유럽연합(EU)의 소비자 보호 관련 인공지능 규제 동향과 우리 법제에의 시사점- EU 인공지능법(AI Act)을 중심으로

This article departs from the observation that, in the commercial sphere, artificial intelligence (AI) intervenes at multiple stages of consumer transactions — such as price setting, product recommendation, targeted advertising, and credit scoring — thereby increasing consumer benefits while at the same time amplifying new types of risks. As AI deepens the asymmetry of power between consumers and traders through large-scale data aggregation and algorithmic decision-making, the question of how to reconfigure the relationship between AI regulation and consumer law has emerged as a central normative challenge. The European Union (EU) has adopted the Artificial Intelligence Act (AI Act) and, in combination with the General Data Protection Regulation, the Unfair Commercial Practices Directive, the Representative Actions Directive, and the 2030 Consumer Agenda, is designing a regulatory structure that horizontally links risk-based AI regulation with consumer protection and collective redress. This article analyzes the consumer-protective functions of the AI Act, focusing on its risk classification, the prohibition of practices categorized as “unacceptable risk,” the obligations imposed on providers and deployers of high-risk systems, the right to an explanation and transparency obligations, and the responsibilities of providers of general-purpose AI (GPAI) models. It also briefly discusses the treatment of manipulative and emotion-inferencing AI, dark patterns, and algorithm-driven mass harm in the 2030 Consumer Agenda. In Korea, the Framework Act on the Promotion of Development and Adoption of Safe and Reliable Artificial Intelligence (AI Framework Act) provides a basic framework for risk management and governance throughout the entire lifecycle of AI. At the same time, laws such as the Personal Information Protection Act, the Act on Consumer Protection in Electronic Commerce, and legislation on fair labeling and advertising in effect regulate AI-mediated market practices including automated decision-making, subscription contracts, and dark patterns. Nonetheless, systematic efforts to link the regulation of AI as such with the regulation of AI-driven market practices remain at an early stage. The comparative analysis shows that the EU system institutionally connects risk-based AI regulation with consumer and collective redress law, treats manipulative and emotion-inferencing AI as an “unacceptable risk,” and incorporates the AI Act into the catalogue of instruments that can be enforced through representative actions, thereby attempting to bridge technical regulation and collective rights enforcement. The Korean legal system, rather than copying this structure wholesale, may be better advised to focus on refining cross-references between the AI Framework Act and individual consumer protection statutes, developing a more sophisticated regulatory framework for cognitive and emotional manipulation and online dark patterns, and gradually strengthening collective redress mechanisms capable of addressing structural, large-scale harms arising from AI-based market practices.