The Irish Government has published the General Scheme of the Regulation of Artificial Intelligence Bill 2026 (Scheme), marking the most significant development in Irish AI regulation to date.

This legislative blueprint transforms the EU Artificial Intelligence Act into an operational Irish enforcement system capable of imposing penalties reaching 7% of worldwide turnover for the most serious violations. For businesses operating in Ireland as providers, deployers, distributors or importers of AI systems, the publication provides the first detailed view of the legislative and regulatory architecture that will govern AI compliance.

The publication of the Scheme is the first step in Ireland’s legislative process. The Scheme will now undergo pre-legislative scrutiny before the Government drafts the formal Bill for introduction to the Oireachtas. The statutory establishment day for the AI Office must occur on or before 1 August 2026, driven by the EU AI Act’s implementation timeline, subject to the Omnibus proposal. The period between now and August 2026 represents the window for building compliance capability before enforcement actions commence.

Distributed Enforcement with Central Coordination

Ireland has chosen a distinctive regulatory model that differs from the centralised approaches adopted by some other Member States. Rather than creating a single monolithic AI regulator, the Government will empower thirteen existing sectoral authorities to supervise AI systems within their domains while establishing a new central body to coordinate the national approach. This distributed model reflects how AI touches virtually every regulated sector. The sectoral regulators already supervising these industries possess the domain expertise necessary to understand how AI systems function within their specific contexts.

The Scheme identifies the relevant market surveillance authorities for different sectors, such as:

• The Central Bank of Ireland will supervise AI in regulated financial services
• Coimisiún na Meán will oversee AI in audiovisual media services
• The Commission for Regulation of Utilities will handle energy sector applications
• The Workplace Relations Commission will supervise AI systems used in employment contexts,
• The Data Protection Commission continues its role in protecting fundamental rights related to personal data
• The HSE will have market surveillance responsibility for certain high-risk AI uses in essential public health services and emergency triage.

Companies operating across multiple sectors may face supervision from several different authorities, each with its own institutional culture and supervisory approach.

Oifig Intleachta Shaorga na hÉireann – The AI Office of Ireland

To prevent fragmentation and ensure consistency across this distributed landscape, the Scheme proposes establishing a new statutory body called Oifig Intleachta Shaorga na hÉireann or the AI Office of Ireland (Office). This body corporate will have independent statutory powers, governed by a Chief Executive Officer and a seven-member board appointed by the Minister for Enterprise, Tourism and Employment. The Office will serve as Ireland’s Single Point of Contact under Article 70(2) of the EU AI Act, becoming the primary interface between Irish-based businesses and the European Commission on AI regulatory matters.

The Office’s statutory functions include:

• facilitating consistent enforcement across the thirteen sectoral authorities;
• maintaining a centralised pool of technical experts for assessing complex AI systems;
• compiling and sharing data on AI incidents and compliance issues; and
• representing Ireland at EU AI Board meetings.

The Office will also establish and operate a national AI Regulatory Sandbox, providing businesses, particularly SMEs and startups, with a controlled environment to test innovative AI systems under regulatory supervision before full market deployment. The Scheme, if enacted promptly, anticipates the establishment of the AI Office by 1 August 2026, although it remains unclear how the EU’s proposed Digital Omnibus Package will affect this timeline.

Enforcement Powers and Classification Challenges

The enforcement toolkit provided to market surveillance authorities is extensive, mirroring those contained in the EU’s Market Surveillance Regulation.

Authorities can:

• require documentation relevant to demonstrating conformity with the AI Act
• conduct announced and unannounced on-site inspections
• obtain product samples through “cover identity” operations
• test AI systems and require access to embedded software

For online distribution, authorities can require content removal or restriction of access where AI systems present risks or violate regulatory requirements.

Perhaps most concerning for technology providers is the power of the market surveillance authorities to require access to source code, although it remains unclear whether this includes model parameters, weights and system prompts, which are arguably more critical. The Scheme frames this as a last resort, available only for high-risk AI systems where necessary to assess compliance and where other assessment methods have been exhausted. Companies deploying high-risk AI systems should ensure their technical documentation, system logs and post-market monitoring data are comprehensive enough to demonstrate compliance without requiring source code access.

The Scheme explicitly empowers market surveillance authorities to challenge risk classifications. Where an authority suspects incorrect self-assessment of a system as falling outside the high-risk category, it may require a formal evaluation, which may result in full high-risk obligations being applied following reclassification. Companies need defensible classification files with documented reasoning aligned with emerging European Commission guidance. Many organisations procuring AI systems have been told by providers that the systems are not high-risk. If the provider is wrong and regulators apply high-risk obligations following reclassification, the purchaser will also face those high-risk AI user obligations.

The Sanctions Regime

The administrative sanctions regime proposed in Part 5 of the Scheme creates financial exposure at a scale that places AI compliance in the same risk tier as GDPR enforcement. For prohibited AI practices under Article 5 of the EU AI Act, the maximum administrative fine reaches either 35 million euros or 7% of total worldwide annual turnover, whichever sum is higher. For non-compliance with obligations applicable to high-risk AI systems, the maximum reaches either 15 million euros or 3% of worldwide turnover. For the supply of incorrect, incomplete or misleading information to authorities, the ceiling is 7.5 million euros or 1% of turnover.

The sanctions process provides substantial procedural safeguards. Enforcement proceedings begin with a notice of suspected non-compliance, followed by a notice period for written representations. Where matters proceed to formal adjudication, they are heard by independent adjudicators nominated by the AI Office and appointed by the Minister. Administrative sanctions do not take effect until confirmed by the High Court, providing judicial oversight while maintaining administrative efficiency.

Practical Implications for Business

The distributed regulatory model means the first compliance question is jurisdictional, requiring businesses to understand which sectoral authority (or authorities) will supervise their AI use case.

The power for authorities to challenge risk classifications makes defensible documentation essential. Companies should maintain clear records demonstrating why their AI systems do or do not fall within high-risk categories under Annex III of the EU AI Act.

Post-market monitoring requirements and serious incident reporting obligations create ongoing compliance responsibilities that extend well beyond initial system deployment.

Early investment in building compliance capability before enforcement actions commence is considerably more cost-effective than reactive responses following regulatory intervention.