Agnieszka Wachowska

The provisions of the EU Regulation on Artificial Intelligence (AI Act) start to come into force in stages and we are now approaching another important milestone. On 2 August 2025, further regulations will start to apply that will affect the activities of entities developing and making AI systems available, in particular the so-called General Purpose AI (GPAI) models. These models play a key role in the AI value chain, often providing the foundation for solutions developed by others. The new obligations may therefore affect not only the original suppliers of these models, but also the organisations that modify or integrate them in their products. 

On 12 February 2025, the fifth draft amendment to the National Cybersecurity System Act (UKSC) was published. The draft, dated 7 February 2025, is the next step in the implementation of the NIS 2 Directive, a key cybersecurity regulation at European Union level.

On 10 February 2025, a revised draft bill on artificial intelligence systems was published, aimed at implementing the EU AI Act in Poland. This is the second version of the draft, incorporating a series of changes based on feedback received during public consultations.

On 9 August 2024 the Electronic Communications Law was published in the Journal of Laws [1]. The new legislation, which will replace the current Telecommunications Law, introduces additional obligations for electronic communications entrepreneurs, a newly defined group of entities previously not covered by the former regulations. In this article, we explain who electronic communications entrepreneurs are and outline the obligations they will now be subject to.

On 24 April 2024, the Ministry of Digital Affairs published a draft amendment to the National Cybersecurity System Act, which is a law implementing the EU NIS 2 Directive. It is worth noting, however, that in many aspects the Polish draft law deviates from the provisions of the NIS 2 Directive.

In the world of gaming, the legality of various types of software used for cheating or “enhancing” the gaming experience (usually in the form of plug-ins) continues to be a topic of debate. In a recent legal opinion (delivered on 25 April, 2024, in case C‑159/23 Sony Computer Entertainment Europe Ltd vs Datel Design and Development Ltd, Datel Direct Ltd), Maciej Szpunar, Advocate General at the CJEU, stated that creating such plugins does not violate game developers’ copyright. This important clarification could also have a negative side effect, as it might encourage further innovation and investment in gaming “enhancements” and any other software facing similar legal issues, potentially impacting the entire IT industry.

In the age of widespread artificial intelligence (AI) integration, over 90% of programmers now utilize AI tools such as ChatGPT, Microsoft Copilot, or Github Copilot in their software development workflows. Simultaneously, legal debates persist regarding the copyright implications related to content produced using AI, which has significant ramifications. Determining whether software elements created using AI qualify for copyright protection profoundly impacts licensing and copyright transfer, affecting IT solution providers, buyers, employees, and contractors alike.

The deadline for the implementation of NIS 2 Directive (17 October 2024) is just over six months away. It is therefore a good idea to start preparations now, including verify whether the organisation has policies and procedures in place to ensure compliance with the new regulation.

On 9 November, 2023, the European Parliament adopted a compromise text for the proposal for the Data Act . The new regulation is yet to be officially adopted by the Council of the European Union, but the contents of the future EU regulation are now known.

Copyright issues related to the use of generative AI within a business have become a major concern amongst business owners. Those concerns have not gone unnoticed by some of the AI systems vendors. Recently, many of them have been promoting their AI tools by introducing mechanisms aimed at protecting users against potential IP infringements. Such tools, however, must be approached with due caution as the protection offered has its limitations and usually requires a number of additional conditions to be met.

On 3 July 2023, a government bill amending the Act on the National Cybersecurity System and certain other acts (amendment to the ANCS) was submitted to the Sejm. This happened after nearly 33 months of work on the wording of the amended legislation. The adoption of the amendment continues to face new obstacles – work on it has now been postponed, due to its referral to a public hearing to be held on 11 September 2023.

On 14 June, 2023, the European Parliament concluded many months of negotiations and adopted its position on the proposal for the Artificial Intelligence Act (AI Act).

Computer system implementation using the agile methodology was intended to remedy the problems typically experienced with projects conducted using the waterfall approach, where the time and costs of implementation are ill-judged, often making it necessary to repeatedly conclude annexes to an agreement or litigate with regard to the scope of work assigned and late delivery.

In the intense debate over the growth of artificial intelligence (AI), the system most talked about recently is ChatGPT. Until recently, the technology used in ChatGPT was considered an interesting fact, while now it has suddenly and spectacularly become part of daily life – and commerce as well.

Under article 439 of the Public Procurement Law, where public procurement agreements are concluded for a term exceeding six months, a contracting authority is required to specify the rules on adjustment (indexation) of a contractor’s fee if prices of materials or costs of performance of the contract increase.

On 15 November 2022, the government approved two legislative proposals; the Electronic Communications Law, to harmonize Polish law with the European Electronic Communications Code, and the secondary legislation implementing the Electronic Communications Law. The deadline for implementation of the EECC was 21 December 2020.

The conclusion of contracts using electronic signatures is a common practice in the IT industry. Parties residing in different parts of the world are able to sign an agreement in a short time. The solutions that technology offers are ecological and convenient. Nevertheless, when using the options supplied by providers of platforms for signing an electronic document, the legal requirements for conclusion of such contracts must be borne in mind.

On 3 October, 2022, the Government Legislation Centre published what is now the eighth version of a bill amending the National Cybersecurity System Act. The bill does not make any changes to the previously proposed group of entities that form the national cybersecurity system or those entities’ obligations. This group includes electronic communication undertakings and the Financial Supervision Authority, the President of the Office of Electronic Communication, and external SOCs. The new provisions on the national system of cybersecurity certification and instructions issued for security purposes also continue to be applicable.