Guide
The EU AI Act: What Irish Organisations Need to Know
The EU AI Act is the world's first comprehensive AI law. Ireland's AI Office opens in August 2026. High-risk AI conformity deadlines were extended by the EU Digital Omnibus (May 2026) to December 2027 — but prohibited practices, AI literacy, and governance obligations remain on their original timelines.
What is the EU AI Act?
The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive legal framework for artificial intelligence. Adopted in 2024 and now in force, it applies across all EU member states — including Ireland — without the need for separate national legislation.
The Act takes a risk-based approach. Rather than regulating AI technology as such, it regulates AI applications based on the harm they could cause. Systems that affect people's access to employment, credit, essential services or safety face the strictest requirements. Systems used for general productivity tasks face little or no specific obligation.
Critically, the Act applies to organisations that use AI — not just those that build it. If your organisation deploys an AI system that falls into a high-risk category, you have obligations as a deployer regardless of whether you developed the system yourself or purchased it from a third party.
This means the Act is not just a technology industry concern. Irish businesses in financial services, legal, HR, healthcare and the public sector are all in scope for significant obligations — many without yet knowing it.
Does it apply to Irish businesses?
Yes — across sectors. The EU AI Act applies to any organisation placing AI systems on the EU market or putting them into service within the EU, and to deployers operating within the EU. Headquartering outside the EU does not exempt an organisation if its AI systems are used within EU territory.
Financial Services
Credit scoring, fraud detection, AML systems, insurance pricing and customer-facing AI are all high-risk categories under the Act. The Central Bank of Ireland's own AI guidance runs alongside EU obligations.
Legal
Document review, due diligence AI, legal research tools and predictive analytics used in legal workflows. Law Society Ireland has published guidance noting solicitors' responsibilities when AI is used in client-facing work.
HR and Recruitment
CV screening tools, performance management systems and AI-assisted redundancy or promotion decisions are explicitly high-risk. Any organisation using automated HR decision-making needs a conformity assessment.
Public Sector
State bodies and local authorities using AI for resource allocation, benefits assessment or permit decisions are directly in scope. Public sector AI draws additional scrutiny from the Act and from Ireland's AI Office.
Healthcare
Clinical decision support, patient triage and diagnostic AI tools fall within high-risk categories. Obligations here overlap with medical device regulation and data protection requirements.
The risk tiers
The Act classifies AI systems into four tiers. Your obligations depend entirely on which tier your systems fall into — and on whether you are a provider (who develops the AI) or a deployer (who uses it in a professional context).
Unacceptable Risk
Banned- Social scoring systems by public authorities
- Real-time biometric surveillance in public spaces (with limited exceptions)
- AI that exploits psychological vulnerabilities
- Subliminal manipulation of behaviour
High Risk
Conformity requirements by Dec 2027 / Aug 2028 (Omnibus)- HR and recruitment — CV screening, performance management
- Credit scoring and lending decisions
- Critical infrastructure management
- Law enforcement support systems
- Access to essential public services
Limited Risk
Transparency obligations- Customer-facing chatbots
- Deepfake or AI-generated content
- Emotion recognition systems
Minimal Risk
No specific obligations- AI-enabled productivity tools (drafting, summarisation)
- Spam filters and recommendation engines
- Most general-purpose AI tools in business use
Key deadlines for Irish organisations
The Act's obligations are being phased in over a 36-month period. The EU Digital Omnibus deal (May 2026) extended the high-risk conformity deadline — standalone AI systems to December 2027, regulated-product AI to August 2028. Ireland's AI Office and enforcement powers remain on their original August 2026 timeline.
GPAI model obligations begin
Providers of general-purpose AI models must comply with transparency and copyright documentation requirements.
Prohibited practices enforced
Unacceptable-risk AI — including social scoring systems and real-time biometric surveillance in public spaces — is banned across the EU.
Ireland's AI Office opens — enforcement active
Ireland's AI Office becomes fully operational. Enforcement powers activate. AI literacy obligations and prohibited practice rules are in force. High-risk conformity deadlines extended by Omnibus (see below).
High-risk AI (standalone) conformity deadline
Conformity assessments, technical documentation, and registration requirements apply to standalone high-risk AI systems. Extended from August 2026 by the EU Digital Omnibus deal (May 2026).
High-risk AI (regulated products) conformity deadline
High-risk AI embedded in regulated products under Annex I Section A (machinery, medical devices, toys, vehicles) must comply. Extended from August 2026 by the EU Digital Omnibus deal.
Where to start
Most Irish organisations are not starting from a blank sheet. You already use AI — the question is whether you know which systems are in scope and what obligations they trigger. A practical readiness process runs in four steps.
Inventory your AI systems
List every AI tool, platform, or automated decision-making system in use across your organisation — including those procured by individual departments without central IT involvement. Shadow AI adoption is common and is not exempt from the Act.
Classify by risk tier
Map each system against the Act's four risk categories. The classification depends on the function the AI performs, not the technology used. An off-the-shelf HR tool that screens CVs is high-risk regardless of who built it.
Identify high-risk obligations
For any high-risk system, determine which conformity requirements apply to you as a deployer. These include human oversight mechanisms, data governance, transparency to users, and documented record-keeping for regulatory inspection.
Build your remediation roadmap
Prioritise actions by deadline and regulatory exposure. Not everything needs to be solved at once. The Digital Omnibus extended the high-risk conformity deadline to December 2027, but governance foundations — AI inventory, risk classification, oversight policies — are worth building now rather than hurriedly.
Need a readiness review?
Acuity AI Advisory conducts structured EU AI Act readiness reviews — inventory, classification, gap analysis and a remediation roadmap. Fixed-fee, vendor-neutral, typically completed in two to three weeks.
In-depth reading
Detailed analysis and practical guidance on specific aspects of the EU AI Act for Irish organisations.
Sector-specific guidance
Obligations differ significantly by sector. We have produced specific guidance for two of the most affected sectors in Ireland.
Common questions
Does the EU AI Act apply to Irish businesses?
Yes. The EU AI Act applies to any organisation that uses, develops, imports or deploys AI systems within the EU — regardless of where the organisation is headquartered. Irish businesses using AI in HR, credit decisioning, customer-facing tools, document processing or any regulated function are in scope. Being based in Ireland does not exempt you from the Regulation.
When does the EU AI Act enforcement begin in Ireland?
Enforcement is phased. Prohibited AI practices (unacceptable risk) have been banned since February 2026. GPAI model obligations began in August 2025. Ireland's AI Office becomes fully operational in August 2026, when enforcement powers activate. High-risk AI conformity deadlines were extended by the EU Digital Omnibus deal (May 2026): standalone AI systems must comply by December 2027; AI embedded in regulated products (machinery, medical devices) by August 2028.
What is high-risk AI under the EU AI Act?
High-risk AI systems include those used in HR and recruitment (CV screening, performance management), credit scoring and lending decisions, critical infrastructure, law enforcement support, biometric identification, and access to essential services. Following the EU Digital Omnibus deal (May 2026), the conformity assessment deadline for standalone high-risk AI systems is December 2027; for AI embedded in regulated products (Annex I Section A), August 2028.
What should Irish organisations do now to prepare for the EU AI Act?
The four immediate steps are: (1) inventory all AI systems currently in use across your organisation, (2) classify each by the Act's risk tier, (3) identify which high-risk obligations apply to your situation, and (4) build a remediation roadmap. The Digital Omnibus deal (May 2026) extended the high-risk conformity deadline to December 2027, but prohibited practices, AI literacy obligations, and Ireland's AI Office enforcement (August 2026) remain on their original timelines — the governance work is still urgent.
Book an EU AI Act Readiness Review
Fixed-fee. Vendor-neutral. Typically completed in two to three weeks. Start with a conversation.