Irish AI Bill 2026: Upon Reflection

The short version

Ireland is writing its first AI Bill. I read it. I submitted to the consultation before the 13 April deadline. I also made a 90-second video about the five things I think Ireland needs to get right.

This post is the long form of that video. Same five topics, same argument, much more room to breathe. It is the version for people who want to dig into the substance: the actual gaps in the General Scheme, the specific recommendations I put in front of the Joint Committee, and the sources underneath them.

If you want the full 8-section submission with every recommendation spelled out, it lives at /submissions/ai-bill-2026. This post is the editorial.

Why I made a submission at all

I am not a policy professional. I am a full-stack software engineer, the parent of a minimally verbal autistic 8-year-old, and a member of the Autism Innovation Strategy Oversight and Advisory Group. I build open-source AI infrastructure and products for people mainstream AI leaves out.

The reason I wrote the submission is simple. On the day I was finalising it, Robert Scoble, one of the most visible technology commentators of the last two decades, posted this:

"If you had AGI would you release it to the world? I wouldn't. I would fix the bugs in the world first. This technology in the wrong hands would harm us all. In good hands it will help all."

I agree with the sentiment. I disagree with the method. The bugs in the world are unequal access. The K-shaped economy, where AI accelerates the wealth and capability of those who already have both while leaving behind those who do not, is a bug. The neurodivergent adult who cannot hold a job because no tool has ever been built to work with how their mind works, that is a bug. The citizen who cannot afford a subscription to the most powerful AI systems that their employed, connected, resourced neighbours use every day, that is a bug.

You do not fix those bugs by waiting. You fix them by giving the tool to the people the bugs were built to exclude. First.

That is the frame of everything below.

One. AI-DHD.

For neurodivergent people, AI is not a productivity tool. It is the first assistive technology in history that actually works with how our brains function. Not around them. With them.

The General Scheme contains no specific provisions for neurodivergent users and no specific provisions for AI systems used with or by children. The EU AI Act lists "children" as a vulnerability category in its prohibited practices, but those protections are framed as prohibitions on manipulation, not as affirmative design obligations. The Act tells you what you cannot do to children. It does not tell you what you must build for them.

That asymmetry matters. The default in software is still interfaces designed for neurotypical adults with stable working memory, stable attention, and high tolerance for friction. If regulation only specifies what cannot be done, nothing gets built for the people most excluded from the current wave. You end up regulating the edges of a product category that was never designed for them in the first place.

What I asked for in the submission:

1. Mandatory COPPA/GDPR-equivalent provisions for AI systems used with or by children under 16, enforceable by the AI Office. Not just GDPR's data minimisation. Affirmative AI-specific design standards.
2. Neurodivergent accessibility requirements for AI systems that reach a market threshold: cognitive load standards, ADHD and autism-adapted interfaces, plain language requirements.
3. Zero commercial profiling for AI systems primarily used by minors, with civil penalties enforceable by the AI Office rather than the DPC alone.

I run 8gent Jr, a personalised AI OS for neurodivergent children (ADHD, autism, dyslexia), under an internal constitutional article that bans data monetisation, requires parental consent for all data, and mandates deletion on request. I wrote that rule into the product because the regulatory framework gives parents no enforceable rights against AI products used with their children. The Bill is Ireland's chance to give them those rights by default.

Two. The K-shape.

Two Irelands are forming.

A K-shaped economy describes a divergence in outcomes. Some people and sectors are propelled upward by a technology. Others, unable to access or afford it, fall behind at an accelerating rate. This is not a theoretical risk. It is the observable pattern from every major wave of digital technology adoption.

With AI, three things make the divergence worse than previous cycles:

1. The capability gap compounds. A developer with a state-of-the-art AI coding agent finishes work in hours that takes days without it. A small business owner with access to AI analysis tools makes decisions with better information than competitors without. Over time, this advantage is not additive. It is multiplicative.
2. The best AI is expensive and opaque. The most capable models are provided by three private American corporations (OpenAI, Anthropic, Google) whose pricing, data practices, and strategic priorities are determined entirely by shareholder interests. Access is gated by subscriptions that are meaningful amounts of money for individuals, small businesses, students, and public sector workers on modest incomes.
3. The people who need it most are least likely to have it. Workers in industries facing displacement, students preparing for a changed labour market, citizens navigating complex state services. The list of people AI would most transform is almost identical to the list of people least likely to be paying for premium AI subscriptions.

What I asked for:

The AI Bill should treat AI access as a public infrastructure question, not solely a market question. Specifically, Ireland should establish a programme to provide free, high-quality AI services to every PPSN holder in the state. A Universal Basic AI access scheme.

This is not a radical proposal. Ireland already provides free public libraries, healthcare, and education as public goods. AI, at this juncture in history, is becoming as foundational as literacy. The state has both the opportunity and the obligation to ensure that the K-shaped divergence is actively counteracted, not passively accelerated.

What I am building is a small-scale version of what such infrastructure would require: a model proxy, an open agent orchestration layer, a data-sovereign API gateway. I am one person. But the architecture is legible, and Ireland already has the technical expertise to design this at national scale. Not over years of procurement cycles. With the right people in the room, the design work could be done in months.

The urgency is real. Almost every Irish citizen using AI daily is doing so through systems that harvest their data for commercial purposes and are legally subject to foreign government access. Which is Topic Four.

Three. AI Agents.

The General Scheme, like the EU AI Act itself, was designed for AI systems with defined inputs and outputs. A model that classifies text, generates an image, provides a recommendation. It was not designed for autonomous AI agents: systems that take sequences of actions over time, use tools, execute code, browse the web, manage files, and make decisions without a human confirming each step.

I build one of these. 8gent Code is an open-source autonomous coding agent. When it runs, it can read and write files on a user's machine, execute shell commands, open pull requests on GitHub, browse the web and summarise findings. Agents like this are not edge cases. They are the default mode of the next wave of AI products, and the Bill as written has nothing to say about them.

The accountability questions the General Scheme does not answer:

• Who is the "provider" of an agent action? The model provider (Anthropic, OpenAI)? The agent framework (8GI)? The user who approved the task?
• When an agent takes an action that causes harm, deletes a file, commits broken code, executes a malicious command, what liability framework applies?
• How does the "human oversight" requirement of the AI Act apply to agentic systems where the entire value proposition is reducing the need for step-by-step human intervention?

What I asked for:

1. Define "agentic AI systems" distinct from static AI models.
2. Clarify the provider/deployer liability chain for multi-step autonomous actions.
3. Establish that "meaningful human oversight" for agents means task-level approval (what job to do), not action-level approval (each individual step). Without this clarification, agentic AI becomes legally impossible to operate.

The AI Office should have convened a dedicated working group on this before the Bill was drafted. It still can, before enactment. The alternative is a regulatory regime that either bans agents accidentally or fails to regulate them at all.

Four. Sovereignty.

France just acted. Ireland hasn't.

On 10 April 2026, France officially announced the removal of Microsoft Windows from all government desktops, affecting 2.5 million civil servants. DINUM, France's Interministerial Digital Directorate, published the decision following an interministerial seminar on 8 April 2026. Each ministry must formalise an implementation plan by autumn 2026 covering desktop systems, collaboration tools, antivirus software, AI, databases, virtualisation, and network equipment.

French Minister David Amiel stated the effort was to "regain control of our digital destiny" by reducing reliance on US technology companies. This follows France's earlier migration of 80,000 National Health Insurance Fund employees to open-source alternatives, and a commitment to move all 2.5 million civil servants off US video conferencing tools by 2027.

France is not alone.

• Austria's armed forces have switched from Microsoft Office to LibreOffice.
• Denmark's government has committed to the same.
• The German state of Schleswig-Holstein has migrated 44,000 employee inboxes away from Microsoft to open-source alternatives.

A G7 nation has now formally recognised US technology dependency as a strategic risk and is acting to eliminate it. Ireland's AI Bill contains no equivalent recognition of this risk, no roadmap to address it, and no acknowledgement that the AI systems Irish citizens and public bodies rely on daily are structurally subject to foreign intelligence access.

The legal frame matters here. The US CLOUD Act (2018) allows US law enforcement to compel American technology companies to produce data held anywhere in the world. FISA Section 702 allows the US intelligence community to compel US service providers to give access to communications of non-US persons outside the United States. Both apply directly to the AI systems most commonly used by Irish citizens, businesses, and public bodies: OpenAI, Google, Anthropic, Microsoft. Queries, outputs, and associated data are, under US law, potentially accessible to US law enforcement and intelligence agencies, without a warrant issued by an Irish court, without notification to the user, and without any recourse under Irish or EU law.

GDPR does not close this. The Schrems II decision (2020) invalidated the previous data transfer framework precisely because of US intelligence access concerns. Subsequent EU-US agreements have not resolved the underlying legal conflict between US surveillance law and EU data rights. The General Scheme of the AI Bill does not address it either.

What I asked for:

1. Any AI system operating in Ireland that is subject to foreign government access laws must disclose this clearly and prominently to users at the point of use.
2. Irish citizens should have an enforceable right to know whether AI systems they interact with can be accessed by foreign intelligence agencies, actionable through the AI Office, not only through the DPC.
3. Public sector bodies procuring AI systems should be required to assess and disclose foreign access risk as part of procurement.
4. Ireland should develop a national digital sovereignty strategy following the France/Austria/Denmark/Germany precedent, with a timeline for migrating critical government infrastructure to open-source, European-controlled alternatives. The AI Office should advise on this strategy as it relates to AI systems.

With Ireland assuming the EU Presidency in 2026, the once-in-a-generation window to lead on this is now. Not next term. Now.

Five. Open Source.

The alternative to Big Tech AI is already running. The question is whether the regulatory environment makes it possible or kills it before it can compete.

The General Scheme does not clearly define how open-source AI systems are classified under the high-risk categories. This creates material compliance uncertainty for small Irish foundations and developers who release software under open licences (Apache 2.0, MIT, GPL).

Under the EU AI Act, open-source GPAI model providers have reduced obligations if they do not "place the model on the market" commercially. But the downstream deployers of those models, including open-source agent frameworks, sit in a legal grey zone. If my open-source software is used by a third party in a high-risk context, am I the provider, the deployer, or neither? Without guidance, the compliance burden falls disproportionately on small open-source maintainers who have no visibility into how their software is used downstream.

The second issue is the AI regulatory sandbox. It is well-designed for startups and SMEs, but its current framing assumes participants are commercial entities seeking market authorisation. Open-source foundations like 8GI are not placing products on the market. We are building commons infrastructure. The sandbox as written has no clean door for us to walk through.

What I asked for:

1. The AI Office should publish guidance specifically addressing open-source AI frameworks and agents, distinguishing open-source model providers (Meta, Mistral), open-source agent frameworks (8gent Code, AutoGPT), and end users who deploy those frameworks in specific contexts.
2. Create an Open-Source Track in the sandbox for non-commercial foundations operating under OSI-approved licences.
3. Allow sandbox participation without requiring a commercial entity. A registered foundation, collective, or individual developer should be eligible.
4. Use sandbox-tested open-source AI infrastructure as a reference implementation for compliance guidance, rather than expecting open-source maintainers to navigate the same process as enterprise deployers.

The point is not to exempt open source from accountability. It is to make sure that when accountability is distributed, it lands in the right place, not dumped on whoever has no legal team to push back.

The structural argument underneath all five

One thing I want editorial and research readers to sit with before clicking away.

We are currently building the governance framework for the most powerful general-purpose technology ever deployed, using the commercial model providers as the primary reference point for what AI should look like. That is structurally similar to asking oil majors to draft climate law in 1985.

OpenAI, the company that triggered the current wave of public AI adoption, has undergone a governance transformation from non-profit to for-profit that its own board attempted to reverse and failed. Its stated mission of "safe and beneficial AI for all of humanity" has been superseded in practice by competitive pressure to ship and fundraise. The company has dismissed safety researchers, accelerated deployment timelines against internal advice, and lobbied against regulation.

Google DeepMind and Anthropic, companies with more principled founding documents, operate under the same structural constraint: they are commercial entities accountable to investors, not to the public. Their safety commitments, however sincerely held by the individuals within them, are not enforceable obligations. They are PR positions.

This is not a personal criticism of the individuals at these companies, many of whom are acting in good faith. It is a structural observation. The people who benefit most financially from AI being deployed with minimal regulation are the same people being asked to self-govern AI deployment. That arrangement has never worked in any other industry. There is no reason to expect it to work here.

In conversations I call this the Spalding Paradox: the entities with the most commercial interest in minimal AI regulation are the entities dominating AI governance consultations. The paradox is not intellectual. It is structural. And the only way out of it is to put non-commercial builders (open-source foundations, academic researchers, disability advocates, parents, teachers) in the room during consultation, not after enactment.

That is why I submitted. That is why this post exists.

Community

Five topics. Five days.

I am bringing each of these to the community on LinkedIn, X, and Threads this week. One topic a day. Weigh in wherever you are.

If you want the full 8-section submission with every recommendation spelled out, it lives at /submissions/ai-bill-2026. If you are a teacher, a researcher, a journalist, a policymaker, or an organiser and something in here is useful to your work: use it. Cite it. Push back on it. Steal the arguments and make them better. That is the whole point.

The K divides. The 8 connects.