What happened
On 30 June 2026, Ireland's National Cyber Security Centre (NCSC), under the Department of Justice, Home Affairs and Migration, published 'Securing AI Adoption in the Public Sector' — formal cybersecurity guidance for Irish public-sector bodies adopting AI. The guidelines are accompanied by an 'NCSC AI Cyber Security Risk Assessment' document cataloguing principal threats to AI deployments. The guidelines: cover the full AI system lifecycle from design through secure retirement; provide risk-scaled, flexible measures; include worked examples; align explicitly with ETSI EN 304 223 (the European baseline standard for securing AI); and act as the cybersecurity companion to the DPER 'Guidelines for the Responsible Use of AI in the Public Service'. They fulfil a commitment in the February 2026 'Digital Ireland' national strategy. The NCSC notes the principles are applicable beyond the public sector to any organisation.
Why it matters
This is the first national-level AI cybersecurity guideline formally pegged to ETSI EN 304 223 published by an EU member state in this window. It creates a de facto baseline for Irish public-sector AI procurement and deployment security, and — given its explicit EU AI Act compliance framing — provides a concrete implementation model for the broader EU public sector. Its lifecycle approach (design → deployment → retirement) and risk-assessment companion make it immediately actionable.
Action needed
Irish public-sector bodies should immediately download and apply the guidelines and accompanying Risk Assessment. Private-sector organisations and non-Irish EU entities should map the guidance against their own AI deployment lifecycle controls and cross-reference with ETSI EN 304 223.