Beyond Compliance: What the EU Artificial Intelligence Act Really Means for Irish Law Firms

Lawyers have traditionally been guardians of certainty grounded in rules, precedent, and reason. But as artificial intelligence reshapes everything from how contracts are drafted to how justice is administered, the legal profession is no longer a distant observer of technological change but getting very close to the epicentre.

The EU AI Act, the first comprehensive regulatory framework for artificial intelligence in the world, has now been formally adopted and it will affect everything from how you advise clients to how you run your own firm.

Here we take a look at the AI Act’s origins, enforcement timelines, legal impact and what every Irish solicitor must do to prepare.

The Road to Regulation: How We Got Here

The European Commission first proposed the Artificial Intelligence Act in April 2021, as part of a broader strategy to make Europe a global leader in “trustworthy AI.” It was born from two core concerns:

A recognition of AI’s vast potential to transform society

A fear that, without safeguards, AI could undermine fundamental rights, entrench bias, and cause irreversible harm

Following intense debate, lobbying and several rewrites – particularly after the 2022 explosion of interest in generative AI like ChatGPT – agreement was reached in December 2023 between the European Parliament, Council and Commission.

The final version of the AI Act was formally passed in March 2025, published in the Official Journal in April 2025 and entered into force on 1 May 2025. Choosing regulation form rather than directive created a directly applicable legal framework in each Member State.

Key Irish Dates:

May 2025: EU AI Act entered into force across all Member States, including Ireland.

August 2025: Core prohibited practices become enforceable.

August 2026 (15 months post-entry): Main obligations for high-risk AI systems become enforceable.

2027: Additional obligations on general purpose AI such as large foundation models, come into effect.

What the AI Act Actually Regulates

At the heart of the EU AI Act is a tiered regulatory model that calibrates legal obligations to the level of risk an AI system poses to individuals and society. By anchoring enforcement in principles of safety, accountability and fundamental rights the Act achieves something rare in technology regulation – a framework that is both legally rigorous and adaptable to rapid innovation. Its ambition lies not in controlling AI itself, but in governing the conditions under which it can be trusted.

The framework is built around four distinct risk categories, each carrying its own regulatory requirements and legal consequences:

Prohibited AI – Zero Tolerance

Certain AI systems are flatly banned. These include:

Real time biometric surveillance in public spaces (with narrow exceptions)

AI that manipulates human behaviour in a harmful way

Social scoring systems by public authorities

Emotion recognition in the workplace or education

Indiscriminate scraping of biometric data from the internet

High Risk AI – Strict Regulation

These systems are allowed but only under strict conditions. They include AI used in:

Employment decisions e.g. hiring, performance evaluation

Access to public services e.g. welfare, healthcare

Law enforcement and criminal justice

Credit scoring and financial services

Critical infrastructure e.g. transport, energy, utilities

Legal services and justice administration

If your firm uses or procures tools that assist in legal reasoning, triaging client queries, evaluating evidence or automating regulatory advice you may fall within this category.

Limited Risk AI – Transparency Obligations

These systems require users to be informed that they are interacting with AI. This applies to:

Chatbots

Deepfakes

Emotion recognition systems (in most non prohibited contexts)

AI generated images, video or text

Minimal Risk AI – Unregulated

Basic systems like spam filters, document templates or simple automation tools fall into this low risk zone. These are not actively regulated but may still carry ethical and data protection considerations.

What It Means for Irish Solicitors: Five Critical Impacts

You May Already Be a “User” Under the Law

    The Act imposes obligations not just on developers (called “providers”) but on users meaning any person or entity that deploys AI in a professional context.

    If you:

    Use legal tech powered by AI e.g. case triage, document review

    Procure third party systems for AML, KYC or client screening

    Use generative AI for drafting or summarising documents

    You may be subject to obligations around transparency, oversight, accuracy and risk mitigation.

    Your Clients Will Need Advice

    Clients in high-risk sectors like finance, healthcare, HR, education, recruitment, will face sweeping compliance requirements:

    Risk assessments

    Data quality controls

    Human in the loop oversight

    Logging and audit trails

    Registration in the EU AI Database

    Solicitors will be needed to advise on:

    Contracts for AI procurement or licensing

    Privacy and data protection alignment

    AI related liability clauses

    Compliance audits and regulatory inspections

    Your Contracts and Policies Must Change

    The AI Act introduces new legal duties that affect:

    Vendor agreements: Does your supplier comply?

    Client terms: Do you use AI in service delivery?

    Internal policies: Do staff understand what’s permitted?

    AI specific clauses are now becoming standard in software contracts and professional indemnity insurance.

    Your Ethical Obligations Are Evolving

    While the Law Society of Ireland has not yet issued a binding Code of Conduct for AI, guidance is expected soon. In the meantime:

    You must ensure competence when using AI tools

    You must protect client confidentiality – especially with generative models

    You must not delegate professional judgment to a machine

    You Must Get Proactive Before Enforcement Hits

    The Act introduces fines of up to €35 million or 7% of global turnover for serious breaches in the prohibited AI category, graduated fines for other violations plus potential criminal liability in extreme cases

    The government is taking a proactive stance demonstrated by designating fifteen competent authorities and committing to establishing a National AI Office by 2026. This gives the legal community a unique platform to influence the architecture of European AI governance.

    Inside the Legal Supply Chain: Where AI Will Show Up

    It’s not just software vendors. The entire legal supply chain is changing. Expect AI to appear in:

    Practice management software

    Billing tools

    Client portals (natural language intake, FAQ bots)

    Legal research

    Document review

    Risk analysis

    Every touchpoint where AI is making decisions – or even helping to – is potentially subject to the Act.

    Timeline to Compliance: What Happens and When

    DateMilestone
    1 May 2025AI Act entered into force in Ireland and all EU Member States
    2 August 2025Prohibited AI practices become illegal
    May-August 2026Compliance required for high-risk AI systems
    2027Obligations for general purpose AI and foundational models
    OngoingEU Commission to issue technical standards, templates and conformity tools

    What You Should Do Today

    Audit Your Firm

    What AI tools are in use both internally and client facing?

    Who supplied them?

    Do you know if they are compliant?

    Update Your Risk Register

    Add AI specific risks: bias, explainability, hallucinations

    Review confidentiality risks with cloud based generative AI

    Include AI in data protection impact assessments

    Revisit Contracts and Client Engagement Letters

    Add clauses disclosing AI usage where appropriate

    Require warranties from vendors about compliance

    Define accountability if AI causes harm

    Train Your People

    CPD on AI legal risk should now be mandatory

    Create internal awareness of what constitutes “use” under the Act

    Encourage a culture of human oversight

    Position Yourself as an AI Competent Practitioner

    Publish guidance for clients

    Host briefings or webinars

    Make AI fluency part of your firm’s brand

    More than a regulatory milestone, the Act signals a fundamental shift in the conditions under which law is made, interpreted and practised. Solicitors are now operating alongside systems that learn, adapt and evolve.

    Law must now evolve with them. Those who engage early, by understanding the rules, challenging outdated assumptions and guiding clients through emerging risks will build future safe firms and help shape the future of legal practice.

    Resources:

    Official EU AI Act Text (2025)

    AI Act | Shaping Europe’s digital future – European Union

    EU Commission AI Compliance Guide (2025)

    The EU AI Act Compliance Quick Guide

    Related Articles