Introduction
EU legislation
On 12 July 2024, the European Union's Artificial Intelligence Act, Regulation (EU) 2024/1689 ("EU AI Act") was published in the EU Official Journal. It is the first comprehensive horizontal legal framework for the regulation of AI systems across the EU. It came into force on 1 August 2024. Businesses that develop or deploy an AI system that is used in the EU will have to comply with the EU AI Act.
The EU AI Act defines an "AI System" as "a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence real or virtual environments."
In February 2025, the EU Commission published guidelines on AI system definition and they are available to download. The Commission explains that by issuing guidelines on the AI system definition, it aims to assist providers and other relevant persons in determining whether a software system constitutes an AI system to facilitate the effective application of the rules.
The various measures in the EU AI Act have started to apply, in a phased manner, over the 36 months following 1 August 2024. The European Commission has established the European Artificial Intelligence Office. "AI Office" is defined in the EU AI Act, and it means "the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance..."
The AI Office works closely with the European Artificial Intelligence Board (the AI Board) and Member States. It will develop guidelines and codes of practice over the next 12 months to support the uniform application of the EU AI Act across the EU.
The AI Board is a key advisory body that was created by the EU AI Act. It includes representatives from each EU Member State and is supported by the AI Office within the European Commission, which serves as the Board's Secretariat. It is chaired by one of the EU Member States. The AI Board plays a crucial role in the governance framework set out by the EU AI Act, ensuring the effective implementation of the EU AI Act across the European Union.
Irish legislation
The Irish Government Legislation Programme for Spring 2025 lists heads in preparation of an Irish Regulation of Artificial Intelligence Bill. The purpose of the Bill is stated there to be to give full effect to EU Regulation 2024/1689 laying down harmonised rules on artificial intelligence. The Bill will designate the National Competent Authorities responsible for implementing and enforcing the EU AI Act and will provide for penalties for non-compliance. There, as of May 2025, is currently no visibility on the wording of the Bill.
Key dates
Below are some key dates in the implementation of the EU AI Act.
Other key dates to note are as follows:
|
Date
|
What rule comes into effect
|
|
2 February 2025
|
AI literacy obligations
|
|
2 February 2025
|
Rules on Prohibited AI Systems
|
|
2 August 2025
|
Rules on General-Purpose AI Models and Systems
|
|
2 August 2026
|
Rules on Annex III High-Risk AI systems and establishment of regulatory sandboxes
|
|
2 August 2027
|
Rules on Annex I High-Risk AI systems
|
Scope of the EU AI Act
As an Institute member, a user of these pages is most likely to be an AI deployer meaning a user or (to a lesser extent) an AI provider. The most significant regulatory burdens under the EU AI Act are placed on providers. The EU AI Act can also apply to others such as importers and distributors of AI, AI product manufacturers, authorised representatives of AI providers who are not established in the EU; and affected persons located in the EU.
There is no de minimis threshold for application of the EU AI Act. The EU AI Act imposes obligations for different categories of actor in the AI system production and deployment chain. However, the EU AI Act does not impose any obligations on deployers who as natural persons are using AI systems in the course of a purely personal non-professional activity.
What do I need to know for my business?
The Central Bank of Ireland in its Regulatory & Supervisory Outlook of Feb 2025 states that where a firm is using AI, it should be clear what business challenge is being addressed and why their use of specific types of AI are an appropriate response to the business challenge.
Businesses should have a policy in place in respect of the use of AI in in the workplace. Readers are referred to the Technical Alert TA 01/2025 issued by the Consultative Committee of Accounting Bodies (CCAB-I) in February 2025 which provides pointers for a firms Artificial Intelligence policy.
Businesses have AI literacy obligations from 2 February 2025
Article 4 of the EU AI Act requires providers and deployers of AI systems to ensure a sufficient level of AI literacy for their staff and any other users who are interacting with AI systems. It entered into application on 2 February 2025.
The European AI office invites readers to learn more about the approach of the European Union towards Article 4 of the EU AI Act. See more at the European Commission webpage and to in the following recording of a webinar on AI Literacy. In the first part of the webinar, the EU AI Office focuses on Article 4 of the EU AI Act and its requirements, presenting the initiatives foreseen to facilitate the implementation of this general provision. In the second part of the webinar, some practices and related learnings are presented in an interactive dialogue between the EU AI Office and AI Pact members.
There are rules on prohibited AI systems from February 2025
In February 2025, the Commission published the Guidelines on prohibited artificial intelligence (AI) practices, as defined by the EU AI Act.
Certain AI practices are deemed to carry ‘unacceptable risk’ and are therefore prohibited under the Act. These include AI systems that use subliminal, deceptive or manipulative techniques, those that exploit vulnerabilities, involve social scoring evaluations, predict or assess the likelihood of individuals committing criminal offences, create or expand facial recognition databases through the untargeted scraping of images, infer emotions, engage in biometric categorisation or use “real-time” remote biometric identification. This list of prohibited AI practices is an initial one; it may be added to over time. So It is possible that more AI practices may be prohibited in the future.
Risk Factors
The following include some of the risk factors associated with the use of AI:
With the recent explosion in the use of AI, media is replete with stories of users who have fallen foul of the risks associated with its use. The webinar hosted by A&L Goodbody solicitors references a number of recent cases demonstrating risks in the AI area. This includes the concept of hallucination which readers may not have come across before. Examples of hallucination have been highlighted in a number of cases in the USA where Chat GPT invented caselaw and created false content to support a lawsuit. This is a reminder that human oversight and judgment must always be applied to AI output.
These pages are provided as resources and information only and nothing in these pages purports to provide professional or legal advice or definitive legal interpretation(s) or opinion(s) on the applicable legislation or legal or other matters referred to in the pages. If the reader is in doubt on any matter in this complex area further legal or other advice must be obtained. While every reasonable care has been taken by the Institute in the preparation of these pages, we do not guarantee the accuracy or veracity of any resource, guidance, information or opinion, or the appropriateness, suitability or applicability of any practice or procedure contained therein. The Institute is not responsible for any errors or omissions or for the results obtained from the use of the resources or information contained in these pages.
LOADING...