Ireland AI liability civil courts

Ireland's AI Bill Gives Its New Regulator 7% Fines but No Private Right of Action

Ireland's AI Office can fine firms up to 7% of turnover, but people harmed by AI must still sue under ordinary tort and product-liability law.

Ireland's AI Enforcement Gap People of Internet Research · Ireland 7% Max fine, prohibited AI Of global annual turnover (or €35m… Aug 1, 2026 AI Office deadline Statutory deadline for Ireland's n… Dec 9, 2026 Product Liability transposition Deadline for Ireland to transpose … Withdrawn AI Liability Directive status EU Commission scrapped its harmoni… peopleofinternet.com
Ireland's AI Enforcement Gap People of Internet Research · Ireland 7% Max fine, prohibited AI Aug 1, 2026 AI Office deadline Dec 9, 2026 Product Liability transposition Withdrawn AI Liability Directive status peopleofinternet.com

Key Takeaways

A Regulator With Real Teeth

On 17 June 2026, Ireland's Department of Enterprise, Tourism and Employment published the Regulation of Artificial Intelligence Bill 2026, the legislation that will formally implement the EU AI Act's enforcement machinery in Irish law. The centerpiece is a new statutory body, Oifig IS na hÉireann — the AI Office of Ireland — which Minister Peter Burke and Minister of State Niamh Smyth describe as the state's "central coordinating authority" for AI regulation (DETE press release). Rather than building one monolithic regulator, the bill empowers thirteen existing sectoral authorities — the Central Bank, the Data Protection Commission, Coimisiún na Meán, and others — to police AI within their own domains, with the AI Office coordinating centrally and acting as Ireland's single point of contact to Brussels (William Fry). The Office must be operational by 1 August 2026, the same date most EU AI Act high-risk obligations start to bite.

The penalties are substantial. The bill mirrors the AI Act's three-tier structure: up to €35 million or 7% of worldwide annual turnover, whichever is higher, for prohibited practices such as social scoring or manipulative AI; up to €15 million or 3% of turnover for high-risk system non-compliance; and up to €7.5 million or 1% for supplying false information to regulators (William Fry; General Scheme, DETE). For a country that hosts the European headquarters of most major AI and cloud providers, these numbers are not abstractions.

The Redress Gap

What the bill does not do is create any bespoke legal channel for an individual harmed by an AI system — wrongly denied a loan, misdiagnosed by a clinical decision tool, unfairly screened out of a job — to bring a claim. Enforcement runs entirely through the state: sectoral regulators investigate, the AI Office coordinates, fines go to the Exchequer. A person who suffers concrete harm has to fall back on ordinary Irish civil litigation — negligence, breach of duty, and product liability — the same general-purpose tools that predate the AI Act by decades.

The case for this design is not unreasonable, and it deserves to be stated fairly before it's criticized. A statutory AI-harm cause of action, layered on top of GDPR-style complaint rights and now AI Act enforcement, risks inviting exactly the kind of speculative, resource-draining litigation that has made data protection enforcement in Ireland slow and contentious. Centralizing enforcement in expert regulators — bodies that can compel disclosure of training data and model documentation that an individual claimant never could — is arguably a more effective way to catch systemic AI harms than hoping thousands of individual lawsuits add up to the same deterrent effect. Administrative fines, not a plaintiffs' bar, are also what disciplines multinational platforms in comparable regimes like GDPR.

Why the EU's Backstop Just Got Weaker

The timing, though, is awkward. The European Commission had proposed an AI Liability Directive in 2022 specifically to make it easier for individuals to sue over AI harms — it would have created presumptions of causality so claimants didn't have to reverse-engineer an opaque model to prove fault. The Commission withdrew that proposal from its 2025 work programme, confirming the decision in July 2025 after concluding there was "no foreseeable agreement" among member states, with the withdrawal notice formally published in the Official Journal that October (IAPP). MEP Axel Voss called the move a gift to firms that feared accountability; the Commission framed it as regulatory simplification. Either way, the harmonized fault-based liability regime that would have made ordinary tort claims against AI systems more tractable does not exist. Claimants in Ireland are left with general negligence law that was never designed for black-box decision-making.

Not Toothless: The Product Liability Line

The gap is narrower than it first appears, because a second EU instrument fills part of it. The revised EU Product Liability Directive, in force since 8 December 2024, explicitly brings "software, including standalone software, AI systems... and related services" within the definition of a product, and must be transposed into Irish law by 9 December 2026 (Mason Hayes & Curran). Under it, a person harmed by a defective AI product can sue the provider directly, benefits from strict liability rather than having to prove fault, and can compel disclosure of technical evidence — with a presumption of defectiveness if a defendant refuses. That is a meaningfully lower bar than ordinary negligence.

The seam is AI sold as a service rather than embedded in a product — an internally deployed hiring algorithm or credit-scoring model that a company uses on customers rather than sells to them. It is not obvious the revised PLD reaches those cases cleanly, and without the AI Liability Directive, claimants there are back to conventional negligence law.

A Proportionate Bet, With One Loose Thread

On balance, Ireland's structure — centralized, well-resourced administrative enforcement backed by product-liability litigation for defective AI products — is a defensible and proportionate response, not a giveaway to industry. It avoids duplicating GDPR's litigation congestion while preserving a real, strict-liability route to compensation for the clearest harms. But the government should watch the service-based AI gap closely as the bill moves through the Oireachtas, rather than assume the Product Liability Directive quietly covers everything the withdrawn AI Liability Directive was meant to.

Sources & Citations

  1. DETE: Publication of the Regulation of Artificial Intelligence Bill 2026
  2. DETE: General Scheme of the Regulation of Artificial Intelligence Bill 2026
  3. William Fry: Ireland's AI Enforcement Blueprint
  4. IAPP: EU Commission Withdraws AI Liability Directive
  5. Mason Hayes & Curran: Revised Product Liability Directive and AI