AI in healthcare compliance in Ireland: HPRA, MDR and health data: a clear, fact-based explanation for Irish businesses, with osFoundry as the example and dgm as an independent partner.

dgm is an independent osFoundry implementation partner — not affiliated with osFoundry’s developer (the company OS LLC), and it has not yet completed any client integrations.

Compliance for AI in health in Ireland combines protection of special-category personal data (GDPR), medical-device regulation (the MDR and the HPRA) and — under the EU AI Act — the high-risk category.

The frameworks

Patient data is special-category personal data (GDPR Article 9). Software that is a medical device (SaMD) is regulated under the EU MDR, with the HPRA as the Irish competent authority. AI used for a medical purpose is high-risk under the EU AI Act, and the MDCG 2025-6 guidance clarifies how the AI Act and the MDR interact — AI Act obligations layer on top of MDR conformity assessment rather than replacing it. The forthcoming European Health Data Space (EHDS) will add an EU-level health-data layer.

What it means in practice

An AI tool that functions as a medical device needs a conformity route (MDR/HPRA) before clinical use. Administrative tools (appointment booking, documentation) are usually outside that category but still subject to GDPR and health-data rules.

Keeping data in Ireland

osFoundry pins the data region to the United States, the EU or Japan, runs models locally on your own hardware, and supports self-hosting (BYO Cloud) on a cloud account you control. An EU region keeps data inside the EEA — and that satisfies GDPR for most businesses, because there is no Irish rule requiring personal data to physically stay in Ireland. There is, however, no dedicated managed hyperscaler region “in osFoundry” for Ireland; to keep data solely in the country the honest path is self-hosting in an Irish cloud region — Amazon Web Services has eu-west-1 (Dublin, generally available since 2007, three availability zones) and Microsoft Azure has North Europe (Dublin, Grange Castle, generally available since 2009), while Google Cloud has no Ireland region (the nearest are Belgium and London) — or running open-weight models locally. One honest nuance on capacity: Ireland lifted the de-facto data-centre connection moratorium under a stringent new regime (the CRU policy effective 12 December 2025), but EirGrid will not connect new data centres in the Greater Dublin Area until around 2028; existing AWS and Azure capacity in Dublin is operational and usable today. In financial services, cloud and ICT third-party risk is governed by DORA, supervised by the Central Bank of Ireland.

Important note

This article is general information and is not legal, tax or grant advice. Tax schemes, grants, rules and rates change, and only the relevant authorities (among them Revenue, IDA Ireland, Enterprise Ireland, the Data Protection Commission and the Central Bank of Ireland) decide eligibility and awards. dgm is not a grant deliverer, approved knowledge provider or intermediary. Always confirm the current terms with the official source or a qualified tax or legal adviser.

How dgm helps

dgm is an independent implementation partner that helps businesses in Ireland adopt osFoundry — from identifying the first practical use case, through building it, to connecting AI to the systems you already use. dgm works independently of osFoundry’s developer (the company OS LLC) and has not yet completed any client integrations; everything above is therefore a description of the service offered, not a delivered result. If you would like to look at a sensible first step, dgm is happy to think it through with you. Arrange a no-obligation conversation with dgm.