Ireland’s AI Office is five weeks away and most businesses have no idea what that means
There’s a new regulator coming to Ireland and it will have teeth. In just over five weeks, on 2 August 2026, the AI Office of Ireland – Oifig Intleachta Shaorga na hÉireann, to give it its full title – is due to open its doors as an independent statutory body under the Department of Enterprise, Tourism and Employment.
The office arrives just as the EU AI Act comes into full effect. Its job will be to coordinate enforcement across national regulators, act as Ireland’s go-between with the European Commission and serve as the national hub for AI expertise, guidance, and literacy.
But there is a wrinkle: the Regulation of Artificial Intelligence Bill 2026 was published on 17 June – just over a week ago – and it contains a fairly notable change from what was originally proposed. The AI Office will no longer be a market surveillance authority. Instead, it will simply coordinate the national regulatory system and act as the single point of contact. The actual investigating and enforcing will be left to existing sectoral regulators.
That creates a potential problem because Article 70(2) of the EU AI Act requires that the single point of contact actually be a market surveillance authority, which means Ireland mightn’t be fully in line with the Regulation unless the AI Office gets that designation. The Bill isn’t finalised yet though, and further changes are to be expected as it makes its way through the Oireachtas.
What the change does settle is where businesses will actually feel the regulatory pressure. The Data Protection Commission, the Central Bank of Ireland, Coimisiún na Meán, the Workplace Relations Commission, and others will each supervise AI within their own domains. For organisations whose AI systems touch on more than one regulated domain it could mean engagement with more than one authority, which is obviously an unwanted faff.
And it raises the obvious question: are Irish businesses actually ready for any of this?
The evidence suggests not. A PwC survey published in May found that just 14% of Irish organisations are fully prepared to comply with the EU AI Act, with “limited internal expertise” cited as a key challenge by 53% of respondents. An Institute of Directors survey found that 65% of directors don’t understand what Ireland’s new AI rules will actually mean for their organisation. Research from Trinity College Dublin and Microsoft Ireland, published in April, found that 92% of organisations now use or plan to use AI, but less than half have a formal AI policy in place.
So we’re looking at near-universal adoption and near-universal unpreparedness.
You might wonder what would happen to your business if you stuck your head in the sand (and I wouldn’t blame you)? The financial consequences are severe. Maximum fines reach €35 million or 7% of worldwide annual turnover for prohibited practices; €15 million or 3% for other examples of non-compliance; and €7.5 million or 1.5% for supplying incorrect or misleading information to regulators. These aren’t minor slaps on the wrist – more like having your hand chainsawed off a la Ash, the hapless protagonist of Evil Dead 2. They go beyond even the penalties under GDPR, which cap out at €20 million.
For SMEs, there is some proportionality built in though: smaller firms face the lower of the two thresholds rather than the higher. But compliance obligations are identical regardless of company size. Smallness affects what you pay if caught; it doesn’t exempt you from the rules.
Penalties come in many types
But fines aren’t the only weapon. Regulators can force a business to pull a non-compliant AI system off the market entirely, sometimes before a formal investigation has even finished. For a business that runs its hiring or customer decisions through an AI tool, that could hurt far more than any financial penalty.
In practice, early enforcement is likely to be triggered by complaints from people who feel they were wronged by an AI system e.g. a job applicant rejected by an algorithm, someone refused credit, a person who never knew a machine was making decisions about them. Businesses with no obvious public-facing AI may feel little heat initially. But counting on regulators to go easy is not a compliance strategy.
Remember that GDPR started slowly too, and then it didn’t. The AI Act is being built on those same enforcement foundations and regulators already know how this works.
How those regulators will actually be funded and staffed for their expanded role is a question the Oireachtas will likely have to wrestle with. A funding levy that featured in the original proposals was quietly dropped from the published Bill like a safety feature that didn’t make it onto the Death Star’s final technical readout. Whether this gets resolved before 2 August remains to be seen.
For businesses still waiting to figure out what the AI Act actually means for them, the clock is running down regardless.
Subscribers 0
Fans 0
Followers 0
Followers