OpenAI has completed the appointment of a local representative in South Korea under the revised Personal Information Protection Act, the DigitalToday reporter Seulgi Son (손슬기) has learned.

According to relevant authorities on Tuesday, OpenAI recently completed the appointment required under Article 31-2 of the Personal Information Protection Act. The requirement is a designation system rather than a reporting system. Companies must designate a local representative themselves and state it in their privacy policy, and the Personal Information Protection Commission verifies compliance through fact-finding investigations.

Under the revised law, overseas businesses with a Korean corporate entity must designate that entity as their local representative. The law took effect on Oct. 2 last year and went through a six-month guidance period. The deadline to make the change was April 2 this year. One week before the law took effect, on Sept. 25 last year, the commission recommended that 16 companies including OpenAI, Google and Meta change their local representatives to their Korean corporate entities.

OpenAI updated its Korea privacy policy on April 1 this year, one day before the deadline. It added additional provisions for Korean users in a separate link format.

An official at the commission said OpenAI is confirmed to have designated a local representative as of a recent reference point. The official added that the law requires not only the designation but also stating it in the privacy policy.

OpenAI says it will also follow laws and systems on the obligation to designate a local representative under the Framework Act on the Development of Artificial Intelligence and the Establishment of Trust, known as the AI Basic Act. Article 36 of the AI Basic Act requires overseas AI businesses to appoint a local representative and report to the Minister of Science and ICT. The representative is responsible for submitting implementation results for high-performance AI, handling requests to confirm whether an AI system is high-impact, and maintaining regular contact with the ministry. The law includes a one-year guidance period from its effective date.

So far, Anthropic is the only overseas AI company to have reported a local representative to the Ministry of Science and ICT. Anthropic also stated it in its privacy policy. The representative is "Anthropic Korea LLC", and the company designated a legal executive at Anthropic headquarters as the representative. Contact information has also been disclosed.

A ministry official said OpenAI is also subject to the AI Basic Act requirement, but only Anthropic has filed using the reporting form prepared by the ministry. The official said companies are working out details such as a representative's authority, because the impact of compliance with Korean law on contractual relationships or international law is a bigger burden than penalties for a simple legal violation.

The official added that the government is in close consultation with companies through a separate consultative body and that regulatory oversight remains in effect. The official also said that only punishment is deferred under the law's implementation and obligations are not deferred, so the ministry is recommending that companies designate representatives.

OpenAI is strengthening partnerships with the government. After signing a memorandum of understanding with the ministry in October last year focused on AI transformation in the public sector, training AI talent and building data centres, it is also detailing practical cooperation in cybersecurity. Next week, OpenAI Chief Strategy Officer Jason Kwon (제이슨 권) will visit South Korea to meet Ryu Je-myeong, the ministry's second vice minister, and discuss details of participation in the "Trust-based Cyber Approach" programme, a cybersecurity consultative body based on GPT-5.5 cyber capabilities.

Um Sung-won, OpenAI Korea's head of communications, said AI companies, governments and research institutions need to move together to counter cyber threats. Um added that when the public and private sectors cooperate under a shared sense of responsibility, they can use AI safely while strengthening cyber resilience.