirements, generally subject to maintaining employment levels for a prescribed period.
Foreign-invested companies may qualify for incentives in limited circumstances, particularly where investments involve qualifying high-technology businesses, industrial support services or operations in foreign investment zones or free economic zones. Benefits may include reductions or exemptions from certain national or local taxes, subject to statutory conditions.
Additional incentives are available for start-ups, venture companies, regional or environmental investment and certain strategic industries. Availability depends on the taxpayer’s status, business sector, investment, location and compliance with statutory requirements.
The combined use of tax incentives is restricted. Where multiple incentives apply to the same income or investment, taxpayers may be required to elect one unless concurrent application is expressly permitted. Minimum tax and carry-forward rules may also affect the amount and timing of available benefits.
Accordingly, although Korea offers a broad range of tax incentives, their availability is highly fact-specific and depends on the taxpayer’s activities, investment structure and compliance with statutory requirements.
Korea operates a consolidated tax return regime for qualifying corporate groups. Subject to statutory requirements and prior approval from the tax authorities, a Korean parent company and its qualifying Korean subsidiaries may calculate and file corporate income tax on a consolidated basis.
The regime is available only to Korean domestic corporations. A foreign company cannot be the consolidated parent or subsidiary itself, although Korean subsidiaries of a foreign group may qualify if the statutory ownership requirements are met.
The principal eligibility requirement is ownership. A Korean parent company must generally hold, directly or indirectly, at least 90% of the issued shares or equity interests of each subsidiary. All qualifying subsidiaries must generally be included; selective inclusion is not permitted. Certain entities, including non-profit corporations, companies in liquidation and other entities specified by law, are excluded.
The regime is not automatic. The parent company must obtain approval from the competent tax office and generally remain within the regime for a minimum period.
The parent company is responsible for filing the consolidated return and paying the consolidated corporate income tax. Group companies may bear joint and several liability, with the tax burden allocated internally.
A newly qualifying subsidiary may join the consolidated group from the following taxable year, while a subsidiary that ceases to satisfy the statutory requirements must leave the group in accordance with the applicable rules.
The regime may also be applied for local corporate income tax purposes and is primarily used to offset profits and losses among qualifying domestic subsidiaries, thus simplifying group tax reporting.
Korea applies thin capitalisation rules and other interest deductibility limitations to prevent excessive debt financing and base erosion.
Under the International Tax Coordination Law, the thin capitalisation regime applies to borrowings from certain foreign related parties. Where a Korean company’s debt to a foreign related party exceeds the prescribed debt-to-equity ratio, interest attributable to the excess debt may be disallowed and treated as a deemed dividend. The standard debt-to-equity ratio is generally 2:1, although a higher ratio applies to certain financial businesses.
Korea has also implemented an earnings-based interest limitation rule broadly consistent with the OECD BEPS Action 4 recommendations. Where net interest expense to foreign related parties exceeds 30% of adjusted taxable income (broadly comparable to tax EBITDA), the excess may be non-deductible for corporate income tax purposes. Certain financial institutions and other specified entities are excluded.
The Corporate Income Tax Act further restricts interest deductibility for non-business assets, non-business loans to related parties, unidentified creditors or recipients and certain capitalised or restricted financing costs. Participation exemption and dividend-received deduction rules may also reduce the benefit of dividend relief by taking related interest expense into account.
Transfer pricing rules may likewise affect related-party financing. Interest rates and financing terms must satisfy the arm’s-length principle and the tax authorities may adjust taxable income when it differs from that agreed between independent parties.
Korea has a comprehensive transfer pricing regime governing transactions between Korean taxpayers and foreign-related parties. The regime is primarily set out in the International Tax Coordination Law (“ITCL”) and applies the arm’s-length principle to cross-border related-party transactions.
Under the ITCL, where the pricing or other terms of an international transaction differ from those that would have been agreed between independent parties, the Korean tax authorities may adjust the taxpayer’s income and tax liability. The rules apply to transactions, including the sale of goods, the provision of services, the licensing of intellectual property, financing arrangements and other cross-border dealings.
Korea recognises transfer pricing methods broadly aligned with the OECD Transfer Pricing Guidelines, including:
The most appropriate method is selected having regard to the nature of the transaction and the availability, reliability and comparability of data. The Korean tax authorities bear the burden of justifying a transfer pricing adjustment, although taxpayers may be required to substantiate their pricing once an arm’s-length range has been established.
Korea also operates an Advance Pricing Agreement (“APA”) programme. APAs may be unilateral, bilateral or multilateral, with bilateral and multilateral APAs generally pursued through mutual agreement procedures under applicable tax treaties.
Depending on the size of the multinational group and the volume of related-party transactions, taxpayers may be required to submit transfer pricing disclosures, a Master File, a Local File and a Country-by-Country Report (CbCR), while maintaining supporting documentation.
Although the OECD Transfer Pricing Guidelines do not have direct legal force in Korea, they are frequently relied upon by the tax authorities and courts as persuasive guidance.
Korea has a comprehensive anti-avoidance regime comprising both a general anti-avoidance rule (“GAAR”) and specific anti-avoidance rules (“SAARs”).
At the general level, Korean tax law applies the substance-over-form principle under the Framework Act on National Taxes. Taxation is based on the economic substance of income, assets, transactions and legal arrangements rather than their legal form. Where the nominal recipient differs from the true economic beneficiary or transactions are structured primarily to obtain inappropriate tax benefits, the tax authorities may recharacterise the arrangement according to its economic substance. In practice, this principle functions as Korea’s principal GAAR.
Specific anti-avoidance rules apply to both domestic and international transactions. Domestically, the Corporate Income Tax Act permits the tax authorities to disregard related-party transactions that unreasonably reduce the taxpayer’s tax burden and recompute taxable income on an arm’s-length or objectively reasonable basis.
For international transactions, the International Tax Coordination Law provides for:
Korea also applies anti-avoidance rules to nominee arrangements and beneficial ownership, including deemed-gift and beneficial ownership provisions designed to prevent tax avoidance through nominal ownership structures.
In addition, Korea has implemented OECD BEPS measures, including transfer pricing documentation requirements, interest limitation rules and the Pillar Two global minimum tax framework.
Although the tax authorities may challenge arrangements lacking genuine economic substance or business purpose, taxpayers remain free to organise their affairs in a tax-efficient manner.
Korea imposes customs duties primarily under the Customs Act. Duties are generally levied on imported goods based on tariff classification, customs value and country of origin.
The tariff regime comprises basic statutory tariffs, adjusted and seasonal tariffs, tariff-rate quotas, safeguards, anti-dumping, countervailing and retaliatory duties, together with preferential rates under free trade agreements (“FTAs”). Where multiple rates apply, priority is determined under the Customs Act and related regulations.
For many industrial goods, tariff rates are relatively moderate and a substantial proportion of imports benefit from Korea’s extensive FTA network, including agreements with the United States, the European Union, China, ASEAN, Australia and New Zealand. Importers claiming preferential rates must satisfy the applicable rules of origin and documentation requirements.
The highest tariffs generally apply to sensitive agricultural, livestock and food products, protected through tariff-rate quotas and high out-of-quota tariff rates.
Korea also makes active use of trade remedy measures. Anti-dumping duties may be imposed where dumped imports cause material injury to a domestic industry, while countervailing duties and safeguard measures are also available.
Accordingly, Korea combines a generally liberalised tariff regime for industrial goods with targeted protection for sensitive agricultural products and selected industries through tariff-rate quotas, trade remedies and FTA-based preferential tariff rules.
Korea operates a mandatory merger control regime under the Monopoly Regulation and Fair Trade Act (“MRFTA”). Certain mergers, acquisitions and other transactions constituting a business combination must be notified to the Korea Fair Trade Commission (“KFTC”) where the applicable jurisdictional thresholds are met.
The regime is based primarily on party size rather than market share. Accordingly, a filing may be required even where the parties have limited market shares, although competitive effects remain central to the KFTC’s substantive review.
Reportable business combinations generally include:
For share acquisitions, notification is generally required when the acquirer obtains more than 20% of the voting shares of a non-listed company or more than 15% of the voting shares of a listed company. Subsequent acquisitions may also be reportable where they result in the acquirer becoming the largest shareholder.
A filing is generally required when one party (together with its affiliates) has assets or annual sales of at least KRW300 billion and the other has at least KRW30 billion.
Korea has also introduced a transaction-value filing regime for acquisitions of innovative businesses with limited current revenue where the transaction value exceeds the statutory threshold and the target has a significant business presence in Korea.
Although market share is not a jurisdictional threshold, it remains central to the KFTC’s substantive assessment and the KFTC may prohibit or impose remedies on transactions that substantially lessen competition.
Accordingly, merger notification in Korea is determined principally by the type of transaction and the size of the parties (or, in certain cases, transaction value and Korean nexus) rather than market share.
The merger control process in Korea is administered by the Korea Fair Trade Commission (“KFTC”) under the Monopoly Regulation and Fair Trade Act (“MRFTA”).
The first step is to determine whether the transaction constitutes a reportable business combination and satisfies the applicable jurisdictional thresholds. If so, the parties must determine whether pre-closing or post-closing notification is required.
As a general rule, merger notifications are filed after closing and must generally be submitted within 30 days. However, transactions involving large companies or subject to the transaction-value filing regime require notification after execution of the transaction documents but before completion.
The filing must be submitted to the KFTC with information on the parties, ownership structure, assets and turnover, the transaction, relevant markets and other information necessary for the competitive assessment, together with supporting documents such as transaction agreements and corporate resolutions. Simplified procedures may be available for transactions unlikely to raise substantive competition concerns, including certain intra-group transactions. Where multiple parties have filing obligations, the notification is generally filed jointly.
Following receipt of the filing, the KFTC conducts its review. The statutory review period is generally 30 days, but may be extended by up to 90 days where further examination is required. Transactions raising no significant competition concerns are often cleared within the initial review period.
For transactions requiring pre-closing notification, completion is generally prohibited until the KFTC has completed its review and any applicable waiting period has expired.
Following its review, the KFTC may:
Accordingly, the Korean merger control process consists of determining whether a filing is required, submitting the notification, KFTC review and clearance, conditional clearance or prohibition.
Korea maintains a comprehensive competition law regime under the Monopoly Regulation and Fair Trade Act (“MRFTA”), prohibiting cartels, abuse of market dominance and unfair trade practices.
The MRFTA prohibits agreements, concerted practices and other forms of coordination between competitors that unreasonably restrict competition. Prohibited conduct includes:
The existence of an agreement or concerted practice is generally sufficient to establish a violation; implementation need not be proved. Price-fixing and bid-rigging are treated as particularly serious infringements.
The MRFTA also prohibits abuse of a dominant market position and regulates unfair trade practices, including discriminatory treatment, tying arrangements, unfair customer inducement and interference with business activities.
Korea applies an effects-based approach to competition law. The MRFTA extends to conduct occurring outside Korea that affects the Korean market, allowing the investigation of foreign companies whose conduct affects competition or customers in Korea.
The Korea Fair Trade Commission (“KFTC”) has broad enforcement powers, including corrective orders, administrative fines and, in serious cases, criminal referrals. Businesses harmed by anti-competitive conduct may also bring private damages claims and Korea operates a leniency programme under which cartel participants who co-operate may receive reduced penalties.
Accordingly, Korea maintains a robust competition law regime prohibiting cartels, abuse of dominance and unfair trade practices, with both domestic and extraterritorial application based on effects in the Korean market.
Korea regulates both unilateral conduct by dominant firms and conduct based on economic dependence under the Monopoly Regulation and Fair Trade Act (“MRFTA”).
A company may be regarded as dominant where it can determine, maintain or change prices, output, quality or other trading conditions in the relevant market. Market dominance is presumed where a company holds at least 50% market share or where three or fewer companies together hold at least 75%, subject to statutory exceptions.
A dominant company may not abuse its position by:
The assessment focuses on whether the conduct has or is likely to have, an anti-competitive effect in the relevant market, rather than merely harming an individual trading partner.
The MRFTA also regulates unfair trade practices, including abuse of a superior bargaining position. This regime applies even where a company is not dominant, particularly where one party is economically dependent on another.
Prohibited conduct includes:
Sector-specific legislation on subcontracting, franchising, large-scale retail businesses and agency or distribution relationships supplements the MRFTA.
The MRFTA applies on an effects basis. Conduct occurring outside Korea may therefore be subject to Korean competition law where it has a sufficient effect on the Korean market, although international comity and conflicts with mandatory foreign law may also be relevant.
Accordingly, Korea regulates unilateral conduct through both the abuse of dominance and superior bargaining position rules, which may also apply to foreign conduct that affects competition in the Korean market.
Under the Korean Patent Act, an invention is a highly advanced creation of technical ideas using the laws of nature. Patentable inventions include products, methods and methods of producing products. A patent grants the exclusive right to commercially exploit the invention in Korea.
The scope of protection is determined primarily by the claims, interpreted in light of the specification and drawings, without extending or restricting the claim language.
A patent generally lasts 20 years from the filing date and takes effect upon registration. In certain regulated sectors, including pharmaceuticals and agrochemicals, the term may be extended to compensate for regulatory approval delays.
Patent registration is administered by the Korean Intellectual Property Office (“KIPO”). Applications are examined for formal and substantive requirements, including:
If no grounds for refusal exist, the patent is registered upon payment of the registration fee. Korea also recognises a statutory grace period for certain prior disclosures made by or against the will of, the applicant.
Patent infringement may arise through direct infringement, the doctrine of equivalents or certain forms of indirect infringement. Direct infringement generally requires that all elements of the patented claim be present, while equivalent infringement is recognised, subject to limitations including prior art and prosecution history estoppel.
Patent rights may be enforced through civil proceedings. Available remedies include:
Damages may be assessed by reference to lost profits, the infringer’s profits, a reasonable royalty or another court-determined measure. Wilful infringement may attract enhanced damages of up to five times the actual damages.
Patent validity may be challenged through an invalidation trial before the Intellectual Property Trial and Appeal Board. A finally invalidated patent is generally deemed never to have existed and courts may refuse enforcement of a clearly invalid patent on abuse-of-rights grounds.
Intentional patent infringement may also give rise to criminal liability, including corporate liability where applicable.
Under the Korean Trademark Act, a trade mark is a sign used to distinguish one person’s goods or services from those of others. Registrable marks include words, figures, symbols, three-dimensional shapes, colours, sounds, smells, holograms and motion marks, provided they function as indicators of origin.
Korea operates a registration-based trade mark system. Rights arise upon registration with the Korean Intellectual Property Office (“KIPO”), although use remains relevant to acquired distinctiveness, non-use cancellation and enforcement.
Trade mark protection lasts 10 years from registration and may be renewed indefinitely for successive 10-year periods.
Registration requires an application identifying the applicant, the mark, the designated goods or services and relevant classes. KIPO examines formal and substantive requirements, including distinctiveness and prior conflicting rights. International registrations designating Korea are also available under the Madrid Protocol.
Trade mark infringement typically occurs when an unauthorised identical or similar mark is used in connection with identical or similar goods or services, resulting in a likelihood of confusion. Preparatory acts (such as possessing, importing or exporting infringing goods under specified conditions) may also be considered infringement.
Trade mark owners and exclusive licensees may enforce their rights through civil proceedings. Available remedies include:
Damages may be assessed by reference to the infringer’s profits, a reasonable royalty or other statutory methods, with enhanced statutory damages available in specified cases of intentional infringement.
Trade mark registrations may be challenged through invalidation or cancellation proceedings before the Intellectual Property Trial and Appeal Board, including cancellation for non-use over a continuous three-year period without justifiable grounds.
Intentional trade mark infringement may also result in criminal liability and infringing goods may be seized or confiscated.
Under the Korean Design Protection Act, a design is the shape, pattern, colour or combination thereof embodied in an article (including part of an article, a typeface or a graphical user interface/image) that creates an aesthetic impression through visual perception. Korean design law protects the visual appearance of products rather than their technical functionality.
Korea operates a registration-based design protection system. A design right arises upon registration with the Korean Intellectual Property Office (“KIPO”), giving the owner the exclusive right to commercially exploit the registered design and similar designs.
The protection term is 20 years from the filing date. The right becomes enforceable upon registration, subject to payment of the prescribed maintenance fees.
To obtain protection, an applicant must file a design application with KIPO. A design must generally be industrially applicable, novel and not readily creatable by a designer of ordinary skill based on prior designs. Korea also recognises a statutory grace period for certain prior disclosures.
Design infringement is assessed by comparing the overall visual impression of the registered and accused designs from the perspective of an ordinary observer. Certain forms of indirect infringement are also recognised.
A design owner or exclusive licensee may enforce its rights through civil proceedings. Available remedies include:
Damages may be assessed by reference to the infringer’s profits, a reasonable royalty or other statutory methods, supported by evidentiary presumptions.
The validity of a registered design may be challenged through an invalidation trial before the Intellectual Property Trial and Appeal Board. A finally invalidated design is generally deemed never to have existed and courts may refuse enforcement of a clearly invalid design on abuse-of-rights grounds.
Intentional infringement of a registered design may also give rise to criminal liability under the Design Protection Act.
Under the Korean Copyright Act, a copyright work must be a creative expression of human thoughts or emotions. Copyright protects the expression of ideas rather than ideas, concepts, facts, systems or methods. Protection requires a minimum degree of originality expressed in a perceptible form.
Protected works include literary, musical, artistic, photographic, audiovisual and software works, certain databases and other categories recognised under the Copyright Act. Korean law also recognises neighbouring rights of performers, phonogram producers and broadcasting organisations.
Unlike patents, trade marks and designs, copyright arises automatically upon creation. Korea follows the principle of non-formality, so registration or publication is unnecessary.
Copyright comprises moral rights (publication, attribution and integrity) and economic rights, including reproduction, distribution, public performance, public transmission, display, rental and the creation of derivative works.
Economic rights are generally protected for 70 years after the author’s death. Different rules apply to joint works, anonymous or pseudonymous works, works made for hire and audiovisual works.
Although registration is not required, Korea maintains a voluntary copyright registration system administered by the Korea Copyright Commission. Registration provides evidentiary benefits and may enhance enforceability against third parties.
Copyright owners may enforce their rights through civil proceedings. Available remedies include:
Damages may be assessed by reference to the infringer’s profits, a reasonable licence fee or another amount determined by the court where precise proof is difficult.
Intentional copyright infringement may also result in criminal liability, although certain offences require a complaint by the rights holder. In cross-border disputes, Korea generally applies the law of the country for which protection is sought, consistent with the Berne Convention.
Accordingly, copyright protection in Korea arises automatically upon creation, provides long-term protection for original works and is enforceable through civil and criminal remedies.
Korean law also protects other forms of intellectual property and commercially valuable information, including software, databases, data assets and trade secrets.
Software is generally protected as a computer program under the Korean Copyright Act. Protection arises automatically upon creation, without registration and extends to the program’s creative expression, not its underlying ideas, algorithms or functional concepts. Software owners may seek injunctions, damages and, where appropriate, criminal remedies. Technical protection measures are also protected and unauthorised circumvention may give rise to liability.
Databases are protected under the Copyright Act where data or materials are systematically organised for access or search. In addition to copyright protection, Korea recognises a database producer’s right that protects substantial investment in collecting, verifying or presenting database content. Protection generally lasts five years from completion, with a new term available for substantial updates.
Certain commercially valuable data assets are also protected under the Data Industry Promotion and Utilisation Act and the Unfair Competition Prevention and Trade Secret Protection Act. Unauthorised acquisition, use or disclosure of data created through substantial investment may be prohibited where contrary to fair commercial practices or competitive order.
Trade secrets are protected under the Unfair Competition Prevention and Trade Secret Protection Act. A trade secret is technical or business information that is not publicly known, has independent economic value and is subject to reasonable secrecy management. Protection continues as long as these requirements are satisfied.
Trade secret owners may seek injunctions, removal of infringing materials and damages. Serious misappropriation may also result in criminal liability, particularly where trade secrets are acquired, used or disclosed for improper benefit or to harm the owner, with enhanced sanctions for overseas disclosure or use.
Companies should maintain appropriate confidentiality measures, including access controls, confidentiality markings, non-disclosure agreements, exit procedures, IT security controls and contractual restrictions.
Accordingly, Korean law primarily protects software and databases through copyright and related statutory rights, while trade secrets and certain data assets are protected under unfair competition and trade secret legislation, subject to applicable statutory requirements.
Korea’s data protection regime is centred on the Personal Information Protection Act (“PIPA”), the principal statute governing the processing and protection of personal information. PIPA applies broadly to public institutions, companies organisations and individuals that process personal information for business purposes.
PIPA protects information relating to an identified or identifiable living individual, including information identifiable in combination with other data. Sensitive information, including health, political opinions, trade union membership and genetic information, receives enhanced protection.
PIPA adopts a consent- and purpose-based framework. Personal information may generally be collected and used only for the notified purpose unless another statutory basis applies. It also regulates third-party provision, outsourcing, cross-border transfers, retention, destruction and the processing of sensitive or unique identifying information.
Data controllers must maintain a privacy policy, appoint a privacy officer where required, implement appropriate technical, administrative and physical safeguards and respond to data subject rights, including access, correction, deletion and suspension of processing.
The Act on Promotion of Information and Communications Network Utilisation and Information Protection (“Network Act”) remains relevant to information security, cybersecurity and network protection, although most of its personal information provisions have been incorporated into PIPA.
Sector-specific legislation may also apply, including the Credit Information Act, the Location Information Act, the Medical Service Act and legislation governing telecommunications, electronic finance and public-sector data. Certain commercially valuable data assets are also receiving protection under the Data Industry Promotion and Utilisation Act and the Unfair Competition Prevention and Trade Secret Protection Act.
The principal regulator is the Personal Information Protection Commission (“PIPC”), which has investigative and enforcement powers, including corrective orders, administrative fines, penalty surcharges, criminal referrals and civil enforcement. Data subjects may also seek relief through litigation or the personal information dispute mediation system.
Accordingly, Korea’s data protection framework is centred on PIPA and supplemented by cybersecurity, sector-specific and data-related legislation.
Korean data protection laws may apply to foreign companies whose activities involve Korean data subjects or otherwise have a sufficient connection with Korea. A foreign company targeting Korean customers, offering services in Korea or processing Korean users’ personal information may therefore be subject to the Personal Information Protection Act (“PIPA”), even if incorporated or operating servers outside Korea.
PIPA regulates the collection, use, provision, outsourcing, retention, destruction and cross-border transfer of personal information. Foreign companies processing Korean users’ personal information must comply with Korean requirements regarding consent, notification, purpose limitation, security measures, privacy policies and data subject rights, unless a statutory exception applies.
Choice-of-law clauses do not necessarily exclude Korea’s mandatory data protection rules. Korean courts have recognised that statutory protections for Korean users may apply even where a contract provides for foreign law, particularly in consumer-facing online services.
Cross-border transfers are permitted only where a statutory basis exists, including:
The Personal Information Protection Commission (“PIPC”) may order suspension of overseas transfers that violate PIPA or pose a significant risk to data subjects.
Korea has received an EU adequacy decision and participates in the APEC Cross-Border Privacy Rules framework.
Accordingly, the Korean data protection law has a practical extraterritorial effect where foreign companies process Korean users’ personal information or target the Korean market, while cross-border transfers remain subject to specific statutory requirements.
The principal data protection regulator in Korea is the Personal Information Protection Commission (“PIPC”).
The PIPC is an independent central administrative agency established under the Personal Information Protection Act (“PIPA”), responsible for formulating, supervising and enforcing Korea’s data protection framework.
Its principal functions include:
The PIPC has broad investigative and enforcement powers, including requesting information, conducting inspections ordering remedial measures, imposing administrative fines and penalty surcharges, making criminal referrals, publishing enforcement outcomes where permitted by law and suspending overseas data transfers that violate PIPA or pose significant risks to data subjects.
The PIPC also oversees public-sector personal information files, privacy impact assessments, privacy certification systems and the personal information dispute mediation framework.
Although the PIPC is the principal privacy regulator, sector-specific regulators may also have jurisdiction, including financial regulators for credit information and communications authorities for network security.
Accordingly, the PIPC serves as Korea’s central data protection authority, exercising broad policy-making and enforcement powers, including oversight of cross-border data transfers.
No single omnibus reform is expected to overhaul the Korean legal system. However, several areas remain subject to active legislative and regulatory development.
In technology and data, the most significant development is the implementation of Korea’s AI regulatory framework. The AI Basic Act establishes a general framework for AI governance, including obligations related to high-impact AI, transparency, safety and reliability, with implications for data protection, consumer protection, employment, financial services and technology compliance.
Data protection law also continues to evolve. Amendments to the Personal Information Protection Act focus on governance, security, cross-border transfers, automated decision-making and privacy officers, while enforcement by the Personal Information Protection Commission is becoming more active.
Corporate law reforms continue to focus on directors’ duties, shareholder protection, virtual shareholders’ meetings and corporate governance. In tax, Korea has implemented the OECD Pillar Two framework, including the Income Inclusion Rule and domestic minimum top-up tax, with further technical guidance expected.
Competition law reforms continue to focus on digital platforms, online marketplaces, merger control in data-driven markets and stronger enforcement by the Korea Fair Trade Commission. Employment law reform remains focused on labour representation, subcontracted workers, collective bargaining, working-time flexibility and protection of vulnerable workers. In IP, AI, software, data and trade secret protection remain key areas of reform.
Accordingly, while Korea’s core legal framework is expected to remain stable, continued reforms are anticipated in AI, data protection, competition, corporate governance, tax, labour law and technology-related intellectual property.
14F Poongsan Bldg.
23 Chungjeong-ro, Seodaemun-gu
Seoul,
03737,
Republic of Korea
+82 2 2262 6000
+82 2 2279 5020
info.korea@dentons.com www.dentonslee.com
Introduction
Over the past two years, South Korea has moved quickly to become a major hub for Artificial Intelligence (AI) in Asia. In doing so, the government is shifting its approach away from outdated “perimeter security” (simply blocking outside connections) toward a modern system focused on safe data use. A primary example of this change is the Framework Act on Artificial Intelligence and the Establishment of a Foundation for Trust, known as the AI Basic Act, which officially took effect in January 2026 and establishes the basic legal rules for AI.
However, South Korea’s actual AI market involves much more than just this single law. Multiple government agencies are working together on a sweeping update to the country’s digital landscape. These agencies include:
Together, they are changing several major policy areas at once. They are dismantling a decade-old rule that strictly separated corporate networks from the outside internet, consolidating the security rules for public cloud computing and buying massive amounts of computing hardware to build national tech independence. For companies and legal professionals, operating successfully in South Korea now requires a clear understanding of how these practical changes affect everyday compliance and business strategy.
The Architecture of the AI Basic Act: Minimal Enforcement and Administrative Grace Periods
The AI Basic Act serves as the legal foundation for South Korea’s AI market. Unlike the European Union’s strict risk-classification model under the EU AI Act, which requires extensive government evaluations before a tool can even launch, South Korea uses an administrative style focused on “minimal enforcement”. The Ministry of Science and ICT (MSIT) has stated that its priority is to boost industrial growth rather than to punish companies. To give companies sufficient time to prepare, the MSIT has established a mandatory grace period of at least one year from the launch date, during which no active administrative fines will be issued. Instead, officials will focus on education and compliance guidance.
Even with this flexible approach, the Act creates specific legal responsibilities that companies must meet, as outlined below.
AI transparency and labelling mandates
Companies that offer generative AI products or services must make sure users know they are interacting with an AI system. The outputs must be clear and verifiable by both humans and machines. While this labelling rule applies only to the businesses selling the tools, failing to provide a proper notice can result in administrative fines of up to KRW 30 million.
High-impact AI operational standards
AI systems used in important socioeconomic tasks (such as credit scoring and loan reviews by commercial banks) are classified as “High-Impact AI”. Businesses operating these systems must follow a structured five-pillar framework:
Under Articles 40 and 43 of the Act, noncompliance with these High-Impact AI rules does not incur immediate fines. Instead, a business can face administrative fines of up to KRW 30 million only if it fails to follow a formal corrective order issued by the MSIT.
Mandatory appointment of a domestic representative
For foreign technology companies and multinational corporations entering South Korea, Article 36 of the AI Basic Act introduces an important local presence rule. Foreign AI businesses that do not have a registered physical address or local office in South Korea but meet certain thresholds for revenue, user numbers or data volume must legally appoint a domestic representative and report the representative to the MSIT. This representative serves as the local contact for government inquiries, data requests and compliance issues. Under Article 43 of the Act, failing to appoint or report a local representative bypasses the corrective order phase and directly triggers an administrative fine of up to KRW30 million.
To help companies handle these new responsibilities, the MSIT opened an AI Basic Act Support Desk and a specialised consultative body in early 2026 to resolve conflicting rules across different government ministries.
Data Governance: PIPC’s “AI Special Exemption” Framework
South Korea’s personal data rules under the Personal Information Protection Act (PIPA) have long been among the strictest in the world, creating high barriers for global cloud providers due to rigid consent requirements and stringent cross-border data transfer policies. However, the rise of large language models (LLMs) has forced the government to pivot toward data utility.
The Personal Information Protection Commission (PIPC) is driving this change by applying its “Guidelines on Personal Data Processing for the Development and Utilisation of Generative AI”. This guide divides the AI development lifecycle into four operational phases: purpose definition, strategy formulation, AI training/development and system deployment/management. Two main mechanisms help streamline data processing across these steps:
The “AI Special Exemption” regime
To address the lack of high-quality training data, the PIPC is working on an amendment to PIPA targeted for final approval by the fourth quarter of 2026. This update will create a clear legal pathway for using non-pseudonymised personal data (data that still contains identifying details) for AI training. To qualify, the data use must serve a verified public interest or social benefit, undergo prior review and run entirely within a secure, isolated cloud environment.
Fast-track processing mechanism
To support developers, the PIPC is deploying an accelerated review system. Businesses can submit data exemption applications through a unified government portal and receive a formal decision within 30 days. For applications that feature identical or highly similar technical profiles, the decision timeline drops to just 15 days, drastically reducing time-to-market friction.
The relaxation of financial network segregation: transitioning to SaaS and Zero Trust
For more than ten years, South Korea’s financial sector was legally cut off from the global internet. Absolute physical network segregation rules enforced under Article 21 of the Electronic Financial Transactions Act (EFTA) and Article 15 of the Electronic Financial Supervisory Regulations (EFSR) effectively blocked financial firms from using global cloud systems and Software-as-a-Service (SaaS) tools within their internal business networks.
This strict regulatory wall was updated on April 20, 2026, when financial authorities revised the EFSR Enforcement Rules. Under this modernised approach, cloud-based SaaS is now explicitly recognised as a formal exception to the legacy network separation rule. This means financial institutions can deploy these outside software tools directly on internal office computers without going through the slow regulatory sandbox process.
To safely use this new flexibility, financial firms and software vendors must meet three major compliance criteria:
This deregulation is paired with an updated enforcement system. The FSS has launched the Financial-IT Incident Response Surveillance Control-Tower. This platform serves as a real-time, interactive communication system that links banks, virtual asset platforms and cloud providers. Instead of relying on slow, one-way paperwork, the platform automatically sends threat alerts to financial firms and allows them to report their mitigation results instantly.
Furthermore, the FSC introduced a streamlined procedure for modifying generative AI models within the financial sector. Financial firms are now exempt from full regulatory sandbox reviews for low-risk updates. The Financial Security Institute (FSI) separates these model changes into three clear categories:
To assist firms with this transition, the FSI published its Financial Security Level Diagnostic Framework Guide, based on international standards. This tool requires Chief Information Security Officers (CISOs) to audit and log their security maturity, shifting corporate responsibility toward verifiable, self-managed security.
Public Sector Cloud Reform: CSAP Consolidation and N2SF Alignment
For global technology vendors and hyperscale cloud providers, entering South Korea’s public procurement market historically required navigating a dual-track security verification system. Providers had to obtain a Cloud Security Assurance Program (CSAP) certification from the MSIT while concurrently undergoing a separate security review by the National Intelligence Service (NIS).
This overlapping administrative process is being removed through joint restructuring by the NIS and MSIT. The reform consolidates public cloud market entry into a single verification system run entirely by the NIS, simplifying the application pathway. Cloud services that already hold a valid CSAP certification will retain their credentials during a transitional period. Following updates to the national cloud security guidelines, a one-year formal grace period will begin, with the unified NIS verification protocol scheduled to become fully mandatory in the second half of 2027.
This unified verification process coordinates directly with the National Network Security Framework (N2SF) data classification system. The N2SF replaces blanket internet bans with an agile, data-centric tiering model, as outlined below.
While this structural alignment opens the “sensitive” and “open” public sectors to global cloud service providers utilising international standard control frameworks, the consolidation of oversight within national security authorities introduces specific compliance responsibilities. The unified regime places a heightened focus on technical infrastructure resilience, localised incident-response capabilities and strict data residency mandates for core administrative information. Moving forward, long-term technology infrastructure investments in the public sector will depend on a provider’s ability to align its system architecture with these evolving data-centric oversight standards.
Infrastructure Investment and the Rise of Sovereign Computing
South Korea’s regulatory changes are backed by an aggressive, state-led industrial policy designed to build national independence in computing power. The government treats computing capacity as a vital national resource, similar to advanced semiconductor manufacturing.
The main tool driving this expansion is the KRW150 trillion Public Growth Fund. Managed by the FSC, the fund focuses on seven strategic areas across AI, semiconductor and battery markets, deploying over KRW30 trillion in initial capital. Of this first tranche, KRW6 trillion is legally earmarked for the AI sector to fund next-generation AI chip manufacturing and massive graphics processing unit (GPU) data clusters.
This public funding runs alongside historic hardware purchase deals. A major global hardware supplier has signed an agreement to deliver 260,000 high-performance GPUs directly to the South Korean market, valued at roughly USD10.4 billion (KRW15 trillion). The distribution of this sovereign computing capacity is strategically split among five key public and private entities to strengthen the nation’s core industries:
To host these high-density hardware assets, a leading domestic IT service provider is heading a specialised special-purpose company (SPC) consortium to construct the National AI Computing Centre (NACC) in Jeonnam. This facility is engineered to house more than 15,000 high-performance GPUs by 2028, providing subsidised, secure computing power to local research institutions, startups and small- and medium-sized enterprises. These massive industrial infrastructure projects require transactional lawyers to draft complex energy off-take deals, joint venture licensing structures and public-private partnership (PPP) compliance contracts that successfully navigate local zoning laws and tight power-grid regulations.
Conclusion: Strategic Roadmap for Market Entry and Compliance
South Korea’s rapid transformation into an AI-driven digital economy requires a holistic approach to regulatory compliance and market strategy. Business leaders, tech developers and investors can no longer evaluate market risks purely through the baseline text of the AI Basic Act. The true compliance realities and ultimate commercial advantages lie in understanding how shifting administrative guidelines, sectoral data utility programs and massive infrastructure overhauls work together.
To successfully navigate this evolving landscape, market participants should focus on four actionable strategies, as outlined below.
As South Korea aggressively builds out its sovereign computing systems and revises its technology laws, businesses that approach the market with an integrated view of AI governance, data utility, cloud security and infrastructure regulations will avoid compliance friction while capturing strong, sustainable market share.
14F Poongsan Bldg.
23 Chungjeong-ro, Seodaemun-gu
Seoul, 03737,
Republic of Korea
+82 2 2262 6000
+82 2 2279 5020
info.korea@dentons.com www.dentonslee.com