Ireland: Data Protection

The Data Act introduces mandatory cloud switching provisions to prevent vendor lock-in, requiring service providers to facilitate customer transitions between data processing services without barriers or fees. This analysis examines the obligations imposed on cloud service providers, customer rights under the new framework, and the technical requirements for achieving interoperability across IaaS, PaaS, and SaaS platforms.

Ireland's implementation of AIFMD 2.0 brings significant regulatory changes for alternative investment funds, alongside evolving requirements for ESG disclosure and board effectiveness. The Central Bank of Ireland explores emerging opportunities in distributed ledger technology, tokenisation, and artificial intelligence while addressing future modifications to venture and growth capital fund regulations.

The Irish Government has unveiled its Summer 2026 Legislation Programme, introducing critical bills that will reshape the technology sector's regulatory landscape.

The European Parliament and Council are racing to finalize the EU AI Digital Omnibus Regulation before the AI Act's August 2026 deadline, with both bodies proposing significant amendments to address implementation challenges and fundamental rights concerns. Key areas of negotiation include extended timelines for high-risk AI systems, new prohibitions on non-consensual intimate imagery, and revised requirements for AI literacy and data processing.

The Central Bank of Ireland has introduced targeted amendments to its 2025 Consumer Protection Regulations, clarifying the application of suitability requirements for crypto-asset service providers under MiCA...

On 19 March 2026, the Court of Justice of the European Union (“CJEU”) delivered an important judgment concerning data subject access requests (“DSARs”). In Brillen Rottler GmbH & Co. KG v TC (Case 526/24), the CJEU clarified when a DSAR may be considered “excessive” and an abuse of one’s data protection rights under Article 12(5) GDPR. The CJEU also clarified the limits of data subjects’ right to compensation under Article 82 GDPR.

In 2025, the EU Court of Justice ("ECJ") and the General Court of the EU ("General Court") delivered several judgments that further refine and reinforce the contours of data protection law.

The various proposals to simplify the GDPR took centre stage, including the European Commission's proposed Digital Omnibus Package.

The EDPB's agenda for its monthly meeting in January 2026 includes discussion of the EDPB's position on the Draft Digital Omnibus Regulation that was published by the European Commission on 19 November 2025.