The Data Protection Commission and AI: who regulates data?: a clear, fact-based explanation for Irish businesses, with osFoundry as the example and dgm as an independent partner.

dgm is an independent osFoundry implementation partner — not affiliated with osFoundry’s developer (the company OS LLC), and it has not yet completed any client integrations.

The Data Protection Commission (DPC) is Ireland’s data-protection regulator — and, because so many global platforms have their EU headquarters in Dublin, the lead EU supervisory authority for them under the GDPR one-stop-shop.

The DPC’s role

The DPC enforces GDPR and the Data Protection Act 2018. Under the GDPR one-stop-shop (Article 56), the supervisory authority of the country where a controller has its main establishment acts as lead supervisory authority for cross-border processing. Because the EU/EMEA headquarters of Meta, Google, Apple, TikTok and LinkedIn are in Dublin, the DPC is the lead EU regulator for their European operations — which is why several of the largest GDPR fines in EU history were issued by the DPC (for example Meta €1.2 billion in 2023, TikTok €530 million in 2025 and LinkedIn €310 million in 2024).

What it means for your business

For any processing of personal data through AI and cloud services the DPC is the relevant authority: establish a lawful basis, keep a record of processing activities and, where needed, carry out a data protection impact assessment (DPIA).

Keeping data in Ireland

osFoundry pins the data region to the United States, the EU or Japan, runs models locally on your own hardware, and supports self-hosting (BYO Cloud) on a cloud account you control. An EU region keeps data inside the EEA — and that satisfies GDPR for most businesses, because there is no Irish rule requiring personal data to physically stay in Ireland. There is, however, no dedicated managed hyperscaler region “in osFoundry” for Ireland; to keep data solely in the country the honest path is self-hosting in an Irish cloud region — Amazon Web Services has eu-west-1 (Dublin, generally available since 2007, three availability zones) and Microsoft Azure has North Europe (Dublin, Grange Castle, generally available since 2009), while Google Cloud has no Ireland region (the nearest are Belgium and London) — or running open-weight models locally. One honest nuance on capacity: Ireland lifted the de-facto data-centre connection moratorium under a stringent new regime (the CRU policy effective 12 December 2025), but EirGrid will not connect new data centres in the Greater Dublin Area until around 2028; existing AWS and Azure capacity in Dublin is operational and usable today. In financial services, cloud and ICT third-party risk is governed by DORA, supervised by the Central Bank of Ireland.

Important note

This article is general information and is not legal, tax or grant advice. Tax schemes, grants, rules and rates change, and only the relevant authorities (among them Revenue, IDA Ireland, Enterprise Ireland, the Data Protection Commission and the Central Bank of Ireland) decide eligibility and awards. dgm is not a grant deliverer, approved knowledge provider or intermediary. Always confirm the current terms with the official source or a qualified tax or legal adviser.

How dgm helps

dgm is an independent implementation partner that helps businesses in Ireland adopt osFoundry — from identifying the first practical use case, through building it, to connecting AI to the systems you already use. dgm works independently of osFoundry’s developer (the company OS LLC) and has not yet completed any client integrations; everything above is therefore a description of the service offered, not a delivered result. If you would like to look at a sensible first step, dgm is happy to think it through with you. Arrange a no-obligation conversation with dgm.