Law firm Yulchon announced on July 13 that it will provide open source AI governance consulting to 11 companies participating in the National IT Industry Promotion Agency's (NIPA) 'Open Source AI and Software Development and Utilization Support Project' in collaboration with OSBC.
This initiative, with a total budget of 9.2 billion won, is a new project launched this year to support the development, utilization, and dissemination of open source AI and software led by domestic companies.
As the use of AI coding tools and open source AI has surged, the legal risks for companies have also become more complex. There is a significant risk of violating licenses due to unrecognized open source dependencies or libraries included by developers. Open source AI models, in particular, combine data, code, and weights, making the boundaries of copyright and usage rights much less clear than with standard software. Furthermore, while the regulatory environment is tightening to demand transparency and accountability in AI, the governance systems to manage these issues have not yet kept pace with the speed of AI adoption by companies.
In response, Yulchon and OSBC will integrate 'AI compliance' and 'open source governance' in their consulting services.
In the area of AI compliance, the consulting will review obligations under the AI Basic Act, the classification of high-impact AI, and the requirements for prior notice and labeling related to generative AI that companies must fulfill during actual service operations. It will also examine copyright issues related to training data and AI outputs. The legal risks associated with the datasets used for model training will be assessed, and safe data usage and alternative data strategies will be suggested if necessary. This will enable participating companies to systematically check data sources and copyright risks during the development and distribution of AI models.
In the area of open source governance, the consulting will support participating companies in checking the licensing conditions of the open source AI models and software they use and establishing compliance systems. Since the commercial use and distribution conditions of open source AI models vary by version, thorough analysis will be conducted to minimize risks. Additionally, support will be provided throughout the commercialization process, including service disclosure scope, community management, and business model design.
Notably, this project will establish an 'open source AI profile' that reflects domestic laws and regulations, the EU AI Act, and global standards such as SPDX 3.0. The AI profile is a document that systematically organizes the model, data, software components, licenses, and risk factors of AI systems. It will be applied and validated with the 11 participating companies to continuously address issues in the field.
Im Hyung-joo, head of Yulchon’s AI Data Center, stated, "This project is significant in that it aims to establish an AI governance system tailored to the domestic corporate environment and apply it in practice."
He added, "With the participation of the law firm, we can now review complex legal issues such as the AI Basic Act, copyright law, and the EU AI Act in connection with the development and commercialization processes of companies. We will continue to support the establishment of a practical AI compliance system to ensure that domestic companies can safely utilize open source AI."
Kim Taek-wan, CEO of OSBC, emphasized, "Recently, companies are facing a situation where they must manage not only the AI models themselves but also the open source components, training data, licensing conditions, and dependencies on external services. To ensure transparency and traceability in AI systems, it is crucial to establish a governance and management system based on open source governance and AI profiles from the development stage."
OSBC, which is collaborating with Yulchon, is a consulting firm specializing in open source management in the software and AI sectors, established in 2006. It checks for potential legal license violations and security vulnerabilities that may arise during software development and supports the establishment of Software Bill of Materials (SBOM) in compliance with security regulations in the U.S. and Europe, as well as international standard (ISO) certification.
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.