Much of the legislative position at a national level has remained unchanged from last year and the general approach of the primary regulator, the Data Protection Commission, has continued.

At the EU level, there have been a number of legislative developments which will impact on data protection and cybersecurity in Ireland, such as the entering into force of the Data Act, the AI Act, and the Cyber Resilience Act (each of which have been covered in the EU Chapter).

The date for Member States to transpose the Network and Information Systems 2 Directive (EU) 2022/2555 (“NIS2 Directive”) was the 17 October 2024. Unfortunately Ireland was among the Member States who failed to transpose the Directive by that date. The Government has produced a draft General Scheme for the National Cyber Security Bill, which will transpose NIS2 once finalized and enacted. We expect this to take place within the first half of 2025. Until then, the cybersecurity framework established under the NIS1 Directive will continue to apply.