Ireland is the EU establishment of choice for many of the world's largest technology platforms. That position now carries a sharper compliance edge. The Coimisiún na Meán (Ireland's Media Commission), designated as Ireland's Digital Services Coordinator under the EU Digital Services Act (DSA), has moved from its initial supervisory phase into active enforcement mode. Companies that treated earlier guidance as advisory reading must now treat it as binding obligation – and the window for remediation is closing.
The EU Digital Services Act applies in Ireland as directly applicable EU regulation, enforced by Coimisiún na Meán as the national Digital Services Coordinator. Intermediary service providers – including online platforms, hosting services, and very large online platforms – must meet layered obligations covering transparency, algorithmic accountability, and complaint-handling. Non-compliant entities face fines that can reach a significant share of global annual turnover, with enforcement proceedings already opened against several Ireland-based operators.
This alert sets out which business categories are affected, the applicable thresholds, the current compliance timeline, and five immediate actions that international companies operating through Ireland should take now.
What has changed – the regulatory development and its scope
The DSA entered into force across the EU in late 2022. Its obligations became applicable to very large online platforms and very large online search engines first, followed by a broader rollout to all in-scope intermediaries. Ireland's role is distinctive. Because a large number of major technology companies are established in Ireland for EU purposes. Coimisiún na Meán functions as the lead Digital Services Coordinator for many enforcement matters that effectively determine DSA compliance across the entire single market.
The regulatory development that triggers this alert is the shift from implementation guidance to active supervisory oversight. Coimisiún na Meán has published its supervisory priorities, opened formal proceedings in several matters, and issued detailed compliance expectations under Ireland's technology legislation and the directly applicable EU rules. This is no longer a preparatory phase.
Three categories of obligation are now under direct scrutiny. First, transparency reporting – platforms must publish regular reports on content moderation, algorithmic systems, and advertising. Second, algorithmic accountability – providers must offer users the ability to opt out of recommendation systems based on profiling. Third, software liability and notice-and-action mechanisms – hosting services must implement accessible, effective channels for reporting illegal content and act on valid notices within defined timelines.
For companies operating AI-driven recommendation engines, the intersection with AI Act compliance adds a further layer. Systems that qualify as high-risk AI under EU AI legislation must satisfy both DSA transparency requirements and AI Act conformity obligations simultaneously. These two bodies of law operate in parallel, not in sequence. Companies that have mapped their AI Act exposure but not their DSA posture are operating with an incomplete picture.
Technology licensing arrangements also require review. Where a company licenses its platform technology to an Irish-registered entity that operates the digital service, the question of who bears DSA compliance responsibility. licensor. Licensee. Alternatively, both. is a live legal question that practitioners in Ireland are working through on a matter-by-matter basis.
For companies whose intellectual property and technology licensing structures in Ireland were designed before the DSA entered into force, a structural review is likely overdue.
Who is affected – threshold criteria and business categories
The DSA creates a tiered structure. All intermediary services are subject to a baseline set of obligations. The tier that attracts the most intensive requirements is that of very large online platforms and very large online search engines – those with at least 45 million average monthly active users in the EU. Those entities are subject to direct European Commission supervision as well as national coordinator oversight.
Below that threshold, the following categories fall under Coimisiún na Meán's direct supervision where they are established in Ireland:
- Online platforms making their service available to EU users, regardless of where the end users are located
- Hosting service providers, including cloud infrastructure businesses with Irish establishments
- Online intermediaries – including app stores, B2B software marketplaces, and API aggregators – that facilitate transactions between businesses and consumers
- Providers of online search functionality, even where search is embedded within a larger product
A company does not need to be headquartered in Ireland to fall within scope. The DSA applies to any provider that offers digital services to EU recipients. However, if the company's EU establishment is in Ireland, Coimisiún na Meán is the competent authority. This is the key structural fact for the technology sector: Ireland's role as EU hub means that Irish-established entities carry a disproportionate share of DSA compliance responsibility relative to their size.
Small and micro enterprises – broadly, those with fewer than 50 employees and annual turnover below EUR 10 million – benefit from certain exemptions from the more burdensome obligations. However, those exemptions do not apply to illegal content reporting obligations or to the basic transparency requirements. In practice, even small Irish-established technology companies are not fully outside the DSA's reach.
To receive an expert assessment of your DSA exposure and compliance posture in Ireland, contact us at info@ferrazwhitmore.com.
What to do now – immediate actions and timeline
The following five actions are appropriate for international technology companies with Irish establishments or with significant EU user bases served through Ireland.
1. Map your DSA tier and identify your competent authority. Determine whether your service qualifies as an intermediary, hosting provider, online platform, or very large platform. If your principal EU establishment is Ireland, confirm that Coimisiún na Meán is your lead Digital Services Coordinator. Companies with establishments in multiple EU member states need to identify where the "main establishment" is for DSA purposes – this is not always the registered office.
2. Audit algorithmic systems for DSA and AI Act compliance overlap. If your service uses recommendation algorithms, content-ranking systems. Alternatively. Profiling-based targeting, assess whether those systems require a DSA-compliant opt-out mechanism and whether they also qualify as high-risk AI systems under AI regulation. Both bodies of law may apply. An audit that addresses only one creates residual exposure under the other. The AI and technology law practice in Ireland at Ferraz & Whitmore advises on integrated DSA and AI Act compliance strategies.
3. Review notice-and-action mechanisms for illegal content. Every in-scope hosting service must maintain an accessible, single-point mechanism for reporting illegal content. The mechanism must be easy to use, generate confirmations, and produce outcomes within a defined period. Many platforms that have a reporting button do not yet have the backend process – logging, prioritisation, decision timelines, appeals – to satisfy the DSA's operational requirements.
4. Update transparency reporting obligations. Online platforms must publish transparency reports covering content moderation decisions, removals, and the use of automated tools. The first reporting cycle has already passed for larger entities. Smaller platforms newly in scope should identify their reporting obligations and build the data collection infrastructure now, before a reporting deadline triggers an enforcement inquiry.
5. Review technology licensing and software liability allocation. Where digital services in Ireland are operated under licence from a non-Irish parent or technology partner. The licence agreement should be reviewed to confirm how DSA compliance responsibilities are allocated. Ambiguity in contractual arrangements about who is the "provider" of the digital service is a source of enforcement risk for both parties. Irish technology legislation does not automatically resolve this ambiguity in favour of either the licensor or the licensee.
Companies that have already received supervisory correspondence from Coimisiún na Meán should treat that correspondence as a formal trigger requiring a structured response, not an invitation to begin internal discussions. Timelines set in supervisory letters are generally non-extendable without a formal request.
For a tailored strategy on DSA compliance and digital services regulation in Ireland, reach out to info@ferrazwhitmore.com.
Further context on comparable regulatory developments in other EU jurisdictions is available in our alert on digital services regulation in Portugal.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm based in Lisbon, advising technology companies, institutional investors, and international businesses on digital services regulation, AI Act compliance, and technology licensing across 46 jurisdictions. As a law firm in Ireland and across the EU, we combine Portuguese civil law expertise with English common law tradition to deliver integrated cross-border compliance strategies. Our AI and technology law team includes practitioners with experience advising on algorithmic accountability, software liability, and regulatory engagement before EU and national supervisory authorities. We work with in-house legal teams and C-suite executives who need results-oriented counsel across multiple legal systems. Engaging a lawyer in Ireland with cross-border technology experience early in a compliance cycle consistently reduces enforcement exposure. To discuss your situation under Ireland's digital services regulation, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.