SPRINKLING ACT
AI ACT × IRELAND
Statutory Instrument 366 of 2025 — Ireland's distributed enforcement model.
On 25 July 2025, Ireland was among the first six EU Member States to formally designate competent authorities under the AI Act, via Statutory Instrument 366/2025. A further five authorities were announced on 16 September 2025, bringing the total to 15 designated authorities, each aligned with an existing sectoral remit. A National AI Office (NAIO) will be established by 2 August 2026 as the single point of contact under Article 70(2). Ireland's AI Bill, currently in General Scheme, is expected to publish in Q1 2026.
THE 15 + NAIO
Ireland's framework leans on existing well-established sectoral authorities rather than creating a new dedicated AI regulator. The rationale, quoted from Matheson's October 2025 analysis: "the existing national framework of well-established sectoral authorities for enforcement, will make compliance with the AI Act easier for businesses."
| Authority | Sector | AI Act competence (inferred) |
|---|---|---|
| Central Bank of Ireland | Banking + insurance | Annex III §5(b) credit-scoring · §5(c) insurance/solvency |
| Data Protection Commission (DPC) | Personal data + GDPR | Art. 5(1) personal data · Annex III §1 biometric · §6 law enforcement · §7 migration |
| Coimisiún na Meán | Media + content | Art. 50 transparency · Annex III §8(b) democratic processes |
| ComReg | Telecoms | AI in telecoms infrastructure |
| HPRA | Medical devices | Annex I MDR/IVDR · Art. 6(1) safety component |
| Health Services Executive (HSE) | Public healthcare | Annex III §5(a) essential health services |
| Health and Safety Authority (HSA) | Workplace safety | Annex III §4 workplace · Art. 5(1f) emotion recognition workplace |
| Workplace Relations Commission (WRC) | Employment | Annex III §4 employment · recruitment AI |
| CCPC | Consumer protection | Art. 50 consumer-facing · Art. 5(1a)(b) manipulative practices |
| Commission for Railway Regulation | Rail safety | Annex III §2 critical infrastructure (rail) |
| CRU | Energy + water | Annex III §2 critical infrastructure (energy, water) |
| National Transport Authority | Public transport | Annex III §2 · §5(a) essential services |
| Marine Survey Office | Maritime | Maritime AI · Annex I product safety |
| Minister for Enterprise, Tourism and Employment | Government policy | General AI Act policy supervision |
| Minister for Transport | Transport policy | Transport AI supervision |
A new statutorily independent entity to be established by 2 August 2026, with four core functions: coordinate Competent Authority activities, serve as single point of contact for the European Commission and Member States under Article 70(2), and additional functions to be specified in the AI Bill. The Bill is targeted for Q1 2026 publication with enactment by 2 August 2026.
DUBLIN, ONE-STOP-SHOP
The Data Protection Commission has long served as One-Stop-Shop GDPR supervisor for the EU establishments of major tech companies (Google, Meta, OpenAI, TikTok, X), all headquartered in Dublin. This cross-border GDPR mechanism extends, in practice, to AI Act enforcement whenever the case involves personal data processing.
For a multinational AI provider with EU principal establishment in Dublin, the DPC is therefore the de facto first-line interlocutor on every Annex III §1 biometric, §6 law enforcement, §7 migration, and Article 5 prohibition case, even before the new NAIO is operational. The DPC's 2024 conclusion of proceedings on X.ai's Grok tool illustrates how this enforcement pattern works in practice: cross-border AI cases routed through Dublin via the One-Stop-Shop mechanism.
FOR YOU
The DPC is your front line on every personal-data-related AI matter: biometric, profiling, predictive analytics. From 2 August 2026, the NAIO will also become the single point of contact for non-personal-data AI matters and cross-Authority coordination.
Map your obligations across multiple authorities. The DPC handles personal data and Annex III §1/§6/§7. The CCPC handles consumer-facing transparency (Article 50). The HSA handles workplace AI (§4). The NAIO will be the single point of contact for cross-cutting notifications under Article 73.
The Central Bank of Ireland is your supervisor for both credit-scoring AI (Annex III §5(b)) and insurance-related AI (§5(c)). DORA × Article 26 × GPAI-systemic remains the integrated compliance chain.
HPRA supervises medical devices under MDR/IVDR. AI medical software triggers the dual MDR × AI Act regime (Article 6(1) safety component cascading to high-risk obligations). Coordination with HSE for public-sector deployer obligations.
WRC for employment relations + HSA for workplace AI safety + DPC for personal data. Article 27 FRIA triggered automatically by Annex III §4 deployment.
AS OF 12 MAY 2026
The 15 competent authorities listed are formally designated under S.I. 366/2025 (10 authorities, 25 July 2025) and a Ministerial announcement (5 additional authorities, 16 September 2025). The detailed Article × authority mapping is not yet published as an exhaustive matrix; the sector-by-sector inferences in this page draw on each authority's existing remit, not on a formal allocation document. The AI Bill establishing the NAIO is targeted for Q1 2026 publication. Until enactment, no operational NAIO exists.
Post-Digital Omnibus calendar (provisional trilogue agreement 7 May 2026): Annex III standalone obligations apply from 2 December 2027 (from 2 August 2026 originally) · Annex I product-embedded from 2 August 2028 (from 2 August 2027 originally) · Article 50(2) watermarking from 2 December 2026.
EVALUATE YOUR POSITION
Sprinkling Act maps your system against the obligations applicable in Ireland, sector by sector, article by article. Defensible position against the authority concerned.
SOURCES