On the background to YulChon launching an integrated technology, media, and telecom (TMT) center, Attorney Son Keum-ju (30th Judicial Research and Training Institute class) said, "The biggest change is that regulatory overlap has deepened." With the spread of artificial intelligence (AI), a single service can now be evaluated at the same time as an AI service, a platform service, a personal information processing service, and a broadcasting and media service.
In the past, broadcasting and telecommunications, personal information, fair trade, and media regulations operated relatively separately. Now, however, even a partial change to a platform company's recommendation algorithm can spark issues in fair trade, personal information, data security, and user notice all at once. Corporations that use external large language models (LLMs) must simultaneously examine the sources of training and input data, the legal basis for providing personal information, and whether there is an overseas transfer.
YulChon's integrated TMT center brings together, in one organization, capabilities for broadcasting and telecommunications regulation, licensing and market entry, personal information and data, AI and new technologies, cybersecurity, platform fair trade, and litigation and dispute response. The team includes Managing Partner Son Do-il (25th class) as the lead, along with Attorney Son Keum-ju, Attorney Han Seung-hyuk (33rd class), and Attorney Kim Sun-hee (36th class). YulChon had already collaborated across fields, but it concluded that during the AI transition, ad hoc, case-by-case collaboration was insufficient and created a standing integrated response system. The following is a Q&A.
—What has changed the most between past TMT regulations and those now?
(Attorney Son Keum-ju) "There are changes in individual statutes, but the bigger change is regulatory overlap. In the past, a single corporate activity would be handled within the broadcasting and telecommunications sphere, but now it can simultaneously spread to personal information, fair trade, the Ministry of Science and ICT, and the National Assembly issues. As AI has grown in importance, the framework has shifted to a complex regulatory form spanning multiple regulators."
(Attorney Han Seung-hyuk) "For corporations, the premise that 'you only have to look at the KCC' is gone. Even a traditional broadcasting and telecommunications issue can attract interest from the FTC or the Personal Information Protection Commission."
—For example, what risks arise if a platform company changes its recommendation algorithm?
(Son) "A platform service ultimately comes down to how it collects and uses data and links it to user services. Even a slight change to the algorithm can raise issues not only in fair trade but also in personal information, data, and security. During the transition where existing platform services are combined with AI, you need to look, from the service design stage, at data flows, algorithmic impact, user notice, security, and fair trade issues together."
—What problems arise if you respond separately to each regulator?
(Han) "Response rationales by agency can contradict one another. An explanation crafted with only one agency in mind can cause misunderstandings or fail to persuade another. That is why you need to coordinate the overall rationale."
(Son) "The National Assembly is also a critical variable. Through legislative debates, requests for materials, and shaping public opinion, it effectively exerts a major influence on the regulatory environment. With only KCC-level reasoning, it can be hard to mount a defense at the levels of consumer groups, the FTC, and the National Assembly."
—Regarding the Basic AI Act, what is the most common misconception among corporations?
(Attorney Kim Sun-hee) "In AI compliance, looking only at the Basic Artificial Intelligence Act is the biggest mistake. Whether something qualifies as high-impact AI is important, but in the field, personal information, copyright, the Act on Fair Labeling and Advertising, and the Monopoly Regulation and Fair Trade Act intersect. When adopting an AI service, you must check not just the Basic AI Act alone but also data collection and use, presentation of outputs, consumer protection, and the potential for restricting competition."
—What should corporations be careful about when using external large language models (LLMs)?
(Kim) "Data coming in and data going out are particularly important. When bringing in data from outside, you need to see whether there is a basis for collection; when providing it externally, you need to see whether there is a basis for provision or consignment. Overseas transfer is especially sensitive. Without a domestic consignment contract, it may be subject to fines, but if it is an overseas transfer, it can raise a penalty surcharge issue."
(Son) "Because overseas LLMs are often used, the risk under the Personal Information Protection Act is the greatest. In many cases, prompts entered or data rights relationships are unclear."
—What is the riskiest type among AI training data?
(Kim) "Sensitive information is the most important. You must be careful not only with sensitive information defined by law but also with information people consider sensitive, such as health information, genetic information, labor union membership, and financial information. You need to manage, together as metadata, the source of collection, legal basis, and the scope of retention and use."
—What internal controls are needed in platform fair trade?
(Han) "In cases of abuse of market-dominant position, not only outcomes but also intent and purpose matter. The FTC has assessed intent by reviewing internal documents, messenger chats, and emails. You also need supporting documents showing that an algorithm change aims to improve user convenience and service satisfaction."
—Within 24 hours of a cyber incident, what must be decided?
(Kim) "First identify the cause and block any leakage path if there is one. Then determine whether a leak occurred and when, to assess whether there is a duty to report or notify. If the response is delayed, it is easy to invite suspicions of a cover-up, and consumer complaints and media response burdens also grow."
—How is YulChon's integrated TMT center different from traditional, siloed advisory work?
(Son) "YulChon's strength has always been a collaborative culture. However, the current AI and digital regulatory changes cannot be met with project-based collaboration alone. We determined that a standing integrated response system was necessary."
(Kim) "If you go beyond inter-team collaboration and operate as a single team, the speed of information sharing and the intensity of collaboration are different. For corporations, there is the advantage of having AI, data, personal information, fair trade, and cybersecurity issues reviewed within a single flow without having to explain them separately."
—What risks should TMT corporate management prioritize this year?
(Han) "The key is integration. You need to view risks from multiple perspectives but respond in a unified direction to arrive at solutions that help clients."
(Kim) "AI and data run through the entire tech industry. Corporations need a one-stop solution."