EU AI Act enforcement in Ireland: the DPC factor

Irish competent authorities

The Data Protection Commission (DPC) handles AI Act elements overlapping with GDPR. The Competition and Consumer Protection Commission (CCPC) handles AI in consumer protection. The Central Bank of Ireland handles fintech AI. ComReg handles AI in telecoms. The Department of Enterprise, Trade and Employment is coordinating the establishment of an Irish AI office for European AI Office liaison.

The DPC and Big Tech enforcement

The DPC has been criticised by other EU DPAs for slow GDPR enforcement against EU-domiciled Big Tech. Reform measures since 2022 have accelerated case throughput. Notable DPC decisions: Meta €1.2B (2023), TikTok €345M (2023), Instagram €405M (2022). For AI Act enforcement, the DPC will likely be the lead supervisor for major foundation model providers operating EU subsidiaries from Dublin (OpenAI Ireland, Anthropic EMEA when established, Google DeepMind, Microsoft Azure AI).

What this means for SaaS using US foundation models

If your SaaS uses OpenAI, Anthropic, Google Gemini, or other US foundation models accessed via EU subsidiaries headquartered in Ireland, the DPC is the most likely supervisor for upstream provider compliance. As a deployer, you should track DPC guidance on Article 25 inheritance, Article 53 transparency obligations, and Article 13 instructions-for-use requirements. DPC interpretations effectively set baseline standards for any SaaS using these models.

Irish AI strategy and policy

Ireland's National AI Strategy 'AI - Here for Good' positions Ireland as the EU AI capital, leveraging the existing Big Tech footprint. The strategy emphasises both innovation support and rights protection. Ireland hosts the EU AI Office liaison for many cross-border investigations. For SaaS, the practical impact: Irish enforcement is consequential beyond Ireland because DPC decisions affect Big Tech EU-wide.

Irish public procurement

Irish public tenders publish through eTenders. Since late 2025, AI-touching public tenders require compliance attestation. The HSE (health service), Department of Education, and Revenue Commissioners are particularly active in AI procurement. Universities (Trinity, UCD, UCC) have separate procurement processes but follow similar AI Act attestation requirements.

Frequently asked questions

Why does the Irish DPC matter for AI Act?

Most US Big Tech (Meta, Google, OpenAI, Microsoft) has EU headquarters in Dublin, making the DPC the lead supervisor for cross-border AI Act enforcement against those companies.

Is DPC enforcement slow?

Historically yes - criticism from other EU DPAs led to reform measures from 2022. Throughput has accelerated, and the DPC issued €1.95B in cumulative fines in 2023 alone.

How does DPC enforcement affect SaaS using GPT-4 or Claude?

Indirectly significantly. DPC decisions on OpenAI Ireland or Anthropic EMEA set baselines for upstream provider compliance, which affects downstream deployer obligations under Article 25 and Article 13.

What does Irish eTenders attestation involve?

A signed compliance statement covering Article 5, Annex III, Article 50, Article 10, Article 13, Article 14, and Article 73. Submitted with the bid through the eTenders platform.

Are there Irish-specific sectoral AI rules?

Yes - particular sensitivity on AI in financial services (Central Bank of Ireland AI guidance 2024), AI in healthcare (HSE AI principles), and AI in education (Department of Education guidance on schools-AI procurement).

Sources

• https://www.dataprotection.ie/
• https://www.etenders.gov.ie/
• https://enterprise.gov.ie/