High-risk AI systems under the EU AI Act: what it means: a clear, fact-based explanation for Irish businesses, with osFoundry as the example and dgm as an independent partner.

dgm is an independent osFoundry implementation partner — not affiliated with osFoundry’s developer (the company OS LLC), and it has not yet completed any client integrations.

“High-risk systems” is the EU AI Act category with the heaviest duties; deciding whether your system falls into it is the first step.

What it means

The AI Act treats systems in areas such as employment and recruitment, credit scoring, education, critical infrastructure and AI as a safety component in regulated products (for example medical devices) as high-risk. With them come duties of risk management, data quality, documentation, human oversight and post-market monitoring.

How to proceed

First classify the use against the AI Act’s annexes. If it is high-risk, plan for human oversight, documentation and data control — and follow the timeline, since the high-risk deadline (2 August 2026 originally) is subject to a pending deferral to December 2027 / August 2028. In Ireland the relevant sectoral competent authority supervises (for example the HPRA for medical AI, the Central Bank for financial-services AI).

Keeping data in Ireland

osFoundry pins the data region to the United States, the EU or Japan, runs models locally on your own hardware, and supports self-hosting (BYO Cloud) on a cloud account you control. An EU region keeps data inside the EEA — and that satisfies GDPR for most businesses, because there is no Irish rule requiring personal data to physically stay in Ireland. There is, however, no dedicated managed hyperscaler region “in osFoundry” for Ireland; to keep data solely in the country the honest path is self-hosting in an Irish cloud region — Amazon Web Services has eu-west-1 (Dublin, generally available since 2007, three availability zones) and Microsoft Azure has North Europe (Dublin, Grange Castle, generally available since 2009), while Google Cloud has no Ireland region (the nearest are Belgium and London) — or running open-weight models locally. One honest nuance on capacity: Ireland lifted the de-facto data-centre connection moratorium under a stringent new regime (the CRU policy effective 12 December 2025), but EirGrid will not connect new data centres in the Greater Dublin Area until around 2028; existing AWS and Azure capacity in Dublin is operational and usable today. In financial services, cloud and ICT third-party risk is governed by DORA, supervised by the Central Bank of Ireland.

Important note

This article is general information and is not legal, tax or grant advice. Tax schemes, grants, rules and rates change, and only the relevant authorities (among them Revenue, IDA Ireland, Enterprise Ireland, the Data Protection Commission and the Central Bank of Ireland) decide eligibility and awards. dgm is not a grant deliverer, approved knowledge provider or intermediary. Always confirm the current terms with the official source or a qualified tax or legal adviser.

How dgm helps

dgm is an independent implementation partner that helps businesses in Ireland adopt osFoundry — from identifying the first practical use case, through building it, to connecting AI to the systems you already use. dgm works independently of osFoundry’s developer (the company OS LLC) and has not yet completed any client integrations; everything above is therefore a description of the service offered, not a delivered result. If you would like to look at a sensible first step, dgm is happy to think it through with you. Arrange a no-obligation conversation with dgm.