Lawyers have traditionally been guardians of certainty grounded in rules, precedent, and reason. But as artificial intelligence reshapes everything from how contracts are drafted to how justice is administered, the legal profession is no longer a distant observer of technological change but getting very close to the epicentre.
The EU AI Act, the first comprehensive regulatory framework for artificial intelligence in the world, has now been formally adopted and it will affect everything from how you advise clients to how you run your own firm.
Here we take a look at the AI Act’s origins, enforcement timelines, legal impact and what every Irish solicitor must do to prepare.
The Road to Regulation: How We Got Here
The European Commission first proposed the Artificial Intelligence Act in April 2021, as part of a broader strategy to make Europe a global leader in “trustworthy AI.” It was born from two core concerns:
A recognition of AI’s vast potential to transform society
A fear that, without safeguards, AI could undermine fundamental rights, entrench bias, and cause irreversible harm
Following intense debate, lobbying and several rewrites – particularly after the 2022 explosion of interest in generative AI like ChatGPT – agreement was reached in December 2023 between the European Parliament, Council and Commission.
The final version of the AI Act was formally passed in March 2025, published in the Official Journal in April 2025 and entered into force on 1 May 2025. Choosing regulation form rather than directive created a directly applicable legal framework in each Member State.
Key Irish Dates:
May 2025: EU AI Act entered into force across all Member States, including Ireland.
August 2025: Core prohibited practices become enforceable.
August 2026 (15 months post-entry): Main obligations for high-risk AI systems become enforceable.
2027: Additional obligations on general purpose AI such as large foundation models, come into effect.
What the AI Act Actually Regulates
At the heart of the EU AI Act is a tiered regulatory model that calibrates legal obligations to the level of risk an AI system poses to individuals and society. By anchoring enforcement in principles of safety, accountability and fundamental rights the Act achieves something rare in technology regulation – a framework that is both legally rigorous and adaptable to rapid innovation. Its ambition lies not in controlling AI itself, but in governing the conditions under which it can be trusted.
The framework is built around four distinct risk categories, each carrying its own regulatory requirements and legal consequences:
Prohibited AI – Zero Tolerance
Certain AI systems are flatly banned. These include:
Real time biometric surveillance in public spaces (with narrow exceptions)
AI that manipulates human behaviour in a harmful way
Social scoring systems by public authorities
Emotion recognition in the workplace or education
Indiscriminate scraping of biometric data from the internet
High Risk AI – Strict Regulation
These systems are allowed but only under strict conditions. They include AI used in:
Employment decisions e.g. hiring, performance evaluation
Access to public services e.g. welfare, healthcare
Law enforcement and criminal justice
Credit scoring and financial services
Critical infrastructure e.g. transport, energy, utilities
Legal services and justice administration
If your firm uses or procures tools that assist in legal reasoning, triaging client queries, evaluating evidence or automating regulatory advice you may fall within this category.
Limited Risk AI – Transparency Obligations
These systems require users to be informed that they are interacting with AI. This applies to:
Chatbots
Deepfakes
Emotion recognition systems (in most non prohibited contexts)
AI generated images, video or text
Minimal Risk AI – Unregulated
Basic systems like spam filters, document templates or simple automation tools fall into this low risk zone. These are not actively regulated but may still carry ethical and data protection considerations.
What It Means for Irish Solicitors: Five Critical Impacts
You May Already Be a “User” Under the Law
The Act imposes obligations not just on developers (called “providers”) but on users meaning any person or entity that deploys AI in a professional context.
If you:
Use legal tech powered by AI e.g. case triage, document review
Procure third party systems for AML, KYC or client screening
Use generative AI for drafting or summarising documents
You may be subject to obligations around transparency, oversight, accuracy and risk mitigation.
Your Clients Will Need Advice
Clients in high-risk sectors like finance, healthcare, HR, education, recruitment, will face sweeping compliance requirements:
Risk assessments
Data quality controls
Human in the loop oversight
Logging and audit trails
Registration in the EU AI Database
Solicitors will be needed to advise on:
Contracts for AI procurement or licensing
Privacy and data protection alignment
AI related liability clauses
Compliance audits and regulatory inspections
Your Contracts and Policies Must Change
The AI Act introduces new legal duties that affect:
Vendor agreements: Does your supplier comply?
Client terms: Do you use AI in service delivery?
Internal policies: Do staff understand what’s permitted?
AI specific clauses are now becoming standard in software contracts and professional indemnity insurance.
Your Ethical Obligations Are Evolving
While the Law Society of Ireland has not yet issued a binding Code of Conduct for AI, guidance is expected soon. In the meantime:
You must ensure competence when using AI tools
You must protect client confidentiality – especially with generative models
You must not delegate professional judgment to a machine
You Must Get Proactive Before Enforcement Hits
The Act introduces fines of up to €35 million or 7% of global turnover for serious breaches in the prohibited AI category, graduated fines for other violations plus potential criminal liability in extreme cases
The government is taking a proactive stance demonstrated by designating fifteen competent authorities and committing to establishing a National AI Office by 2026. This gives the legal community a unique platform to influence the architecture of European AI governance.
Inside the Legal Supply Chain: Where AI Will Show Up
It’s not just software vendors. The entire legal supply chain is changing. Expect AI to appear in:
Practice management software
Billing tools
Client portals (natural language intake, FAQ bots)
Legal research
Document review
Risk analysis
Every touchpoint where AI is making decisions – or even helping to – is potentially subject to the Act.
Timeline to Compliance: What Happens and When
| Date | Milestone |
| 1 May 2025 | AI Act entered into force in Ireland and all EU Member States |
| 2 August 2025 | Prohibited AI practices become illegal |
| May-August 2026 | Compliance required for high-risk AI systems |
| 2027 | Obligations for general purpose AI and foundational models |
| Ongoing | EU Commission to issue technical standards, templates and conformity tools |
What You Should Do Today
Audit Your Firm
What AI tools are in use both internally and client facing?
Who supplied them?
Do you know if they are compliant?
Update Your Risk Register
Add AI specific risks: bias, explainability, hallucinations
Review confidentiality risks with cloud based generative AI
Include AI in data protection impact assessments
Revisit Contracts and Client Engagement Letters
Add clauses disclosing AI usage where appropriate
Require warranties from vendors about compliance
Define accountability if AI causes harm
Train Your People
CPD on AI legal risk should now be mandatory
Create internal awareness of what constitutes “use” under the Act
Encourage a culture of human oversight
Position Yourself as an AI Competent Practitioner
Publish guidance for clients
Host briefings or webinars
Make AI fluency part of your firm’s brand
More than a regulatory milestone, the Act signals a fundamental shift in the conditions under which law is made, interpreted and practised. Solicitors are now operating alongside systems that learn, adapt and evolve.
Law must now evolve with them. Those who engage early, by understanding the rules, challenging outdated assumptions and guiding clients through emerging risks will build future safe firms and help shape the future of legal practice.
Resources:
Official EU AI Act Text (2025)
AI Act | Shaping Europe’s digital future – European Union





