An AI use policy isn't just good practice, it's increasingly what regulators expect. Having a board-approved, documented position on AI use puts your organisation on the right side of several converging regulatory requirements. Critically, it also provides evidence that the board has actively governed this risk area rather than leaving it to management by default.
-
The EU AI Act requires organisations deploying AI systems to maintain documentation of their use, including risk assessments and human oversight measures. An acceptable use policy is the foundational document that demonstrates you have considered these requirements. High-risk AI systems require specific documentation that maps directly to the accountability domain of this policy.
-
AI tools that process personal data trigger GDPR obligations regardless of where the AI provider is based. Your data and confidentiality domain should map to your existing GDPR framework, ensuring AI use is covered by your data processing records and, where relevant, Data Protection Impact Assessments.
-
Directors have a duty to ensure the organisation manages emerging risks, and AI is rapidly becoming one of those risks. Having a board-approved AI use policy demonstrates that directors have discharged their duty of care on this topic. The absence of a policy, when AI is clearly in use, is a governance gap that's increasingly difficult to defend. This is not something to delegate to IT or operations; it requires the board's explicit attention and sign-off.
-
Published in February 2026, the Regulation of Artificial Intelligence Bill 2026 implements the EU AI Act in Ireland through a distributed model of thirteen sectoral regulators coordinated by a new statutory body, the AI Office of Ireland (Oifig Intleachta Shaorga na hÉireann), to be established by August 2026. The Bill assigns market surveillance powers to existing regulators within their domains: the Central Bank for financial services, the WRC for employment, the HSE for healthcare, the DPC for data protection. Boards should understand which authority supervises AI use in their sector and ensure this policy aligns accordingly. The Oireachtas Enterprise Committee is currently conducting pre-legislative scrutiny.
Disclaimer
The AI Governance Toolkit is provided by the Institute of Directors (IoD) Ireland for general informational purposes only. It is intended as a practical guide to support members. The toolkit does not constitute legal, regulatory or professional advice. IoD Ireland accepts no liability for any loss, damage or consequence arising from the use of, or reliance on, this material.