Ireland's Regulation of Artificial Intelligence Bill 2026 – a distributed enforcement model and the AI Office of Ireland

The question

How will Ireland's distributed enforcement model and new AI Office supervise AI use and development and ensure compliance with Regulation (EU) 2024/1689 (EU AI Act) in Ireland?

The key takeaway

AI providers and deployers operating in Ireland should expect coordinated enforcement from several Irish regulators, with inspection and sanctioning powers that extend to online channels and app interfaces; they should now map likely competent authorities and update governance and incident processes to meet these new supervisory expectations.

The background

The EU AI Act, which entered into force on 1 August 2024 (see our Summer 2024 edition of Snapshots), intends to establish a harmonised, risk-based regulatory framework for the development and use of AI systems across the EU. The EU AI Act has direct legal effect in EU member states, however, member states are required to enact national legislation to implement its provisions. In particular, Member States were required to establish or designate independent national competent authorities, including a market surveillance authority and a notifying authority, by 2 August 2025.

The development

On 4 February 2026, the Irish Government published the General Scheme to implement and enforce the EU AI Act in Ireland. The General Scheme proposes a new framework for EU AI Act enforcement in Ireland. This framework will include:

• a new AI Office of Ireland (Oifig Intleachta Shaorga na hÉireann) which will be designated as a market surveillance authority (MSA) and the Single Point of Contact (SPOC) for the purposes of the Regulation. Ireland's formal adoption of a “distributed model” of competent authorities/MSAs, which leverages existing regulators (eg Central Bank, Coimisiún na Meán, HPRA, CCPC, HSA), will cooperate with the AI Office to oversee the national rollout and ongoing supervision and enforcement of the EU AI Act in Ireland
• the ability for MSAs to rely on and extend Market Surveillance Regulation (EU) 2019/1020 powers which enable them to: require the provision of extensive technical documentation and data (including embedded software), supply chain information, and website ownership details; carry out unannounced inspections; enter premises/land/transport; start investigations on their own initiative; order corrective actions; withdraw/recall/prohibit AI systems; and impose penalties (EU AI Act Art 99) (including significant administrative fines)
• that MSAs will ensure mechanisms are in place for providers to receive serious incident reports for high‑risk systems, follow Market Surveillance Regulation procedures, notify the Commission, AI Office and Article 77 fundamental rights bodies of the serious incident and ensure corrective measures for response and oversee coordination
• an allowance for Ireland's nine “Fundamental Rights Authorities” to "make reasoned request to the MSA" to organise technical testing of high‑risk systems where needed to assess the impact of fundamental rights;
• a requirement that the MSAs must accept complaints about AI Act infringements and coordinate handling, with whistleblower protections under Directive (EU) 2019/1937 (EU whistleblowing directive)
• an AI Office obligation to establish a national AI regulatory sandbox and/or participation in an EU‑level sandbox. Following its establishment, the Office may issue guidelines, set participation conditions, supervise activities, and cooperate with EU AI Board. Where personal data is processed in the sandbox, the Data Protection Commission must supervise
• MSA powers that extend explicitly to online distribution channels and interfaces where authorities can conduct unannounced inspections, acquire AI systems under cover identities and demand access to source code of high‑risk systems where other methods are insufficient, and may require removal of content or restriction of access to digital interfaces to secure compliance.

Ireland’s enforcement architecture is particularly significant given its role as the European HQ for various major tech companies. Accordingly, the General Scheme also sets out a general administrative sanctions framework that will apply to AI Act breaches. Maximum fines will mirror the EU AI Act: up to €35m/7% global turnover for prohibited practices; €15m/3% for other core operator obligations; €7.5m/1% for incorrect/misleading information.

To meet the key obligations of the EU AI Act, the AI Office must be operational by 1 August 2026 and will coordinate with these authorities through a mandatory Cooperation Forum meeting at least quarterly, chaired by the AI Office.

Why is this important?

Businesses with AI operations in Ireland may face EU AI Act supervision in Ireland via multiple regulators rather than a single AI agency.

Additionally, given that MSA powers expressly cover online distribution channels and digital interfaces, businesses which deploy apps should assume that Irish regulators can act directly against AI‑enabled functionality in its apps where accessed from Ireland, including by requiring content removal or interface changes for compliance.

Any practical tips?

• Identify which AI systems used or provided in or through Ireland are likely to fall within Annex III high‑risk categories and map the most likely MSA. This will aid quick responses and coherence on the commencement of the supervision under the distributed model.
• Build or adapt internal incident‑management processes so that serious AI incidents with an Irish nexus (death or serious health harm, serious disruption of critical infrastructure, or fundamental‑rights infringements) can be identified, triaged and reported to the relevant Irish MSA within the EU AI Act deadlines (2, 10 or 15 days depending on the case).

Spring 2026