South Korea’s digital health sector continues to expand rapidly, driven by advances in artificial intelligence, wearable technology, mobile health platforms, and cloud-based data systems. The regulatory response to this growth accelerated significantly in early 2026.
In January 2026, the Ministry of Food and Drug Safety (MFDS) issued a partial revision of the Regulations on Classification and Designation of Digital Medical Products under Notice No. 2026-4, strengthening regulatory clarity and supporting the phased implementation of the Digital Medical Products Act (DMPA). Critically, this revision also marked the second and final phase of the DMPA’s rollout: while digital medical devices and digital integrated drugs became subject to the DMPA on January 24, 2025, digital medical/health support devices came under the Act’s scope on January 24, 2026.
Simultaneously, Korea’s AI Basic Act took effect on January 22, 2026, classifying healthcare AI as “High-Impact” and imposing heightened obligations on operators, including specific risk management plans, human oversight protocols, and Korean-language explanation materials describing how AI reached its conclusions. For manufacturers of AI-enabled digital medical products, these two regulatory events occurring within days of each other represent a major compliance inflection point.
Background and Purpose
The 2026 revision builds on a rapid sequence of legislative and regulatory activity. The Digital Medical Products Act was enacted on January 23, 2024, with precedence now given to the DMPA over the previously applicable Medical Device Act, In Vitro Diagnostic Medical Devices Act, and related regulations for digital products.
Since the DMPA’s initial implementation, MFDS has issued a series of comprehensive sub-regulations, including Guidelines for Approval and Review of Generative AI Medical Devices (January 24, 2025), providing criteria to evaluate the clinical safety and effectiveness of AI-based medical devices. On April 21, 2025, MFDS released the Standards for Manufacturing and Quality Management of Digital Medical Devices, setting quality management and manufacturing standards for digital medical device software; replacing the traditional KGMP factory audit model with a Digital QMS focused on software lifecycle and cybersecurity.
The 2026 revision under Notice No. 2026-4 is the latest step in this evolution, focusing specifically on clearer classification boundaries and the formal regulatory treatment of digital health support products now brought under the DMPA’s scope.
Key Changes Introduced in the 2026 Revision
The 2026 revision under Notice No. 2026-4 introduced targeted improvements directly tied to the DMPA’s phase 2 implementation. Key among these are new labeling requirements for digital medical device software under Article 22 of the DMPA, and the formal activation of requirements for digital medical/health support devices under Articles 33 to 35, which took effect January 24, 2026.
At a high level, the revision introduces:
Expanded definitions related to digital medical functionality and product scope, providing clearer language that reduces case-by-case interpretation reliance.
Formal recognition of digital health support products as a distinct regulatory category; no longer handled through informal guidance, now governed by Articles 33–35 of the DMPA.
More explicit exclusion criteria for non-medical wellness technologies, reducing classification uncertainty for developers operating in the consumer health space.
Improved treatment of hybrid and multifunctional products, acknowledging that many modern digital health tools combine data collection, analysis, and clinical decision support in ways that straddle classification boundaries.
Importantly, the revision reinforces that digital innovation alone does not determine regulatory status; MFDS continues to prioritize clinical purpose and risk profile when evaluating products.
Distinguishing Digital Medical Products from Digital Health Support Products
The formal separation of digital medical products from digital health support products is one of the most consequential aspects of the DMPA framework, now fully active from January 24, 2026.
For digital health support products, companies may opt for MFDS performance certification: a quality seal that can improve market acceptance without the full burden of medical device approval. This optional certification is available for low-risk products and provides a credibility signal to healthcare providers and consumers.
For regulated digital medical products, the reimbursement pathway is a critical downstream consideration. Even after obtaining MFDS market authorization, digital medical products must undergo the Ministry of Health and Welfare’s new health technology assessment (nHTA) and Health Insurance Review & Assessment Service (HIRA) processes to achieve national health insurance coverage: a practical gatekeeping role that significantly influences actual market access beyond regulatory approval. As of January 2025, five digital therapeutics had been approved by MFDS, but reimbursement challenges persist regarding long-term patient adherence and equitable access, particularly for older adults and rural populations.
Classification Framework and Regulatory Methodology
MFDS continues to rely on three primary factors: intended medical purpose, potential risk to users and patients, and technical/operational characteristics. MFDS exercises full lifecycle authority over digital medical products, covering approval and certification, clinical trial authorization, manufacturing and quality control, AI algorithm modification control, and post-market surveillance.
For AI/ML-based products specifically, MFDS classifies AI models as digital medical devices when they provide clinical decision support: including AI-based medical imaging software that analyzes medical data to diagnose, predict, monitor, or treat diseases, or that provides clinical information necessary for diagnosis or treatment.
A significant addition from the DMPA framework: for AI-based products, the DMPA allows pre-approved change management plans that enable companies to update algorithms without full re-approval, as long as updates remain within pre-approved parameters. Significant changes that could impact patient safety still require additional regulatory review. This mirrors the FDA’s Predetermined Change Control Plan (PCCP) concept providing important lifecycle management flexibility for AI products.
Regulatory Impact for Manufacturers
Manufacturers of digital medical devices remain subject to comprehensive regulatory controls under the DMPA. In addition to quality management systems, technical documentation, clinical and performance validation, premarket review, and post-market surveillance, the DMPA introduces two additional obligations not featured in the original blog:
Digital QMS and software lifecycle management: MFDS released quality management and manufacturing standards for digital medical devices on April 21, 2025, replacing the traditional KGMP factory audit model with a Digital QMS framework focused on software lifecycle management and cybersecurity. Manufacturers of digital medical device software must undergo a conformity assessment from MFDS to verify compliance, valid for three years.
Cybersecurity obligations: The DMPA mandates that manufacturers implement measures to protect against cybersecurity threats, including hacking and computer viruses. Software Bill of Materials (SBOMs) will be required from device manufacturers. MFDS has signaled that cybersecurity will receive increasing enforcement attention as the digital health sector matures.
AI Basic Act obligations: For manufacturers of AI-enabled digital medical products, the AI Basic Act (effective January 22, 2026) requires implementation of a Risk Management Plan, human oversight protocols, and Korean-language AI explanation materials; obligations that sit on top of, not instead of, DMPA requirements.
Effective Date and Implementation Strategy
The revised regulation entered into force on January 23, 2026. From this date, MFDS expects all new and existing products to comply with the updated designation criteria.
For manufacturers navigating classification uncertainty under the new framework, MFDS’s updated 4th revision of the Guidelines on Pre-Consultation for Innovative Products now formally includes digital medical technologies as an eligible category for early-stage regulatory consultation. Through this structured program, manufacturers can engage MFDS during development to gain early clarity on regulatory expectations, identify appropriate classification pathways, and reduce risks before formal submission.
For AI-enabled or hybrid products where classification is genuinely uncertain, this pre-consultation pathway is a strategic tool that can significantly reduce downstream risk and accelerate approval timelines.
Strategic Implications for Global Companies
Korea’s revised framework reflects a broader international trend toward risk-based, lifecycle-oriented regulation of digital health technologies. Similar approaches are active in the US (FDA’s PCCP framework for AI/ML devices, TPLC lifecycle guidance), Europe (EU AI Act high-risk classifications for AI medical devices, MDR/IVDR), and across the Asia-Pacific region.
Korea’s AI Basic Act framework: classifying healthcare AI as high-impact and requiring risk management plans and human oversight, directly parallels the EU AI Act’s approach to high-risk AI systems in healthcare, effective August 2026. Global manufacturers developing AI-enabled digital health products should review their Korea and EU compliance programs together many of the documentation requirements overlap significantly, offering real efficiency opportunities for teams managing both markets in parallel.
Korea’s digital therapeutics (DTx) sector is an emerging growth opportunity, with five DTx products approved as of January 2025 and the MOHW actively exploring reimbursement paths, making Korea one of the more progressive Asian markets for DTx market entry despite remaining reimbursement challenges.
Conclusion
The 2026 revision to Korea’s Regulations on Classification and Designation of Digital Medical Products, combined with the full activation of the Digital Medical Products Act and the simultaneous entry into force of the AI Basic Act, marks a defining moment in Korea’s digital health regulatory landscape.
For manufacturers, the compliance picture in Korea is now multi-layered: DMPA classification and authorization obligations, Digital QMS and cybersecurity requirements, AI Basic Act obligations for high-impact AI products, and the HIRA reimbursement pathway for clinical market access. Companies that understand all four dimensions, not just classification, will be best positioned to succeed in Korea’s digital health market long-term.
Precise intended use definitions, disciplined marketing practices, robust cybersecurity infrastructure, and proactive regulatory planning are the cornerstones of a sustainable Korea compliance strategy in 2026 and beyond.
Q&A:
- When did the Digital Medical Products Act fully take effect in Korea? The DMPA was enacted on January 23, 2024. It took effect for digital medical devices and digital integrated drugs on January 24, 2025, and for digital medical/health support devices on January 24, 2026. The January 2026 revision under Notice No. 2026-4 aligned the classification regulations with the DMPA’s full activation.
- What is the difference between a digital medical device and a digital health support product under the DMPA? Digital medical devices are products that support clinical decision-making: including AI diagnostic tools, remote patient monitoring platforms, clinical decision support software, and therapy management systems and require MFDS market authorization. Digital health support products collect or analyze health data exclusively for general wellness, lifestyle management, or personal awareness (step counting, fitness heart rate, sleep tracking) and do not require formal conformity assessment, though optional MFDS performance certification is available as a quality signal for market acceptance.
- How does the Korea AI Basic Act affect medical device manufacturers? The AI Basic Act, effective January 22, 2026, classifies healthcare AI as “High-Impact.” Manufacturers of AI-enabled digital medical products must implement a Risk Management Plan, establish human oversight protocols, and provide Korean-language explanation materials describing how the AI system reached its conclusions. These obligations are in addition to, not instead of, DMPA requirements.
- Does the DMPA replace the Medical Device Act for digital products? Yes, the DMPA now takes precedence over the Medical Device Act, In Vitro Diagnostic Medical Devices Act, and related regulations for digital products. However, SaMD and other digital medical devices remain subject to the Medical Device Act where the DMPA does not provide corresponding provisions.
- What are the cybersecurity requirements for digital medical devices in Korea? The DMPA mandates that manufacturers implement measures to protect against cybersecurity threats including hacking and computer viruses, and SBOMs will be required from device manufacturers. The April 2025 Standards for Manufacturing and Quality Management of Digital Medical Devices establish a Digital QMS framework, replacing the traditional factory KGMP audit, focused on software lifecycle management and cybersecurity compliance.
