Internet Explorer 11 (IE11) is not supported. For the best experience please open using Chrome, Firefox, Safari or MS Edge

Insights Technology

Technology Law Landscape in 2025

What you need to know

Dec 05, 2024
3 min read

Several pivotal technology law regulations shaped the Irish legal landscape in the past 12 months. This included the coming into force of the EU’s AI Act and Data Act, the transposition deadline of the NIS2 Directive, and the ongoing enforcement of the DSA and GDPR.

Digital Services Act

The Digital Services Act has been fully effective in the EU since February 2024. It has established a framework for an unprecedented level of transparency, accountability and fairness for digital services in the EU. It imposes obligations in a cascading fashion, with a base level of universal obligations and more onerous obligations applying to three specific categories of larger service provider.

Some of these obligations include those applicable to hosting service providers who must respond to orders to act against illegal content on their platforms. Online marketplaces must conduct “Know Your Business Customer” checks and take steps to inform consumers if illegal products or services were sold on the marketplace.

The DSA applies where recipients of a service are based in the EU, regardless of the service provider’s place of establishment.

To learn more about how the DSA could impact your business operations in 2025:

Visit our DSA Hub

NIS2 Directive

The NIS2 Directive promotes and harmonises measures to boost the overall level of cybersecurity in the EU. The National Cyber Security Bill 2024 will transpose NIS2 into Irish law once enacted. It also provides for the establishment of the National Cyber Security Centre on a statutory footing and sets out its mandate and role in general.

The Bill's scope encompasses various sectors deemed essential and important for national security and public safety.

Stringent compliance requirements have been introduced by the Bill, which aim to ensure organisations take their cybersecurity responsibilities seriously. The obligations include putting appropriate and proportionate technical, operational and organisational measures in place. These measures need to be adopted to manage the risks posed to the security of network and information systems and the obligation to report certain incidents to the CSRIT.

The National Cyber Security Bill 2024 represents a proactive step towards safeguarding Ireland's critical infrastructure and enhancing its overall cybersecurity resilience in line with European standards, as stipulated in NIS2.

Watch our recent NIS2 webinar

Data Act

The Data Act is part of the European Commission’s larger data strategy and aims to foster a fair and competitive data economy across the EU. The rules under the Regulation are set to apply from 12 September 2025. Subject to a few exceptions, the Act will introduce rules to regulate how data is accessed, used, and shared between businesses, individuals, and the public sector.

The Data Act provides for new rights and obligations regarding the sharing of “data generated by the use of a product or related service”. This includes any data recorded intentionally by the “user”, for example weight and height in a fitness tracker. Information recorded passively like location and heart-rate in a fitness tracker when the product is in standby mode also comes within scope.

We previously explored key features of the Act that are particularly relevant to those in the digital health space.

Read the full insight

GDPR

The GDPR continued to be a cornerstone of technology law regulation in the EU, with there being several significant judicial and regulatory decisions, as well as new regulatory guidance.

Data protection regulators in the EU remain very active and your organisation should continue to build a strong foundation for ongoing GDPR compliance.

Explore our previous insight on the European Data Protection Board's guidance, featuring an AI audit checklist to help organisations assess AI systems for GDPR and AI Act compliance.

Read the full insight

What next?

Next year promises to be another pivotal period for technology and commercial law in Europe. The interplay between regulations like the EU AI Act, DSA, GDPR, and NIS2 will require businesses to adapt quickly to ensure compliance, while fostering ethical practices in AI deployment and data management.

For more information on any of the above areas, please contact a member of our Technology or Privacy & Data Security teams.

The content of this article is provided for information purposes only and does not constitute legal or other advice.



Share this:

Related Content

View All →