The Korea Media and Communication Commission (the "KMCC") published the "Guide to Telecommunications Laws Related to User Protection for AI Service Providers" (the "Guide") on January 20, 2026. The Guide analyzes the applicability of key user protection provisions under the Telecommunications Business Act and the Act on Promotion of IT Network Utilization and Information Protection, etc. (the "IT Network Act") to AI services.

The Guide examines the following provisions as regulatory elements under existing telecommunications laws that may be relevant in the AI service environment:

 

Meanwhile, the Framework Act on the Development of Artificial Intelligence and Establishment of Trust (the "AI Framework Act"), which came into effect on January 22, 2026, has the character of a general law applicable to the AI industry as a whole. However, the KMCC has clarified its position that the Telecommunications Business Act and the IT Network Act take precedence over the AI Framework Act in areas where telecommunications laws apply.

The following provides an overview of the key legal obligations that AI service providers should be aware of under the current Telecommunications Business Act and IT Network Act.

I. APPLICATION OF PROHIBITED ACTS AND USER PROTECTION OBLIGATIONS UNDER THE TELECOMMUNICATIONS BUSINESS ACT

Since AI services are mostly provided through telecommunications networks, they generally fall under value-added telecommunications services under the Telecommunications Business Act. In particular, the so-called "agent-type" AI services may be provided in a form that combines basic telecommunications services and value-added telecommunications services, and depending on the business structure, there may be cases where the provider holds the status of both a basic telecommunications carrier and a value-added telecommunications carrier simultaneously.

Accordingly, the main prohibited acts and user protection obligations that may be at issue during the commercialization of AI services are as follows:

1. Acts Detrimental to User Interests and Failure to Notify Material Matters

The latter part of Article 50(1)(v) of the Telecommunications Business Act prohibits the provision of telecommunications services in a manner that significantly harms the interests of telecommunications users ("acts detrimental to user interests"), and the specific types are enumerated in [Appendix Table 4] of the Enforcement Decree of the same Act.

Where AI services are provided on the premise of clear contractual relationships such as paid subscription models, unfair fee charges and contract conclusion or termination contrary to user intent may be largely regulated through the current legal framework. However, if the "interests" under this provision are interpreted as limited to monetary interests or explicit rights under contractual relationships, it will likely be difficult to address new forms of infringement of user interests such as unfair practices by free AI services or algorithmic discrimination.

Meanwhile, Article 50(1)(v)-2 of the Telecommunications Business Act establishes "failure to notify material matters" as a separate prohibited act. Accordingly, the practical key issue regarding AI services is what constitutes "material matters."

For example, matters that directly affect a user's decision to subscribe or choice of pricing plan, such as the AI model version, the number of messages that can be processed per hour, and the functions and processing speed provided for each paid tier, may be interpreted as material matters. Additionally, the fact that core functions are operated by AI and that the images, voice, and text provided to users are outputs generated by AI may also be included in material matters.1

2. User Protection and Damages

Service providers that provide AI services through telecommunications networks bear user protection obligations under Article 32 of the Telecommunications Business Act, including efforts to prevent user harm and the establishment of complaint handling systems. In cases where damage is caused to users, liability for damages and notification obligations under Article 33 may be at issue.

It should be noted that with respect to liability for damages, the provider's liability is not completely exempted even for free services. Additionally, notification obligations regarding service suspension, etc. apply only to AI services provided in B2C relationships that meet certain revenue and user number thresholds.2

II. APPLICATION OF OBLIGATIONS TO CREATE A SAFE INFORMATION NETWORK ENVIRONMENT AND USER PROTECTION UNDER THE IT NETWORK ACT

AI service providers generally fall under "telecommunication service providers" under the IT Network Act and are therefore subject to the user protection provisions of that Act. On the other hand, services that operate AI computations only within the device without external communication transmission/reception, even in standalone devices with embedded AI (so-called "on-device AI"), do not fall within the regulatory scope of the IT Network Act.

1. User Protection Regarding Information Distribution

1) Protection of Rights on IT Networks

Article 44(2) of the IT Network Act imposes on telecommunications service providers an obligation to endeavor to prevent the distribution of information that infringes on the rights of others through telecommunications networks that they operate and manage. In the case of conversational AI services, the provision of information generated on a 1:1 basis alone is unlikely to constitute "distribution," but if a structure exists where information is disclosed and shared through separate bulletin boards or community functions, this obligation may apply.

2) Requests for Deletion of Information and Voluntary Temporary Measures

According to Articles 44-2 and 44-3 of the IT Network Act, if information disclosed to the public infringes on the rights of others such as invasion of privacy or defamation, measures such as deletion must be taken upon request, and providers may take temporary measures even without a request.

3) Prohibition of Distribution of Illegal Information

Article 44-7(1) of the IT Network Act enumerates types of illegal information whose distribution is prohibited while specifying the addressee as "anyone," and paragraphs (2) and (3) of the same Article impose responsibilities on information and communications service providers or bulletin board administrators/operators as "those who provide an environment for distribution."

Accordingly, even in the case of AI services, it is difficult to exclude the possibility of applying these provisions when AI directly "distributes" as an actor or when distribution occurs within services operated and managed by the provider.

2. Protection of Children and Youth

Under Article 42-3(1) of the IT Network Act and Article 25 of its Enforcement Decree, AI service providers that meet certain requirements must designate a youth protection officer to protect minors from harmful information. However, harmful information to youth is limited to information publicly designated by the Minister of Gender Equality and Family based on the judgment of the Youth Protection Commission or related deliberation bodies, so the mere fact of providing or facilitating information of a harmful nature does not immediately make it applicable.

3. Consent for Access Permissions

When AI services are provided as apps and access functions or information within the user's device, AI service providers must obtain consent by distinguishing between mandatory and optional access permissions under Article 22-2 of the IT Network Act. In particular, AI agent services autonomously process information and functions within devices, so the appropriateness of the access permission consent process is even more important.

However, if pre-installed AI service apps during the device manufacturing and supply process perform essential functions of the mobile communication device (communication, photography, video and music playback, etc.), they may be excluded from the scope of access permission consent requirements (Article 9-2 of the Enforcement Decree of the same Act).

Through this Guide, the KMCC has clarified that the current Telecommunications Business Act and IT Network Act apply to AI services and can function as basic user protection mechanisms that provide i) prohibitions of acts detrimental to user interests, ii) notification obligations for material matters, iii) user protection and damages, regulation of illegal information distribution, and iv) protection of children and youth. This can be seen as an intent to enhance the predictability regarding the scope of application of existing telecommunications laws in the AI service environment.

However, the current laws have limitations in regulating the "generation" itself of illegal information through generative AI in AI service environments, and it appears necessary to closely monitor the direction of reorganization of the relevant legal framework in the future.