New NCSC Guidelines to Help Secure AI Adoption in Public Service

The National Cyber Security Centre has published new guidelines to help Ireland's public sector adopt AI securely, backed by a new risk assessment.

New NCSC Guidelines to Help Secure AI Adoption in Public Service

Ireland's National Cyber Security Centre (NCSC) has published new guidelines to help public sector bodies adopt artificial intelligence securely, backed by a companion risk assessment setting out the main cyber security risks linked to AI deployment.

The guidelines, titled Securing AI Adoption in the Public Sector, were published on 30 June 2026 by the NCSC, which operates under the Department of Justice, Home Affairs and Migration. They were published with the support of the Department of Public Expenditure, Infrastructure, Public Service Reform and Digitalisation (DPER) and the Department of Enterprise, Trade and Employment (DETE), which leads on the implementation of the EU AI Act.

The guidelines are accompanied by an AI Cyber Security Risk Assessment, which sets out the principal cyber security risks associated with AI deployments. Where the risk assessment identifies the risks, the guidelines set out concrete, actionable measures to prevent or mitigate them across the full life cycle of an AI system, from design and development through to deployment, maintenance and secure retirement.

The measures are deliberately flexible, with how they are applied varying according to the type and complexity of each deployment. The guidelines include worked examples to help organisations apply them in practice.

While the guidelines are designed for the public sector, the NCSC says the principles and measures they set out are applicable to organisations of every kind. The NCSC has said it will continue to publish supportive guidance on the secure deployment of AI over the coming months.

The guidelines deliver on a commitment under Digital Ireland – Connecting our People, Securing our Future, the National Digital and AI Strategy published by the Government in February 2026, which committed the NCSC to publishing guidance on the secure use of AI in the public service. They form part of a wider package of Government support for the responsible and secure adoption of AI across the public service, and are the cyber security companion to DPER's guidelines for the Responsible Use of AI in the Public Service, published in 2025. The guidelines align with ETSI EN 304 223, the European baseline standard for securing AI, and support compliance with both the EU AI Act and the NIS2 Directive.

Dr Richard Browne, Director of the National Cyber Security Centre:

"AI is changing the world of cyber security for attackers and defenders alike. Part of these guidelines are about ensuring public bodies can take full advantage of it, adopting AI in a way that strengthens how we secure our networks and systems rather than exposing them to new risk. They are built on international standards and set out clear, practical steps any organisation can follow, whatever the scale of its project. This is part of a sustained programme of support from the NCSC."

Jack Chambers TD, Minister for Public Expenditure, Infrastructure, Public Service Reform and Digitalisation:

"The public service is already doing excellent work in putting AI to use, to improve how it serves the public, and these guidelines are designed to support and build on that. They give public sector bodies another practical tool to deploy AI with confidence, alongside our guidelines for the Responsible Use of AI in the Public Service. Our focus is on enabling the public service to keep moving forward with this technology, and to do so securely and responsibly."

Jim O'Callaghan TD, Minister for Justice, Home Affairs and Migration:

"AI is a powerful tool, and the public service must look at the best ways to deploy it. My priority is to make sure it is adopted in a way that protects the security of our public sector bodies and our national security. Through the National Cyber Security Centre, my department is giving public sector bodies the practical tools to do exactly that, to take advantage of what AI offers while keeping their systems, their data, and the State secure."

The NCSC leads the management of major cyber security incidents across government, provides guidance and advice to citizens and businesses on major cyber security incidents, and builds strong international relationships within the global cyber security community for information-sharing purposes. The full guidelines can be read at Securing AI: Cyber Security Guidelines for the Irish Public Sector, with the accompanying NCSC AI Cyber Security Risk Assessment: Public Sector Deployment available separately.

Follow our WhatsApp ChannelLive Alerts