CoE Framework Convention signatory
This content is for informational and educational purposes only and does not constitute legal advice.
On 17 February 2026, the Irish Data Protection Commission (DPC) announced that it had opened an investigation into X Internet Unlimited Company (XIUC) under Section 110 of the Data Protection Act 2018. The investigation concerns the alleged creation and publication on the X platform of potentially harmful, non-consensual, intimate and/or sexualised images involving the processing of the personal data of EU/EEA data subjects (including children) using generative artificial intelligence functionality associated with the Grok large language model. XIUC was notified of the decision to commence the inquiry on 16 February 2026. The investigation will examine whether XIUC has complied with its obligations under the General Data Protection Regulation (GDPR), including the processing principles, the lawfulness of processing, data protection by design and by default, and the requirement to carry out a data protection impact assessment in relation to the personal data processed.
On 4 February 2024, the Department of Enterprise, Tourism and Employment issued the General Scheme of the Regulation of Artificial Intelligence Bill 2026. The scheme supports the implementation of the EU Artificial Intelligence Act (2024/1689). Part 2 outlines the establishment of the AI Office of Ireland (the “Office”). The Office will be formally established on a day appointed by the Minister and will operate as an independent corporate body with legal powers. Its functions include facilitating the enforcement of the AI Act, promoting AI innovation and literacy, and serving as the national AI market surveillance authority and single point of contact under EU law. As the Single Point of Contact, it will centrally coordinate Ireland's implementation of the AI Act by advising national authorities, leading EU-level engagement, and facilitating domestic cooperation. Chapter 3 establishes a coordinated national framework where the Office centralises reporting, issues guidelines, and hosts a forum for Market Surveillance Authorities (MSAs). It details procedures for handling serious incident reports, authorising AI systems in exceptional circumstances, and investigating rights-based concerns upon request. The provisions also facilitate cooperation between authorities, outline complaint and data-sharing mechanisms, and mandate confidentiality and cybersecurity measures. Head 53 establishes the procedure for when an MSA suspects an AI system presents a risk, requiring an evaluation with special attention to vulnerable groups and cooperation with fundamental rights bodies if needed. Head 54 outlines the process for when an MSA believes a provider has misclassified a high-risk AI system as non-high-risk. If the system is confirmed as high-risk, the provider must bring it into compliance, or the MSA will enforce penalties, including withdrawal or prohibition from the market.
On 22 January 2026, the Online Safety (Recommender Algorithms) Bill 2026 (Bill No. 7 of 2026) including recommender algorithm regulation was introduced to the lower house of Parliament. The Bill seeks to amend the Online Safety and Media Regulation Act 2022 to restrict the use of recommender systems by video-sharing platform services operating in Ireland. The Bill would prohibit video-sharing platform services from deploying recommender systems where the service provider is aware that the recipient has not reached the age of 18, or where the age of the recipient is unknown. The Bill would also prohibit the use of recommender systems based on profiling or on special categories of personal data under the General Data Protection Regulation (GDPR) for users over 18, unless the user has actively selected such a system, has been provided with clear and intelligible information on its main parameters, and has access to a functionality allowing modification of that system at any time. The Bill would further direct the Minister for Arts, Media, Communications, Culture and Sport to instruct Coimisiún na Meán to amend the Online Safety Code accordingly. The Bill would enter into force within 90 days of promulgation by the President.
On 16 December 2025, the parliamentary Joint Committee on Artificial Intelligence published its first interim report, which includes 85 recommendations. The Joint Committee's recommendations cover measures to institutionalise AI governing bodies, including establishing the Joint Committee itself on a permanent basis, ensuring the full independence of the national AI Office, developing a national AI register, permanently establishing the AI Advisory Council, and founding an AI Observatory. The recommendations also address the regulatory framework at the EU level, warning against the dilution of the EU AI Act and stressing the need to strengthen the EU Copyright Directive. Further, the Joint Committee proposes specific obligations for AI providers and deployers, such as switching off recommendation system by default, banning social media providers from using recommender algorithms on children's accounts, require platform owners to prevent the use of recommendation systems for misinformation campaigns, and introducing mandatory algorithmic impact assessments for high-risk AI systems in public services.
On 24 September 2025, the Polish Data Protection Commissioner (UODO) issued a statement on the cooperation with the Irish Data Protection Commission on enhancing personal data protection in social media platforms. The statement highlighted engagement with social media platforms to increase protection against false advertising, particularly scams that misuse images of public figures or users, often with deepfake technology, to extort personal data or money. The authorities encouraged social media platforms to implement secure databases of profiles of famous individuals to detect and remove fraudulent advertisements, with prior consent from the person whose image is stored. Users can report misuse through platform reporting tools. The measures aim to protect both the individuals whose images are misused and potential victims, with UODO continuing dialogue with platforms and reviewing complaints to ensure compliance with personal data protection principles.
On 16 September 2025, Ireland designated additional authorities under the European Union Artificial Intelligence Act (EU AI Act) to bring the total number of designated National Competent Authorities to 15. These included the Media Commission, the Commission for Regulation of Utilities, the Health Service Executive, the Minister for Enterprise, Tourism and Employment, the Minister for Transport, the National Transport Authority, and the Workplace Relations Commission. A national Single Point of Contact was established within the Department of Enterprise, Tourism and Employment (formerly titled Department of Enterprise, Trade and Employment until 2 June 2025) to coordinate activities with the European Commission, other Member States, stakeholders, and the public. This designation followed the earlier appointment of eight authorities on 4 March 2025, namely the Central Bank of Ireland, the Commission for Communications Regulation, the Commission for Railway Regulation, the Competition and Consumer Protection Commission, the Data Protection Commission, the Health and Safety Authority, the Health Products Regulatory Authority, and the Marine Survey Office of the Department of Transport. On 16 September 2025, the National AI Implementation Committee convened with the participation of all 15 authorities. A National AI Office will be established by 2 August 2026 to act as the central coordinating authority, provide technical expertise, operate a regulatory sandbox, and serve as the single point of contact for the EU AI Act in Ireland.
On 25 August 2025, the Competition and Consumer Protection Commission (CCPC) and the Advertising Standards Authority (ASA) signed a data-sharing agreement. The agreement allows the ASA to share information received through its online reporting portal with the CCPC, in line with data protection laws. The data-sharing agreement aims to enhance regulatory oversight of social media platforms and strengthen the regulation of social media influencers. Under consumer protection law, social media influencers are required to clearly label commercial posts and must not mislead consumers through unfair practices such as hidden or mislabelled advertising. Content that is false or misleading may also constitute a breach of consumer protection law, even if properly labelled. The agreement follows the publication of guidelines for influencers and social media advertisers by the ASA and CCPC in October 2023.
On 21 August 2025, the Competition and Consumer Protection Commission (CCPC) of Ireland approved the proposed acquisition of BT Datacentres Ireland Limited by Equinix (Ireland) Limited. Both companies operate carrier-neutral data centres in Dublin, providing infrastructure and ancillary services for cloud, IT, and media clients. Following a preliminary assessment, the CCPC concluded in May 2025 that a full investigation was required to determine whether the transaction would significantly lessen competition in the Irish market. The CCPC will publish the full decision on its website within 60 working days, following redaction of confidential information.
On 29 July 2025, the High Court of Ireland upheld the Media Commission’s authority to adopt parts of the Online Safety Code under section 139K of the Broadcasting Act 2009, as amended by the Online Safety and Media Regulation Act 2022. The Court rejected a challenge by X Internet Unlimited Company, challenged the legal authority of the Media Commission to impose measures under the Code, in particular sections 12.1, 12.6 to 12.9, and 13.6 to 13.9, on the grounds that they exceeded what was permitted under Article 28b of the Audiovisual Media Services Directive (AVMSD) and conflicted with the Digital Services Act (DSA), a fully harmonised European Union regulation governing intermediary services. The Court examined whether the Code, as adopted, constituted a lawful specification and complement to the DSA under Article 2(4) thereof, or whether it unlawfully encroached upon or contradicted harmonised provisions under the DSA, especially with regard to transparency obligations set out in Article 14. The judgment analysed the legislative intent and the hierarchy of European Union instruments, recognising the AVMSD as lex specialis to the DSA in the context of video-sharing platform services (VSPS), and concluded that the contested provisions of the Code gave proper effect to Article 28b AVMSD and did not conflict with the DSA, thereby falling within the Media Commission’s regulatory powers.
On 14 July 2025, the National Artificial Intelligence Bill was introduced to Leinster House to establish the National Artificial Intelligence Office as a dedicated State body responsible for overseeing, enforcing, and supporting the ethical, transparent, and innovative use of artificial intelligence (AI) in Ireland. The proposed Office is mandated to provide independent oversight of high-risk AI systems, facilitate the adoption and deployment of AI technologies across both the public sector and enterprises, support digital literacy and national upskilling, and coordinate Ireland’s national approach to AI development and deployment. The proposed Bill positions the Office as a central mechanism for managing the AI transition, enabling strategic investment by the State in structures designed to promote economic development, improve public service efficiency, and ensure that systems and oversight frameworks are in place to address the challenges and opportunities arising from rapid advancements in AI.
On 4 March 2025, the Irish government approved a recommendation from the Minister for Enterprise, Tourism and Employment to adopt a distributed model for implementing the EU Artificial Intelligence (AI) Act. This approach entails the designation of eight public bodies as competent authorities, each assigned responsibility for the implementation and enforcement of the Act within their respective sectors. The list of designated authorities includes the Central Bank of Ireland, the Commission for Communications Regulation, the Commission for Railway Regulation, the Competition and Consumer Protection Commission, the Data Protection Commission, the Health and Safety Authority, the Health Products Regulatory Authority, and the Marine Survey Office of the Department of Transport. The designation of further authorities, along with a lead regulator who will coordinate enforcement and provide centralised functions, is to be made by a future government decision. The EU AI Act establishes a regulatory framework for AI systems in the EU, focusing on high-risk AI systems and the prohibition of certain AI practices. The scope of application of the Act is extensive, encompassing all sectors of the economy, with specific exemptions for applications related to national defence, security, scientific R&D, and personal use. The Act imposes conditions on high-risk AI systems and includes transparency requirements for lower-risk systems, such as chatbots and biometric categorisation. Penalties for infringements can reach up to EUR 35 million or 7% of global turnover, depending on the severity of the violation. The Act's provisions will be phased in over the period from February 2025 to August 2027.
On 4 March 2025, the Government of Ireland approved a recommendation from the Minister for Enterprise, Tourism and Employment to adopt a distributed model for the implementation of the European Union Artificial Intelligence Act (EU AI Act). The decision included the designation of an initial list of eight public bodies as competent authorities, namely the Central Bank of Ireland, the Commission for Communications Regulation, the Commission for Railway Regulation, the Competition and Consumer Protection Commission, the Data Protection Commission, the Health and Safety Authority, the Health Products Regulatory Authority, and the Marine Survey Office of the Department of Transport. These authorities were assigned responsibility for implementing and enforcing the EU AI Act within their respective sectors. The Government further indicated that additional authorities, together with a lead regulator to coordinate enforcement and provide centralised functions, would be designated by a subsequent decision. The EU AI Act entered into force in August 2024, with its provisions applying on a phased basis through to August 2027, including prohibitions on certain high-risk practices, regulatory requirements for specified high-risk systems, transparency obligations for limited-risk applications, and obligations for providers of general purpose AI models, with penalties of up to EUR 35 million or 7% of global turnover for infringements.
On 18 February 2025, the Government announced the Regulation of Artificial Intelligence Bill in the Spring 2025 Legislation Programme, aiming to implement EU Regulation 2024/1689, which establishes harmonised rules on artificial intelligence (AI) under the Artificial Intelligence Act. The bill will designate national competent authorities responsible for enforcing EU regulations and setting out penalties for non-compliance.
Last updated: 17/02/2026