KG LEGAL \ INFO
BLOG

Blog home > IT, NEW TECHNOLOGIES, MEDIA AND COMMUNICATION TECHNOLOGY LAW > PRIVACY, DATA PROTECTION, AI AND CYBERSECURITY – LAW MAP

PRIVACY, DATA PROTECTION, AI AND CYBERSECURITY – LAW MAP

Publication date: September 15, 2025

The phenomenon of dispersion of data law sources   

Data law is no longer just about GDPR. The European Union’s legislative trend of incorporating data law regulations into comprehensive sectoral regulations: healthcare, financial markets, corporate stock market law, the defense industry, electronic communications, and the phenomenon of fair competition in trade, is resulting in a significant fragmentation of legal sources, the core subject of which is “DATA AND DATA PROTECTION

The interpenetration and interaction of the sources of law in the shape of an atom

The dispersion of legal acts at the legislative level, whether uniform for all European Union countries, or the Polish system and agencies within Polish jurisdiction, can be illustrated as a kind of legislative hive or the construction of an atom, which is focused on two axes: 1/ vertical as the law of privacy protection and generating funds on private data, and 2/ horizontal as the protection of non-private data and business processes, the financial market, the pharmaceutical and health market, and the defense sector.

AI LAW

Within the atomic framework of “data, data access, and data processing”, the normative needs of cutting-edge technology, generative AI, should be highlighted. This is directly related to the legal environment of AI-based software, DEEP AND MACHINE LEARNING. The era of generative AI necessitates the creation of new regulations, as such a technological leap significantly complicates the legal relationships of economic participants. A key example is

The spherical nature of data law has at its core the law created for the competences of individual agencies and consumer protection.

The rise of cyber, defense, and data law regulations

The year 2025 is a legislative year during the technological revolution of generative AI. It is worth noting, above all, the significant, slow, decisive, and consistent growth of personal data protection law, projecting a very clear trend of supplementing the level of legislation regarding the protection of non-personal data.

The forecast based on the current legislative initiative points to a very significant increase in cybersecurity law. This is a rapid and elliptical, massive expansion of cybersecurity law as part of an “offensive” of multiplying very extensive cybersecurity regulations.

Cybersecurity regulations are a particularly prominent legislative line within data law. Cybersecurity law shares many common points with defense industry regulations.

CYBERSECURITY

This is due to the fact that cybersecurity focuses on two separate problems that required a separate legal environment:

1/ the first is cybercrime and data leakage area;

The European Union, ENISA, and Polish legislation and agencies such as CSIRT Poland and the Polish Office of Electronic Communications are creating new regulations against hacker attacks and data leaks, which constitute online crimes against property. These are legal tools for the justice system, regulatory authorities, and victims of crimes such as random attacks, i.e., for ransom. This classic online crime has its own legal regulations surrounding data theft and data leaks for ransom, or crimes involving the use of specific email communications to trigger online banking transfers and the identity of bank account holders.

  Rising global cost of cybercrime 1287 password attacks per second (date as of 2023)  
$3 TRILLION  $8 TRILLION  $10.5 TRILLION  
201520232025

– Microsoft data provided at the NDIA conference organized by ETI in Washington DC August 2023.

The goals of this legal community group are:

– computer systems that infect and secretly download data and do not interfere with the system’s functionality (an infected router with additional spyware in addition to the usual internet data transmission function – and this is a private theft patent for the purpose of stealing passwords to private content);

– software that interferes with the system by breaking security to destroy relevant data.

2/ the second is the cyber battlefield and spying tools on the Internet

Defence industry sector law, in addition to regulatory law such as the Chips Act for the creation of semiconductors, is rapidly evolving within the framework of cybersecurity law in the defence industry.

This is the result of changes in the needs of the defense sector, especially in the context of the Ukrainian conflict, which is neighboring Poland – the member of the EU and NATO. The conflict remains relevant because the first days of this armed conflict have already shown that, in addition to kinetic military measures concerning conventional objectives such as closing the ring around Kyiv, or through the initial drone revolution and jamming, concentrating the front line towards Odessa (southeastern Ukraine), cyberspace and data processing constitute a separate theater of war.

Therefore, for the Polish legal jurisdiction, in addition to the legal environment of the kinetic component (new law on drones or the issue of new technologies in cooperation with the jurisdiction of the USA, other countries of the North Atlantic Alliance, South Korea or Ukraine), it is the components of cybersecurity and network protection against disinformation (the influencer component) that are the key issues in cybersecurity law.

Therefore, the subject of cybersecurity law comprises three components of military cyber activity: kinetic, cyber and influence, regarding the weakening of the battlefield momentum, internal and external support and all of them concern data processing processes including:

– systems of destructive attacks on operational logistics systems and the transport sector;

– government network systems;

– critical infrastructure such as the functioning of public institutions, for example power plants;

– disruption of information and disinformation processes of media companies;

– destructive attacks and data infiltration.

An additional third legal challenge is the phenomenon of OSINT (Open-Source Intelligence Services) as information tracking.

OSINT as the analysis and tracing of analytical information is the analysis of data for the purposes of commentary in social media such as YT channels with commentary content from former military personnel when tracking armed conflicts, analysis of private stages of conflict development or the operation of new cybernetic and technological military technologies.

The legal environment for such OSINT encompasses the assessment of compliance with cyber law, media and press law, military and state secrets, electronic communications law, and data protection. It also addresses the protection of the interests of such online creators and influencers and freedom of content on social media. The complexity of the legality of the problem provides a new content phenomenon in Polish social media, such as comments on the Ukrainian conflict, assessments of how UV drone technology works and military methods of drone attacks (one of the first examples is the method of attacking a military ship using UV).

OSINT, as the acquisition of information about a debtor’s assets, is a legal field related to civil procedure to gain a procedural advantage in civil courts. It is also regulated by many telecoms’ regulatory provisions, data protection laws, and privacy laws. Modern methods of obtaining information also primarily concern the legality of the legal environment surrounding the use of OPSEC systems – that is, the anonymity of the entity collecting such information- such as the use of the TOR network on the Linux operating system, which makes it hard or even impossible to determine the location of an internet user. Another example of the subject of assessing the legality of analytical OSINT is the use of modern all-in-one investigation platforms, like Maltego, to collect data to, for example, identify participants in the crypto market.

Currently, NIS directives implement a number of regulations into the Polish legal system that underpin the legality of OTC securities trading platforms on the FOREX market. This is an example where the legality of implementing a financial market securities trading platform on the websites of professional brokers poses significant difficulties.

MAIN SECTORS AND VECTORS OF THE DATA LAW MAPS

The main areas of sectoral regulatory law that governs cybersecurity and data protection are:

  • HEALTH, PHARMACEUTICALS AND PHARMACEUTICAL INDUSTRY DATA (EHDS initiative);
  • GENERATIVE AI and NEW TECHNOLOGICAL PROGRESS; (AI ACT and AI procedures on sensitive data are the main basis for assessing that AI is a high-risk system);
  • FINANCIAL SECTOR and cyber resilience of the financial sector and the problem related to blocking leverage services with financial instruments that operate at the system boundary of the scope of action of the EU agency ESMA dealing with the stock exchange and the problem of the functioning of the financial instruments market;
    • Of particular interest to the law in this sector is software that gives an advantage to stock brokers and special regulations blocking the international freedom of these online services. This concerns legal protections for consumers against speculation in financial derivatives. It is worth mentioning the ESMA regulations and the NIS 1 and NIS 2 directives. The DORA regulation, which concerns cybersecurity of data in banks and stock exchanges, and the CER directive are key.
    • Poland has a special act on internet incidents and an act on the cybersecurity system.
  • PERSONAL DATA PROTECTION LAW, INCLUDING SENSITIVE DATA, where, in addition to the GDPR, the Polish jurisdiction has an entire range of guidelines from the European Data Protection Board (one of the latest guidelines concerns data processing on blockchain).
  • NON-PERSONAL DATA PROTECTION LAW, DATABASES AND DATA ACT.

Data Law Map

Cybersecurity and Defense

  • Regulation (EU) 2024/2847 (Cyber Resilience Act) (23/10/2024)
  • Regulation (EU) 2023/1781 (Chips Act) (13/09/2023)
  • Regulation (EU) 2022/2554 (DORA) (14/12/2022)
    • Regulation (EU) 2025/295 supplementing DORA (24/11/2024)
  • Regulation (EU) 2016/679 (GDPR) (27/04/2016)
  • Directive (EU) 2022/2555 (NIS 2) (14/12/2022)
  • Directive (EU) 2022/2557 (CER) (14/12/2022)
  • Act on the protection of personal data processed in connection with the prevention and combating of crime (14/12/2018)
  • Act on the national cybersecurity system (05/07/2018)
    • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
    • Act amending certain acts related to the functioning of government administration (15/05/2024)
    • Act amending certain acts regarding protective measures in connection with the spread of the SARS-CoV-2 virus (14/05/2020)
    • Act amending the Education Law and certain other acts (16/10/2019)
  • Personal Data Protection Act (10/05/2018)
    • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)

Health and Pharmaceutical Industry

  • Regulation (EU) 2025/327 (EHDS) (11/05/2025)
  • Regulation (EU) 2024/1689 (AI Act) (13/06/2024)
  • Regulation (EU) 2024/903 (Interoperable Europe Act) (13/03/2024)
  • Regulation (EU) 2017/745 (MDR) (05/04/2017)
  • Regulation (EU) 2017/746 (IVDR) (05/04/2017)
  • Regulation (EU) 2016/679 (GDPR) (27/04/2016)
  • Directive (EU) 2022/2555 (NIS 2) (14/12/2022)
  • Directive (EU) 2022/2557 (CER) (14/12/2022)
  • Act on clinical trials of medicinal products for human use (09/03/2023)
  • Act on the national cybersecurity system (05/07/2018)
    • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
    • Act amending certain acts related to the functioning of government administration (15/05/2024)
    • Act amending certain acts regarding protective measures in connection with the spread of the SARS-CoV-2 virus (14/05/2020)
    • Act amending the Education Law and certain other acts (16/10/2019)
  • Act on Medical Activity (15/04/2011)
    • Act amending the Act on State Emergency Medical Services and certain other acts (24/04/2025)
    • Act amending the Act on health care services financed from public funds and certain other acts (05.12.2024)
    • Act amending the Act on the Postgraduate Medical Education Center and certain other acts (27/11/2024)
    • Act amending the Act on Patients’ Rights and the Patient Ombudsman and certain other acts (26/06/2023)
    • Act amending the Act on health care services financed by public funds and certain other acts (17/11/2021)
    • Act amending the Act on health care services financed by public funds and certain other acts (11/08/2021)
    • Act amending the Act on health care services financed by public funds and certain other acts (10/12/2020)
    • Act amending certain acts to ensure the availability of medical personnel during the period of declaration of an epidemic threat or epidemic state (27/11/2020)
    • Act amending certain acts in connection with counteracting crisis situations related to the occurrence of COVID-19 (28/10/2020)
    • Act amending certain acts to ensure the functioning of health care in connection with the COVID-19 epidemic and after its termination (14/08/2020)
    • Act amending certain acts in the field of the health care system related to the prevention, counteraction and combating of COVID-19 (31/03/2020)
    • Act amending the Commercial Companies Code and certain other acts (19/07/2019)
    • Act amending the Pharmaceutical Law and certain other acts (26/04/2019)
    • Act amending the Act on the principles of state property management and certain other acts (21/02/2019)
    • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
    • Act amending the Act on health care services financed by public funds and certain other acts (05/07/2018)
    • Act amending the Act on Public-Private Partnership and certain other acts (05/07/2018)
    • Act amending the Pharmaceutical Law and certain other acts (07.06.2018)
    • Act amending the Act on health care services financed by public funds and certain other acts (12/04/2018)
    • Act amending the Act on Medical Activity (25/09/2015)
    • Act amending the Act on State Emergency Medical Services, the Act on Medical Activity and the Act amending the Act on Medical Activity and certain other acts (25/09/2015)
    • Act amending the Act on the professions of nurse and midwife and certain other acts (11/09/2015)
    • Act amending the Act on medical devices and certain other acts (11/09/2015)
    • Act amending the Act on Medical Activity (24/04/2015)
    • Act amending the Act on health care services financed by public funds and certain other acts (22/07/2014)
    • Act amending the Public Procurement Law and certain other acts (14/03/2014)
    • Act amending the Act on Medical Activity and certain other acts (14/06/2012)
  • Regulation of the Minister of Health on the types of medical documentation of occupational health services, the method of maintaining and storing it, and the templates of the documents used (29/07/2010)
    • Regulation of the Minister of Health amending the regulation on the types of medical documentation of the labor service, the method of keeping and storing it and the templates of the documents used (28/08/2024)

Artificial Intelligence and Technological Progress

  • Regulation (EU) 2024/1689 (AI Act) (13/06/2024)
  • Regulation (EU) 2024/903 (Interoperable Europe Act) (13/03/2024)
  • Regulation (EU) 2023/1781 (Chips Act) (13/09/2023)
  • Regulation (EU) 2022/2554 (DORA) (14/12/2022)
    • Regulation (EU) 2025/295 supplementing DORA (24/11/2024)
  • Regulation (EU) 2018/1807 (14/11/2018)
  • Regulation (EU) 2017/745 (MDR) (05/04/2017)
  • Regulation (EU) 2017/746 (IVDR) (05/04/2017)
  • Directive (EU) 2019/1024 (20/06/2019)
  • Directive (EU) 2002/58 (12/07/2002)
  • Act on the national cybersecurity system (05/07/2018)
    • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
    • Act amending certain acts related to the functioning of government administration (15/05/2024)
    • Act amending certain acts regarding protective measures in connection with the spread of the SARS-CoV-2 virus (14/05/2020)
    • Act amending the Education Law and certain other acts (16/10/2019)

Finances

  • Regulation (EU) 2022/2554 (DORA) (14/12/2022)
    • Regulation (EU) 2025/295 supplementing DORA (24/11/2024)
  • Regulation (EU) 2017/2394 (12/12/2017)
    • Directive (EU) 2024/1799 amending Regulation (EU) 2017/2394, Directive (EU) 2019/771 and Directive (EU) 2020/1828 (13/06/2024)
    • Directive (EU) 2019/771 amending Regulation (EU) 2017/2394 and Directive (EU) 2009/22 and repealing Directive (EU) 1999/44 (20/05/2019)
    • Regulation (EU) 2018/302 amending Regulation (EU) 2006/2004, Regulation (EU) 2017/2394 and Directive 2009/22 (28/02/2018)
  • Regulation (EU) 2016/679 (GDPR) (27/04/2016)
  • Regulation (EU) 648/2012 (EMIR) (04/07/2012)
    • Regulation (EU) 2021/23 amending Regulation (EU) 1095/2010, Regulation (EU) 648/2012, Regulation (EU) 600/2014, Regulation (EU) 806/2014, Regulation (EU) 2015/2365, Directive (EU) 2002/47, Directive (EU) 2004/25, Directive (EU) 2007/36, Directive (EU) 2014/59 and Directive (EU) 2017/1132 (16.12.2020)
    • Regulation (EU) 2017/2402 amending Directive (EU) 2009/65, Directive (EU) 2009/138, Directive (EU) 2011/61, Regulation (EU) 1060/2009 and Regulation (EU) 648/2012 (12/12/2017)
    • Regulation (EU) 2015/2365 amending Regulation (EU) 648/2012 (25/11/2015)
    • Regulation (EU) 600/2014 amending Regulation (EU) 648/2012 (15/05/2014)
    • Directive (EU) 2014/59 amending Directive (EU) 82/891, Directive (EU) 2001/24, Directive (EU) 2002/47, Directive (EU) 2004/25, Directive (EU) 2005/56, Directive (EU) 2007/36, Directive (EU) 2011/35, Directive (EU) 2012/30, Directive (EU) 2013/36 and Regulation (EU) 1093/2010 and Regulation (EU) 648/2012 (15/05/2014)
    • Regulation (EU) 575/2013 amending Regulation (EU) 648/2012 (26/06/2013)
  • Directive (EU) 2022/2555 (NIS 2) (14/12/2022)
  • Directive (EU) 2022/2557 (CER) (14/12/2022)
  • Directive (EU) 2020/1828 (25/11/2020)
    • Directive (EU) 2024/1799 amending Regulation (EU) 2017/2394, Directive (EU) 2019/771 and Directive (EU) 2020/1828 (13/06/2024)
    • Regulation (EU) 2022/1925 amending Directive (EU) 2019/1937 and Directive (EU) 2020/1828 (14/09/2022)
  • Directive (EU) 2015/2366 (PSD 2) (25/11/2015)
  • Directive (EU) 96/9 (11/03/1996)
    • Directive (EU) 2019/790 amending Directive (EU) 98/9 and Directive (EU) 2001/29 (17/04/2019)
  • Act on Trading in Financial Instruments (29/07/2005)
    • Act amending the Act on the Defense of the Homeland and certain other acts (25/06/2025)
    • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
    • Act amending the Act on Trading in Financial Instruments (24/06/2025)
    • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
    • Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Supervision and certain other acts (06.12.2024)
    • Act amending certain acts in connection with ensuring the development of the financial market and the protection of investors on this market (16/08/2023)
    • Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee System and Compulsory Restructuring and certain other acts (14/04/2023)
    • Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts (01.12.2022)
    • Act amending certain acts to simplify administrative procedures for citizens and entrepreneurs (07/10/2022)
    • Act amending the Act on the Prison Service and certain other acts (22/07/2022)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (01/10/2021)
    • Act amending the Act on the Capacity Market and certain other acts (23/07/2021)
    • Act amending the Act on investment funds and management of alternative investment funds and certain other acts (23/07/2021)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (21/01/2021)
    • Act amending the Act on special solutions related to the prevention, counteraction and combating of COVID-19, other infectious diseases and crisis situations caused by them, and certain other acts (31/03/2020)
    • Act amending the Act on Government Administration Departments and certain other acts (23/01/2020)
    • Act amending the Commercial Companies Code and certain other acts (30/08/2019)
    • Act amending the Commercial Companies Code and certain other acts (19/07/2019)
    • Act amending the Act on Financial Market Supervision and certain other acts (15/03/2019)
    • Act amending certain acts in connection with ensuring the application of GDPR (21/02/2019)
    • Act amending certain acts in connection with strengthening supervision over the financial market and investor protection on this market (09/11/2018)
    • Act amending certain acts to introduce simplifications for entrepreneurs in tax and economic law (09/11/2018)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (01/03/2018)
    • Act amending the Act on certain rights of employees of the office serving the minister responsible for internal affairs and officers and employees of offices supervised by that minister, and certain other acts (09/11/2017)
    • Act amending the Penal Code and certain other acts (23/03/2017)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (10/02/2017)
    • Act amending the Act on Investment Funds and certain other acts (32/03/2016)
    • Act amending acts regulating the conditions of access to the practice of certain professions (05/08/2015)
    • Act amending the Act on Competition and Consumer Protection and certain other acts (05/08/2015)
    • Act amending the Act on Capital Market Supervision and certain other acts (12/06/2015)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (05.12.2014)
    • Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms being part of a financial conglomerate and certain other acts (24/04/2014)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (24/10/2012)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (16/09/2011)
    • Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision (28/04/2011)
    • Act amending the Banking Act, the Insurance Act, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act (25/06/2010)
    • Act amending the Act on Trading in Financial Instruments (22 January 2010)
    • Act amending the Act on toll motorways and the National Road Fund and the Act on trading in financial instruments (20/11/2009)
    • Act amending the Commercial Companies Code and the Act on Trading in Financial Instruments (05.12.2008)
    • Act amending acts to standardize IT terminology (04/09/2008)
  • Banking law (29/08/1997)
    • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
    • Act amending certain acts in order to deregulate economic and administrative law and improve the principles of developing economic law (21/05/2025)
    • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
    • Act amending the Act on Development Cooperation and certain other acts (20/03/2025)
    • Act amending the Act on Goods and Services Tax, the Act on Excise Duty and certain other acts (24/01/2025)
    • Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Supervision and certain other acts (06.12.2024)
    • Act amending the Act on the exchange of tax information with other countries and certain other acts (23/05/2024)
    • Act amending certain acts in connection with ensuring the development of the financial market and the protection of investors on this market (16/08/2023)
    • Act amending certain acts to limit certain effects of identity theft (07/07/2023)
    • Act amending the Act on Goods and Services Tax and certain other acts (26/05/2023)
    • Act amending the Act on Goods and Services Tax and certain other acts (14/04/2023)
    • Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee System and Compulsory Restructuring and certain other acts (14/04/2023)
    • Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts (01.12.2022)
    • Act amending the Excise Duty Act and certain other acts (01.12.2022)
    • Act amending acts to counteract usury (06/10/2022)
    • Act amending the Act on the Prison Service and certain other acts (22/07/2022)
    • Act amending the Act on Assistance to Citizens of Ukraine in Connection with the Armed Conflict on the Territory of That State and Certain Other Acts (08/04/2022)
    • Act amending certain acts in order to improve the terminological consistency of the legal system (01/10/2021)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (01/10/2021)
    • Act amending the Act on Tax on Goods and Services and the Act – Banking Law (11/08/2021)
    • Act amending the Act on the Bank Guarantee Fund, the deposit guarantee system and compulsory restructuring and certain other acts (08/07/2021)
    • Act amending the Act on Goods and Services Tax and certain other acts (27/11/2020)
    • Act amending the Act – Code of Civil Procedure and certain other acts (13/02/2020)
    • Act amending the Act on Government Administration Departments and certain other acts (23/01/2020)
    • Act amending the Act on enforcement proceedings in administration and certain other acts (11/09/2019)
    • Act amending the Act on Goods and Services Tax and certain other acts (09/08/2019)
    • Act amending certain acts to reduce regulatory burdens (31/07/2019)
    • Act amending certain acts in order to reduce payment backlogs (19/07/2019)
    • Act amending the Act on support for borrowers in financial difficulties who have taken out a housing loan and certain other acts (04/07/2019)
    • Act amending the Act on Employee Capital Plans, the Act on the Organization and Operation of Pension Funds and the Banking Law (16/05/2019)
    • Act amending the Act on Financial Market Supervision and certain other acts (15/03/2019)
    • Act amending certain acts in connection with ensuring the application of GDPR (21/02/2019)
    • Act amending the Act on the Bank Guarantee Fund, the deposit guarantee system and compulsory restructuring and certain other acts (17/01/2019)
    • Act amending certain acts in connection with strengthening supervision over the financial market and investor protection on this market (09/11/2018)
    • Act amending the Act on the National Revenue Administration and certain other acts (November 9, 2018)
    • Act amending the Act on payment services and certain other acts (10/05/2018)
    • Act amending the Act on payment services and certain other acts (22/03/2018)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (01/03/2018)
    • Act amending the Act on certain rights of employees of the office serving the minister responsible for internal affairs and officers and employees of offices supervised by that minister, and certain other acts (09/11/2017)
    • Act amending the Penal Code and certain other acts (23/03/2017)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (10/02/2017)
    • Act amending the Act – Code of Civil Procedure and certain other acts (15/12/2016)
    • Act amending the Act – Family and Guardianship Code and certain other acts (10/06/2016)
    • Act amending the Act on Investment Funds and certain other acts (31/03/2016)
    • Act amending the Act on payment terms in commercial transactions, the Civil Code and certain other acts (09/10/2015)
    • Act amending the Banking Law and certain other acts (25/09/2015)
    • Act amending the Act on Competition and Consumer Protection and certain other acts (05/08/2015)
    • Act amending the Civil Code, the Code of Civil Procedure and certain other acts (10/07/2015)
    • Act amending the Act on Capital Market Supervision and certain other acts (12/06/2015)
    • Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms being part of a financial conglomerate and certain other acts (24/04/2014)
    • Act amending the Act on Financial Market Supervision and certain other acts (23/10/2013)
    • Act amending the Banking Law and the Investment Funds Act (19/04/2013)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (24/10/2012)
    • Act amending the Banking Law and the Consumer Credit Act (19/08/2011)
    • Act amending the Banking Law and certain other acts (29/07/2011)
    • Act amending the Banking Law and certain other acts (10/06/2011)
    • Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision (28/04/2011)
    • Act amending the Banking Law, the Insurance Activity Act, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act (25/06/2010)
    • Act amending the Act on the Bank Guarantee Fund and the Banking Law (16/07/2009)
    • Act amending the Act on cooperative savings and credit unions and the Banking Law (18/06/2009)
    • Act amending the Act on the Bank Guarantee Fund and other acts (23/10/2008)
    • Act amending acts to standardize IT terminology (04/09/2008)
    • Act amending the Banking Law (04/09/2008)
    • Act amending the Act on bailiffs and enforcement and certain other acts (24/05/2007)
    • Act amending the Banking Law (26/01/2007)
    • Act amending the Banking Law (18/10/2006)
    • Act amending the Act on the Protection of Classified Information and certain other acts (15/04/2005)
    • Act amending and repealing certain acts in connection with the Republic of Poland’s accession to the EU (20/04/2004)
    • Act amending the Banking Law Act and other acts (01/04/2004)
    • Act amending the Act – Law on Public Trading in Securities and amending other acts (12/03/2004)
    • Act amending the Act on the National Bank of Poland and other acts (18 December 2003)
    • Act amending the Commercial Companies Code and certain other acts (12/12/2003)
    • Act amending the Act on the Social Insurance System and certain other acts (18 December 2002)
    • Act amending the Tax Ordinance Act and certain other acts (12/09/2002)
    • Act amending the Banking Law (27/07/2002)
    • Act amending the Act on Mortgage Bonds and Mortgage Banks and amending certain other acts (05/07/2002)
    • Act on transformations in the customs administration and on amending certain acts (20/03/2002)
    • Act on changes in the organization and functioning of central government administration bodies and their subordinate units and on amending certain acts (01.03.2002)
    • Act amending the Act on bailiffs and execution and amending certain other acts (18/09/2001)
    • Act amending the Banking Law and other acts (23/08/2001)
    • Act amending the Police Act, the Insurance Act, the Banking Law, the County Self-Government Act and the Act – Provisions introducing acts reforming public administration (27/07/2001)
    • Act amending the Act on the Bank Guarantee Fund and the Banking Law (15/12/2000)
    • Act amending the Penal Code, the Code of Criminal Procedure, the Act on Combating Unfair Competition, the Public Procurement Act and the Banking Law (09/09/2000)
    • Act amending the Act on the Bank Guarantee Fund and certain other acts (09/04/1999)

Access to Information

  • Regulation (EU) 2025/327 (EHDS) (11/05/2025)
  • Regulation (EU) 2023/2854 (Data Act) (13/12/2023)
  • Regulation (EU) 2022/868 (Data Governance Act) (30/05/2022)
  • Regulation (EU) 2018/1807 (14/11/2018)
  • Regulation (EU) 2018/1725 (EUDPR) (23/10/2018)
  • Regulation (EU) 2016/679 (GDPR) (27/04/2016)
  • Directive (EU) 2019/1024 (20/06/2019)
  • Directive (EU) 2000/31 (e-commerce directive) (08.06.2000)
  • Electronic Communications Law (12/07/2024)
    • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
    • Act amending the Act on State Emergency Medical Services and certain other acts (24/04/2025)
  • Personal Data Protection Act (10/05/2018)
    • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
  • Detective Services Act (06/07/2011)
    • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
    • Act amending certain acts in connection with the standardization of certain templates of documents in administrative procedures (24/04/2014)
    • Act amending the Act on detective services (26/11/2010)
    • Act amending certain acts in connection with the entry into force of the Protocol to the Agreement between the European Community and its Member States, of the one part, and the Swiss Confederation, of the other, on the free movement of persons (05.09.2008)
  • Act on Trading in Financial Instruments (29/07/2005)
    • Act amending the Act on the Defense of the Homeland and certain other acts (25/06/2025)
    • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
    • Act amending the Act on Trading in Financial Instruments (24/06/2025)
    • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
    • Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Supervision and certain other acts (06.12.2024)
    • Act amending certain acts in connection with ensuring the development of the financial market and the protection of investors on this market (16/08/2023)
    • Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee System and Compulsory Restructuring and certain other acts (14/04/2023)
    • Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts (01.12.2022)
    • Act amending certain acts in order to simplify administrative procedures for citizens and entrepreneurs (07/10/2022)
    • Act amending the Act on the Prison Service and certain other acts (22/07/2022)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (01/10/2021)
    • Act amending the Act on the Capacity Market and certain other acts (23/07/2021)
    • Act amending the Act on investment funds and management of alternative investment funds and certain other acts (23/07/2021)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (21/01/2021)
    • Act amending the Act on special solutions related to the prevention, counteraction and combating of COVID-19, other infectious diseases and crisis situations caused by them, and certain other acts (31/03/2020)
    • Act amending the Act on Government Administration Departments and certain other acts (23/01/2020)
    • Act amending the Commercial Companies Code and certain other acts (30/08/2019)
    • Act amending the Commercial Companies Code and certain other acts (19/07/2019)
    • Act amending the Act on Financial Market Supervision and certain other acts (15/03/2019)
    • Act amending certain acts in connection with ensuring the application of GDPR (21/02/2019)
    • Act amending certain acts in connection with strengthening supervision over the financial market and investor protection on this market (09/11/2018)
    • Act amending certain acts in order to introduce simplifications for entrepreneurs in tax and economic law (09/11/2018)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (01/03/2018)
    • Act amending the Act on certain rights of employees of the office serving the minister responsible for internal affairs and officers and employees of offices supervised by that minister, and certain other acts (09/11/2017)
    • Act amending the Penal Code and certain other acts (23/03/2017)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (10/02/2017)
    • Act amending the Act on Investment Funds and certain other acts (32/03/2016)
    • Act amending acts regulating the conditions of access to certain professions (05/08/2015)
    • Act amending the Act on Competition and Consumer Protection and certain other acts (05/08/2015)
    • Act amending the Act on Capital Market Supervision and certain other acts (12/06/2015)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (05.12.2014)
    • Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms being part of a financial conglomerate and certain other acts (24/04/2014)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (24/10/2012)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (16/09/2011)
    • Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision (28/04/2011)
    • Act amending the Banking Act, the Insurance Act, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act (25/06/2010)
    • Act amending the Act on Trading in Financial Instruments (22 January 2010)
    • Act amending the Act on toll motorways and the National Road Fund and the Act on trading in financial instruments (20/11/2009)
    • Act amending the Commercial Companies Code and the Act on Trading in Financial Instruments (05.12.2008)
    • Act amending acts to standardize IT terminology (04/09/2008)
  • Banking law (29/08/1997)
    • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
    • Act amending certain acts in order to deregulate economic and administrative law and improve the principles of developing economic law (21/05/2025)
    • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
    • Act amending the Act on Development Cooperation and certain other acts (20/03/2025)
    • Act amending the Act on Goods and Services Tax, the Act on Excise Duty and certain other acts (24/01/2025)
    • Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Supervision and certain other acts (06.12.2024)
    • Act amending the Act on the exchange of tax information with other countries and certain other acts (23/05/2024)
    • Act amending certain acts in connection with ensuring the development of the financial market and the protection of investors on this market (16/08/2023)
    • Act amending certain acts to limit certain effects of identity theft (07/07/2023)
    • Act amending the Act on Goods and Services Tax and certain other acts (26/05/2023)
    • Act amending the Act on Goods and Services Tax and certain other acts (14/04/2023)
    • Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee System and Compulsory Restructuring and certain other acts (14/04/2023)
    • Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts (01.12.2022)
    • Act amending the Excise Duty Act and certain other acts (01.12.2022)
    • Act amending acts to counteract usury (06/10/2022)
    • Act amending the Act on the Prison Service and certain other acts (22/07/2022)
    • Act amending the Act on Assistance to Citizens of Ukraine in Connection with the Armed Conflict on the Territory of That State and Certain Other Acts (08/04/2022)
    • Act amending certain acts in order to improve the terminological consistency of the legal system (01/10/2021)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (01/10/2021)
    • Act amending the Act on Tax on Goods and Services and the Act – Banking Law (11/08/2021)
    • Act amending the Act on the Bank Guarantee Fund, the deposit guarantee system and compulsory restructuring and certain other acts (08/07/2021)
    • Act amending the Act on Goods and Services Tax and certain other acts (27/11/2020)
    • Act amending the Act – Code of Civil Procedure and certain other acts (13/02/2020)
    • Act amending the Act on Government Administration Departments and certain other acts (23/01/2020)
    • Act amending the Act on enforcement proceedings in administration and certain other acts (11/09/2019)
    • Act amending the Act on Goods and Services Tax and certain other acts (09/08/2019)
    • Act amending certain acts to reduce regulatory burdens (31/07/2019)
    • Act amending certain acts in order to reduce payment backlogs (19/07/2019)
    • Act amending the Act on support for borrowers in financial difficulties who have taken out a housing loan and certain other acts (04/07/2019)
    • Act amending the Act on Employee Capital Plans, the Act on the Organization and Operation of Pension Funds and the Banking Law (16/05/2019)
    • Act amending the Act on Financial Market Supervision and certain other acts (15/03/2019)
    • Act amending certain acts in connection with ensuring the application of GDPR (21/02/2019)
    • Act amending the Act on the Bank Guarantee Fund, the deposit guarantee system and compulsory restructuring and certain other acts (17/01/2019)
    • Act amending certain acts in connection with strengthening supervision over the financial market and investor protection on this market (09/11/2018)
    • Act amending the Act on the National Revenue Administration and certain other acts (November 9, 2018)
    • Act amending the Act on payment services and certain other acts (10/05/2018)
    • Act amending the Act on payment services and certain other acts (22/03/2018)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (01/03/2018)
    • Act amending the Act on certain rights of employees of the office serving the minister responsible for internal affairs and officers and employees of offices supervised by that minister, and certain other acts (09/11/2017)
    • Act amending the Penal Code and certain other acts (23/03/2017)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (10/02/2017)
    • Act amending the Code of Civil Procedure and certain other acts (15/12/2016)
    • Act amending the Act – Family and Guardianship Code and certain other acts (10/06/2016)
    • Act amending the Act on Investment Funds and certain other acts (31/03/2016)
    • Act amending the Act on payment terms in commercial transactions, the Civil Code and certain other acts (09/10/2015)
    • Act amending the Banking Law and certain other acts (25/09/2015)
    • Act amending the Act on Competition and Consumer Protection and certain other acts (05/08/2015)
    • Act amending the Civil Code, the Code of Civil Procedure and certain other acts (10/07/2015)
    • Act amending the Act on Capital Market Supervision and certain other acts (12/06/2015)
    • Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms being part of a financial conglomerate and certain other acts (24/04/2014)
    • Act amending the Act on Financial Market Supervision and certain other acts (23/10/2013)
    • Act amending the Banking Law and the Investment Funds Act (19/04/2013)
    • Act amending the Act on Trading in Financial Instruments and certain other acts (24/10/2012)
    • Act amending the Banking Law and the Consumer Credit Act (19/08/2011)
    • Act amending the Banking Law and certain other acts (29/07/2011)
    • Act amending the Banking Law and certain other acts (10/06/2011)
    • Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision (28/04/2011)
    • Act amending the Banking Law, the Insurance Activity Act, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act (25/06/2010)
    • Act amending the Act on the Bank Guarantee Fund and the Banking Law (16/07/2009)
    • Act amending the Act on cooperative savings and credit unions and the Banking Law (18/06/2009)
    • Act amending the Act on the Bank Guarantee Fund and other acts (23/10/2008)
    • Act amending acts to standardize IT terminology (04/09/2008)
    • Act amending the Banking Law (04/09/2008)
    • Act amending the Act on court bailiffs and enforcement and certain other acts (24/05/2007)
    • Act amending the Banking Law (26/01/2007)
    • Act amending the Banking Law (18/10/2006)
    • Act amending the Act on the Protection of Classified Information and certain other acts (15/04/2005)
    • Act amending and repealing certain acts in connection with the Republic of Poland’s accession to the EU (20/04/2004)
    • Act amending the Banking Law Act and other acts (01/04/2004)
    • Act amending the Act – Law on Public Trading in Securities and amending other acts (12/03/2004)
    • Act amending the Act on the National Bank of Poland and other acts (18 December 2003)
    • Act amending the Commercial Companies Code and certain other acts (12/12/2003)
    • Act amending the Act on the Social Insurance System and certain other acts (18 December 2002)
    • Act amending the Tax Ordinance Act and certain other acts (12/09/2002)
    • Act amending the Banking Law (27/07/2002)
    • Act amending the Act on Mortgage Bonds and Mortgage Banks and amending certain other acts (05/07/2002)
    • Act on transformation of the customs administration and on amending certain acts (20/03/2002)
    • Act on changes in the organization and functioning of central government administration bodies and their subordinate units and on amending certain acts (01/03/2002)
    • Act amending the Act on bailiffs and execution and on amending certain other acts (18/09/2001)
    • Act amending the Banking Law and other acts (23/08/2001)
    • Act amending the Police Act, the Insurance Act, the Banking Law, the County Self-Government Act and the Act – Provisions introducing acts reforming public administration (27/07/2001)
    • Act amending the Act on the Bank Guarantee Fund and the Banking Law (15/12/2000)
    • Act amending the Penal Code, the Code of Criminal Procedure, the Act on Combating Unfair Competition, the Public Procurement Act and the Banking Law (09/09/2000)
    • Act amending the Act on the Bank Guarantee Fund and certain other acts (09/04/1999)
  • Press Law (26/01/1984)
    • Act amending the Press Law (20/07/2018)
    • Act amending the Press Law (27/10/2017)
    • Act amending the Press Law (10/05/2013)
    • Act amending the Press Law (14/09/2012)
    • Act amending the Press Law (19/08/2011)
    • Act amending the Civil Code (23/08/1996)
    • Act amending the Press Law (30/05/1989)
  • Regulation of the Council of Ministers on the National Interoperability Framework, minimum requirements for public registers and the exchange of information in electronic form, and minimum requirements for ICT systems (21/05/2024)

Personal Data

  • Regulation (EU) 2025/327 (EHDS) (11/05/2025)
  • Regulation (EU) 2023/2854 (Data Act) (13/12/2023)
  • Regulation (EU) 2018/1725 (EUDPR) (23/10/2018)
  • Regulation (EU) 2017/2394 (12/12/2017)
    • Directive (EU) 2024/1799 amending Regulation (EU) 2017/2394, Directive (EU) 2019/771 and Directive (EU) 2020/1828 (13/06/2024)
    • Directive (EU) 2019/771 amending Regulation (EU) 2017/2394 and Directive (EU) 2009/22 and repealing Directive (EU) 1999/44 (20/05/2019)
    • Regulation (EU) 2018/302 amending Regulation (EU) 2006/2004, Regulation (EU) 2017/2394 and Directive 2009/22 (28/02/2018)
  • Regulation (EU) 2016/679 (GDPR) (27/04/2016)
  • Directive (EU) 2016/680 (LED) (27/04/2016)
  • Act on the protection of personal data processed in connection with the prevention and combating of crime (14/12/2018)
  • Personal Data Protection Act (10/05/2018)
    • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
  • Detective Services Act (06/07/2011)
    • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
    • Act amending certain acts in connection with the standardization of certain templates of documents in administrative procedures (24/04/2014)
    • Act amending the Act on detective services (26/11/2010)
    • Act amending certain acts in connection with the entry into force of the Protocol to the Agreement between the European Community and its Member States, of the one part, and the Swiss Confederation, of the other, on the free movement of persons (05/09/2008)

Non-Personal Data

  • Regulation (EU) 2023/2854 (Data Act) (13/12/2023)
  • Regulation (EU) 2022/868 (Data Governance Act) (30/05/2022)
  • Directive (EU) 2019/1024 (20/06/2019)
  • Regulation (EU) 2018/1807 (14/11/2018)

Legal Acts

  • Regulation (EU) 2016/679 (GDPR) http://data.europa.eu/eli/reg/2016/679/2016-05-04
    • The GDPR applies to the processing of personal data of European Union citizens. This covers all data-related operations, such as collection, storage, analysis, and sharing, regardless of whether they are carried out by automated means. The regulation aims to protect the privacy of individuals and ensure that their personal data is processed securely and lawfully. The GDPR covers the protection of personal data, which is any information that can identify a natural person. The regulation imposes several principles on entities processing data, such as the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. The GDPR grants data subjects a number of rights, such as the right to access, rectification, erasure (the right to be forgotten), restriction of processing, data portability, and the right to object to processing. Data processors must implement appropriate technical and organizational measures to ensure data security and compliance with the GDPR principles. The GDPR applies to all organizations that process personal data of EU citizens, regardless of their location. Violation of GDPR provisions may result in the imposition of high financial penalties.
  • Regulation 2025/327 (EHDS)http://data.europa.eu/eli/reg/2025/327/oj
    • The European Health Data Space regulates the exchange and use of health data in the European Union. The main goals of the regulation are to ensure secure access to citizens’ health data across the EU, facilitate the exchange of information between healthcare providers, and promote innovation in the field of health. The regulation aims to:
      • Increasing patient control over their health data:
        • Citizens will have the right to access their electronic health data and control its use.
        Improving the exchange of health data between Member States:
        • This will enable secure data sharing between different medical facilities in the EU, contributing to better healthcare.
        Supporting research and innovation:
        • EHDS is intended to facilitate access to health data for research purposes, which is expected to accelerate the development of new therapies and improve disease prevention.
        Increase preparedness for future health crises:
        • Through improved information flow, EHDS is intended to help respond to health crises more quickly and effectively.
    • The introduction of the EHDS requires adapting national healthcare systems to new requirements. As a member state, Poland must adapt its regulations and IT infrastructure to the new regulations to ensure full compliance with the EHDS.
  • Regulation (EU) 2022/2554 (DORA) http://data.europa.eu/eli/reg/2022/2554/oj
    • DORA governs the digital operational resilience of the EU financial sector by establishing a comprehensive framework for managing risks related to information and communication technologies (ICT). Key aspects regulated by DORA include:
      • ICT Risk Management: DORA requires financial institutions to proactively and comprehensively manage all types of ICT-related risks.Incident Reporting: The Regulation specifies which ICT-related incidents are subject to mandatory reporting and sets out detailed reporting procedures.Resilience Testing: Financial institutions are required to regularly conduct digital resilience testing, including penetration testing.Third-party ICT service providers: DORA establishes a supervisory framework for key third-party ICT service providers and regulates their relationships with financial institutions.Harmonisation of standards: The Regulation aims to create a unified front for cyber resilience across the EU by harmonising security standards.
      The main goal of DORA is to ensure financial stability by strengthening the digital resilience of financial institutions to cyberattacks and other digital threats, which translates into increased trust in the financial sector.Regulation (EU) 2025/295 supplements DORA with regard to regulatory technical standards for the harmonisation of the conditions for conducting supervisory activities. http://data.europa.eu/eli/reg_del/2025/295/oj
  • Regulation (EU) 2023/1781 (Chips Act )http://data.europa.eu/eli/reg/2023/1781/oj
    • The European Chips Act aims to strengthen the European semiconductor ecosystem, increase the European Union’s competitiveness and technological sovereignty by supporting research, production, and development of innovative technologies in this sector, and ensure the resilience of supply chains and reduce dependence on non-EU suppliers. Main objectives and provisions:
    • Strengthening research and technological leadership: The Act aims to boost Europe’s capacity to innovate in the design, production and packaging of advanced chips;
    • Increasing production capacity: A legal framework and investments, including support for pioneering production facilities, are provided to increase semiconductor production in the EU and double the EU’s share of the global market by 2030;
    • Supply chain coordination and monitoring: The Regulation introduces mechanisms to monitor global supply chains, anticipate shortages and coordinate actions with Member States to ensure stability of supply;
    • Development of skilled workforce: The activities also aim to attract new talent and address the shortage of skilled labor in the semiconductor sector;
    • Increasing resilience and technological sovereignty: By strengthening the European semiconductor ecosystem, the Act aims to increase Europe’s autonomy and resilience to global crises and supply disruptions.
  • Regulation (EU) 2024/2847 (Cyber Resilience Act) http://data.europa.eu/eli/reg/2024/2847/2024-11-20
    • The CRA is an EU legal act establishing uniform cybersecurity requirements for all digital products introduced to the European Union market. Its main goal is to ensure that, from design and production, and throughout the product lifecycle, hardware and software are built with security in mind, minimizing security vulnerabilities and reducing the risk of attacks. The CRA addresses:
      • Manufacturers: Holds them responsible for the security of their digital products throughout their lifespan;
      • Importers and distributors: Responsible for placing compliant products on the market;
      • Consumers: Influences their choices by giving access to more secure devices;
    • The Regulation entered into force on December 10, 2024. Most of the CRA requirements will become mandatory from September 11, 2026, and will be fully applicable on December 11, 2027.
    • In the event of non-compliance with the regulation, high financial penalties are foreseen.
    • In summary, CRA is introducing security standards that will make digital products such as smartwatches, smart refrigerators and antivirus software safer for users and better protected against cyber threats.
  • Regulation (EU) 2023/2854 (Data Act ) http://data.europa.eu/eli/reg/2023/2854/oj
    • The Data Regulation is an EU law aimed at regulating access to, exchange, and use of data, particularly data generated by devices connected to the Internet of Things (IoT). The Data Act aims to increase competitiveness and innovation in the European market by facilitating access to data for various entities, including consumers, businesses, and public administrations. The main objectives of the Data Act are:
      • Data sharing by manufacturers and service providers:
        • The Data Act imposes an obligation to share data generated by IoT devices with their users, other companies (including competitors) and, in certain cases, public authorities;
        Protection of personal data:
        • Sharing of personal data may only occur at the user’s request and must be in accordance with the General Data Protection Regulation (GDPR);
        Contract transparency:
        • The Data Act aims to counteract unfair contractual provisions regarding access to and use of data;
        Possibility to change cloud service providers:
        • The regulation aims to facilitate the switching of cloud computing service providers and improve the interoperability of data and services;
        Supporting innovation:
        • Easier access to data is intended to support the creation of new products and services, especially by small and medium-sized enterprises;
        Competition and choice:
        • Consumers will gain greater control over their data and a wider choice of service providers.
      Data Act applies to:
      • IoT devices (e.g. smart household appliances, cars, agricultural machinery);Service providers who process data from these devices;IoT devices (both consumers and businesses);Companies that want to use data to create new products and services;Public administration.
      The Data Act is scheduled to enter into force on September 12, 2025.The Data Act complements the GDPR by regulating access to and use of data beyond just personal data. While the GDPR continues to protect personal data, the Data Act introduces additional provisions for the sharing and use of data, including non-personal data, to promote innovation and competitiveness.
  • Regulation (EU) 2022/868 (Data Governance Act) http://data.europa.eu/eli/reg/2022/868/oj
    • Data Governance Act is a European Union regulation that establishes rules for the secure and transparent sharing and reuse of data, especially data held by the public sector. The regulation introduces mechanisms to support data exchange, including data brokerage services (aggregating and sharing data) and promoting data altruism (voluntary, free data sharing). Its goal is to support the digital economy, innovation, and better use of data for public and commercial purposes. The Act facilitates access to protected public data in a secure and controlled manner, while requiring its anonymity and compliance with personal data protection law (e.g., GDPR). It creates a framework for trusted providers who can act as intermediaries in data exchange. It promotes voluntary and free sharing of data by individuals and organizations with other entities. Improved conditions for data use are intended to foster the development of new data-driven products and services and increase the competitiveness of European businesses. Trust in data-sharing mechanisms is crucial for the development of a data-driven economy. The DGA is the EU’s first step in creating a comprehensive legal framework for data management. It is complemented by the Data Act, which focuses on regulating access to data generated by Internet of Things (IoT) devices.
  • Regulation (EU) 2017/2394 http://data.europa.eu/eli/reg/2017/2394/2025-01-19
    • Regulation (EU) 2017/2394 governs cooperation between national authorities responsible for enforcing consumer protection laws. Its main objective is to ensure effective international cooperation in combating infringements of consumer rights, so as to protect the interests of consumers in the EU single market. Key aspects of the regulation include:
      • Establishes a framework for cooperation between authorities such as those operating in the Consumer Protection Cooperation (CPC) network;
      • It aims to guarantee a high level of consumer protection in all Member States, regardless of where they purchase or travel;
      • Enables coordinated action against unfair commercial practices that harm consumers across the European Union;
      • Enforcement authorities can require businesses to make good the damage, compensate consumers and apply effective sanctions, which can amount to up to 4% of the company’s turnover in a given EU country.
    • This regulation applies to a wide range of consumer protection issues, including unfair commercial practices, product safety, personal data protection, financial services, and e-commerce. In short, Regulation 2017/2394 is a key instrument in EU consumer policy, aiming to ensure that consumers across the European Union are protected from unfair practices and can benefit from safe products and services.
    • Regulation (EU) 2018/302 amends Regulation (EU) 2006/2004 and Regulation (EU) 2017/2394 and Directive 2009/22 on unjustified geo-blocking and other forms of discrimination against customers based on their nationality, place of residence or place of establishment in the internal market. http://data.europa.eu/eli/reg/2018/302/oj
  • Regulation (EU) 2024/1689 (AI Act )http://data.europa.eu/eli/reg/2024/1689/oj
    • The AI Act establishes a comprehensive legal framework for AI in the EU. It classifies AI systems based on risk levels and imposes specific obligations on AI providers and implementers. The goal is to foster trustworthy AI, ensure security, protect fundamental rights, and promote innovation. Due to the scope of the regulations, the individual elements of the AI Act are being implemented gradually. The AI Act stipulates:
      • Harmonised rules for the placing on the market, putting into service and use of AI systems in the EU;
      • Prohibitions on certain AI practices;
      • Specific requirements for high-risk AI systems and obligations incumbent on operators of such systems;
      • Harmonized transparency rules for certain AI systems;
      • Harmonized rules for placing general-purpose AI models on the market;
      • Provisions relating to marketing monitoring, market surveillance, management and enforcement;
      • Measures to support innovation, with particular emphasis on SMEs, including start-ups.
      The AI Act applies to:
      • Providers placing AI systems or general purpose AI models on the market in the EU, regardless of whether those providers are established or located in the EU or in a third country;Entities using AI systems that are established or located in the EU;Providers of AI systems and entities using AI systems that are established or located in a third country where the results produced by the AI system are used in the EU;Importers and distributors of AI systems;Product manufacturers who, under their own name or trademark, and together with their product, introduce an AI system into the market or put it into use;Authorised representatives of suppliers not established in the EU;People affected by AI who are located in the EU.
  • Regulation (EU) 2018/1725 (EUDPR)http://data.europa.eu/eli/reg/2018/1725/oj
    • Regulation (EU) 2018/1725 governs the processing of personal data by European Union institutions, bodies, and other agencies. This regulation repeals previous regulations in this area and introduces personal data protection principles similar to those contained in the GDPR. Individuals whose data is processed by EU institutions have the right to access, rectify, block, or erase their data. In case of doubts or problems, you can contact the data controller and, in the event of a dispute, the Data Protection Officer or the European Data Protection Supervisor (EDPS).
  • Regulation (EU) 2018/1807http://data.europa.eu/eli/reg/2018/1807/oj
    • Regulation (EU) 2018/2018 provides a framework for the free flow of non-personal data within the European Union. Its main goal is to ensure the free movement of non-personal data within the EU single market, while prohibiting Member States from imposing data localization requirements (e.g., storing them in a specific country) unless justified by public security concerns. The regulation aims to foster the development of modern technologies, such as the cloud and artificial intelligence, by facilitating the cross-border mobility of non-personal data. The regulation ensures that competent authorities have access to non-personal data for control, inspection, and audit purposes. It makes it easier for professional users to transfer data from one processing or storage service provider to another, preventing market disruptions. It entered into force on May 28, 2019.
  • Regulation (EU) 2024/903 (Interoperable Europe Act)http://data.europa.eu/eli/reg/2024/903/oj
    • Regulation (EU) 2024/903 establishes a framework for cooperation between Member States’ public administrations to enable them to deliver public services efficiently across borders, while supporting the digital transformation and the “only once” principle. This act aims to simplify administrative processes for citizens and businesses, providing them with access to high-quality digital services regardless of their place of residence in the EU. It enables various public administrations, as well as systems and services, to exchange data and effectively interact. It ensures the efficient provision of public services (e.g., health, taxation, professional qualifications) between different Member States. The Interoperable Europe Act introduces mechanisms to support the goal of making all key public services available electronically by 2030 – including enabling citizens and businesses to share data for official purposes only once, without having to submit the same information repeatedly. An Interoperable Europe Council was established, responsible for the development and oversight of the implementation of common solutions. The act supports openness and cooperation with the private and scientific sectors. Emphasis is placed on the accessibility of digital public services for all, including the elderly, people with disabilities, and other vulnerable groups.
  • Regulation (EU) 648/2012 (EMIR) http://data.europa.eu/eli/reg/2012/648/2025-01-17
    • European Market Infrastructure Regulation enhances the security and transparency of the European over-the-counter (OTC) derivatives market by introducing obligations regarding transaction clearing, risk management, and reporting to trade repositories. Its purpose is to reduce systemic and operational risk, prevent future financial crises, and provide market reassurance. This regulation applies to financial contracts not concluded on regulated exchanges, such as energy, gas, foreign exchange, and interest rate contracts. EMIR requires certain transactions to be cleared through a central counterparty (CCP), which is intended to increase security. It obliges entities to report details of concluded transactions to a trade repository. It introduces requirements for managing the risks associated with derivative contracts, including the obligation to conclude transaction processing agreements. The regulation applies to various entities that conclude derivatives transactions. The main objectives of EMIR:
      • Reducing systemic risk associated with the derivatives market;
      • Calming markets through better risk management and increased transparency;
      • Enabling regulators to better monitor and oversee the market.
    • Regulation (EU) 2021/23 amends Regulation (EU) 1095/2010, Regulation (EU) 648/2012, Regulation (EU) 600/2014, Regulation (EU) 806/2014, Regulation (EU) 2015/2365, Directive (EU) 2002/47, Directive (EU) 2004/25, Directive (EU) 2007/36, Directive (EU) 2014/59 and Directive (EU) 2017/1132 on a framework for the recovery and resolution of central counterparties. http://data.europa.eu/eli/reg/2021/23/oj
    • Regulation (EU) 2017/2402 amends Directive (EU) 2009/65, Directive (EU) 2009/138, Directive (EU) 2011/61, Regulation (EU) 1060/2009 and Regulation (EU) 648/2012 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation. http://data.europa.eu/eli/reg/2017/2402/2021-04-09
    • Directive (EU) 2014/59 amends Directive (EU) 82/891, Directive (EU) 2001/24, Directive (EU) 2002/47, Directive (EU) 2004/25, Directive (EU) 2005/56, Directive (EU) 2007/36, Directive (EU) 2011/35, Directive (EU) 2012/30, Directive (EU) 2013/36, Regulation (EU) 1093/2010 and Regulation (EU) 648/2012 for the recovery and resolution of credit institutions and investment firms. http://data.europa.eu/eli/dir/2014/59/2025-01-17
  • Regulation (EU) 2017/745 (MDR)http://data.europa.eu/eli/reg/2017/745/2025-01-10
    • The Medical Device Regulation establishes uniform and more stringent rules for the marketing, distribution, and monitoring of medical devices in the European Economic Area. The main objectives and key aspects of the MDR:
      • Ensuring a robust, transparent and sustainable regulatory framework for medical devices;
      • More detailed regulations regarding the classification of medical devices according to their risk;
      • Stricter regulations for medical device conformity assessment bodies responsible for confirming compliance with MDR requirements;
      • Introduction of new, extended obligations for manufacturers, importers, authorized representatives and distributors;
      • Requirements for the traceability of medical devices across the market, facilitating tracking and inventory management.
    • The regulation became fully applicable on 26 May 2021, replacing the MDD.
  • Regulation (EU) 2017/746 (IVDR)http://data.europa.eu/eli/reg/2017/746/2025-01-10
    • The IVDR applies to in vitro diagnostic medical devices (IVDs). Its goal is to ensure the effectiveness, safety, and quality of these devices on the EU market. The IVDR introduces stringent requirements, a four-level classification system for devices (A, B, C, D) based on risk and increases oversight of notified bodies. The IVDR replaced the old IVDD (98/79/EC), adapting the regulations to technological and medical progress. The new regulations aim to enhance public health and patient safety. Companies must undergo additional clinical trials and tighten the technical documentation of their products. Manufacturers are required to report serious incidents, and member states are required to facilitate reporting by healthcare professionals, patients, and users. A centralized database (Eudamed) has been introduced to provide access to information about medical devices available in the EU.
  • Directive (EU) 2000/31 (e-commerce directive) http://data.europa.eu/eli/dir/2000/31/2024-02-17
    • The E-Commerce Directive establishes harmonised legal rules for information society services (including online services) across the European Union. It aims to remove barriers to cross-border online services, increase legal certainty, and regulate issues such as information requirements for providers, rules on advertising, spam, and online contracts. The Directive also introduces safe harbors. The directive introduces so-called “safe harbors” for intermediary service providers, exempting them from liability for third-party content if they meet certain conditions. The directive eliminates obstacles to cross-border services provided online. It ensures regulatory clarity for businesses and consumers using online services. It also establishes rules for advertising and other forms of commercial communication. It requires the publication of basic company data (name, address, and registration number). Recognizing online contracts as equivalent to paper contracts requires clearly defining the terms and allowing consumers to store them. The e-commerce directive limits the liability of intermediary service providers (so-called “safe harbors”) for illegal content shared by their users, provided that certain procedures are followed (e.g., notice and takedown). It also introduces provisions regarding unsolicited commercial communications.
  • Directive (EU) 2016/680 (LED)http://data.europa.eu/eli/dir/2016/680/2016-05-04
    • Directive (EU) 2016/680, also known as the Criminal Data Protection Directive, covers the protection of personal data processed by competent authorities for the purposes of preventing, investigating, detecting, or prosecuting criminal offences, or executing criminal penalties. It establishes a legal framework to ensure a high level of protection of the personal data of persons involved in criminal proceedings, such as witnesses, victims, and suspects. The directive aims to:
      • Schengen countries, which is intended to facilitate cooperation in combating crime;
      • Ensuring the protection of personal data of people involved in criminal proceedings, which is intended to increase trust in the justice system and law enforcement agencies;
      • Establishing a comprehensive legal framework: regarding the processing of personal data in a criminal context;
      • The Directive is part of the EU data protection reform package, alongside the General Data Protection Regulation (GDPR) and Regulation (EU) 2018/1725;
    • In short, Directive (EU) 2016/680 regulates how personal data may be processed in a criminal context in order to protect the rights and freedoms of data subjects while at the same time enabling the effective prosecution of criminal offences.
  • Directive (EU) 2022/2555 (NIS 2)http://data.europa.eu/eli/dir/2022/2555/oj
    • NIS 2 improves cybersecurity across the European Union by establishing high, common standards for networks and information systems, particularly in key economic sectors. It introduces new, broader regulations on cybersecurity risk management and incident reporting obligations for entities across various industries, replacing the previous NIS Directive. The regulations cover a broader group of companies and institutions, including those in sectors such as manufacturing, energy, finance, and healthcare. A multi-stage cybersecurity incident reporting procedure has been established, requiring entities to provide specific information at various stages of incident handling. Management requirements have been increased through mandatory training for members of management bodies to enhance their cybersecurity awareness. More powers have been introduced for regulatory bodies to enforce compliance with the directive.
  • EU Directive 2022/2557 (CER)http://data.europa.eu/eli/dir/2022/2557/oj
    • Entities The Resilience Directive aims to increase the resilience of Member States and critical entities to threats such as natural disasters, terrorism, and sabotage. It creates a common EU legal framework to ensure the continuity of essential services and strengthen the physical resilience of critical infrastructure, including energy, transport, health, and public administration. The Directive takes a comprehensive approach, not just cybersecurity- related threats. Member States must develop and implement national strategies to strengthen the resilience of critical entities, including risk assessments, mitigation measures, and response plans. The Directive specifies criteria for identifying critical infrastructure entities. The CER is one element of the EU regulatory framework for cybersecurity and resilience, harmonizing its activities with NIS 2. Examples of sectors covered by the CER include:
      • Energy (electricity, oil, gas);
      • Transport (air, rail, water, road);
      • Health (healthcare, production and distribution of medicines);
      • Digital infrastructure;
      • Public administration;
      • Food production, processing and distribution.
  • Directive (EU) 96/9http://data.europa.eu/eli/dir/1996/9/2019-06-06
    • The aim of the directive is to establish a system of legal protection for databases, covering both copyright and sui generis, which protect the investment in the creation and collection of databases by preventing their unauthorized use.
      • Copyright protects original databases as literary or artistic works.
      • Sui law generis (own kind) protects the investment in acquiring, verifying and presenting database content.
    • The Directive protects the financial, time, and labor investment in database creation, ensuring that creators and producers can reap the benefits of these investments. It applies to databases as a whole, not just to their individual components. As a Directive, it is a legal act that European Union Member States must implement into their national law.Directive (EU) 2019/790 amends Directive (EU) 98/9 and Directive (EU) 2001/29 on copyright and related rights in the Digital Single Market. http://data.europa.eu/eli/dir/2019/790/oj
  • Directive (EU) 2002/58http://data.europa.eu/eli/dir/2002/58/2009-12-19
    • The e-Privacy Directive regulates the protection of privacy and data confidentiality in the electronic communications sector, complementing the general principles of the GDPR. It introduces specific requirements regarding the confidentiality of correspondence, cookies, and user metadata, such as location data. The directive establishes rules for the processing of data in electronic communications to ensure the free flow of data and services while protecting the fundamental rights and freedoms of EU citizens. It aims to harmonize national regulations to ensure the free flow of data and telecommunications services within the EU internal market.
  • Directive (EU) 2020/1828http://data.europa.eu/eli/dir/2020/1828/2024-12-13
    • Directive (EU) 2020/1828 of the European Parliament and of the Council on representative actions, also known as the Representative Actions Directive, protects the collective interests of consumers in the European Union by harmonising rules on representative actions. This directive aims to ensure that consumers can effectively enforce their rights in the event of infringements by traders, while also introducing safeguards against abusive actions. The main objectives of the directive are:
      • Unification of the rules for representative actions:
        • The directive aims to approximate the rules of the Member States on representative actions so that consumers have easier access to this type of protection throughout the EU;
        Protection of the collective interests of consumers:
        • The Directive applies to actions relating to infringements of EU law in various areas such as data protection, financial services, travel and tourism, energy and telecommunications;
        Prescriptive and corrective measures:
        • The Directive provides for the possibility of seeking both injunctive relief and corrective measures, such as return, replacement or repair;
        Incorporation into national law:
        • Member States are obliged to implement the provisions of the Directive into their national law, which means that uniform rules on representative actions will apply in each EU country;
        Entities entitled to bring actions:
        • The Directive specifies which entities may represent consumers in representative actions, e.g. consumer organisations;
        Protection against abuse:
        • The Directive contains provisions aimed at preventing the abuse of representative actions, for example by specifying the criteria that entities entitled to bring them must meet.
      Directive 2020/1828 is an important step towards strengthening consumer protection in the EU and providing them with more effective access to justice in the event of infringements of their rights by traders, informs the European Commission.
  • Directive (EU) 2015/2366 (PSD 2)http://data.europa.eu/eli/dir/2015/2366/2025-01-17
    • Payment Services Directive 2 concerns payment services. Its goal is to standardize and increase the security of the electronic payments market in the EU, taking into account technological developments and new payment services. It introduces, among other things, open banking, which allows third-party companies (with the customer’s consent) to access bank account data and limits customer liability for unauthorized transactions to €50. The directive introduces more stringent transaction authentication requirements (e.g., strong customer authentication, PIN authentication for contactless transactions). Customers are better protected against fraud, and their liability for unauthorized transactions is limited. PSD 2 promotes the emergence of innovative services and providers (so-called Third Party Providers), introducing the principle of open banking – customers can use third-party applications (with their consent) to manage their accounts and make payments. It defines strong customer authentication (SCA), which requires two-factor transaction authentication, for example, using a password and an SMS code. The deadline for considering complaints regarding payment transactions has been shortened to 15 business days.
  • Directive (EU) 2019/1024 http://data.europa.eu/eli/dir/2019/1024/oj
    • The aim of this directive is to enable citizens and businesses to reuse public information, such as documents from public authorities and public undertakings, as well as research data, for the development of the economy and society. The directive also introduces the concept of high-value datasets, which are made available under specific conditions to increase their benefits for society and the economy. Member States are required to make information available in open, machine-readable formats to enable free commercial and non-commercial use. The directive had to be implemented into the national law of the Member States. In Poland, implementation occurred through the Act of 11 August 2021 on Open Data and the Reuse of Public Sector Information. The directive aims to adapt the legal framework to technological advances, such as machine learning and artificial intelligence, in order to fully exploit the potential of public data for the European economy and society.
  • Personal Data Protection Act https://uodo.gov.pl/en/file/754
    • The Polish Personal Data Protection Act of 10 May 2018 governs the processing of personal data and the rights of individuals whose data is processed in datasets, in accordance with European Union law, in particular the General Data Protection Regulation (GDPR). This Act aims to ensure that personal data is processed in a lawful, fair, and transparent manner, respecting the privacy of data subjects. Specifically, the Act specifies:
      • Principles of personal data processing:
        • including the principles of legality, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability;
        Rights of data subjects:
        • including the right to access data, the right to rectification, deletion, restriction of processing, the right to data transfer and the right to object;
        Obligations of data controllers and processors:
        • including ensuring data security, maintaining processing documentation, appointing a data protection officer in certain cases;
        Sanctions for violations of regulations:
        • including financial penalties and other legal consequences.
      In short, the Act aims to protect the rights and freedoms of natural persons in relation to the processing of their personal data, while ensuring the free flow of data within the European Union.
    • The Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC introduces new rules on general provisions, the appointment of a data protection officer, requests for prior consultations before the processing of personal data, provisions on administrative fines, criminal provisions, and the prevention of inspections of compliance with personal data protection provisions. https://gdpr.pl/wp-content/uploads/2019/05/Zmiana-niektorych-ustaw-21-lutego-2019_.pdf [link in Polish]
  • Electronic Communications Lawhttps://eli.gov.pl/eli/DU/2024/1221/ogl
    • The EPC replaces the previous Telecommunications Law and implements EU regulations, such as the European Electronic Communications Code. The new law comprehensively regulates the telecommunications and electronic communications market in Poland, introducing changes aimed at better consumer protection, streamlining market operations, and adapting regulations to the dynamic development of the digital age. Key changes include:
      • Marketing consent and cookie policy;
      • Information obligations for operators;
      • New regulations on contract termination and access to services for people with disabilities.
    • The Act introduces new consumer protection mechanisms, such as transparency of offers, easier comparison of services, and rules for contract amendments. The law includes new regulations regarding the management of network infrastructure, frequencies, and orbital resources. Limitations have been introduced on unilateral changes to contract terms by providers and the ability for consumers to more easily terminate contracts in the event of significant non-compliance with the contract. The Act requires the use of technical measures to protect the confidentiality of electronic communications against unauthorized disclosure.
    • The Act amending the Act on State Emergency Medical Services and certain other acts introduces new provisions regarding the obligation to provide information on the location of the network termination point from which an emergency call was made. https://orka.sejm.gov.pl/proc10.nsf/ustawy/1058_u.htm [link in Polish]
  • Act on clinical trials of medicinal products for human use https://polishpharmacy.ptfarm.pl/download/?file=File%2FFarmacja+Polska%2F2023%2F12%2F05_SZ_Ustawa_o_badaniach_klinicznych_n.pdf
    • The Act on Clinical Trials of Medicinal Products for Human Use establishes new rules for conducting clinical trials in Poland, harmonizing Polish law with European Union regulations (Regulation (EU) 536/2014). The Act primarily addresses the procedure for obtaining trial authorizations, the appointment of the Supreme Bioethics Committee, ethical review principles, the responsibilities of the sponsor and investigator, the Compensation Fund, and the financing of trial-related medical services. Bureaucratic and legal obstacles for the pharmaceutical industry have been reduced. Changes have been introduced, including changes to data commercialization, a ban on using data from non-commercial trials for commercial purposes, and the removal of individuals from the list of entities authorized to conduct trials. Principles and procedures for conducting clinical trial inspections have been established.
  • Act on the protection of personal data processed in connection with the prevention and combating of crime https://uodo.gov.pl/en/file/875
    • This Act implements Directive (EU) 2016/680 within its scope of regulation. It specifies:
      • Principles and conditions for the protection of personal data processed by competent authorities for the purpose of recognizing, preventing, detecting and combating prohibited acts, including threats to public security and order, as well as the execution of temporary arrest, penalties, fines and coercive measures resulting in deprivation of liberty;
      • The rights of persons whose personal data are processed by competent authorities and the legal remedies available to such persons;
      • The method of supervising the protection of personal data processed by competent authorities, excluding personal data processed by the prosecutor’s office and courts;
      • Tasks of the supervisory body and the forms and manner of their performance;
      • Obligations of the controller and processor and the data protection officer and the procedure for his appointment;
      • How to secure personal data;
      • Mode of cooperation with supervisory authorities in other European Union countries;
      • Criminal liability for violation of regulations.
    • This Act applies to the processing of personal data by competent authorities in a manner
      • Fully or partially automated;
      • Other than automated processing where the data is or is intended to be part of a data set.
  • Act on Medical Activity https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20111120654/U/D20110654Lj.pdf [link in Polish]
    • The Act on Medical Activity regulates the principles of:
      • Performing medical activities in Poland;
      • The functioning of entities conducting it (both entrepreneurs and other entities);
      • Rules for registration of medical entities in the Register of Entities Performing Medical Activities (RPWDL);
      • Working time standards for medical workers;
      • Principles of supervision over this activity.
    • Medical activity involves providing health services, promoting health, and conducting teaching and research activities. The Act specifies which entities may conduct medical activities, including entrepreneurs, independent public health care facilities, research institutes, foundations, associations, and even churches.
    • The Act amending the Act on the Medical Center for Postgraduate Education and certain other acts introduces new provisions regarding medical schools, the establishment of SPZOZs, property management principles, the liquidation of SPZOZs, the merger of SPZOZs, agreements between transferring entities and acquiring entities, the transformation of SPZOZs, the obligation to perform tasks, and agreements on providing access to an organizational unit to medical schools. https://www.nia.org.pl/wp-content/uploads/2024/12/23.12.24-ustawa-o-CMKP.pdf [link in Polish]
    • The Act amending the Act on health care services financed by public funds and certain other acts introduces new provisions regarding sources of financing, the fund of an SPZOZ facility and covering SPZOZ net losses.
      https://eli.gov.pl/eli/DU/2021/1773/ogl [link in Polish]
    • The Act amending certain acts in order to ensure the availability of medical personnel during the period of declaration of an epidemic threat or epidemic status introduces new provisions regarding the exercise of the professions of physician, nurse and physiotherapist within the framework of medical activity. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200002401/U/D20202401Lj.pdf [link in Polish]
    • The Act amending certain acts in connection with counteracting crisis situations related to the occurrence of COVID-19 introduces new provisions regarding requirements for the premises and equipment of an entity performing medical activities, principles of property management and coverage of net losses of SPZOZ. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200002112/U/D20202112Lj.pdf [link in Polish]
    • The Act amending certain acts to ensure the functioning of health care in connection with the COVID-19 epidemic and after its termination introduces new provisions regarding the head of a medical entity that is not an entrepreneur, the competition procedure for certain positions in a medical entity that is not an entrepreneur and the report on the economic and financial situation of SPZOZ. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200001493/O/D20201493.pdf [link in Polish]
    • The Act amending the Commercial Companies Code and certain other acts introduces new provisions on the establishment and management of healthcare entities, specific regulations regarding healthcare companies with public participation, agreements between entities establishing SPZOZs and agreements on the transfer of public funds. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190001655/U/D20191655Lj.pdf [link in Polish]
    • The Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC introduces new rules on general provisions, the appointment of a data protection officer, requests for prior consultations before the processing of personal data, provisions on administrative fines, criminal provisions, and the prevention of inspections of compliance with personal data protection provisions. https://gdpr.pl/wp-content/uploads/2019/05/Zmiana-niektorych-ustaw-21-lutego-2019_.pdf [link in Polish]
    • The Act amending the Act on State Emergency Medical Services, the Act on Medical Activity and the Act amending the Act on Medical Activity and certain other acts introduces new provisions regarding the adjustment obligations of entities performing medical activities. https://orka.sejm.gov.pl/proc7.nsf/ustawy/3864_u.htm [link in Polish]
    • The Act amending the Act on Medical Activity introduces new provisions regarding a military unit, a medical entity that is not an entrepreneur, the founding entity, medical entities, the establishment and management of medical entities, entities providing health services other than hospitals, the admissibility of performing activities other than medical and the prohibition of advertising funeral services, medical activity as a business activity, requirements for the premises and equipment of an entity performing medical activity, temporary cessation of medical activity, special regulations regarding certain medical entities, medical entities with special regulations, the establishment, transformation and liquidation of medical budgetary units, the principles of financial management of a medical budgetary unit, the working time of employees of medical entities, specialization and the maintenance in force of implementing provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150000905/O/D20150905.pdf [link in Polish]The Act amending the Act on health care services financed by public funds and certain other acts introduces new provisions regarding the principles of awarding contracts for health care services and public funds transferred to entities performing medical activities. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20140001138/U/D20141138Lj.pdf [link in Polish]
    • The Act amending the Act on Medical Activity and certain other acts introduces new rules regarding general provisions, medical entities performing medical activities such as stationary and 24-hour health services, medical entities with special regulations, medical entities that are not entrepreneurs, an independent public health care facility, a medical entity in the form of a budgetary unit, a register of entities performing medical activities, rules for the transfer of public funds to entities performing medical activities, control and supervision, and transitional provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20120000742/T/D20120742L.pdf [link in Polish]
  • Act on Trading in Financial Instruments https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20051831538/U/D20051538Lj.pdf [link in Polish]
    • The Act regulates the principles, procedures, and conditions for undertaking and conducting business in the field of trading in financial instruments, the rights and obligations of entities participating in such trading, and the exercise of supervision in this regard. The provisions of the Act do not apply to bills of exchange and checks within the meaning of the Bills of Exchange and Checks Law. Financial instruments, as defined by the Act, are:
      • Securities;
      • Non-securities:
        • Shares in collective investment institutions;
        • Money market instruments;
        • Options, futures, swaps, forward interest rate agreements, other derivatives whose underlying instrument is a security, currency, interest rate, yield index, emission allowance or other derivative, financial index or financial index that are executed by delivery or settlement in cash;
        • Options, futures, swaps, forward rate agreements and other derivative instruments the underlying of which is a commodity and which are settled in cash or may be settled in cash at the option of one of the parties;
        • Options, futures, swaps and other derivatives whose underlying instrument is a commodity and which can be executed by delivery, provided that they are admitted to trading on a financial instruments trading venue, excluding energy products traded wholesale on an OTF, which must be executed by delivery;
        • Options, futures, swaps, forward contracts and other derivative instruments whose underlying instrument is a commodity and which can be executed by delivery, which are not intended for trading purposes and have the characteristics of other derivative financial instruments, not admitted to trading on a financial instruments trading venue;
        • Credit risk transfer derivatives;
        • Contracts for Difference;
        • Options, futures, swaps, forward interest rate agreements and other derivative instruments relating to climate change, freight rates and inflation rates or other official statistics that are settled in cash or may be settled in cash at the option of one of the parties, as well as derivative instruments and other instruments that exhibit the characteristics of other derivative financial instruments;
        • Emission allowances.
    • The Act regulates which entities have access to which data and the ability to share this information. At the same time, it emphasizes customer and data security, including the protection of confidential information or professional secrecy.The Act amending the Act on the Defense of the Homeland and certain other acts introduces new provisions regarding securities accounts. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250001014/O/D20251014.pdf [link in Polish]
    • The Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds introduces new provisions regarding Regulation (EU) 2022/2554, ICT, the acquisition or disposal of financial instruments through the use of algorithmic trading, service security, customer and data protection, and the recovery plan. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250001069/O/D20251069.pdf [link in Polish]
  • The Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Oversight, and certain other acts introduces new provisions concerning the inspection and supervisory powers of the Polish Financial Supervision Authority (KNF), the mandate to commission an audit firm to perform an inspection, the obligation to notify, submit documents, and provide explanations upon the KNF’s request, the permitted disclosure of professional secrecy on the capital market, and information that does not violate professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240001863/U/D20241863Lj.pdf [link in Polish]
    • The Act amending certain acts in connection with ensuring the development of the financial market and investor protection on this market introduces new rules regarding the concept of financial instruments, investment certification, discretionary nature, Regulation (EU) 2022/858, DLT-based ATS, DLT-based SS, DLT-based TSS, parent entity, subsidiary entity, capital group, financial instrument operated by DLT, secondary DLT registration, DLT account, securities accounts, derivatives accounts, general provisions, deposit and dematerialization, dematerialized securities, agreement on performing the function of an agent for the issue of securities, obligations of an issue agent, information obligations towards the National Depository for Securities incumbent on issuers of securities entering into an agreement on performing the function of an agent for the issue of capital bonds or an agreement on storing capital bond documents and maintaining a register of persons entitled under capital bonds, electronic declarations of will, orders to other entities organizing the market for trading in Treasury securities, outsourcing of operational functions, taking into account the risk related to outsourcing, liability of the outsourcer and the company operating the regulated market, general requirements regarding the regulated market, the company operating the regulated market, changes in the statute of the company operating the regulated market and in the rules of the regulated market, parties to transactions on the regulated market, admission to trading on the regulated market, ineffectiveness of specific proceedings, the Organization of the National Depository, the Tasks of the National Depository, participants of the depository, settlement and clearing system, the security fund, the amount of contributions to the security fund, the rules of the security fund, the nature of the assets of the security fund, the depository and settlement system, the clearing house and the settlement house, the security fund, regulated entities, the scope of brokerage activities, exclusion of the application of regulations, a report on the best order execution systems, purchasing or selling financial instruments on own account, conducting business by investment firms, an agreement with an investment firm agent, entry in the register of investment firm agents, taking into account the risk related to outsourcing in the risk management system, liability for damages, sub-outsourcing of investment firms, application for a permit to conduct brokerage activities, qualifications of employees, general partners and partners in investment firms, service security, customer and data protection, general organizational requirements of an investment firm, risk management by an investment firm, internal audit system, internal control system, distribution strategy, limitation of the application of regulations in the case of providing selected brokerage services, examination of an application for a permit to conduct brokerage activities, refusal to grant a permit, information obligations towards the Polish Financial Supervision Authority, expiry or withdrawal of a permit, register of investment firms, register of state-owned banks conducting brokerage activities, statutory delegations, consent of the Commission to appoint the president of the management board of a brokerage house and a member of the management board of a brokerage house who will be responsible for supervising the risk management system, separation of the function of the president and the position of a member of the management board supervising the risk management system in the activities of a brokerage house, internal division of powers in the management board, significant blocks of shares of brokerage houses, deadline for delivery of the decision on the objection, indicators in recovery plans, bank’s brokerage activity permit, banks conducting brokerage activities, principles conducting business by a foreign investment firm, control powers of the Commission, custodian banks, practicing the profession of a broker or investment advisor, entry on the list of brokers or investment advisors, removal of a broker or investment advisor from the list, suspension of the right to practice the profession, grounds for removal from the list of brokers or investment advisors, compensation scheme, investor compensation scheme, obligation to participate in the compensation scheme, subjective scope of the obligation to maintain professional secrecy on the capital market, permitted disclosure of professional secrecy on the capital market, information not infringing professional secrecy on the capital market, conditions for disclosing information submitted to the PFSA as part of its supervision, exchange of information covered by professional secrecy, liability for damages, maximum amount of fees, amount of supervision fees, withdrawal of the permit to operate a regulated market, fine, withdrawal of the permit to operate an auction platform, prohibition to operate a regulated market, sanctions imposed on an entity operating a foreign regulated market, withdrawal of the permit to conduct brokerage activities, limitation of the scope of brokerage activities performed, sanctions imposed on an investment holding company, a financial holding company or a mixed-income holding company, fees, suspension of an approved publishing arrangement or an approved reporting mechanism’s authorisation to provide information disclosure services, a fine in the event of withdrawal of an approved publishing arrangement or an approved reporting mechanism’s authorisation to provide information disclosure services, infringement of regulations when providing intermediation services in concluding a structured deposit agreement, administrative sanctions for infringement of regulations, sanctions for infringement of regulations on the organisation of a regulated market or conducting brokerage activities, sanctions for infringement of regulations on the operation of an auction platform, a sanction imposed on the National Depository, a ban on performing activities, a sanction imposed on a company operating a clearing house, a sanction imposed on a company operating a settlement house, sanctions for breach of obligations related to trading in significant blocks of shares, a fine for breaching prohibitions or restrictions imposed by ESMA or EBA, unauthorised acquisition of own shares or stabilisation of prices of financial instruments, sanctions imposed on financial counterparties, sanctions imposed on non-financial counterparties, sanctions imposed on CCPs, sanctions for conducting transactions during a closed period, publication of information on decisions taken in the event of a breach of regulations, the offence of unauthorized trading in financial instruments, the offence of violating the issuer’s disclosure obligations and the offence of obstructing the control activities of the Polish Financial Supervision Authority. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230001723/U/D20231723Lj.pdf [link in Polish]
    • The Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee Scheme and Compulsory Restructuring, and certain other acts introduces new rules regarding the concept of financial instruments, Regulation (EU) 2021/33, the agreement on performing the function of an issue agent for securities, the obligations of an issue agent, general provisions, the information obligations towards the National Depository for securities issuers entering into an agreement on performing the function of an issue agent or an agreement on storing capital bond documents and maintaining a register of persons entitled under capital bonds, the depository and settlement system, significant blocks of shares in brokerage houses, specific rules for conducting business by brokerage houses and small brokerage houses, information that does not violate professional secrecy on the capital market, and administrative sanctions for violating the regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230000825/O/D20230825.pdf [link in Polish]The Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts introduces new provisions on the permitted disclosure of professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220002640/O/D20222640.pdf [link in Polish]
    • The Act amending certain acts to simplify administrative procedures for citizens and businesses introduces new provisions regarding the obligation to notify the Polish Financial Supervision Authority (KNF), the application for a brokerage license, the obligation for investment firms to employ individuals with appropriate qualifications, and the requirement for banks to obtain brokerage licenses. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220002185/O/D20222185.pdf [link in Polish]
    • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions regarding Regulation (EU) 575/2013, Regulation (EU) 2019/2033, a brokerage house applying Regulation (EU) 575/2013, banking law provisions applied by certain brokerage houses, the receipt by the Commission of reports on infringements of regulations, the provision by a brokerage house of intermediation services in concluding a structured deposit agreement or investment advice in this respect, an application for a permit to conduct brokerage activities, security of services, customer and data protection, recommending to an investment firm to cease a specific action or not to undertake it in the future, the initial capital of a brokerage house, the amount of the initial capital, ordering an audit by an audit firm, the notification obligation, the assessment of compliance with requirements by members of the management board and supervisory board of a brokerage house, the dismissal or suspension from duties of a member of the management board of a brokerage house, members of the management board and supervisory board of a brokerage house, brokerage houses. brokerage firms, conducting business by investment firms, specific principles of conducting business by certain brokerage houses, risk management system at a brokerage house, responsibilities of the management board and supervisory board of a brokerage house, management board of a brokerage house as a management body, estimation of internal capital, recognition of a branch of a foreign investment firm as significant, entities being indirect EU parent undertakings, fulfillment of obligations by a brokerage house, consolidated supervision, actions in the event of extraordinary situations or unfavorable changes in the markets, cooperation of the Commission with other supervisory authorities in the scope of consolidated supervision, supervision of a subsidiary, provision of information to the Commission by a holding company on mixed activity, assessment of equivalence of consolidated supervision principles, documentation of systems and processes, recording of transactions by a brokerage house, examination and assessment of the brokerage house’s activities undertaken in the field of risk management, verification of compliance with the conditions regarding the method of calculating own funds used by the brokerage house, remuneration policy of the brokerage house, report on the unit’s activities, statutory delegations, supervisory measures applied in the event of infringement of the provisions by a brokerage house or the probability of their infringement, the obligation to provide the Commission with information necessary for the exercise of supervision, recovery plans and early intervention principles for certain brokerage houses, recovery plans, approval of the recovery plan by the Commission, group recovery plan, consultation on the group recovery plan, agreement on the necessity of preparing and submitting a recovery plan by the brokerage house, limitation of the scope of information in the recovery plan, change of the frequency of updating the recovery plan, agreement on providing financial support, conditions of concluding an agreement on providing financial support, conditions of providing financial support, consent of the Commission to concluding an agreement on providing financial support, conclusion of an agreement on providing financial support within a group, forwarding a copy of the agreement to other authorities, consent of the Commission to providing financial support, public disclosure of information on the conclusion of an agreement on providing financial support, early intervention measures, appointment of a curator or receivership, cooperation of the Commission with other authorities, authorisation for bank brokerage activities, the principle of a single passport, branches of foreign legal entities, provision of a service that does not constitute brokerage activities requiring a permit to conduct them, foreign entities conducting brokerage activities in the territory of the Republic of Poland, fiduciary activities of banks, claims for the return of transferred amounts, information that do not violate professional secrecy on the capital market, the maximum amount of fees, the withdrawal of a brokerage license, limitations on the scope of brokerage activities, fines, sanctions imposed on a financial holding company, notification to the supervisory authority of another Member State of an infringement of legal provisions by a foreign investment firm, a ban on conducting business by a foreign investment firm, the provision of aggregate information to the European Market and Securities Authority (ESMA) and sanctions for breaching disclosure obligations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210002140/O/D20212140.pdf [link in Polish]
    • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions regarding the approved publishing entity, approved reporting mechanism, provider of information disclosure services, separated markets, official listing market, organizing an alternative trading system, operating an OTF, a company operating a regulated market, providing services in the scope of disclosing information on transactions on a regulated market, tasks of the National Depository, providing services in the scope of disclosing information on transactions on a regulated market, conducting business by investment firms, participation in trading in financial instruments, conducting business in the scope of disclosing information on transactions, submitting documents and providing explanations at the request of the Polish Financial Supervision Authority, procedures for anonymous reporting of violations of legal provisions, procedures and ethical standards in an entity providing services in the scope of disclosing information on transactions, maximum fees, amount of supervision fees, administrative sanctions for violation of regulations, withdrawal of a permit to provide services in the scope of disclosing information on transactions on a regulated market, fines, sanctions for violating regulations on organizing a regulated market or conducting brokerage activities and administrative sanctions for violating regulations. https://orka.sejm.gov.pl/proc9.nsf/ustawy/868_u.htm [link in Polish]
    • The Act amending the Commercial Companies Code and certain other acts introduces new rules regarding the form of securities, general provisions, certificates of entitlement to participate in a general meeting and a list of persons authorized to participate in a general meeting of a public company, the Rules of the National Depository, the concept of professional secrecy on the capital market, and information that does not violate professional secrecy on the capital market. https://eli.gov.pl/api/acts/DU/2019/1798/text/U/D20191798Lj.pdf [link in Polish]
    • The Act amending certain acts in connection with strengthening financial market supervision and investor protection introduces new rules regarding the form of securities, registration with the National Depository for Securities (KDPW) based on specific provisions, general provisions, the tasks of the National Depository, broker and investment advisor examinations, information that does not violate professional secrecy on the capital market, and criminal provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180002243/U/D20182243Lj.pdf [link in Polish]
    • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new rules concerning the subject of regulation, the concept of financial instruments, the form of securities, the issuance of a certificate and the blocking of securities, filing a complaint to the Commission, the taking over by the Commission of notifications of infringements of regulations, the definition of a regulated market, the powers of entities operating foreign regulated markets, separate markets, official listing markets, organizing an alternative trading system, secondary trading in financial instruments, statutory delegation – detailed principles of organization and operation of a regulated market, official listing market, auction platform, obligations of a company operating a regulated market, general requirements regarding a regulated market, suspension of admission to trading and exclusion from trading, companies operating a regulated market, organization and principles of operating a regulated market, a permit to operate a regulated market, the management board of a company operating a regulated market, foreign operations of a company operating a regulated market, refusal to issue a permit to operate a regulated market, the rules of a regulated market, the provision of services in the scope of disclosing information on transactions on a regulated market, the control and supervisory powers of the Polish Financial Supervision Authority, the tasks of the National Depository for Securities, the clearing house and settlement house, guarantee system, security fund, scope of brokerage activity, conducting business by investment firms, exclusion of application of regulations, agreement on offering financial instruments, agreement on executing orders to purchase or sell financial instruments, agreement on accepting and transmitting orders to purchase or sell financial instruments, agreement on managing a portfolio of financial instruments, investment advisory agreement, alternative trading system, agreement with an investment firm agent, entry in the register of investment firm agents, outsourcing of investment firms, liability for damages, obligation to notify the Polish Financial Supervision Authority (KNF), exclusion of application of regulations on outsourcing agreements, application for a permit to conduct brokerage activity, qualifications of employees, general partners and partners in investment firms, security of services, protection of clients and data, consideration of an application for a permit to conduct brokerage activity, refusal to grant a permit, information obligations towards the KNF, expiry of a permit, application of regulations to foreign investment firms, recommendation to an investment firm to cease a specific activity or not to undertake it in the future, statutory delegations, forms of operation of brokerage houses, opinions of supervisory authorities of other countries, the amount of the initial capital, ordering an audit by an audit firm, the notification obligation, brokerage houses, members of the management board and supervisory board of a brokerage house, cross-border provision of services, establishing branches in other Member States, installing IT systems and technical equipment in the territory of other Member States, information presented with the notification of the intention to acquire a significant block of shares, a substitute declaration, objections by the Polish Financial Supervision Authority, civil and administrative sanctions, informing the brokerage house about the acquisition of shares, specific rules for conducting business by certain brokerage houses, a brokerage house, a recovery plan, a bank’s brokerage permit, the appropriate application of regulations, the principle of a single passport, branches of foreign legal entities, foreign entities conducting brokerage activities in the territory of the Republic of Poland, rules for conducting business by a foreign investment firm, installing IT systems and technical equipment in the territory of Poland by a foreign investment firm, the division of supervisory powers, practicing the profession of broker or investment advisor, the time of making available and publishing information by an approved publishing entity, the scope of published information, the time of making available and publishing information by the consolidated information provider, the scope of published information, additional obligations incumbent on the consolidated information provider, submitting documents and providing explanations at the request of the PFSA, conducting business in the field of disclosing information on transactions, the admissibility of disclosing professional secrecy when the PFSA provides information to the minister, the maximum fees, the amount of supervision fees, fees, withdrawal of the authorisation to operate a regulated market, fines, a ban on operating a regulated market, administrative sanctions for infringement of regulations, sanctions imposed on an entity operating a foreign regulated market, withdrawal of the authorisation to conduct brokerage activities, withdrawal of the authorisation to provide services in the field of disclosing information on transactions on a regulated market, sanctions imposed on a foreign investment firm or an agent of such a firm, sanctions for violating the regulations on the organisation of a regulated market or conducting brokerage activities, providing aggregate information to the European Securities and Markets Authority (ESMA and PWM), sanctions for violating the regulations on the operation of an auction platform, unauthorized acquisition of own shares or stabilization of prices of financial instruments, criminal provisions and the offence of obstructing the inspection activities of the PFSA. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180000685/O/D20180685.pdf [link in Polish]
    • The Act amending the Act on Certain Powers of Employees of the Office Serving the Minister of Internal Affairs and Officers and Employees of Offices Supervised by that Minister, and Certain Other Acts, introduces new provisions regarding the permitted disclosure of professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180000106/U/D20180106Lj.pdf [link in Polish]
    • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions regarding Regulation (EU) 596/2014, Regulation (EU) 909/2014, organized trading platform, emission allowance market participant, central securities depository, designated entity, Alternative Investment Company manager, confidential information, acceptance by the Commission of reports of infringements of regulations, suspension of admission to trading and exclusion from trading, secondary trading in financial instruments, authorisation to operate a regulated market, rules of the regulated market, authorisation to operate an auction platform for futures contracts, principles of operating an auction platform, regulated market, application for authorisation for a brokerage house to acquire contracts at auctions organised by an auction platform, alternative trading system, application for authorisation to conduct brokerage activities, security of services, customer and data protection, amount of initial capital, prohibition on a brokerage house acquiring shares in a parent entity, credit institution, and authorisation for brokerage activities, information that does not violate professional secrecy on the capital market, confidential information, withdrawal of a license to operate an auction platform, fines, withdrawal of a license to conduct brokerage activities, administrative sanctions for violating regulations, unauthorized acquisition of own shares or stabilization of prices of financial instruments, sanctions for using confidential information, sanctions for failure to comply with disclosure obligations, delisting of securities from trading, the crime of unauthorized disclosure of confidential information regarding financial instruments, the crime of unauthorized use of confidential information regarding financial instruments, the crime of unauthorized granting of a recommendation or incitement to purchase or sell financial instruments to which confidential information relates, and the crime of manipulation of financial instruments. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20170000724/O/D20170724.pdf [link in Polish]
    • The Act amending the Act on Investment Funds and certain other acts introduces new rules concerning the management company, EU managers, general provisions, securities accounts, general requirements regarding the regulated market, shares and shareholders of a company operating a stock exchange, shares and shareholders of a company operating an over-the-counter market, assessment of conduct in order to determine accepted market practices, exclusion of the application of regulations, entry in the register of investment firm agents, application for a permit to conduct brokerage activities, qualifications of employees, general partners and partners in investment firms, information provided together with the notification of the intention to acquire a significant block of shares, information presented together with the notification of the intention to acquire a significant block of shares, formal requirements for entry on the register of brokers or the list of investment advisers, grounds for removal from the register of brokers or investment advisers, the compensation system, the subjective scope of the obligation to maintain professional secrecy on the capital market, permissible disclosure of professional secrecy on the capital market, information not infringing professional secrecy on the capital market, maximum fees, withdrawal of the permit to conduct brokerage activities and penalties. monetary. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20160000615/O/D20160615.pdf [link in Polish]
    • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new rules regarding Regulation (EU) 236/2012, Regulation (EU) 648/2012, short selling, CCPs, general provisions, the stock market, the depository and clearing system, the conduct of business by investment firms, and professional secrecy. https://orka.sejm.gov.pl/proc7.nsf/ustawy/2734_u.htm [link in Polish]
    • The Act Amending the Act on Trading in Financial Instruments and Certain Other Acts introduces new provisions regarding secondary trading in financial instruments, accepted market practices, the conduct of business by investment firms and brokerage houses, and administrative sanctions for violations of the regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20120001385/O/D20121385.pdf [link in Polish]
    • The Act Amending the Act on Trading in Financial Instruments and Certain Other Acts introduces new rules regarding securities depository, equivalent state, custodian bank, general provisions, the depository and settlement system, the conduct of business by investment firms, custodian banks, securities brokers and investment advisors, the compensation system, professional secrecy, and administrative sanctions for violations of the regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20112341391/O/D20111391.pdf [link in Polish]
  • Detective Services Act https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20020120110/U/D20020110Lj.pdf  [link in Polish]
    • The Detective Services Act is a legal act regulating the business of detective services in Poland, defining the rights and obligations of detectives, as well as the rules and procedures for obtaining licenses to practice this profession. The act requires that this activity be entered in a register maintained by the Ministry of Internal Affairs and Administration, and detectives themselves must be licensed. The act defines detective services, meaning activities involving the acquisition, processing, and transmission of information at the client’s request. It specifies what detectives may and may not do, including the obligation to maintain professional confidentiality. Detectives are authorized to process personal data without the consent of the individuals concerned, but only to the extent necessary to conduct an investigation.The Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC introduces new rules on general provisions, the appointment of a data protection officer, requests for prior consultations before the processing of personal data, provisions on administrative fines, criminal provisions, and the prevention of inspections of compliance with personal data protection provisions. https://gdpr.pl/wp-content/uploads/2019/05/Zmiana-niektorych-ustaw-21-lutego-2019_.pdf [link in Polish]
    • The Act Amending the Detective Services Act introduces new provisions regarding the rights and obligations of detectives, the principles of conducting business activities in the field of detective services, the principles of conducting business activities in the field of detective services, and the qualification requirements for detectives. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20110060017/O/D20110017.pdf [link in Polish]
    • The Act amending certain acts in connection with the entry into force of the Protocol to the Agreement between the European Community and its Member States, on the one part, and the Swiss Confederation, on the other, on the free movement of persons introduces new provisions regarding the qualification requirements for detectives. https://orka.sejm.gov.pl/proc6.nsf/ustawy/552_u.htm [link in Polish]
  • Banking law
    https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19971400939/U/D19970939Lj.pdf [link in Polish]
    • This Act specifies:
      • Principles of conducting banking activities, establishing and organizing banks, branches and representative offices of foreign banks, as well as branches of credit institutions;Principles of creating and functioning of the protection system;Principles of bank restructuring, liquidation and bankruptcy proceedings;Certain principles for the conduct of business by financial holding companies and mixed financial holding companies and for the organisation of these companies, as well as certain principles for the supervision of these companies;Principles of banking supervision, including consolidated supervision.
      The Act specifies the information covered by banking secrecy, while at the same time indicating the obligation to provide information covered by banking secrecy to specific entities in the specified circumstances.
    • The Act Amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Oversight, and Certain Other Acts introduces new provisions regarding outsourcing terms, notifying the Polish Financial Supervision Authority of the intention to enter into an outsourcing agreement, the obligation to provide information covered by banking secrecy, credit bureaus, auditing financial statements, re-examination of a bank’s financial situation, and the obligation to report facts indicating a crime or violation of regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240001863/U/D20241863Lj.pdf [link in Polish]
    • The Act amending certain acts in connection with ensuring the development of the financial market and investor protection on this market introduces new rules regarding mortgage banks, receivables funds, internal methods, extensions or significant changes in the scope of internal methods, other extensions or changes in the scope of internal methods, banking activities, advisory services in relation to structured deposits, other bank activities, scope of insourcer’s liability, outsourcing conditions, notification to the Polish Financial Supervision Authority of the intention to conclude an outsourcing agreement, general provisions, statutory delegation – conditions of functioning of the risk management system related to outsourcing, obligation of professional secrecy, decisions issued by the Polish Financial Supervision Authority, delivery of documents in restructuring proceedings, application of the Polish Financial Supervision Authority for the dismissal of a member of the governing body of a bank, financial holding company or mixed financial holding company, prohibition of exercising voting rights from shares, application for a permit to establish a bank, permit to establish a bank and to amend the statute, permit for commencement of business activity by a bank, entry of a domestic bank in the register of entrepreneurs, performance of certain forms of banking activity by a financial institution in the territory of the host country, scope of activity that can be performed by credit institution, the scope of application of Polish law to credit institutions, an explanation of the applicant’s creditworthiness assessment, structured deposits, the issuance of bank derivative rights, the transfer of receivables by the bank, the obligation to observe banking secrecy, the obligation to provide information covered by banking secrecy, the credit information bureau, entities authorized to obtain aggregate information from the central information on accounts, the obligation to publish information on outsourcers , information obligations towards the municipality related to the termination or expiration of a bank account agreement, own funds, internal capital and the financial management of banks, the objectives and activities of banking supervision, legal remedies available to the Polish Financial Supervision Authority, the imposition of a fine, the implementation of actions under the recovery plan despite failure to achieve indicator levels and criminal sanctions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230001723/U/D20231723Lj.pdf [link in Polish]The Act amending certain acts to limit certain effects of identity theft introduces new provisions regarding the obligation to provide information covered by banking secrecy, credit information bureaus, and specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230001394/O/D20231394.pdf [link in Polish]
    • The Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee Scheme and Compulsory Restructuring, and certain other acts introduces new provisions regarding decisions issued by the Polish Financial Supervision Authority (KNF), the acquisition of significant stakes in banks, the qualification of capital instruments and subordinated loans, equity, internal capital, and the financial management of banks, legal remedies available to the KNF, the grounds for submitting a bank’s recovery plan, and the grounds for suspending operations and declaring a bank bankrupt. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230000825/O/D20230825.pdf [link in Polish]
    • The Act Amending the Excise Duty Act and Certain Other Acts introduces new rules regarding the obligation to observe banking secrecy, the obligation to provide information covered by banking secrecy, credit information bureaus, transitional provisions, changes to existing regulations, episodic provisions, and final provisions. https://orka.sejm.gov.pl/proc9.nsf/ustawy/2764_u.htm [link in Polish]
    • The Act amending the Acts to Combat Usury introduces new provisions regarding the scope of application of Polish law to credit institutions, credits, and loans, as well as the principles of exposure concentration, the obligation to provide information covered by banking secrecy, and credit information bureaus. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220002339/U/D20222339Lj.pdf [link in Polish]
    • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new rules concerning Directive (EU) 2013/36, Regulation (EU) 575/2013, Regulation (EU) 2019/2033, brokerage houses applying Regulation (EU) 575/2013, general provisions, the establishment and organization of banks, branches and representative offices of banks, and the organization of financial holding companies and mixed financial holding companies, banking supervision payments, the powers of the Polish Financial Supervision Authority (KNF) in the event that a financial holding company or financial holding company conducts business without the required approval or ceases to meet the conditions for conducting such business, and the list of holding companies. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210002140/O/D20212140.pdf [link in Polish]
    • The Act amending the Act on the Bank Guarantee Fund, the Deposit Guarantee Scheme and Compulsory Restructuring, and certain other acts introduces new provisions regarding entities subject to compulsory restructuring, groups subject to compulsory restructuring, the obligation to observe banking secrecy, the processing and disclosure of information covered by banking secrecy, restrictions on the application of personal data protection regulations due to the implementation of tasks related to counteracting money laundering and terrorist financing, approval of recovery plans, supplementation or amendments to recovery plans, and the conditions for submitting a bank’s recovery program. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210001598/U/D20211598Lj.pdf [link in Polish]
    • The Act amending certain acts in connection with ensuring the application of the GDPR introduces new rules regarding general provisions, profiling, requirements for members of bank bodies, creditworthiness, credit and monetary loans, and the principles of exposure concentration, the obligation to provide information covered by banking secrecy, credit information offices, processing and sharing information covered by banking secrecy, and the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000730/O/D20190730.pdf [link in Polish]
    • The Act amending the Act on the Bank Guarantee Fund, the deposit guarantee scheme and compulsory restructuring and certain other acts introduces new provisions regarding the Code of Administrative Procedure, basic types of bank accounts, the status of bank accounting books, the obligation to observe banking secrecy, the obligation to provide information covered by banking secrecy, the credit information bureau, capital standards, changes to the content of the obligation of an acquired bank, the liquidation of a bank, other powers and obligations of the liquidator, and provisions applicable to agreements concluded by banks before January 1, 1998. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000326/O/D20190326.pdf [link in Polish]
    • The Act amending certain acts in connection with strengthening financial market supervision and investor protection in that market introduces new provisions regarding the objectives and activities of banking supervision, banking supervision, recovery plans and early intervention, bank liquidation and bankruptcy, grounds for suspension of operations, and bank bankruptcy and insolvency. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180002243/U/D20182243Lj.pdf [link in Polish]
    • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new rules regarding Regulation (EU) 596/2014, Regulation (EU) 2017/565, structured deposits, retail clients, professional clients, eligible counterparties, relevant persons, durable media, banking activities, general provisions, prohibition on exercising voting rights attached to shares, banks incorporated as joint-stock companies, applications for authorization to establish a bank, authorization to establish a bank and to amend its statutes, authorization to commence business activities by a bank, capital standards, the objectives and activities of banking supervision, and legal remedies available to the Polish Financial Supervision Authority. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001355/T/D20181355L.pdf [link in Polish]
    • The Act amending the Act on Certain Powers of Employees of the Office Serving the Minister of Internal Affairs and Officers and Employees of Offices Supervised by that Minister, and Certain Other Acts, introduces new provisions regarding the obligation to provide information covered by banking secrecy and credit bureau confidentiality. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180000106/U/D20180106Lj.pdf [link in Polish]
    • The Act Amending the Act on Investment Funds and Certain Other Acts introduces new provisions regarding investment fund companies, securitization funds, subparticipation agreements, management companies, EU managers, the content of notifications of the intention to acquire a significant block of shares in a bank, supplementary information to the notification, complaint handling by financial market entities, and banking supervision payments. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20160000615/O/D20160615.pdf [link in Polish]
    • The Act Amending the Banking Law and Certain Other Acts introduces new regulations regarding the commencement and conduct of business by domestic banks in the territory of the host country and by credit institutions in the territory of the Republic of Poland, credits and loans, and the principles of exposure concentration and specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001854/O/D20151854.pdf [link in Polish]
    • The Act amending the Civil Code, the Code of Civil Procedure, and certain other acts introduces new provisions concerning the scope of application of Polish law to credit institutions, the protection of savings deposits from enforcement, the obligation to provide information covered by banking secrecy, credit information bureaus, and the specific obligations and powers of banks. https://orka.sejm.gov.pl/proc7.nsf/ustawy/2678_u.htm [link in Polish]
    • The Act amending the Act on supplementary supervision of credit institutions, insurance undertakings, reinsurance undertakings and investment firms in a financial conglomerate and certain other acts introduces new rules regarding the parent institution in a Member State, the parent entity of a financial holding company in a Member State, general provisions, the EU parent institution, the EU parent entity of a financial holding company, the EU parent mixed financial holding company, and consolidated supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20140000586/O/D20140586.pdf [link in Polish]The Act amending the Act on Financial Market Supervision and certain other acts introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20130001567/O/D20131567.pdf [link in Polish]
    • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions concerning the procedure for establishing banks, the taking up and conducting of business by domestic banks in the territory of the host country and by credit institutions in the territory of the Republic of Poland, own funds, internal capital and financial management of banks, banking supervision, supervision over branches of credit institutions and consolidated supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20120001385/O/D20121385.pdf [link in Polish]
    • The Act amending the Banking Law and certain other acts introduces new provisions concerning banks in the form of joint-stock companies, the procedure for establishing banks and supervision over branches of credit institutions. https://eli.gov.pl/api/acts/DU/2011/781/text/O/D20110781.pdf [link in Polish]
    • The Act amending the Banking Law, the Act on Trading in Financial Instruments, and the Act on Financial Market Supervision introduces new rules regarding entities linked by capital or organization, general provisions, credits and loans, and the principles of exposure concentration, specific obligations and powers of banks, affiliation, mergers, and divisions of banks, own funds, internal capital and financial management of banks, banking supervision, consolidated supervision, and recovery proceedings. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20111310763/O/D20110763.pdf [link in Polish]
    • The Act amending the Banking Law introduces new rules regarding a parent institution in a Member State, a parent entity in a financial holding company in a Member State, an EU parent institution, an EU parent entity in a financial holding company, general provisions, banks in the form of joint-stock companies, bank accounts, credits and loans, and the principles of concentration of exposures, specific obligations and powers of banks, own funds, internal capital and financial management of banks, funds, obligations of the bank, holding companies, banking supervision and consolidated supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20070420272/O/D20070272.pdf [link in Polish]
    • The Act amending and repealing certain acts in connection with the Republic of Poland’s accession to the EU introduces new provisions concerning the implementation of EU directives and the taking up and conduct of business by domestic banks in the territory of the host country and by credit institutions in the territory of the Republic of Poland. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20040960959/O/D20040959.pdf [link in Polish]
    • The Act amending the Banking Law Act and other acts introduces new rules regarding international financial institutions, financial institutions, financial holding companies, foreign bank holding companies, domestic bank holding companies, hybrid holding companies, general provisions, entrepreneurs, establishment and organization of banks and branches and representative offices of banks, state banks, cooperative banks, banks in the form of joint-stock companies, procedures for establishing banks, undertaking and conducting business by domestic banks in the territory of host countries and by credit institutions in the territory of the Republic of Poland, bank accounts, monetary settlements conducted through banks, credits and loans, as well as the principles of concentration of exposures, the sum of bank receivables, borrowers, principles of loan interest, loan security, loan to a third party, credit and loan agreements, granting loans, bank guarantees, sureties and letters of credit, issuing bank securities, specific obligations and rights of banks, association and mergers of banks, own funds and financial management of banks, banking supervision, supervision over branches of credit institutions, consolidated supervision, recovery proceedings, liquidation, bank takeover and bankruptcy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20040910870/O/D20040870.pdf [link in Polish]
    • The Act Amending the Banking Law and Other Acts introduces new rules regarding general provisions, the establishment and organization of banks, branches and representative offices of banks, state banks, and joint-stock banks, the procedure for establishing banks, bank accounts, monetary settlements conducted through banks, cash settlements, cashier’s checks, clearing houses, the President of the National Bank of Poland, credits and loans, and the principles of debt concentration, the issuance of bank securities, specific obligations and powers of banks, the association and merger of banks, own funds and the financial management of banks, banking supervision, consolidated supervision, rehabilitation proceedings, civil and criminal liability, and transitional provisions, changes to applicable regulations and final provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20011111195/O/D20011195.pdf [link in Polish]
    • The Act amending the Act on the Bank Guarantee Fund and certain other acts introduces new rules regarding general provisions, bank accounts, credits, loans, and the principles of debt concentration, specific obligations and powers of banks, recovery proceedings, bank bankruptcy, and transitional provisions, changes to existing and final provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19990400399/O/D19990399.pdf [link in Polish]
  • Press law
  • https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19840050024/U/D19840024Lj.pdf  [link in Polish]
    • Press law regulates publishing and journalism. It defines the rights and obligations of journalists, the procedures for obtaining information for press materials, and the principles of maintaining journalistic confidentiality. The act guarantees freedom of speech and the right of citizens to reliable information, transparency in public life, and social scrutiny and criticism. It requires confidentiality towards informants, which is crucial for protecting information sources. The act defines the editorial office as an entity responsible for preparing materials for publication. It emphasizes the role of the press in realizing citizens’ rights to reliable information, transparency in public life, and social criticism, and also ensures freedom of expression. Journalists have the right to public information, and state bodies are obligated to create conditions enabling the performance of these duties. The act contains provisions regarding the publication of corrections, which should be posted or submitted to the appropriate editorial office.
    • The Act Amending the Press Law introduces new provisions regarding the right to provide information to the press, the disclosure of personal data and images of individuals subject to legal proceedings, the exemption from journalistic confidentiality, the forfeiture of press materials, and the legal protection of criticism, satire, and caricature. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001570/O/D20181570.pdf [link in Polish]
    • The Act Amending the Press Law introduces new provisions concerning the obligations of state authorities towards the press, subject-matter exclusion from the scope of press law, legal protection of criticism, satire, and caricature, journalists’ obligations, authorization of statements, the obligation to obtain consent to publish certain information, the rights and obligations of journalists, the Press Council, the application for registration of a daily newspaper or magazine, the editor-in-chief, the editorial board, the editorial council, legal liability, and the application of provisions on proceedings in misdemeanor cases. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20170002173/O/D20172173.pdf [link in Polish]
  • Act on the National Cybersecurity Systemhttps://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001560/U/D20181560Lj.pdf [link in Polish]
    • The Act on the National Cybersecurity System establishes the National Cybersecurity System. The Act aims to ensure cybersecurity at the national level by protecting essential and digital services and the IT systems that support them. The National Cybersecurity System encompasses, among others, essential service operators (e.g., in energy, transport, and healthcare), digital service providers, and public administration. The Act’s main objectives:
      • Ensuring continuity of services: Guaranteeing the uninterrupted provision of key services for the state and the economy;
      • System security: Achieving a high level of security of IT systems;
      • Definition of tasks and responsibilities: Defining the roles and responsibilities of entities comprising the National Cybersecurity System, including essential service operators, digital service providers and public authorities;
      • Incident response: Creating a legal framework for detecting, preventing and minimizing the effects of cyberattacks, including the functioning of national CSIRTs.
      The Act covers, among others:
      • Key service operators;
      • Digital service providers;
      • Public administration bodies.
      The Act implemented the requirements and standards of the EU directive, which constitutes minimum harmonization, but also extended its scope to the Polish administration and telecommunications sector. The Act formally strengthened the operations of existing national teams, such as CERT GOV (CSIRT GOV), CSIRT MON, and CSIRT NASK.
    • The Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds introduces new provisions regarding the obligations of essential service operators and the tasks, composition, chairperson, secretary, detailed scope of activities, and procedures of the Council. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250001069/O/D20251069.pdf [link in Polish]
  • Regulation of the Council of Ministers on the National Interoperability Framework, minimum requirements for public registers and the exchange of information in electronic form, and minimum requirements for ICT systems https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240000773/O/D20240773.pdf [link in Polish]
    • The National Interoperability Framework Regulation regulates the principles of interoperability in public administration, including:
      • National Interoperability Framework: Defines the framework and standards that ensure the proper functioning of ICT systems in public administration;
      • Minimum requirements for public records: Indicates the minimum requirements for records maintained by public entities to be consistent and compliant with the National Interoperability Framework;
      • Electronic Information Exchange: Establishes rules for the exchange of information between public entities, including standards for the security and efficiency of such exchange.
      • Minimum requirements for IT systems: Specifies the minimum requirements for IT systems used by public entities, including information security systems, so that they can cooperate with each other and exchange data;
      • This regulation is a legal act specifying what standards and principles should apply in Polish public administration in order to ensure interoperability – i.e. the ability to cooperate and exchange information between different IT systems.
  • Regulation of the Minister of Health on the types of medical documentation of occupational health services, the method of maintaining and storing it, and the templates of the documents used https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20101491002/O/D20101002.pdf [link in Polish]
    • Medical documentation of the occupational health service in the field of preventive health care for employees includes:
      • Individual medical documentation, which is a preventive examination card;
      • Collective medical documentation.
    • Medical records are stored by the occupational health service unit that maintains them. Medical records are stored in conditions that ensure the protection of the data contained therein and protect against destruction, damage, or loss, as well as against unauthorized access, while also enabling their use without undue delay. The regulation specifies the retention period for occupational health service medical records. Medical records are the property of the entities obligated to maintain them.
    • The Regulation of the Minister of Health amending the Regulation on the types of medical documentation of the occupational health service, the manner of maintaining and storing it, and the templates of the documents used introduces new provisions regarding the title and period of storage of medical documentation of the occupational health service. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240001311/O/D20241311.pdf [link in Polish]
  • Labor Codehttps://natlex.ilo.org/dyn/natlex2/natlex2/files/download/45181/The-Labour-Code%20consolidated%201997.pdf
    • The Labor Code is a set of legal provisions regulating the rights and obligations of both employees and employers in Poland. It includes rules regarding, among other things:
      • Establishing and terminating employment relationships;
      • Wages and salaries;
      • Working time, holidays;
      • Occupational health and safety.
    • This is the most important legal act regulating employment relations in Poland. The Labor Code contains provisions regarding the employment of minors. It defines the principles of employee liability for damage caused to the employer and the principles for resolving disputes between employees and employers. Sanctions apply for offenses against employee rights. The Labor Code specifies the limitation periods for claims related to the employment relationship. It applies to all employees employed under an employment contract and, in some cases, also to those employed under other legal bases, to the extent not regulated by specific provisions. It is worth remembering that the Labor Code is a legal act that is subject to regular amendments.
  • Educational Information System Act https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20111390814/U/D20110814Lj.pdf [link in Polish]
    • The Education Information System introduces and defines the operational principles of the Education Information System – a Polish electronic database system used to collect and process information about schools, institutions, students, and teachers. The Education Information System is a key tool for supporting education management at various levels, data analysis, educational policy planning, and graduate career monitoring. The main goals of the Education Information System are:
      • Supporting Educational Governance: Provides the data necessary for informed decision-making by policymakers at national, regional and local levels;
      • Education financing: Enables effective management of public funds allocated to education;
      • Analysis and monitoring: Allows us to examine the effectiveness of the education system and track the career paths of graduates;
      • Quality Improvement: Assists in overseeing and coordinating pedagogical supervision and improving the quality of education.
  • Act on the Security of Mass Events https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20090620504/U/D20090504Lj.pdf
    • The Event Safety Act regulates the principles of ensuring safety during mass events, defining what constitutes a mass event (e.g., a concert, a sports match with a specified number of participants), the organizer’s responsibilities, the rules for issuing permits, and also provides penalties for violating regulations, such as bringing dangerous objects or disrupting the event. The Act defines a mass event as any gathering of at least 1,000 people outdoors or 300 people indoors, and which is for artistic and entertainment purposes (e.g., concerts) or sporting activities (e.g., football matches). The organizer of a mass event is primarily responsible for ensuring safety. Their responsibilities include:
      • Ensuring an adequate number of security staff;
      • Maintaining public order;
      • Security of participants and property;
    • The law provides penalties for violating its provisions. For example, anyone bringing weapons or pyrotechnics to a mass event is subject to a fine or imprisonment.
  • Law on Higher Education and Science https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001668/U/D20181668Lj.pdf [link in Polish]
    • The Law on Higher Education and Science is a key Polish legal act that regulates the operation of the higher education system and scientific activity. The act specifies, among other things:
      • organization and functioning of universities;
      • rights and obligations of students;
      • doctoral students and research workers;
      • principles of conducting scientific research and development.
    • The Act places significant emphasis on the autonomy of the academic community and universities as such. It outlines the system’s mission to ensure the highest quality of education, shape civic attitudes, and support economic innovation. The Act guarantees freedom in teaching, creating, conducting scientific research, and publishing its results. Universities enjoy autonomy in their operations. Public authorities are responsible for creating conditions for the development of science, and universities fulfill a mission important to the state and society.
  • Act on the Military Police and Military Law Enforcement Bodies https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20011231353/U/D20011353Lj.pdf [link in Polish]
    • The Act on the Military Police and Military Law Enforcement Bodies is a 2001 legal act that regulates the activities of the Military Police as a specialized military service and other military law enforcement bodies in Poland. The Act defines their organization, powers, responsibilities, and tasks, including ensuring military discipline, protecting public order in military areas, detecting crimes, and combating threats. The main tasks of the Military Police and military law enforcement bodies:
      • Military discipline;
      • Public order;
      • Protection of life, health and property;
      • Prevention and detection of crimes;
      • Anti-terrorist operations;
      • International cooperation;
      • Combating threats.
  • Act on the remuneration of persons managing certain legal entities https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20000260306/U/D20000306Lj.pdf [link in Polish]
    • The Act on the Remuneration of Persons Managing Certain Legal Entities, commonly known as the “Salary Cap Act,” is a set of regulations that restrict the remuneration of managerial staff in entities related to the public sector, such as state-owned enterprises, state-owned organizations, and local government units. The main goal of the act is to limit excessive remuneration for managers in these institutions, covering them under both employment contracts and civil law contracts.
  • Act on the Supreme Audit Officehttps://www.nik.gov.pl/en/about-us/legal-regulations/act-on-the-supreme-audit-office.html
    • The Act on the Supreme Audit Office defines the scope of its authority, including the right to examine the activities of state and local government bodies in terms of legality, efficiency, purposefulness, and reliability, as well as the principles of its work and the submission of audit results. The Supreme Audit Office submits the results of its audits to the Sejm, the President of the Republic of Poland, and the Prime Minister. It also publicly discloses the results of major audits.
  • Accounting Act https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19941210591/U/D19940591Lj.pdf [link in Polish]
    • The Act implements European Community directives in its regulations. It defines accounting principles and the rules for providing bookkeeping services. It includes data protection rules:
      • When maintaining accounting books using a computer, data protection should consist in the use of threat-resistant data carriers, the selection of appropriate external protection measures, the systematic creation of reserve copies of data sets stored on IT data carriers, provided that the durability of the accounting system information recording is ensured for a period no shorter than that required for storing accounting books, and ensuring the protection of computer programs and data of the accounting IT system by using appropriate software and organizational solutions to protect against unauthorized access or destruction.
      • Unless separate provisions provide otherwise, making collections or parts thereof available to a third party:
        • Inspection on the premises of the unit requires the consent of the head of the unit or a person authorized by him;
        • Outside the seat of the entity’s management board, written consent of the entity’s head is required and a certified list of the documents taken over must be left at the entity.
  • Geodetic and cartographic lawhttps://www.gov.pl/attachment/95f99183-a84e-40a3-8e46-10975e5eacaf [link in Polish]
    • Geodetic Law defines the principles of geodesy and cartography in Poland, covering, among other things, the performance of measurements, the preparation of maps, the maintenance of land and building records, the demarcation of properties, and the management of state geodetic and cartographic resources. This Act also governs the organization of the Geodetic and Cartographic Service and defines professional qualifications in this field. Surveyors are granted the right to access land and buildings to perform necessary surveying work. The scope of geodetic work includes the design and execution of geodetic measurements, control network measurements, as well as the measurement of basic gravimetric and magnetic control networks.
  • Regulation of the Minister of National Education on the manner of maintaining documentation of the teaching process, educational and care activities by public kindergartens, schools and other institutions and on the types of such documentationhttps://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240000050/O/D20240050.pdf [link in Polish]
    • The regulation regulates the types of documentation required in public preschools, schools, and educational institutions, how they should be maintained, and what each must contain, including documentation of teaching, educational, and care activities. It applies to all public preschools, schools, and educational institutions.

Definitions

Data

Data – collected facts, numbers, symbols, or observations describing phenomena, objects, or people that can be processed to give them meaning. Personal data is any information that allows for the identification of an individual, directly or indirectly, such as name, surname, email address, Personal Identification number, as well as physical, mental, or cultural characteristics. Non-personal data does not allow for the identification of an individual and is usually anonymized or aggregated data, such as website visitor statistics, partially masked IP addresses, or anonymous system logs.

AI

Artificial intelligence is a technology that enables machines to perform tasks traditionally requiring human intelligence through the ability to learn, reason, and solve problems. AI systems are advanced software and machines that simulate human cognitive abilities by analyzing data, learning from experience, and adapting to new situations. AI can perform tasks such as prediction, generating recommendations, and making decisions autonomously based on processed data. This definition is dynamic and evolving, and organizations such as the OECD and EU legislators are working to standardize it. The AI Act regulates the use of AI in the European Union within the limits of the competences granted to the EU by the member states. EU law does not cover AI applications beyond these competences.

Hacker Attack

A hacker attack is a deliberate, usually criminal, act aimed at gaining unauthorized access to computer systems, networks, or digital devices in order to steal, modify, or destroy data, disrupt services, or gain other benefits. These attacks can be carried out by individuals or groups of hackers, exploiting security vulnerabilities and malware such as viruses, keyloggers, or ransomware. A hacker attack compromises the integrity, confidentiality, or availability of systems and data and is treated as a cybercrime, subject to the Polish Penal Code and European Union law implementing directives on cybercrime and personal data protection. Data protection is a set of strategies and processes designed to protect confidential information from damage, security breaches, loss, or unauthorized access. A data breach occurs when a security incident compromises the confidentiality, integrity, or availability of data.

Cybersecurity

Cybersecurity is the set of activities, practices, processes, and technologies designed to protect computer systems, networks, devices, and data from digital threats, such as malware and attacks, while ensuring the confidentiality, integrity, and availability of information. It encompasses attack prevention, detection, and incident response in cyberspace. Data cybersecurity focuses on protecting personal, financial, and business information, as well as other digital assets, from cyberattacks, theft, and unauthorized access. Cybersecurity also encompasses technical and organizational measures designed to protect systems, data, and services from unauthorized access, damage, loss, or disruption.

ABA Att Jakub Gładkowski BioLawEurope biotechnology business activity in Poland CETA Cooperation cross border cases cross border networking debt enforcement Doing business in Poland e-Invoice european funds fairs Hannover Messe international trade Investing in Poland IT kglegal KG Legal kiełtyka gładkowski law firm in Cracow law firm in Krakow law firm in Poland legal assistance letter of credit Life Science Małgorzata Kiełtyka mediation new regulations Notional shares in Poland Poland Polish attorney Polish Code of Civil Procedure polish company Polish law Polish Law Firm Polish lawyer Polish Patent Office Procurement Support Services start-up symposium UNDP Wall Street Journal webinar

UP