Autonomy Is Not a Switch, It Is a Dial: What Banks Buy Before Capability
Reading One Line of a Procurement Notice Under a Microscope
The quietest story in this morning’s digest was an exclusive report about the Korea Federation of Banks. The short version: the federation has put out a tender for a consulting project to build an AI adoption strategy. What is interesting is what that project will actually produce. It is not attaching a new model, and it is not deploying a chatbot. It is analyzing work characteristics to uncover tasks, comparing and evaluating domestic sovereign AI against global big tech AI and specialized solution AI, and building a phased adoption roadmap. The contract runs three months, and the federation will select its preferred bidder within the month.
This raises a question. If capability were the problem, the market already overflows with powerful models. So why does a bank draw up a sequence first instead of buying a model first? Holding on to this question and rereading today’s news as a whole, you can see that different companies are actually saying the same thing. The battleground for AI adoption has shifted from how smart a system is to how much you can control it.
Money Still Flows to Hardware
Of course, the flow of capital is still headed toward silicon. Just today, Hanmi Semiconductor posted its largest quarterly result since founding, with second quarter operating profit of 130.3 billion won, up 51 percent year over year, driven by demand for HBM4 front end process equipment. The three memory makers plan to more than double HBM production this year, and demand is still outrunning supply, so they have already signaled price increases for next year. SK Hynix has started placing equipment orders for its Yongin Y1 fab. Chairman Chey Tae Won described this not as a cycle but as the evolution of an industry.
But the fact that money flows to hardware does not mean the bottleneck is in hardware too. However fast a chip is, if no one has decided what work it is allowed to do and how far it is allowed to go, a regulated industry cannot take a single step. This is why what the Bank Federation bought was not performance, it was a standard.
Regulated Industries Buy Sequence Before Capability
It is worth noting that the Bank Federation’s roadmap is emerging at the level of an industry association, not a single bank. The adoption sequence and model evaluation criteria the federation sets will become the de facto standard for its member banks. In other words, it is not one institution but the entire industry that will bring in AI using the same grammar. Financial regulators have just carved out an exception in network separation rules to open a path for using cloud based services even inside internal networks, so this grammar is likely to take hold even faster.
A move of the same kind appeared in the public sector as well. A KT and Naver Cloud consortium was selected as the preferred bidder for the National Information Resources Service’s innovation ISP project. The essence of this project is also classification, not new features. It involves sorting through 693 public information systems at the Daejeon headquarters, deciding, based on N2SF grade, importance, cost effectiveness, and stability, which ones stay in public data centers and which move to private cloud. It is a follow up measure to the national system operating framework that was redesigned after the September 2024 fire at the Daejeon center.
What both cases say is clear. In regulated industries, the first step of adoption is not deployment, it is grading. Deciding what can be entrusted, and how far, comes before deciding what to do first. Capability is the next problem.
This caution stands in sharp contrast to the pace of the general public. On the very same day, ChatGPT was named the country’s top app by first half user growth and earned the nickname “the nation’s app,” while SK Telecom’s proprietary model team, Dokpamo, was joined by SK AX and Technomatrix, speeding up manufacturing and public sector pilots. Upbit rolled out a beta backtesting tool that lets users converse with AI to validate trading strategies. Individuals and domain specific services are racing ahead like this, while banks and the public sector slow down instead to draw up a sequence. This difference in temperature is no accident. The more an organization has to lose, the more slowly it turns the dial of autonomy.
Autonomy Is Not a Switch, It Is a Dial
So what does the frontier of autonomy look like? SAP Korea unveiled its autonomous enterprise blueprint in Seoul today. The picture is one where AI agents are embedded in processes and data, sensing, judging, and executing on their own. Its conversational assistant Joule is deployed across more than 50 instances spanning finance, procurement, supply chain, HR, and customer facing areas, and each assistant coordinates more than 200 specialized agents beneath it to carry out narrow, precise tasks. Samsung Electro Mechanics was cited as a case that cut system downtime from 144 hours to 34 hours, a 76 percent reduction, during this transition, without stopping its manufacturing lines.
What stands out is that one of the four pillars SAP presented is governance, built in from the start. Even the company painting the most autonomous picture is selling autonomy and control as a single bundle. This is the crux of it. Autonomy is not a switch you flip on or off. It is a dial you turn in stages, deciding which tasks, under whose approval, and how far an agent may handle on its own. Delegating sensitive processes like finance, HR, and supply chain requires compliance with the Personal Information Protection Act and the Electronic Financial Transactions Act, and above all, audit traceability, as preconditions. How well an organization designs the relationship between Korea’s distinctive multi step approval culture and an agent’s autonomous execution will decide whether adoption succeeds.
Why Pouring in Money Does Not Produce a Strategy
Evidence pointing the other way also surfaced today. KT announced it will invest 18 trillion won in telecom and AI over the next five years. Of that, 12 trillion won will go toward strengthening its existing telecom business over three years, and 6 trillion won will go into infrastructure such as AI data centers and submarine cables over five years. Yet the market’s assessment is cold. The critique is that KT’s own model and agent competitiveness have actually fallen behind, and that it also came up short in the government’s sovereign AI foundation model project. Pouring in enormous capital did not automatically produce a transformation into an AX platform company.
This contrast reveals the skeleton of today’s news. The opposite of capability is not incompetence, it is control, and the opposite of spending is not saving, it is design. Money spent on infrastructure does not become a strategy unless it is translated, at the execution layer, into controlled autonomy. The reason the Bank Federation draws up a roadmap first, and the National Information Resources Service assigns grades first, is that they know how hard this translation is.
Sovereignty Is Not About Where You Keep It, It Is About What You Prove
The final piece rewrites the definition of sovereignty. Software from the domestic AI infrastructure company Moreh, built for heterogeneous hardware, was selected as an innovation case at the AI for Good Global Summit, hosted by the International Telecommunication Union under the United Nations. This software pools accelerators from different makers, not just Nvidia but also AMD and Tenstorrent, and operates them as a single resource. What the ITU evaluated was not a performance number, it was the contribution toward turning a closed ecosystem locked to specific hardware into an open, sustainable structure.
If you understand sovereignty only as a question of location, keeping data within a country’s borders, you are seeing half the picture. True sovereignty is also a matter of proving that you are not locked into a specific vendor. This is the background behind an international organization certifying an openness where operations do not falter no matter which accelerator you run on or which model you choose. The control that regulated industries want ultimately rests on this same provability.
So We Built the Dial
If you tie today’s news into a single line, it reads like this: regulated industries buy control before capability, proof before location, and sequence before deployment. Paxis, ThakiCloud’s Agent-Native Cloud, is a shipping product designed precisely to treat these requirements as first class resources, and it formally launched as v1.1 last month.
Tasks first pass through a policy gate, and the autonomy dial is turned up from L0 to L3 only as far as trust has accumulated. Execution happens inside an isolated sandbox, every step is recorded in an audit log, and all of this runs inside a sovereign, on premises Kubernetes boundary. CostRouter picks the optimal model for each task without being locked into any single vendor.
In Paxis, the Skills and Tools an agent works with are each encapsulated as independent modules, with Policies and Audit Logs sitting alongside them. That means the control a bank demands even before a roadmap, deciding what to entrust and how far, and the traceability that lets you retrace execution afterward, are not add on features but part of the skeleton. Autonomy is divided into stages from L0 to L3. This is the dial described earlier, implemented as an actual runtime concept. You can start at a stage where a person approves every action, then turn the dial up only for tasks that have earned trust.
Sensitive tasks run inside an isolated sandbox, limiting the blast radius of an incident from the outset. A structure that keeps the fallout of anything going wrong from crossing the isolation boundary is, alongside the audit log, one of the first items regulated industries check before adoption. Where sovereignty and on premises operation are required, GPU resources and model serving are run in isolation on top of the Kubernetes based ai-platform. Systems with grades too high to send outside, like those at the National Information Resources Service, and the financial sector with its strict network separation requirements, are exactly the fit here. The homework the Bank Federation ordered, comparing and evaluating models, carries directly into CostRouter’s runtime policy of picking the optimal model for each task. This is the point where openness that is not locked to any single model meets the provability of sovereignty.
Right now, while SAP paints a picture of the autonomous enterprise and banks think through the order in which to bring that picture in, the missing piece is usually not a stronger model. It is an execution layer that can safely run controlled autonomy. For an organization that would rather turn a dial carefully than flip one more switch, knowing that the dial, knob and all, is already built and waiting will move the starting line a little closer.
References
The regulatory and standards background behind this article was confirmed against the primary sources below. Same day domestic news items mentioned in the body (individual company earnings, tenders, announcements) are breaking news material and are not linked separately.
- Framework Act on the Development of Artificial Intelligence and Establishment of Trust (AI Framework Act), Korea Law Information Center: the basis for regulatory response, effective January 2026
- Personal Information Protection Act, Korea Law Information Center: the data protection precondition for delegating sensitive processes
- Electronic Financial Transactions Act, Korea Law Information Center: the control and approval framework distinctive to the banking sector
- Model Context Protocol (MCP): the open standard that treats an agent’s tool calls as a first class control plane
- ITU AI for Good Global Summit: the international body context showing that AI adoption in regulated industries passes through governance and standards, not capability
- EU Artificial Intelligence Act (Regulation (EU) 2024/1689), EUR-Lex: a cross jurisdictional example that codifies autonomy into staged risk grades
- NIST AI Risk Management Framework: a regulatory precedent that establishes a governance framework before capability