On February 18, the government released a new legal programme that sets laws to be published or drafted as a priority for Spring 2025 (the “Program”). As expected, the programme includes legislation supporting the latest big ticket EU legislative initiatives in the technology sector: NIS2 Directive, data law and AI law.
National Cybersecurity Legislation
The National Cybersecurity Bill to transpose Network and Information Security Directive 2022/2555 (the “NIS2 Directive”) is listed as one of the preferred public invoices during the Spring 2025 session.
Ireland missed the date for the NIS2 directive of October 17, 2024. A general scheme for the National Cybersecurity Bill was published last August, but scrutiny of the assumptions is underway. The scheme designates many competent authorities for sector-specific supervision and enforcement purposes. The bill will more accurately define the scope and the organizational duties of its control bodies, designation of competent authorities, and provisions for sanctions and enforcement. It also provides the establishment of the National Cybersecurity Centre based on the clear role and delegation of the NCSC, including the National Computer Security Incident Response Team.
EU countries must apply the measures that were redirected since October 18, 2024, and Ireland has not only failed this deadline. In November 2024, the European Commission began infringement proceedings because it was unable to completely transpose the NIS2 directive by sending a formal notice letter to 23 member states.
For more information about the general scheme and NIS2 directive, see the briefing “Are you cyber-ready? Key points of the NIS2 directive’ and Video Series, Network and Information Security Directives (NIS2).
EU Data Regulations
Regulation (EU) 2023/2854 Harmonized rules for fair access and use of data (“Data Act”) ensure fairness in the allocation of data value between stakeholders in the data economy, and which data and which Make sure you are able to use the data. Under which condition. It will come into effect on January 11, 2024 and will be effective from September 12, 2025. Data laws apply directly to EU member states, but they must supplement domestic laws to identify relevant supervisory authorities/authorities. Detail the steps for the complaint mechanism.
Although it does not explicitly mention data law, the programme has the comprehensive purpose of the EU data regulation bill to create a harmonious framework for fair access and data use, and who can create value. It is described as supporting innovation and economic growth by clarifying it. Under the data and its conditions, it is tailored to the data method.
In particular, the programme assumes that the bill designates a national authority responsible for implementing and enforcing EU regulations, but with the exception of Comreg, it will not call these authorities specifically. Given the broad range of measures under the Data Act, it is possible that the bill will designate multiple competent authorities, a sector-specific, in accordance with recent trends in designating Ireland’s regulatory powers. The Digital Services Act 2024 provides a recent example of this within the digital sector. Coimisiún Na Meán is a digital service coordinator, leading competent authority and designating the Competitive and Consumer Protection Commission as a competent authority to take certain responsibilities to the online marketplace. Similarly, the cybersecurity bill and proposals for legislation for artificial intelligence regulations (hereinafter referred to as) are not all centralized regulators, but many sector-specific regulators that have authority over a particular legislative region with regard to the relevant sectors. It appears to be assuming that. Sector.
In fact, EU countries can appoint one (or more) competent authorities, but respect the capabilities of sectoral authorities due to issues related to specific sector data access and their applications. You need to make sure that you need to do so. With regard to Comreg, the Data Act provides the application and enforcement of Article 31 (Switching Data Processing Services) and Article 34 (Interoperability with Data Processing Services) of the Data Act, which provides experience in the field of data and electronic communication services. A competent authority to have. With regard to the protection of personal data under the Data Act, the supervisory authority responsible for monitoring the application of the GDPR is assigned the responsibility to monitor the application of the Data Act under the Data Protection Commission. Data coordinators must be designated from among them to promote cooperation and to be relevant to applications and enforcement where multiple competent bodies have been appointed under the data law.
The EU Data Regulations Bill is a priority for drafting session 2025 this spring.
For more information about data methods, we leverage the power of data based on Briefing Part 1: Data Method and Video Series Data Act Video Series.
Regulation of the Artificial Intelligence Bill
The purpose of the bill is to have full effect on EU regulations 2024/1689. It is not listed as a priority bill for drafting this spring session, but it is within the category “All other laws for the spring session.” It designates the national authority responsible for implementing and implementing EU regulations and provides penalties for non-compliance.
The directly applicable AI law will come into effect on August 1, 2024, and the provisions will begin in stages until August 2027. EU countries must designate national supervisory authorities (“at least one” market watchdog and “market watchdog.” By August 2, 2025, at least one notification authority.” Enterprise, Trade Employment The ministry held public consultations last year on the national implementation process, which called for opinions on the composition of the state. A competent authority for the implementation of the law. There was no clear consensus, but many respondents said, ” It proposes a “hybrid” approach, reporting that a central coordination body is working with sector-specific authorities. The head of the bill is in preparation.
More information about the AI Act is available in the video series, the EU AI Act, and the latest briefings on AI, as well as the EU Commission guidelines on prohibited AI practices.
Criminal Justice (Protection, Storage and Access of Data on Information Systems) and Criminal Justice (Bank of International Cooperation) Bill
The E-Evidence package, including Regulation (EU) 2023/1543 and Directive (EU) 2023/1544, implements a more efficient alternative mechanism for the current regime for cross-border law enforcement demands in the European Union I aim to do that. These two bills will advance their application in Ireland. The General Criminal Justice Scheme (Protection, Storage and Access of Data on Information Systems) bill was published by the Department of Justice in 2024. Preliminary measurement and thorough inspection completed in March 2024. The Criminal Justice (Protection, Storage and Access of Data on Information Systems) bill will take effect on many provisions of the Budapest Treaty on Cybercrime, the EU e-Evidence Regulations (((()) EU) 2021/784) and Online Regulations for EU Terrorists ((EU) 2021/784).
The Criminal Justice (International Cooperation Agency) bill provides for the establishment of a new criminal justice sector entity that incorporates the functions of regulatory and competent authority to fulfill Irish duties under e-evidence regulations and legal representatives ( Directive 2023/1544). The head of the bill is currently in preparation.
More information about the e-Evidence package is available through the briefing, E-Evidence Package: a new regime of cross-border law.
