인공지능기본법의 리스크관리 방식에 대한 공법적 검토

The 「Framework Act on the Development of Artificial Intelligence and the Creation of a Foundation for Trust(hereinafter referred to as “Framework Act on Artificial Intelligence")」was enforced on January 22, 2026, as a legislative measure designed to foster artificial intelligence development while ensuring a foundation of public trust. The Framework Act on Artificial Intelligence aims to transition beyond the existing command-and-control regulatory approach toward a flexible governance structure capable of managing the complex risks of modern society. In particular, considering technical expertise and uncertainty, the Act pursues a model of “regulated self-regulation” in which the public and private sectors allocate and share regulatory roles. Meanwhile, the Framework Act on Artificial Intelligence employs the concept of ‘impact’. While the use of such open-ended terminology raises concerns regarding diminished predictability as these terms are substantiated through administrative judgment and guidelines, but it can also be interpreted as a deliberate legislative strategy to operationalize them through administrative evaluation. However, the procedural control structure, reliance on soft law, and autonomous risk management methods of the Framework Act on Artificial Intelligence raise questions about whether the criteria for risk assessment are clearly established at the legislative level. Consequently, this inherent ambiguity poses a risk of undermining the predictability of legal oversight. In particular, while the primary authority for risk assessment is vested in Artificial Intelligence business operator, the Act lacks a clear legal framework to determine liability and the applicable legal standards in the event that user rights are infringed as a result of such assessment. Because of this, even if an Artificial Intelligence business operator acts in accordance with the guidelines and causes damage to the public, there is a risk that the public may be forced to bear the full burden of damages due to the ambiguous allocation of liability. Therefore, in order for the Framework Act on Artificial Intelligence achieves both regulatory effectiveness and public law legitimacy through risk management, it is imperative to supplement the current procedure-oriented structure with an ex-post oversight system capable of guaranteeing substantive rights protection, alongside clear and definitive standards for the allocation of liability. To this end, this paper analyzed the revised EU Product Liability Directive to expand the scope of the product and examined the necessity of establishing Korea’s independent Artificial Intelligence liability system by linking the compliance with public safety obligations under the Framework Act on Artificial Intelligence with criteria for judicial defect judgment and relaxation of the burden of proof.