EU AI Act — Legal Sector Guidance
EU AI Act Compliance for Irish Law Firms
The August 2, 2026 enforcement deadline for high-risk AI systems is 14 weeks away. The AI Office of Ireland becomes operational August 1. For Irish solicitors and law firms using AI in practice, this is not a future concern — it is an immediate compliance obligation.
14 weeks
to August 2, 2026
The EU AI Act's high-risk obligations become enforceable on August 2, 2026. The AI Office of Ireland will have inspection and sanction powers from day one. Law firms using AI in client work, HR or intake processes need to assess their position now.
How common legal AI tools are classified
The EU AI Act classifies AI systems by risk — not by vendor or product name. The same tool can carry different obligations depending on how it is used. Below is a practical guide to how AI tools commonly used in Irish legal practice tend to classify. Every firm must conduct its own assessment — this table is a starting point, not a substitute for structured review.
| AI Tool / Use Case | Likely Risk Tier | Key Consideration |
|---|---|---|
| Document review and contract analysis | Limited risk | Typically limited risk — but firms must be able to verify outputs and maintain human review. |
| AI legal research (Lexis+AI, Harvey, Westlaw AI) | Limited risk | Generally limited risk. Assess by use case — research assistance differs from advice generation. |
| AI-assisted drafting | Limited risk | Limited risk in most configurations. Solicitor accountability for output content is unchanged. |
| Predictive analytics — case outcome forecasting | Potentially high-risk | Where outputs materially influence advice affecting clients' legal rights, high-risk classification may apply. |
| Client intake and automated legal advice | Potentially high-risk | Systems that provide or substitute for legal advice require careful classification and governance. |
| AI used in hiring or HR decisions | High-risk (Annex III) | Explicitly listed as high-risk under EU AI Act Annex III. Full conformity assessment required. |
Law Society of Ireland — professional obligations do not pause for AI
The Law Society of Ireland has made clear that professional responsibility for legal work product remains with the solicitor, regardless of whether AI was used in its preparation. Solicitors cannot outsource judgment to an AI tool.
This aligns directly with the EU AI Act's deployer accountability framework. Under the Act, the practice — as deployer — is responsible for AI outputs, not the vendor. The Law Society and the EU AI Act create overlapping but consistent obligations. A practice that assumes these can be addressed separately, or that vendor contracts transfer accountability, is exposed on both fronts.
Acuity AI Advisory works with the Law Society of Ireland as an institutional partner. Our readiness reviews are designed to address both the professional conduct dimension and the EU AI Act compliance obligations in a single, structured engagement.
5-step action checklist for Irish law firms
These are the steps every Irish law firm using AI in practice should complete before August 2, 2026.
Step 1
Inventory all AI tools in use
Document every AI system your practice deploys — including tools embedded in practice management software, Microsoft 365 Copilot, contract platforms and any third-party vendor tools. Many practices underestimate how many AI-enabled tools they already use.
Step 2
Classify each tool by risk category
Map each tool against the EU AI Act's risk tiers: unacceptable risk, high-risk (Annex III), limited risk, and minimal risk. The classification depends on how the tool is used, not just what the vendor markets it as. A structured assessment is needed.
Step 3
For high-risk systems — run a conformity assessment
Where any tool is classified as high-risk, a conformity assessment is mandatory before August 2, 2026. This assesses technical documentation, accuracy, bias testing, and human oversight mechanisms. Systems that do not meet requirements cannot lawfully be used.
Step 4
Implement required governance
High-risk and limited-risk AI systems require human oversight mechanisms, decision logging, bias monitoring, and — where relevant — transparency disclosures to clients. These measures must be operational, not just documented in policy.
Step 5
Document accountability and assign responsibility
Designate an individual responsible for AI governance in the practice. Record the risk classification, oversight measures and review cadence for each AI tool. This documentation is what the AI Office of Ireland will examine if it conducts an inspection.
What non-compliance looks like
From August 2, 2026, the AI Office of Ireland will have the power to conduct inspections, request documentation, and impose sanctions on organisations using non-compliant AI systems. For law firms, the exposure is threefold:
- Financial penalties of up to 35 million euro or 3% of global annual turnover for non-compliant use of high-risk AI — whichever is higher.
- Reputational damage: the AI Office can publish enforcement decisions. For a legal practice, this is a materially different risk than for other sectors.
- Professional conduct exposure: the Law Society of Ireland is engaged with AI compliance. Non-compliance with a major EU regulatory framework may attract regulatory scrutiny beyond AI Act sanctions.
Most Irish law firms are not using AI systems that are prohibited or that carry the most serious penalties. But limited-risk obligations — transparency, oversight, documentation — apply broadly, and the gap between current practice and compliance is typically addressable with a structured review before the deadline.
About Acuity AI Advisory
Acuity AI Advisory is led by Ger Perdisatt, former COO of Microsoft Ireland. The Law Society of Ireland is an institutional partner. Our EU AI Act Readiness Reviews for legal practices cover AI inventory, risk classification, conformity assessment and governance implementation — delivered as a structured, fixed-fee engagement typically completed within two to three weeks.
We work with law firms across Ireland and advise practices on both the EU AI Act compliance obligations and the Law Society's professional responsibility framework. These are addressed together, not in sequence.
Free download
EU AI Act Readiness Checklist
A practical checklist for Irish law firms assessing their EU AI Act exposure before the August 2026 enforcement deadline.
No spam. Unsubscribe at any time.
Common questions
Does the EU AI Act apply to AI tools used by Irish solicitors and barristers?
Yes. The EU AI Act applies to any organisation — including legal practices — that deploys AI systems within the EU. Enforcement begins August 2, 2026, when the AI Office of Ireland becomes operational. Legal practices using AI for document review, due diligence, client intake or HR are subject to deployer obligations under the Act. The risk classification of a specific tool depends on how it is used: AI that assists decision-making affecting legal rights or obligations warrants close scrutiny.
What are the Law Society of Ireland's expectations around AI use?
The Law Society of Ireland has made clear that professional responsibility for all work product — including AI-assisted work — remains with the solicitor. This aligns with the EU AI Act's deployer accountability framework. Solicitors cannot outsource judgment to AI tools. Practices need oversight mechanisms, verification steps and governance structures that satisfy both professional conduct standards and the EU AI Act's deployer requirements. These obligations overlap but must be addressed together.
Are predictive legal analytics tools high-risk under the EU AI Act?
Predictive legal analytics tools — those that forecast litigation outcomes, assess case strength, or estimate settlement ranges — require careful classification. Where these tools materially influence legal advice or decisions affecting clients' legal rights, they may fall within high-risk categories. The classification depends on how the tool is used and what weight its output carries in the decision-making process. A structured inventory and risk classification is the starting point for any legal practice.
What happens if a law firm does not comply by August 2, 2026?
The AI Office of Ireland will have inspection powers from August 2, 2026. Non-compliant use of high-risk AI systems can result in fines of up to 35 million euro or 3% of global annual turnover, whichever is higher. For law firms, there is also significant reputational risk: the Law Society of Ireland is closely engaged with the EU AI Act, and non-compliance with a major regulatory framework may attract professional conduct consequences in addition to regulatory fines.
Can law firms rely on their AI vendors for compliance?
No. The EU AI Act distinguishes between providers (who build AI systems) and deployers (who put them into use). As a law firm deploying AI — even tools purchased entirely from third-party vendors — you carry deployer obligations. These include maintaining documentation of intended use, ensuring human oversight is operational, monitoring for bias and accuracy, and being able to demonstrate compliance to regulators. Vendor contracts may apportion some obligations, but deployer responsibility cannot be fully outsourced.
14 weeks to the deadline
Book an EU AI Act Readiness Review
A structured, fixed-fee review covering your firm's AI inventory, risk classification, conformity assessment and governance requirements. Typically completed within two to three weeks — enough time to close gaps before August 2, 2026.