The Data Protection Act 2018 and AI in Ireland: a clear, fact-based explanation for Irish businesses, with osFoundry as the example and dgm as an independent partner.

dgm is an independent osFoundry implementation partner — not affiliated with osFoundry’s developer (the company OS LLC), and it has not yet completed any client integrations.

The Data Protection Act 2018 gives further effect to GDPR in Ireland and sets the Data Protection Commission as the supervisory authority — the frame around any AI use that processes personal data.

What the Act does

The Data Protection Act 2018 (in force 25 May 2018) gives further effect to the GDPR and transposes the Law Enforcement Directive, and it established the Data Protection Commission. It sets conditions for processing special-category and health data. This is one EU-aligned regime — there are no parallel “data zones”.

Significance for AI

For AI projects the Act works hand in hand with GDPR: the same lawful basis, the same data-subject rights and the same controller duties. In some sectors (for example health) the Act sets additional conditions for processing special-category data.

Keeping data in Ireland

osFoundry pins the data region to the United States, the EU or Japan, runs models locally on your own hardware, and supports self-hosting (BYO Cloud) on a cloud account you control. An EU region keeps data inside the EEA — and that satisfies GDPR for most businesses, because there is no Irish rule requiring personal data to physically stay in Ireland. There is, however, no dedicated managed hyperscaler region “in osFoundry” for Ireland; to keep data solely in the country the honest path is self-hosting in an Irish cloud region — Amazon Web Services has eu-west-1 (Dublin, generally available since 2007, three availability zones) and Microsoft Azure has North Europe (Dublin, Grange Castle, generally available since 2009), while Google Cloud has no Ireland region (the nearest are Belgium and London) — or running open-weight models locally. One honest nuance on capacity: Ireland lifted the de-facto data-centre connection moratorium under a stringent new regime (the CRU policy effective 12 December 2025), but EirGrid will not connect new data centres in the Greater Dublin Area until around 2028; existing AWS and Azure capacity in Dublin is operational and usable today. In financial services, cloud and ICT third-party risk is governed by DORA, supervised by the Central Bank of Ireland.

Important note

This article is general information and is not legal, tax or grant advice. Tax schemes, grants, rules and rates change, and only the relevant authorities (among them Revenue, IDA Ireland, Enterprise Ireland, the Data Protection Commission and the Central Bank of Ireland) decide eligibility and awards. dgm is not a grant deliverer, approved knowledge provider or intermediary. Always confirm the current terms with the official source or a qualified tax or legal adviser.

How dgm helps

dgm is an independent implementation partner that helps businesses in Ireland adopt osFoundry — from identifying the first practical use case, through building it, to connecting AI to the systems you already use. dgm works independently of osFoundry’s developer (the company OS LLC) and has not yet completed any client integrations; everything above is therefore a description of the service offered, not a delivered result. If you would like to look at a sensible first step, dgm is happy to think it through with you. Arrange a no-obligation conversation with dgm.