EU 인공지능법의 규제 체계에 대한 연구 - 위험 기반 접근법과 다층적 거버넌스를 중심으로 -

With the rapid development of Artificial Intelligence (AI) technology, expectations are rising for enhancements in productivity, promotion of innovation, and cost savings. At the same time, many people have growing concerns that AI can lead to new risk factors including privacy violation, discrimination, and bias. In particular, because of a specific feature of AI, so-called ‘Black box’, which means that mechanism of algorithms for the large-scale collection and processing of personal data, and the automation of decision-making cannot be explained scientifically. In order to deal with these struggles, the European Union (EU) has established the world’s first comprehensive AI regulatory framework, known as the EU Artificial Intelligence Act (AI Act), which has been implemented step by step since last year. The european legislative approach categorized AI systems into four parts, according to different levels of risk—ranging from prohibited AI practices, to high-risk, limited-risk, and minimal-risk, as known as risk-based approach. Firstly, prohibited AI practices are regarded as highly harmful technology which can violate fundamental rights and shall be strictly regulated by the law. Secondly, high-risk AI systems used in critical social infrastructure and areas significantly affecting individual rights, such as healthcare, transportation, education, and labor issues. These systems shall be subject to strict risk assessment and appropriate measures throughout their development and deployment. And also, General Purpose AI (GPAI) under its regulatory framework, shall be regulated strictly, which is mainly targeting U.S. Big Tech–led general-purpose AI industry. This paper first examines the legislative process and background of the EU AI Act, along with its connections to GDPR (General Data Protection Regulation), to elucidate the foundations of the EU’s primary regulatory framework. It then explores the key concepts of the risk-based approach and reviews practical examples of its application, followed by a systematic analysis of concrete issues such as the regulatory requirements and compliance measures for each risk category. In addition, this paper investigates how the multilayered governance structure—covering EU-level, member state–level, and corporate-level frameworks—functions in implementing these regulations. By analyzing this regulatory framework, Korean authorities related to AI regulation can obtain implications for how the national authorities effectively control AI players on the value chain of its industry. Given that Korean government and the National Assembly have enacted new AI regulatory bill called the “AI Basic Act”, this study can give them a crucial reference for designing and executing the act.