Pharmaceutical production is one of the most regulated activities in Poland, Europe, and globally. The reason seems obvious: creating drugs can cause numerous complications, health problems, and in extreme cases, even death, depending on the individual patient’s health contraindications. Due to the above-mentioned reasons, the process of creating a new drug is often very expensive and lengthy, and involves a large number of professionals and scientists specializing in this field. In an era of dynamic digitalization, the need to develop specific operational rules for drug production and principles for using AI (Artificial Intelligence) and ML (Machine Learning) models is increasingly emphasized. Manufacturers are often considering implementing AI systems to support pharmaceutical production processes.

The European Medicines Agency has created a special report divided into drug production phases, highlighting the particularly useful aspects of AI-based models in each of these stages. The problem, however, lies in the ethics and risks of such use, due to the continuing ignorance and distrust of such algorithms, capable of predicting, learning, and processing enormous amounts of data in a short time. Due to these latter aspects, this tool—if used properly and ethically—can significantly improve workflow, but without appropriate legal regulations, it can also be very detrimental to potential patients. The purpose of this article is to present the pharmaceutical drug production process and cite basic legal regulations.with particular emphasis on the ethical use of AI systems in this process and the requirements in this respect imposed by EU and national law.

From the point of view of regulations that may be applied in Polish pharmaceutical production, it is necessary to mention primarily the Pharmaceutical Law[1], the provisions of the Civil Code on liability for damage caused by a dangerous product[2], GMP standards (Regulation of the Minister of Health of 9 November 2015 on the requirements of Good Manufacturing Practice[3]issued on the basis of the statutory delegation contained in the Pharmaceutical Law) and all recommendations related to the production of drugs (soft law). In the scope of the use of AI and ML models, it is worth mentioning Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act)[4], commonly referred to in the legal community as the “AI Act “, which, however, currently has the status of a pending act in some of its parts, which is justified by a certain expectation of the EU legislator for the smooth implementation of these regulations. to the methodology of everyday operations of enterprises (in the regulation, the “entity using” – Art. 3, item 4 of the “AI Act “). The regulation itself provides for very high sanctions, but also measures to support start- ups and SMEs (Micro, Small and Medium-sized Enterprises).

It seems reasonable to pay attention to the definition used by the AI Act to understand the characteristics of systems that actually define the scope of its standards for new technology systems. Article 3, point 1 of the Regulation provides a specific definition of an AI system, which, according to this definition, is a machine system designed to operate with varying degrees of autonomy after implementation, capable of adapting after implementation, and—for explicit or implicit purposes—inferring how to generate results based on received input data, such as predictions, content, recommendations, or decisions that may impact the physical or virtual environment. Therefore, models based on the operation of artificial intelligence and machine learning certainly fall under this definition, and their application falls under the standards of Regulation 2024/1689.

First and foremost, it’s important to highlight certain phases of drug development, adherence to which is a constant, necessary, and inherent element of the process. These stages are presented in the following, sequentially enumerated sections:

1. Drug discovery,

2. Nonclinical development,

3. Clinical trials,

4. Precision medicine,

5. Product information,

6. Manufacturing,

7. Post-authorization.

Before describing the specific phases of drug production, it’s important to outline the general requirements that legal regulations impose on potential manufacturers of medicinal products. As previously mentioned, the pharmaceutical industry is one of the most regulated sectors of the economy. A manufacturer must obtain a permit from the Chief Pharmaceutical Inspector to begin production. Only after obtaining this permit can they begin work on the new product and complete further stages of the procedure.

During the drug manufacturing process itself, it is crucial to adhere to Good Manufacturing Practices established in the Regulation of the Minister of Health of November 9, 2015, regarding the requirements of Good Manufacturing Practice. Furthermore, the use of AI and models based on machine learning should also be borne in mind, especially with regard to the regulation of so-called “prohibited practices”, to which these provisions are currently applied. These regulations have entered into force, and all companies using such computerized work are obligated to comply with the rigors contained therein. However, it seems best to discuss the potential application of these regulations, individualizing their fragments within a given phase of medicinal product production. Furthermore, manufacturers must also be mindful of product liability, which is regulated by the Civil Code and covers property and non-property damage caused to anyone by the product during its intended use. The basis of this liability regime is the principle of manufacturer’s risk, which means that the manufacturer’s fault in causing the damage is irrelevant.

Re. 1)

This process can be briefly described as a search for formulas and chemical compounds with therapeutic properties, as well as attempts to investigate the mechanism of action of a given disease, which allows for the selection of an appropriate biochemical combination for use in a drug to combat it. This involves creating an invention that, in the subsequent stages of non-clinical (point 2) and clinical (point 3) studies, will be tested for its response to the “target environment.” It is indicated that models based on artificial intelligence may find application in this regard in protein design and in the so-called docking process[5]. The European Medicines Agency (EMA) indicates the possibility of training AI and ML models to predict the most effective protein structures for use in treating a disease. Such positive application of new technologies in this field can significantly reduce the costs of developing a new medicinal product and its currently very long development time (current sources indicate that it takes several years for just one drug – this is due to the variability of reactions that can occur in a given patient’s body, which in turn necessitates multiple tests). However, the Agency also pointed out certain problems in its report, namely the possibility of so-called “black box” effect , which means that we have a certain output, but it is impossible to determine exactly how this result was achieved.

Good Manufacturing Practices require appropriately qualified individuals to participate in production from A to Z. There may be a risk of AI models examining the relevant characteristics of different scientists, as is the case, for example, in employee recruitment. Article 5, paragraph 1, point c (sub-items i and ii) of Regulation 2024/1689 prohibits the use of AI-based models to analyze personality traits, character traits, and even social behavior or emotions. In the case of a “recruiter”, such scoring may lead to discrimination or other unfair treatment of a candidate for work on the development of a new drug. Generally speaking, it seems that in this production phase, the greatest scope for illegal use of AI and ML may be the processes related to the examination of competences of human capital that could potentially participate in the production and supervision of this production, and therefore all models that could analyze data of a specific category (a concept under Regulation 2016/679 – GDPR[6]) and other non-personal data regarding candidates (e.g. propensity to commit crimes – also a practice prohibited in the field of AI under the EU act in question).

Ad. 2)

This stage primarily focuses on assessing the potential risks associated with using the drug in its current form, so that it can be modified appropriately if the results are unfavorable. In this stage, AI and ML are identified as tools that can enable greater humaneness in research by reducing the use of animals. Furthermore, AI can significantly reduce the cost of materials simply by reducing their use. After appropriate training, the AI, based on previous preclinical studies, will learn to predict the likely outcomes of new medicinal products during clinical trials and the risks that may arise with this use. The challenge, however, is to actually verify the probability of obtaining the correct result.

Ad. 3)

This phase of production involves testing and assessing the risk and effectiveness of a new medicinal product, albeit with human participation. This is where the broadest scope for AI and ML applications appears to be. It seems that new technologies and biomedical engineering products will play a significant role in the clinical trials phase, as it is necessary to meticulously analyze test results after administering a given drug sample to a patient. (With appropriate training and development of AI, it is conceivable that these models could, in principle, make probable diagnoses, thus narrowing the scope for further research for scientists working on the new medicinal product.) ML and AI models can also be used at this stage to select and collect data, generate average scores, and analyze them. Furthermore, the European Medicines Agency has indicated that AI can even aid in the study of emotional states in patients. All these areas of this innovation could ultimately help select the appropriate treatment for a specific group of patients while consuming significantly fewer resources—both time, human resources, and financial resources. However, the European Medicines Agency has also identified several areas where AI users face challenges. The protection of personal data and specific categories of data, such as biometric data, is once again at the forefront. Developers will need to ensure proper implementation of safeguards against data leaks (a requirement under the GDPR), and also be careful not to engage in prohibited AI practices, such as scoring or biometric data analysis, that are incompatible with its actual purpose (in this case, medical).

Ad. 4)

Of course, not every drug will work in the same way or with the same intensity in different organisms. In the fourth stage of medicinal product production, the need for individualization based on the patient’s genotype, allergens, chronic diseases, and other medical parameters that distinguish specific patients must be adequately assessed. In its report, the European Medicines Agency identified areas for the use of ML/AI, such as individualizing treatment conditions for each patient, adjusting dosage, and individualizing biomarkers[7] to be used during treatment. In this case, the risks associated with the use of AI may be most significant, due to the transition to clinical trials involving humans. Among the risks, the analyzed report notes the reluctance of potential patients to undergo therapies and treatments generated by AI.

Ad. 5)

The importance of this phase can be inferred essentially from its name itself. It involves creating specific documentation with its specific features, in order to materialize and consolidate the results of research on the product’s effectiveness and safety conducted in the preceding phases. AI can significantly accelerate the process of organizing information collected during the previous stages and generating such documentation. However, it should be remembered that the data contained in such documents is typically so-called sensitive data and cannot be processed by public products and systems based on artificial intelligence, as the processing process must be transparent. Furthermore, the documentation produced in this regard must meet the requirement of transparency (Chapter IV of the Regulation of the Minister of Health on the requirements of Good Manufacturing Practices sets numerous requirements for such information documentation). It also appears questionable whether it is possible to create documentation regarding the drug production process on an ongoing basis using AI at this stage, a requirement also included in the Regulation. However, under the AI Act, it seems reasonable to prohibit the use of AI models that create misleading content. The documentation – generated by AI – must certainly be properly checked by a team of specialists.

Ad. 6)

At the penultimate stage, a series of controlled biochemical reactions must be conducted (in accordance with the requirements of Good Manufacturing Practices listed in the Regulation of the Minister of Health referred to at the beginning of this text) to confirm the “practical” effectiveness, effects, and other parameters of the product. The Agency indicated that, according to Good Manufacturing Practices, the production of a medicinal product must be efficient, purposeful, and safe. Therefore, AI can be used to optimize the time and cost of the entire process, as well as to model and control the production process based on the analysis of current data. The agency also indicated that AI and ML can even monitor the maintenance of quality standards.

Ad. 7)

This is essentially a period, rather than a stage of medicinal production, during which the manufacturer obtains the legally required authorization to introduce the medicinal product to the general market and is available for use by a potential patient. AI is used in this area, particularly to analyze potential risks associated with drug administration, as well as to compress and analyze vast amounts of data, which would seem to require significant product control at this final stage. This can accelerate response times to risks identified during this phase and optimize countermeasures.

AI and ML appear to be tools that can help drug manufacturers combat diseases. However, it’s important to remember the legal requirements and enormous responsibility associated with this activity, particularly the provisions of the AI Act, the GDPR, and the Good Manufacturing Practices Requirements. Compliance with these requirements is a means of avoiding potentially significant sanctions from regulatory authorities, but also provides guidance on how to adhere to the “ethics” of medicinal product production.

[1]Journal of Laws 2025.750, i.e. of 2025.06.06;

[2]Civil Code (Journal of Laws 2025.1071, i.e. of 2025.08.06) – art. 449 ¹ -449¹⁰ ;

[3]Journal of Laws 2022.1273, i.e. of 2022.06.20;

[4]OJ EU.L.2024.1689 of 2024/07/12;

[5]a computer method that allows for the prediction of the preferred position of a ligand after binding to a macromolecule (e.g. a protein ) in its binding site to form a stable complex and for the interpretation of the interactions occurring between the bound ligand and the macromolecule.

[6]OJ EU.L.2016.119.1 of 2016.05.04

[7] Biomarker is a biological indicator , such as a substance, physiological property or gene , that indicates or may indicate the presence of a disease state or a physiological or mental disorder; it is also used to monitor the body’s response to therapeutic measures.

Artykuł LEGAL ASPECTS OF THE USE OF ML AND AI IN PHARMACEUTICAL PRODUCTION – POLISH AND EU REGULATIONS pochodzi z serwisu KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019.

Artificial intelligence (AI) is currently finding widespread use in healthcare. A prime example is the Polish National Health Fund (NFZ) initiative, which utilizes AI to analyze patient data stored in the Fund’s databases. This data is then analyzed with the support of machine learning tools to make strategic decisions regarding the health of Poles. This approach will certainly simplify the work of doctors by searching for and analyzing the desired information, undoubtedly reducing their workload. However, such a solution may raise several issues and legal requirements related to regulations regarding the protection and processing of personal data.

What is personal data?

The most common definition of personal data is contained in the EU Regulation 2016/679 (GDPR), according to which personal data is any information about an identified or identifiable natural person. This includes direct identification (e.g., name and surname) or certain factors allowing indirect identification (e.g., job description or nationality). This concept is expanded by the Polish Act on the Protection of Personal Data Processed in Connection with the Prevention and Combating of Crime of December 14, 2018, by applying it directly to health. Health data here means personal data relating to the physical or mental health of an individual, including data on the use of healthcare services that reveal information about their health.

Patients’ rights

A number of patient rights are listed in the EU Regulation 2025/327 (Regulation on the European Health Data Space). The fundamental right is the right of individuals to access their electronically collected data (especially “priority data,” e.g., electronic prescriptions or imaging test results), which should be granted immediately after data is registered in the system. Individuals can also add their own information to their data already visible in the system and correct it. Furthermore, patients can grant access or request the transfer of their data to another provider. Access to healthcare professionals can also be restricted (however, in such cases, the patient should also be informed of the potential impact of such action on the quality of care provided). In this case, institutions collecting patient data should be aware of these rights, because if they are not respected, the patient could file a complaint (provided, however, that the rights or interests of the individual are adversely affected) and demand appropriate compensation.

The EU GDPR also provides similar rights, which additionally provides for one crucial privilege: the right to object. According to this regulation, an individual may object at any time to the processing of their data, including in connection with the performance of healthcare tasks, for reasons relating to their particular situation. In such a case, the data may no longer be processed unless the controller demonstrates compelling and legitimate grounds for further processing. Under the regulation, a patient could also request the deletion of their personal data if, for example, they are no longer necessary for the purpose for which they were collected or if they were processed unlawfully. Furthermore, the regulation also provides for the possibility of imposing an administrative fine of up to €20 million for a controller’s violation of guaranteed rights. Furthermore, Article 79 of the GDPR grants the right to an effective judicial remedy if the individual (patient) believes that the processing of their personal data violated the law.

Obligations of entities storing and processing data

Pursuant to Article 24 of the GDPR, the data controller is obligated to implement appropriate technical and organizational measures to ensure data processing is carried out in compliance with legal provisions and the rights and freedoms of others. The controller must also review and update these measures as necessary. In the case of AI-based patient data processing, the obligation specified in this article to design the measures described above is also crucial, ensuring that only information necessary to protect the patient’s life and health is processed by default. In the event of a personal data breach, the controller should (within 72 hours of becoming aware of the breach) notify the relevant supervisory authority of the personal data breach. However, the controller is not obligated to do so if the likelihood of a breach affecting the rights and freedoms of natural persons is low. If the risk of a breach is high, the controller should also notify the affected individual. Furthermore, before processing begins, even using new technologies (including AI), if it may result in a high future risk to the rights and freedoms of natural persons, it will be necessary to assess the impact of the planned processing on personal data protection. If such an assessment indeed reveals a high risk, and if the controller fails to implement any measures to mitigate it, the controller must contact the relevant supervisory authority (in Poland, the President of the Personal Data Protection Office [President of the UODO]), which then provides the controller with a written recommendation and may also temporarily restrict or prohibit processing or issue a warning to the controller. General obligations, according to which personal data must be processed lawfully and fairly, in a transparent manner, and limited to what is necessary for the purposes for which they are processed, are also important.

In this situation, Regulation 2024/1689 (“AI Act”) also provides an interesting requirement. According to Article 4 thereof, healthcare entities using AI systems to make strategic decisions about patients are responsible for maintaining an appropriate level of AI competence among their staff, taking into account the purpose of using the system and the persons for whom the systems are to be used.

Requirements for the AI systems themselves

The basic requirements that AI systems used for data processing would have to meet are set out in the aforementioned AI Act. This document explicitly classifies AI systems as “high-risk systems”, and therefore, the requirements set out in the act apply to them. Primarily, this requires maintaining appropriate documentation for the system: technical documentation regarding the quality management system (including data acquisition, collection, analysis, and labeling) and an EU declaration of conformity confirming the system’s compliance with the requirements set out in the regulation. Furthermore, this documentation should be kept at the disposal of the competent national authorities for 10 years after the system’s commissioning. Such systems should also meet transparency requirements, meaning they should be designed to facilitate proper use and interpretation of their actions (they should also have clear operating instructions). They must also have an appropriate oversight system that allows for human oversight of the AI if necessary, especially if its operation were to get out of control and harm others. Finally, AI systems are also subject to certain formal requirements, such as undergoing a pre-market conformity assessment and registering in a dedicated EU database for high-risk AI systems. It is also important to remember that high-risk AI systems are subject to general CE marking regulations. Once placed on the market, suppliers are required to establish a post-market monitoring system for AI systems to ensure their legal compliance.

The issue of non-personal data

It is also worth raising the issue of non-personal data, for example, in the context of a situation where a hospital, in order to decide on the appropriate medication for a patient, requests information about certain medications from a pharmacy. A public sector body may request such information only to the extent that the lack of this data would prevent it from performing its public interest tasks or when the body has no other available means of obtaining such data. A request for this purpose should be submitted (specifying, in particular, the purpose for which the information is requested). However, the data subject who received it may refuse to provide it if they have no control over the requested information or if a similar request for the same purpose has already been submitted by another public sector body. Once the requested information is in the possession of the requester, they must not use it in a manner inconsistent with the purpose for which the data was provided. They must ensure measures to protect its confidentiality or integrity, and they must delete the data as soon as it is no longer needed for the specified purpose. They are also prohibited from using the information obtained to improve a competitive product or from disclosing any information in this regard to third parties. It is also important to bear in mind the right of a public sector body to share the data received with individuals or organisations for the purposes of scientific research or analyses consistent with the purpose for which the data was requested, or with national statistical offices (e.g. the Central Statistical Office). It is important here that these organisations do not have a commercial nature or are not related to entities that do.

The status in Poland

As mentioned above, Poland has established a special supervisory authority for personal data protection, the President of the Personal Data Protection Office (UODO), acting with the assistance of the Office for Personal Data Protection. Among other things, this authority is responsible for consultations on data processing that poses a significant risk of violating the rights of others. It also conducts proceedings in cases of violations of personal data protection regulations and establishes a plan for monitoring compliance with these regulations.

It is also worth remembering the regulations of the Polish Act on Patients’ Rights and the Patient Ombudsman. It stipulates that patients have the right to access medical records concerning their health and the services provided to them. The entity storing this documentation is obligated to disclose the data contained therein only to the patient themselves or an authorized person (or, for example, to a university or research institute for scientific purposes, but without any data allowing for the identification of the individual). Furthermore, the entity providing services is obligated to retain medical records only for a specified period (generally 20 years), after which they should be destroyed in a way that prevents the identification of the patient to whom they pertained. The Act on the Healthcare Information System also limits access to these records to medical professionals and physicians.

Also important are the provisions of the Act on the computerization of the activities of entities carrying out public activities, under which an entity maintaining a public register (i.e. any type of records used to carry out public tasks based on the relevant provisions) should provide another public entity with access to the data in its possession to the extent necessary to carry out public tasks.

It is also important to remember the Polish Code of Medical Ethics, which, in Article 14, requires physicians to inform patients about the benefits and risks associated with proposed diagnostic procedures and, where appropriate, about the possibility of using other methods. Furthermore, according to Article 12, the use of AI in treatment may only occur after the following conditions are met: informing the patient that artificial intelligence will be used in the diagnosis or therapeutic process; obtaining the patient’s informed consent to the use of artificial intelligence in the diagnostic or therapeutic process; and using AI algorithms that are approved for medical use and have the appropriate certifications. However, the final decision always rests with the physician.

A government draft legislation is currently being prepared, which will be designed to adapt the national legal system to the requirements imposed by the AI Act. The government’s proposals primarily envisage the establishment of the Artificial Intelligence Development and Security Commission, which will oversee the AI market within the scope specified in Article 2 of Regulation 2024/1689. The second main body will be the President of the Personal Data Protection Office (UODO) that will oversee high-risk AI systems, including those related to healthcare.

Summary

Processing personal data for healthcare purposes, additionally supported by artificial intelligence, is undoubtedly a convenient and practical solution, but it is associated with a number of legal obligations intended to ensure the security of the data used (e.g., using the acquired data only for a strictly defined purpose), the security of patients themselves (e.g., the obligation to inform the patient of the intention to use artificial intelligence in the treatment process), or simply related to formalities (e.g., the requirement to register the artificial intelligence system in an EU database). Currently, EU regulations are much more detailed in this matter.

Artykuł National Healthcare and the processing of personal data by means of AI pochodzi z serwisu KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019.

The development of artificial intelligence

Artificial intelligence is an interdisciplinary field of knowledge combining elements of computer science, mathematics, statistics, neuroscience, and cognitive science. Its goal is to create systems capable of performing tasks that previously required human intelligence. This includes the ability to learn from data, reason, make decisions, recognize patterns, and process and generate natural language. Unlike traditional programming, in which a computer executes strictly defined instructions, artificial intelligence aims to grant machines a degree of autonomy, allowing them to independently adapt their strategies to changing conditions. Today, AI is no longer an abstract theoretical concept, but a practical tool.

The development of artificial intelligence is one of the most dynamic phenomena in the history of science and technology. Its origins lie in simple deterministic algorithms, based on clearly defined logical and mathematical rules, used to automate repetitive calculations. However, the real breakthrough came in the second half of the 1990s, when, with the increasing availability of data and the development of computing power, machine learning began to be increasingly used. These methods allowed machines not only to perform pre-programmed tasks but, more importantly, to learn from input data and independently improve their results. The application of machine learning meant a shift from rule-based systems to statistical models capable of recognizing patterns and predicting future events. The next stage was the widespread adoption of deep learning, which gained practical significance in the second decade of the 21st century. These techniques utilize multi-layered neural networks capable of analyzing massive datasets in a manner similar to the perceptual processes occurring in the human brain. This enabled the recognition of images, speech, and natural language with unprecedented effectiveness. Deep learning is the basis of many modern solutions, such as recommendation systems.

The most recent phase of development is generative artificial intelligence, which became widely available around 2021. Unlike previous solutions, which focused on classifying and analyzing data, generative systems can create new content—text, images, sounds, and even complex economic strategies. The introduction of this type of technology has radically expanded the potential applications of AI, but it has also revealed new risks related to its impact on society and the economy. Generative models, capable of dynamically shaping information and influencing decision-making processes, can, for example, participate in market price manipulation.

Price manipulation with the help of new technologies

Price manipulation by sellers is unfair or illegal market practices that involve setting prices in a way that misleads consumers or restricts competition. One of the most commonly used strategies is price fixing. It involves agreements between independent businesses aimed at fixing or controlling prices. This can involve jointly setting minimum or maximum selling prices, coordinating price increases, or even fixing discounts. Such actions are automatically considered illegal – the mere fact of agreeing on prices is sufficient, even if the agreement is not fully implemented. The consequence of price fixing is the elimination of natural price competition. Consumers lose the opportunity to choose cheaper offers, and businesses lose the incentive to innovate.

Another form of manipulation is the abuse of a dominant position. A dominant position means that a business entity has an advantage in the relevant market, allowing it to operate largely independently of competitors, contractors, and consumers. Abuse occurs when a business entity uses its power to impose unfair pricing conditions. This can take various forms, such as setting prices that are excessively high relative to the value of the goods or using predatory pricing, i.e., underselling prices to eliminate competition. Each of these practices leads to market distortion, restricting access for new entrants, and worsening consumer conditions.

Pricing algorithms are computer programs that provide pricing recommendations or, in some cases, automatically adjust prices based on current and historical data on market conditions. These algorithms consider much of the same data that companies have always considered when making pricing decisions, including historical data as well as current supply and demand indicators. Compared to human price managers, algorithms can process significantly more data in a much shorter time. This efficiency allows companies using algorithmic pricing strategies to respond more quickly to changes in supply and demand and make pricing decisions based on a more accurate, real-time understanding of market conditions.

Ways to use algorithms

Algorithms can be used in various ways. One is to use the algorithm as a tool to achieve a goal set by the companies. In such a situation, the parties to the agreement make certain arrangements between themselves, and only their implementation is left to the algorithms. For example, two companies could agree to eliminate price competition between them. Simply using a software function that allows them to retrieve data on the prices of other market participants would be sufficient. A strategy would therefore be to automatically set prices slightly lower than other companies while simultaneously ignoring the prices of the colluding company. However, in this case, the mere fact of detecting the existence of such collusion does not raise any doubts under current competition law, as it is possible to attribute the concept of an agreement to this situation.

Another technique involves the joint use of a single price-response algorithm by several traders. This shared use of the same algorithm can lead to price alignment and less competition. One element of this type of agreement is the awareness of the participants that the information being shared will reach their competitors. Consequently, transparency regarding the future behavior of competitors is established between the recipients. Recipients are aware of the participation of their competitors at the same level of trade in the agreement and that their prices are disclosed to their competitors. However, in such cases, the use of algorithms remains a technical activity and can be assessed through the lens of the underlying conduct, to which existing provisions on anticompetitive agreements can be applied.

However, there does not always have to be any agreement between market players regarding the use of artificial intelligence in sales to raise legal concerns. An example would be the configuration of these modern tools to automatically respond to changes in competitors’ prices. This can take the form of faster price reductions, mimicking price increases, or simply adapting to current market price levels. The increasing use of specialized software by businesses that monitors websites and collects price data is making the online sales market increasingly transparent. This transparency allows for easy tracking of competitors’ pricing policies, quick detection of deviations from established price levels, and immediate response to such situations. This allows companies using algorithms to adjust their prices to rivals’ actions almost in real time. Consequently, traditional price reductions aimed at attracting customers often lose their purpose – competitors can offer the same reduction in a fraction of a second. The situation is different with price increases – if one seller decides to increase prices, others are likely to follow suit, leading to an overall price increase. As a result, prices naturally drift towards a level higher than fully competitive.

The most theoretical scenario is a situation in which self-learning algorithms, used independently by different companies, independently conclude that joint coordination is the most profitable strategy. This does not imply a formal agreement or explicit exchange of information, but rather the spontaneous development of behaviors akin to collusion. This could be facilitated by a combination of two factors: on the one hand, the vast amount of available data on competitors and consumers (e.g., thanks to the Internet of Things, transaction analysis, or online behavior tracking), and on the other, the growing capabilities of artificial intelligence algorithms that learn market strategies through experience.

Experimental environments have already demonstrated that algorithms using reinforcement learning are capable of developing stable pricing strategies that reduce competition, even when they are not explicitly programmed to do so. Research shows that such systems can gradually coordinate their behavior, balancing between exploration and exploitation of the environment in a manner resembling tacit collusion. Importantly, this phenomenon can occur even under conditions that hinder cooperation – for example, when new players enter the market or when demand fluctuates.

What is an AI algorithm?

An AI algorithm is a set of advanced mathematical rules and processes designed to solve tasks, make decisions, or imitate human behavior and thinking using a computer. An AI algorithm often leverages machine learning capabilities to analyze, process, and learn from data. This allows AI tools to more efficiently perform various tasks (predicting patterns, assessing trends, optimizing processes, etc.) that would otherwise require human intervention. AI algorithms form the foundation of artificial intelligence systems, enabling them to learn, reason, recognize patterns, process natural language, and make decisions.

AI algorithms can self-improve by adapting their actions based on the analysis of vast amounts of data. There are three major categories of AI algorithms: supervised learning, unsupervised learning, and reinforcement learning. The key differences between these algorithms lie in how they are trained and how they function.

Competition concerns – communication of algoritms

A problem that raises particular concerns among competition authorities is the potential ability of algorithms to communicate. Although there is currently no evidence that systems learn this type of interaction without human intervention, it theoretically cannot be ruled out that in the future, algorithms will develop their own mechanisms for exchanging information. The European Commission points to the risk of “novel forms of coordination” between computer systems. If such a situation were to occur, it would be easier to classify the companies’ actions as prohibited cooperation – similar to traditional information exchange between competitors.

The issue of legal liability, however, remains controversial. If algorithms merely anticipate competitors’ reactions and adapt their own strategies accordingly, companies can be said to have permitted market autonomy (pursuant to Article 101 of the TFEU). However, it is more difficult to assess cases in which the systems themselves create a “communication channel” leading to actual price coordination. Some legal doctrine proposes adopting an approach similar to that used in the case of unauthorized employee actions – the company would be liable for the tools used. This was aptly put by EU Competition Commissioner, emphasizing that “companies cannot hide behind computer code[1]“.

The current state of technology indicates that algorithms are not yet capable of concluding lasting cartel agreements in dynamic market conditions. However, the rapid development of artificial intelligence and the increasing complexity of predictive systems may enable the emergence of such practices in the future. Therefore, regulators are increasingly emphasizing the need to modernize competition law tools to effectively counter not only classic cartels but also “algorithmic collusion”. Failure to address this could lead to significant losses for consumers, a reduction in innovation, and the concentration of economic power in the hands of a few technological entities – creating a kind of “digital plutocracy.”

The effects of AI algorithmic pricing

One of the key problems with algorithmic pricing is the asymmetry in the speed of response to market changes. Companies with more advanced algorithms can update prices much more frequently—even continuously—while those with less advanced technological tools only make price adjustments at longer intervals, such as weekly. This leads to a structural competitive advantage for the former, as they can flexibly adapt to supply and demand and react almost immediately to competitive price movements. In practice, this means that companies with more advanced systems can aggressively lower prices before competitors have time to adapt their offerings, effectively driving them out of the market. This imbalance not only distorts the principles of fair competition but also leads to deeper market concentration, as smaller or technologically weaker companies gradually lose the ability to maintain their position against dominant players investing in advanced algorithmic solutions.

Predatory pricing, in which a dominant firm incurs short-term losses by deliberately pricing goods and services below cost to eliminate competitors or new entrants, is another practice that modern technology is currently employing. This strategy typically involves two stages: first, the dominant firm aggressively undercuts competitors’ prices to drive them out of the market (the predation phase), and then uses its market power to raise prices to recoup losses and generate profits after the competitors disappear (the loss recovery phase). For predatory pricing strategies to be effective, a firm must maintain low prices long enough to eliminate competitors. Pricing algorithms can help firms target specific customers of competitors by offering them prices even below cost. For example, an established firm might do this to avoid losing customers to a new competitor. An established firm might use an algorithm to target customers most likely to switch suppliers, seeking to retain them rather than offering lower prices to all its customers. This could help an established company minimize losses. These algorithms can also help companies pursue predatory pricing strategies and build a reputation for lowering prices in the future if new entrants struggle. Pricing algorithms can also help companies raise prices for consumers who are more willing to pay or less sensitive to price changes. They enable companies to simultaneously engage in predatory pricing and recover losses without the need for a human intervention, using automated means.

Finally, algorithmic pricing introduces a significant element of uncertainty for consumers, who are unable to predict how much they will ultimately pay for a product or service. These mechanisms, based on automated supply and demand analyses, lead to constant and opaque price fluctuations, undermining market trust and limiting the ability to make rational purchasing decisions. Price instability often causes consumers to feel compelled to buy quickly for fear of further cost increases, which encourages impulsive and economically unfavorable choices. In the long term, such practices destabilize the market, hinder healthy competition, and strengthen the position of dominant players who exploit technological advantages at the expense of weaker market participants.

The question of legality

However, a fundamental question arises regarding the legality of such practices under Polish law. The Act of 9 May 2014 on Information on the Prices of Goods and Services[2] imposes on businesses the obligation to clearly and unambiguously disclose the prices of their products. According to the Act, the price should be clearly displayed and allow for comparison with other market offers. However, dynamic price changes, even occurring several times a day, can raise interpretational questions regarding compliance with the requirement of unambiguous price presentation. A consumer who sees significantly different prices for the same product or service within a short period of time may be deprived of the ability to make a rational economic choice. It should be emphasized that the legislator also introduced the obligation to disclose the lowest price applicable within thirty days prior to the discount. In the context of algorithmic pricing, the question arises as to whether every short-term price change resulting from the operation of an algorithm should be treated as a discount within the meaning of the Act, or whether it should be classified as a normal market fluctuation. The lack of clear regulations in this area leads to legal uncertainty for both entrepreneurs and consumers.

The Act of 16 February 2007 on Competition and Consumer Protection[3] opens up an even wider field of interpretation. This Act provides both instruments for counteracting practices that violate the collective interests of consumers and protection against anti-competitive practices. In this context, the problem of so-called tacit algorithmic collusion is particularly significant. In this context, independently operating algorithmic systems of various businesses, monitoring and reacting to competitors’ prices, can stabilize them at an inflated level without the need for a formal agreement. This type of phenomenon, although difficult to detect and prove, can be classified as a violation of fair competition principles, potentially subject to intervention by market protection authorities. The literature indicates that the increasing automation of decision-making processes in price setting raises the risk of developing anti-competitive coordination mechanisms that fall outside the traditional categories of antitrust law.

At the same time, the Competition and Consumer Protection Act imposes an obligation on businesses to avoid misleading practices. In the case of dynamic pricing, the lack of full transparency becomes a problem. If consumers are not informed upfront that prices may fluctuate significantly depending on demand or transaction time, they may be deemed misleading, and the practice itself may be deemed to violate collective consumer interests. In this sense, the obligation of transparency takes on particular significance and should also include information about the pricing mechanism, not just the current price level.

An analysis of the applicable regulations leads to the conclusion that algorithmic pricing per se is not a prohibited practice in Poland. However, its legality depends on whether the entrepreneur complies with the obligations arising from specific laws, as well as on whether the use of algorithms does not lead to practices that restrict competition or violate consumer rights. Entrepreneurs are obligated to provide consumers with reliable and complete information and to avoid practices that may destabilize the market. In the event of a violation of these obligations, sanctions may be imposed by both the Trade Inspection Authority (in the case of incorrect pricing information) and the President of the Office of Competition and Consumer Protection (in the case of practices that violate competition rules or are misleading).

Case law review

It is also worth taking a closer look at decisions issued on algorithmic pricing by state and EU authorities.

In the Eturas case, the contested agreement was supported by a digital platform (software for selling travel online), where the system’s administrator proposed to competing travel agencies the use of a technical instrument imposing a ceiling on discounts on packages offered. The EU Court found it reasonable to assume that travel agencies that were aware of the content of messages sent via the system were participants in an anticompetitive agreement, unless they rebutted that presumption. The Commission also states that the prohibition under Article 101(1) TFEU is likely to cover cases in which “pricing rules” were defined by undertakings “in a common algorithmic tool (e.g., rules for adjusting the price to the lowest price on a specific online platform or in a specific online store), and this qualification would be accepted “even in the absence of an express agreement to adjust future prices”[4].

In commercial transactions, there are also cases in which entrepreneurs use the same algorithm to set prices for their services, yet there are no grounds to conclude that they have entered into an anticompetitive agreement. An example of a case assessed by the President of the Office of Competition and Consumer Protection (UOKiK) is the UBER app. Its use does result in the restriction or even elimination of price competition between UBER drivers, which is, after all, centrally determined by the app. This also constitutes an agreement between UBER and individual drivers. In this case, however, such algorithmic pricing is necessary for the proper functioning of the UBER system, and at the same time, it does not lead to the elimination of competition, being a proportionate measure. This justifies treating such an agreement as not violating the prohibition of Article 6, Section 1 of the UOKiK based on the construction of ancillary restrictions.

A problematic scenario can arise when a large number of businesses utilize the same or similarly functioning algorithm without any collusion between them regarding the selection of one algorithm over another. In this situation, each of these businesses uses a specific program as a tool to inform them about the market situation and enable a rapid response. In this scenario, there is a significant increase in market transparency, which can have anti-competitive effects, as the use of an algorithm allows businesses to react much more quickly to any market changes, including price reductions by competitors, which can reduce their incentive to make such reductions. In such a case, businesses merely adjust their prices to those of their competitors. Such conduct – so-called parallel conduct – has for years been viewed by EU and Polish jurisprudence as not violating antitrust rules. In fact, in this case, it cannot be said that an agreement was concluded. Moreover, under the soft law provisions issued regarding vertical relationships, the Commission itself has indicated that price monitoring using computer programs is not prohibited, or more precisely, it may benefit from an exemption from the prohibition of anticompetitive agreements. Therefore, from the Commission’s position, it can be deduced that the antitrust permissibility of such algorithmic price monitoring is determined by the lack of grounds for attributing such conduct the status of an agreement, and that it constitutes a manifestation of the parallel conduct mentioned above.

According to the authorities, it would also be possible to attribute antitrust liability to the creator of the algorithm. The VM- Remonts formula, developed in EU case law, could be particularly applicable to this. In this case, while the Court recognized as a rule that an undertaking cannot “be held liable for participating in a concerted practice on the basis of the actions of an independent service provider”[5], it also identified exceptions to this rule. Fulfilling one of these exceptions justifies the application of Article 101(1) TFEU also to the service provider, for example, the software developer. Polish legal literature also argues that the constructions of extended liability for competition law infringements developed in EU case law (especially the concept of cartel accessory liability) could also be used to attribute antitrust liability to an undertaking that provides participants in an agreement with tools (including digital tools) enabling the conclusion or implementation of a prohibited agreement.

Summary

Dynamic, algorithmic pricing lies at the intersection of two key areas of law: consumer law and competition law. This practice, while permissible, requires particular caution on the part of businesses and the development of consistent interpretative guidelines by the legislature. The lack of clear regulations creates a risk not only for consumers, who may be exposed to non-transparent and unfair practices, but also for businesses themselves, who may suffer severe financial consequences if they violate fair competition regulations. Given the growing importance of algorithmic technologies, it seems necessary to further develop and clarify the legal framework to enable businesses to use innovative price management tools, while also ensuring an adequate level of consumer protection and the integrity of market mechanisms.

The most serious challenge for competition authorities is when algorithms maintain elevated prices without formal information exchange between companies. In such cases, the classic dogmatics of antitrust law may prove insufficient, and consumers will bear the cost in the form of a loss of some of their well-being. Therefore, developing technical competencies of supervisory authorities, enabling them to understand and analyze the mechanisms of algorithms used in business practice, is particularly important.

At this stage, it seems premature to introduce new regulations on algorithmic pricing, as this could hinder the development of innovative technologies and limit their beneficial applications. Further interdisciplinary research combining law, economics, and computer science, as well as careful observation of market practice and case law, is essential.

[1] Speech of the European Commissioner for Competition M. Vestager, Berlin, 16/03/2017.

[2] Act of 9 May 2014 on providing information on prices of goods and services (consolidated text: Journal of Laws of 2023, item 168).

[3] Act of 16 February 2007 on competition and consumer protection (consolidated text: Journal of Laws of 2024, item 1616, as amended).

[4] Point 397 of Guidelines 2023/C 259/01.

[5] Point 33 of the judgment of the Court of Justice of July 21, 2016, C-542/14, SIA “VM Remonts” (formerly SIA “DIV un KO”) and others. v. Konkurences padom, ECLI:EU:C:2016:578.

Artykuł AI algorithmic pricing and its assessment under Polish and EU competition law pochodzi z serwisu KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019.

The phenomenon of dispersion of data law sources   

The interpenetration and interaction of the sources of law in the shape of an atom

The dispersion of legal acts at the legislative level, whether uniform for all European Union countries, or the Polish system and agencies within Polish jurisdiction, can be illustrated as a kind of legislative hive or the construction of an atom, which is focused on two axes: 1/ vertical as the law of privacy protection and generating funds on private data, and 2/ horizontal as the protection of non-private data and business processes, the financial market, the pharmaceutical and health market, and the defense sector.

AI LAW

Within the atomic framework of “data, data access, and data processing”, the normative needs of cutting-edge technology, generative AI, should be highlighted. This is directly related to the legal environment of AI-based software, DEEP AND MACHINE LEARNING. The era of generative AI necessitates the creation of new regulations, as such a technological leap significantly complicates the legal relationships of economic participants. A key example is

The spherical nature of data law has at its core the law created for the competences of individual agencies and consumer protection.

The rise of cyber, defense, and data law regulations

The year 2025 is a legislative year during the technological revolution of generative AI. It is worth noting, above all, the significant, slow, decisive, and consistent growth of personal data protection law, projecting a very clear trend of supplementing the level of legislation regarding the protection of non-personal data.

The forecast based on the current legislative initiative points to a very significant increase in cybersecurity law. This is a rapid and elliptical, massive expansion of cybersecurity law as part of an “offensive” of multiplying very extensive cybersecurity regulations.

Cybersecurity regulations are a particularly prominent legislative line within data law. Cybersecurity law shares many common points with defense industry regulations.

CYBERSECURITY

This is due to the fact that cybersecurity focuses on two separate problems that required a separate legal environment:

1/ the first is cybercrime and data leakage area;

The European Union, ENISA, and Polish legislation and agencies such as CSIRT Poland and the Polish Office of Electronic Communications are creating new regulations against hacker attacks and data leaks, which constitute online crimes against property. These are legal tools for the justice system, regulatory authorities, and victims of crimes such as random attacks, i.e., for ransom. This classic online crime has its own legal regulations surrounding data theft and data leaks for ransom, or crimes involving the use of specific email communications to trigger online banking transfers and the identity of bank account holders.

– Microsoft data provided at the NDIA conference organized by ETI in Washington DC August 2023.

The goals of this legal community group are:

– computer systems that infect and secretly download data and do not interfere with the system’s functionality (an infected router with additional spyware in addition to the usual internet data transmission function – and this is a private theft patent for the purpose of stealing passwords to private content);

– software that interferes with the system by breaking security to destroy relevant data.

2/ the second is the cyber battlefield and spying tools on the Internet

Defence industry sector law, in addition to regulatory law such as the Chips Act for the creation of semiconductors, is rapidly evolving within the framework of cybersecurity law in the defence industry.

This is the result of changes in the needs of the defense sector, especially in the context of the Ukrainian conflict, which is neighboring Poland – the member of the EU and NATO. The conflict remains relevant because the first days of this armed conflict have already shown that, in addition to kinetic military measures concerning conventional objectives such as closing the ring around Kyiv, or through the initial drone revolution and jamming, concentrating the front line towards Odessa (southeastern Ukraine), cyberspace and data processing constitute a separate theater of war.

Therefore, for the Polish legal jurisdiction, in addition to the legal environment of the kinetic component (new law on drones or the issue of new technologies in cooperation with the jurisdiction of the USA, other countries of the North Atlantic Alliance, South Korea or Ukraine), it is the components of cybersecurity and network protection against disinformation (the influencer component) that are the key issues in cybersecurity law.

Therefore, the subject of cybersecurity law comprises three components of military cyber activity: kinetic, cyber and influence, regarding the weakening of the battlefield momentum, internal and external support and all of them concern data processing processes including:

– systems of destructive attacks on operational logistics systems and the transport sector;

– government network systems;

– critical infrastructure such as the functioning of public institutions, for example power plants;

– disruption of information and disinformation processes of media companies;

– destructive attacks and data infiltration.

An additional third legal challenge is the phenomenon of OSINT (Open-Source Intelligence Services) as information tracking.

OSINT as the analysis and tracing of analytical information is the analysis of data for the purposes of commentary in social media such as YT channels with commentary content from former military personnel when tracking armed conflicts, analysis of private stages of conflict development or the operation of new cybernetic and technological military technologies.

The legal environment for such OSINT encompasses the assessment of compliance with cyber law, media and press law, military and state secrets, electronic communications law, and data protection. It also addresses the protection of the interests of such online creators and influencers and freedom of content on social media. The complexity of the legality of the problem provides a new content phenomenon in Polish social media, such as comments on the Ukrainian conflict, assessments of how UV drone technology works and military methods of drone attacks (one of the first examples is the method of attacking a military ship using UV).

OSINT, as the acquisition of information about a debtor’s assets, is a legal field related to civil procedure to gain a procedural advantage in civil courts. It is also regulated by many telecoms’ regulatory provisions, data protection laws, and privacy laws. Modern methods of obtaining information also primarily concern the legality of the legal environment surrounding the use of OPSEC systems – that is, the anonymity of the entity collecting such information- such as the use of the TOR network on the Linux operating system, which makes it hard or even impossible to determine the location of an internet user. Another example of the subject of assessing the legality of analytical OSINT is the use of modern all-in-one investigation platforms, like Maltego, to collect data to, for example, identify participants in the crypto market.

Currently, NIS directives implement a number of regulations into the Polish legal system that underpin the legality of OTC securities trading platforms on the FOREX market. This is an example where the legality of implementing a financial market securities trading platform on the websites of professional brokers poses significant difficulties.

MAIN SECTORS AND VECTORS OF THE DATA LAW MAPS

The main areas of sectoral regulatory law that governs cybersecurity and data protection are:

• HEALTH, PHARMACEUTICALS AND PHARMACEUTICAL INDUSTRY DATA (EHDS initiative);
• GENERATIVE AI and NEW TECHNOLOGICAL PROGRESS; (AI ACT and AI procedures on sensitive data are the main basis for assessing that AI is a high-risk system);
• FINANCIAL SECTOR and cyber resilience of the financial sector and the problem related to blocking leverage services with financial instruments that operate at the system boundary of the scope of action of the EU agency ESMA dealing with the stock exchange and the problem of the functioning of the financial instruments market;
  • Of particular interest to the law in this sector is software that gives an advantage to stock brokers and special regulations blocking the international freedom of these online services. This concerns legal protections for consumers against speculation in financial derivatives. It is worth mentioning the ESMA regulations and the NIS 1 and NIS 2 directives. The DORA regulation, which concerns cybersecurity of data in banks and stock exchanges, and the CER directive are key.
  • Poland has a special act on internet incidents and an act on the cybersecurity system.
• PERSONAL DATA PROTECTION LAW, INCLUDING SENSITIVE DATA, where, in addition to the GDPR, the Polish jurisdiction has an entire range of guidelines from the European Data Protection Board (one of the latest guidelines concerns data processing on blockchain).
• NON-PERSONAL DATA PROTECTION LAW, DATABASES AND DATA ACT.

Data Law Map

Cybersecurity and Defense

• Regulation (EU) 2024/2847 (Cyber Resilience Act) (23/10/2024)
• Regulation (EU) 2023/1781 (Chips Act) (13/09/2023)
• Regulation (EU) 2022/2554 (DORA) (14/12/2022)
  • Regulation (EU) 2025/295 supplementing DORA (24/11/2024)
• Regulation (EU) 2016/679 (GDPR) (27/04/2016)
• Directive (EU) 2022/2555 (NIS 2) (14/12/2022)
• Directive (EU) 2022/2557 (CER) (14/12/2022)
• Act on the protection of personal data processed in connection with the prevention and combating of crime (14/12/2018)
• Act on the national cybersecurity system (05/07/2018)
  • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
  • Act amending certain acts related to the functioning of government administration (15/05/2024)
  • Act amending certain acts regarding protective measures in connection with the spread of the SARS-CoV-2 virus (14/05/2020)
  • Act amending the Education Law and certain other acts (16/10/2019)
• Personal Data Protection Act (10/05/2018)
  • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)

Health and Pharmaceutical Industry

• Regulation (EU) 2025/327 (EHDS) (11/05/2025)
• Regulation (EU) 2024/1689 (AI Act) (13/06/2024)
• Regulation (EU) 2024/903 (Interoperable Europe Act) (13/03/2024)
• Regulation (EU) 2017/745 (MDR) (05/04/2017)
• Regulation (EU) 2017/746 (IVDR) (05/04/2017)
• Regulation (EU) 2016/679 (GDPR) (27/04/2016)
• Directive (EU) 2022/2555 (NIS 2) (14/12/2022)
• Directive (EU) 2022/2557 (CER) (14/12/2022)
• Act on clinical trials of medicinal products for human use (09/03/2023)
• Act on the national cybersecurity system (05/07/2018)
  • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
  • Act amending certain acts related to the functioning of government administration (15/05/2024)
  • Act amending certain acts regarding protective measures in connection with the spread of the SARS-CoV-2 virus (14/05/2020)
  • Act amending the Education Law and certain other acts (16/10/2019)
• Act on Medical Activity (15/04/2011)
  • Act amending the Act on State Emergency Medical Services and certain other acts (24/04/2025)
  • Act amending the Act on health care services financed from public funds and certain other acts (05.12.2024)
  • Act amending the Act on the Postgraduate Medical Education Center and certain other acts (27/11/2024)
  • Act amending the Act on Patients’ Rights and the Patient Ombudsman and certain other acts (26/06/2023)
  • Act amending the Act on health care services financed by public funds and certain other acts (17/11/2021)
  • Act amending the Act on health care services financed by public funds and certain other acts (11/08/2021)
  • Act amending the Act on health care services financed by public funds and certain other acts (10/12/2020)
  • Act amending certain acts to ensure the availability of medical personnel during the period of declaration of an epidemic threat or epidemic state (27/11/2020)
  • Act amending certain acts in connection with counteracting crisis situations related to the occurrence of COVID-19 (28/10/2020)
  • Act amending certain acts to ensure the functioning of health care in connection with the COVID-19 epidemic and after its termination (14/08/2020)
  • Act amending certain acts in the field of the health care system related to the prevention, counteraction and combating of COVID-19 (31/03/2020)
  • Act amending the Commercial Companies Code and certain other acts (19/07/2019)
  • Act amending the Pharmaceutical Law and certain other acts (26/04/2019)
  • Act amending the Act on the principles of state property management and certain other acts (21/02/2019)
  • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
  • Act amending the Act on health care services financed by public funds and certain other acts (05/07/2018)
  • Act amending the Act on Public-Private Partnership and certain other acts (05/07/2018)
  • Act amending the Pharmaceutical Law and certain other acts (07.06.2018)
  • Act amending the Act on health care services financed by public funds and certain other acts (12/04/2018)
  • Act amending the Act on Medical Activity (25/09/2015)
  • Act amending the Act on State Emergency Medical Services, the Act on Medical Activity and the Act amending the Act on Medical Activity and certain other acts (25/09/2015)
  • Act amending the Act on the professions of nurse and midwife and certain other acts (11/09/2015)
  • Act amending the Act on medical devices and certain other acts (11/09/2015)
  • Act amending the Act on Medical Activity (24/04/2015)
  • Act amending the Act on health care services financed by public funds and certain other acts (22/07/2014)
  • Act amending the Public Procurement Law and certain other acts (14/03/2014)
  • Act amending the Act on Medical Activity and certain other acts (14/06/2012)
• Regulation of the Minister of Health on the types of medical documentation of occupational health services, the method of maintaining and storing it, and the templates of the documents used (29/07/2010)
  • Regulation of the Minister of Health amending the regulation on the types of medical documentation of the labor service, the method of keeping and storing it and the templates of the documents used (28/08/2024)

Artificial Intelligence and Technological Progress

• Regulation (EU) 2024/1689 (AI Act) (13/06/2024)
• Regulation (EU) 2024/903 (Interoperable Europe Act) (13/03/2024)
• Regulation (EU) 2023/1781 (Chips Act) (13/09/2023)
• Regulation (EU) 2022/2554 (DORA) (14/12/2022)
  • Regulation (EU) 2025/295 supplementing DORA (24/11/2024)
• Regulation (EU) 2018/1807 (14/11/2018)
• Regulation (EU) 2017/745 (MDR) (05/04/2017)
• Regulation (EU) 2017/746 (IVDR) (05/04/2017)
• Directive (EU) 2019/1024 (20/06/2019)
• Directive (EU) 2002/58 (12/07/2002)
• Act on the national cybersecurity system (05/07/2018)
  • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
  • Act amending certain acts related to the functioning of government administration (15/05/2024)
  • Act amending certain acts regarding protective measures in connection with the spread of the SARS-CoV-2 virus (14/05/2020)
  • Act amending the Education Law and certain other acts (16/10/2019)

Finances

• Regulation (EU) 2022/2554 (DORA) (14/12/2022)
  • Regulation (EU) 2025/295 supplementing DORA (24/11/2024)
• Regulation (EU) 2017/2394 (12/12/2017)
  • Directive (EU) 2024/1799 amending Regulation (EU) 2017/2394, Directive (EU) 2019/771 and Directive (EU) 2020/1828 (13/06/2024)
  • Directive (EU) 2019/771 amending Regulation (EU) 2017/2394 and Directive (EU) 2009/22 and repealing Directive (EU) 1999/44 (20/05/2019)
  • Regulation (EU) 2018/302 amending Regulation (EU) 2006/2004, Regulation (EU) 2017/2394 and Directive 2009/22 (28/02/2018)
• Regulation (EU) 2016/679 (GDPR) (27/04/2016)
• Regulation (EU) 648/2012 (EMIR) (04/07/2012)
  • Regulation (EU) 2021/23 amending Regulation (EU) 1095/2010, Regulation (EU) 648/2012, Regulation (EU) 600/2014, Regulation (EU) 806/2014, Regulation (EU) 2015/2365, Directive (EU) 2002/47, Directive (EU) 2004/25, Directive (EU) 2007/36, Directive (EU) 2014/59 and Directive (EU) 2017/1132 (16.12.2020)
  • Regulation (EU) 2017/2402 amending Directive (EU) 2009/65, Directive (EU) 2009/138, Directive (EU) 2011/61, Regulation (EU) 1060/2009 and Regulation (EU) 648/2012 (12/12/2017)
  • Regulation (EU) 2015/2365 amending Regulation (EU) 648/2012 (25/11/2015)
  • Regulation (EU) 600/2014 amending Regulation (EU) 648/2012 (15/05/2014)
  • Directive (EU) 2014/59 amending Directive (EU) 82/891, Directive (EU) 2001/24, Directive (EU) 2002/47, Directive (EU) 2004/25, Directive (EU) 2005/56, Directive (EU) 2007/36, Directive (EU) 2011/35, Directive (EU) 2012/30, Directive (EU) 2013/36 and Regulation (EU) 1093/2010 and Regulation (EU) 648/2012 (15/05/2014)
  • Regulation (EU) 575/2013 amending Regulation (EU) 648/2012 (26/06/2013)
• Directive (EU) 2022/2555 (NIS 2) (14/12/2022)
• Directive (EU) 2022/2557 (CER) (14/12/2022)
• Directive (EU) 2020/1828 (25/11/2020)
  • Directive (EU) 2024/1799 amending Regulation (EU) 2017/2394, Directive (EU) 2019/771 and Directive (EU) 2020/1828 (13/06/2024)
  • Regulation (EU) 2022/1925 amending Directive (EU) 2019/1937 and Directive (EU) 2020/1828 (14/09/2022)
• Directive (EU) 2015/2366 (PSD 2) (25/11/2015)
• Directive (EU) 96/9 (11/03/1996)
  • Directive (EU) 2019/790 amending Directive (EU) 98/9 and Directive (EU) 2001/29 (17/04/2019)
• Act on Trading in Financial Instruments (29/07/2005)
  • Act amending the Act on the Defense of the Homeland and certain other acts (25/06/2025)
  • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
  • Act amending the Act on Trading in Financial Instruments (24/06/2025)
  • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
  • Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Supervision and certain other acts (06.12.2024)
  • Act amending certain acts in connection with ensuring the development of the financial market and the protection of investors on this market (16/08/2023)
  • Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee System and Compulsory Restructuring and certain other acts (14/04/2023)
  • Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts (01.12.2022)
  • Act amending certain acts to simplify administrative procedures for citizens and entrepreneurs (07/10/2022)
  • Act amending the Act on the Prison Service and certain other acts (22/07/2022)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (01/10/2021)
  • Act amending the Act on the Capacity Market and certain other acts (23/07/2021)
  • Act amending the Act on investment funds and management of alternative investment funds and certain other acts (23/07/2021)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (21/01/2021)
  • Act amending the Act on special solutions related to the prevention, counteraction and combating of COVID-19, other infectious diseases and crisis situations caused by them, and certain other acts (31/03/2020)
  • Act amending the Act on Government Administration Departments and certain other acts (23/01/2020)
  • Act amending the Commercial Companies Code and certain other acts (30/08/2019)
  • Act amending the Commercial Companies Code and certain other acts (19/07/2019)
  • Act amending the Act on Financial Market Supervision and certain other acts (15/03/2019)
  • Act amending certain acts in connection with ensuring the application of GDPR (21/02/2019)
  • Act amending certain acts in connection with strengthening supervision over the financial market and investor protection on this market (09/11/2018)
  • Act amending certain acts to introduce simplifications for entrepreneurs in tax and economic law (09/11/2018)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (01/03/2018)
  • Act amending the Act on certain rights of employees of the office serving the minister responsible for internal affairs and officers and employees of offices supervised by that minister, and certain other acts (09/11/2017)
  • Act amending the Penal Code and certain other acts (23/03/2017)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (10/02/2017)
  • Act amending the Act on Investment Funds and certain other acts (32/03/2016)
  • Act amending acts regulating the conditions of access to the practice of certain professions (05/08/2015)
  • Act amending the Act on Competition and Consumer Protection and certain other acts (05/08/2015)
  • Act amending the Act on Capital Market Supervision and certain other acts (12/06/2015)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (05.12.2014)
  • Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms being part of a financial conglomerate and certain other acts (24/04/2014)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (24/10/2012)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (16/09/2011)
  • Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision (28/04/2011)
  • Act amending the Banking Act, the Insurance Act, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act (25/06/2010)
  • Act amending the Act on Trading in Financial Instruments (22 January 2010)
  • Act amending the Act on toll motorways and the National Road Fund and the Act on trading in financial instruments (20/11/2009)
  • Act amending the Commercial Companies Code and the Act on Trading in Financial Instruments (05.12.2008)
  • Act amending acts to standardize IT terminology (04/09/2008)
• Banking law (29/08/1997)
  • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
  • Act amending certain acts in order to deregulate economic and administrative law and improve the principles of developing economic law (21/05/2025)
  • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
  • Act amending the Act on Development Cooperation and certain other acts (20/03/2025)
  • Act amending the Act on Goods and Services Tax, the Act on Excise Duty and certain other acts (24/01/2025)
  • Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Supervision and certain other acts (06.12.2024)
  • Act amending the Act on the exchange of tax information with other countries and certain other acts (23/05/2024)
  • Act amending certain acts in connection with ensuring the development of the financial market and the protection of investors on this market (16/08/2023)
  • Act amending certain acts to limit certain effects of identity theft (07/07/2023)
  • Act amending the Act on Goods and Services Tax and certain other acts (26/05/2023)
  • Act amending the Act on Goods and Services Tax and certain other acts (14/04/2023)
  • Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee System and Compulsory Restructuring and certain other acts (14/04/2023)
  • Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts (01.12.2022)
  • Act amending the Excise Duty Act and certain other acts (01.12.2022)
  • Act amending acts to counteract usury (06/10/2022)
  • Act amending the Act on the Prison Service and certain other acts (22/07/2022)
  • Act amending the Act on Assistance to Citizens of Ukraine in Connection with the Armed Conflict on the Territory of That State and Certain Other Acts (08/04/2022)
  • Act amending certain acts in order to improve the terminological consistency of the legal system (01/10/2021)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (01/10/2021)
  • Act amending the Act on Tax on Goods and Services and the Act – Banking Law (11/08/2021)
  • Act amending the Act on the Bank Guarantee Fund, the deposit guarantee system and compulsory restructuring and certain other acts (08/07/2021)
  • Act amending the Act on Goods and Services Tax and certain other acts (27/11/2020)
  • Act amending the Act – Code of Civil Procedure and certain other acts (13/02/2020)
  • Act amending the Act on Government Administration Departments and certain other acts (23/01/2020)
  • Act amending the Act on enforcement proceedings in administration and certain other acts (11/09/2019)
  • Act amending the Act on Goods and Services Tax and certain other acts (09/08/2019)
  • Act amending certain acts to reduce regulatory burdens (31/07/2019)
  • Act amending certain acts in order to reduce payment backlogs (19/07/2019)
  • Act amending the Act on support for borrowers in financial difficulties who have taken out a housing loan and certain other acts (04/07/2019)
  • Act amending the Act on Employee Capital Plans, the Act on the Organization and Operation of Pension Funds and the Banking Law (16/05/2019)
  • Act amending the Act on Financial Market Supervision and certain other acts (15/03/2019)
  • Act amending certain acts in connection with ensuring the application of GDPR (21/02/2019)
  • Act amending the Act on the Bank Guarantee Fund, the deposit guarantee system and compulsory restructuring and certain other acts (17/01/2019)
  • Act amending certain acts in connection with strengthening supervision over the financial market and investor protection on this market (09/11/2018)
  • Act amending the Act on the National Revenue Administration and certain other acts (November 9, 2018)
  • Act amending the Act on payment services and certain other acts (10/05/2018)
  • Act amending the Act on payment services and certain other acts (22/03/2018)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (01/03/2018)
  • Act amending the Act on certain rights of employees of the office serving the minister responsible for internal affairs and officers and employees of offices supervised by that minister, and certain other acts (09/11/2017)
  • Act amending the Penal Code and certain other acts (23/03/2017)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (10/02/2017)
  • Act amending the Act – Code of Civil Procedure and certain other acts (15/12/2016)
  • Act amending the Act – Family and Guardianship Code and certain other acts (10/06/2016)
  • Act amending the Act on Investment Funds and certain other acts (31/03/2016)
  • Act amending the Act on payment terms in commercial transactions, the Civil Code and certain other acts (09/10/2015)
  • Act amending the Banking Law and certain other acts (25/09/2015)
  • Act amending the Act on Competition and Consumer Protection and certain other acts (05/08/2015)
  • Act amending the Civil Code, the Code of Civil Procedure and certain other acts (10/07/2015)
  • Act amending the Act on Capital Market Supervision and certain other acts (12/06/2015)
  • Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms being part of a financial conglomerate and certain other acts (24/04/2014)
  • Act amending the Act on Financial Market Supervision and certain other acts (23/10/2013)
  • Act amending the Banking Law and the Investment Funds Act (19/04/2013)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (24/10/2012)
  • Act amending the Banking Law and the Consumer Credit Act (19/08/2011)
  • Act amending the Banking Law and certain other acts (29/07/2011)
  • Act amending the Banking Law and certain other acts (10/06/2011)
  • Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision (28/04/2011)
  • Act amending the Banking Law, the Insurance Activity Act, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act (25/06/2010)
  • Act amending the Act on the Bank Guarantee Fund and the Banking Law (16/07/2009)
  • Act amending the Act on cooperative savings and credit unions and the Banking Law (18/06/2009)
  • Act amending the Act on the Bank Guarantee Fund and other acts (23/10/2008)
  • Act amending acts to standardize IT terminology (04/09/2008)
  • Act amending the Banking Law (04/09/2008)
  • Act amending the Act on bailiffs and enforcement and certain other acts (24/05/2007)
  • Act amending the Banking Law (26/01/2007)
  • Act amending the Banking Law (18/10/2006)
  • Act amending the Act on the Protection of Classified Information and certain other acts (15/04/2005)
  • Act amending and repealing certain acts in connection with the Republic of Poland’s accession to the EU (20/04/2004)
  • Act amending the Banking Law Act and other acts (01/04/2004)
  • Act amending the Act – Law on Public Trading in Securities and amending other acts (12/03/2004)
  • Act amending the Act on the National Bank of Poland and other acts (18 December 2003)
  • Act amending the Commercial Companies Code and certain other acts (12/12/2003)
  • Act amending the Act on the Social Insurance System and certain other acts (18 December 2002)
  • Act amending the Tax Ordinance Act and certain other acts (12/09/2002)
  • Act amending the Banking Law (27/07/2002)
  • Act amending the Act on Mortgage Bonds and Mortgage Banks and amending certain other acts (05/07/2002)
  • Act on transformations in the customs administration and on amending certain acts (20/03/2002)
  • Act on changes in the organization and functioning of central government administration bodies and their subordinate units and on amending certain acts (01.03.2002)
  • Act amending the Act on bailiffs and execution and amending certain other acts (18/09/2001)
  • Act amending the Banking Law and other acts (23/08/2001)
  • Act amending the Police Act, the Insurance Act, the Banking Law, the County Self-Government Act and the Act – Provisions introducing acts reforming public administration (27/07/2001)
  • Act amending the Act on the Bank Guarantee Fund and the Banking Law (15/12/2000)
  • Act amending the Penal Code, the Code of Criminal Procedure, the Act on Combating Unfair Competition, the Public Procurement Act and the Banking Law (09/09/2000)
  • Act amending the Act on the Bank Guarantee Fund and certain other acts (09/04/1999)

Access to Information

• Regulation (EU) 2025/327 (EHDS) (11/05/2025)
• Regulation (EU) 2023/2854 (Data Act) (13/12/2023)
• Regulation (EU) 2022/868 (Data Governance Act) (30/05/2022)
• Regulation (EU) 2018/1807 (14/11/2018)
• Regulation (EU) 2018/1725 (EUDPR) (23/10/2018)
• Regulation (EU) 2016/679 (GDPR) (27/04/2016)
• Directive (EU) 2019/1024 (20/06/2019)
• Directive (EU) 2000/31 (e-commerce directive) (08.06.2000)
• Electronic Communications Law (12/07/2024)
  • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
  • Act amending the Act on State Emergency Medical Services and certain other acts (24/04/2025)
• Personal Data Protection Act (10/05/2018)
  • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
• Detective Services Act (06/07/2011)
  • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
  • Act amending certain acts in connection with the standardization of certain templates of documents in administrative procedures (24/04/2014)
  • Act amending the Act on detective services (26/11/2010)
  • Act amending certain acts in connection with the entry into force of the Protocol to the Agreement between the European Community and its Member States, of the one part, and the Swiss Confederation, of the other, on the free movement of persons (05.09.2008)
• Act on Trading in Financial Instruments (29/07/2005)
  • Act amending the Act on the Defense of the Homeland and certain other acts (25/06/2025)
  • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
  • Act amending the Act on Trading in Financial Instruments (24/06/2025)
  • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
  • Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Supervision and certain other acts (06.12.2024)
  • Act amending certain acts in connection with ensuring the development of the financial market and the protection of investors on this market (16/08/2023)
  • Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee System and Compulsory Restructuring and certain other acts (14/04/2023)
  • Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts (01.12.2022)
  • Act amending certain acts in order to simplify administrative procedures for citizens and entrepreneurs (07/10/2022)
  • Act amending the Act on the Prison Service and certain other acts (22/07/2022)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (01/10/2021)
  • Act amending the Act on the Capacity Market and certain other acts (23/07/2021)
  • Act amending the Act on investment funds and management of alternative investment funds and certain other acts (23/07/2021)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (21/01/2021)
  • Act amending the Act on special solutions related to the prevention, counteraction and combating of COVID-19, other infectious diseases and crisis situations caused by them, and certain other acts (31/03/2020)
  • Act amending the Act on Government Administration Departments and certain other acts (23/01/2020)
  • Act amending the Commercial Companies Code and certain other acts (30/08/2019)
  • Act amending the Commercial Companies Code and certain other acts (19/07/2019)
  • Act amending the Act on Financial Market Supervision and certain other acts (15/03/2019)
  • Act amending certain acts in connection with ensuring the application of GDPR (21/02/2019)
  • Act amending certain acts in connection with strengthening supervision over the financial market and investor protection on this market (09/11/2018)
  • Act amending certain acts in order to introduce simplifications for entrepreneurs in tax and economic law (09/11/2018)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (01/03/2018)
  • Act amending the Act on certain rights of employees of the office serving the minister responsible for internal affairs and officers and employees of offices supervised by that minister, and certain other acts (09/11/2017)
  • Act amending the Penal Code and certain other acts (23/03/2017)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (10/02/2017)
  • Act amending the Act on Investment Funds and certain other acts (32/03/2016)
  • Act amending acts regulating the conditions of access to certain professions (05/08/2015)
  • Act amending the Act on Competition and Consumer Protection and certain other acts (05/08/2015)
  • Act amending the Act on Capital Market Supervision and certain other acts (12/06/2015)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (05.12.2014)
  • Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms being part of a financial conglomerate and certain other acts (24/04/2014)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (24/10/2012)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (16/09/2011)
  • Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision (28/04/2011)
  • Act amending the Banking Act, the Insurance Act, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act (25/06/2010)
  • Act amending the Act on Trading in Financial Instruments (22 January 2010)
  • Act amending the Act on toll motorways and the National Road Fund and the Act on trading in financial instruments (20/11/2009)
  • Act amending the Commercial Companies Code and the Act on Trading in Financial Instruments (05.12.2008)
  • Act amending acts to standardize IT terminology (04/09/2008)
• Banking law (29/08/1997)
  • Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds (25/06/2025)
  • Act amending certain acts in order to deregulate economic and administrative law and improve the principles of developing economic law (21/05/2025)
  • Act amending the Act on the Prison Service and certain other acts (09/05/2025)
  • Act amending the Act on Development Cooperation and certain other acts (20/03/2025)
  • Act amending the Act on Goods and Services Tax, the Act on Excise Duty and certain other acts (24/01/2025)
  • Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Supervision and certain other acts (06.12.2024)
  • Act amending the Act on the exchange of tax information with other countries and certain other acts (23/05/2024)
  • Act amending certain acts in connection with ensuring the development of the financial market and the protection of investors on this market (16/08/2023)
  • Act amending certain acts to limit certain effects of identity theft (07/07/2023)
  • Act amending the Act on Goods and Services Tax and certain other acts (26/05/2023)
  • Act amending the Act on Goods and Services Tax and certain other acts (14/04/2023)
  • Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee System and Compulsory Restructuring and certain other acts (14/04/2023)
  • Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts (01.12.2022)
  • Act amending the Excise Duty Act and certain other acts (01.12.2022)
  • Act amending acts to counteract usury (06/10/2022)
  • Act amending the Act on the Prison Service and certain other acts (22/07/2022)
  • Act amending the Act on Assistance to Citizens of Ukraine in Connection with the Armed Conflict on the Territory of That State and Certain Other Acts (08/04/2022)
  • Act amending certain acts in order to improve the terminological consistency of the legal system (01/10/2021)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (01/10/2021)
  • Act amending the Act on Tax on Goods and Services and the Act – Banking Law (11/08/2021)
  • Act amending the Act on the Bank Guarantee Fund, the deposit guarantee system and compulsory restructuring and certain other acts (08/07/2021)
  • Act amending the Act on Goods and Services Tax and certain other acts (27/11/2020)
  • Act amending the Act – Code of Civil Procedure and certain other acts (13/02/2020)
  • Act amending the Act on Government Administration Departments and certain other acts (23/01/2020)
  • Act amending the Act on enforcement proceedings in administration and certain other acts (11/09/2019)
  • Act amending the Act on Goods and Services Tax and certain other acts (09/08/2019)
  • Act amending certain acts to reduce regulatory burdens (31/07/2019)
  • Act amending certain acts in order to reduce payment backlogs (19/07/2019)
  • Act amending the Act on support for borrowers in financial difficulties who have taken out a housing loan and certain other acts (04/07/2019)
  • Act amending the Act on Employee Capital Plans, the Act on the Organization and Operation of Pension Funds and the Banking Law (16/05/2019)
  • Act amending the Act on Financial Market Supervision and certain other acts (15/03/2019)
  • Act amending certain acts in connection with ensuring the application of GDPR (21/02/2019)
  • Act amending the Act on the Bank Guarantee Fund, the deposit guarantee system and compulsory restructuring and certain other acts (17/01/2019)
  • Act amending certain acts in connection with strengthening supervision over the financial market and investor protection on this market (09/11/2018)
  • Act amending the Act on the National Revenue Administration and certain other acts (November 9, 2018)
  • Act amending the Act on payment services and certain other acts (10/05/2018)
  • Act amending the Act on payment services and certain other acts (22/03/2018)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (01/03/2018)
  • Act amending the Act on certain rights of employees of the office serving the minister responsible for internal affairs and officers and employees of offices supervised by that minister, and certain other acts (09/11/2017)
  • Act amending the Penal Code and certain other acts (23/03/2017)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (10/02/2017)
  • Act amending the Code of Civil Procedure and certain other acts (15/12/2016)
  • Act amending the Act – Family and Guardianship Code and certain other acts (10/06/2016)
  • Act amending the Act on Investment Funds and certain other acts (31/03/2016)
  • Act amending the Act on payment terms in commercial transactions, the Civil Code and certain other acts (09/10/2015)
  • Act amending the Banking Law and certain other acts (25/09/2015)
  • Act amending the Act on Competition and Consumer Protection and certain other acts (05/08/2015)
  • Act amending the Civil Code, the Code of Civil Procedure and certain other acts (10/07/2015)
  • Act amending the Act on Capital Market Supervision and certain other acts (12/06/2015)
  • Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms being part of a financial conglomerate and certain other acts (24/04/2014)
  • Act amending the Act on Financial Market Supervision and certain other acts (23/10/2013)
  • Act amending the Banking Law and the Investment Funds Act (19/04/2013)
  • Act amending the Act on Trading in Financial Instruments and certain other acts (24/10/2012)
  • Act amending the Banking Law and the Consumer Credit Act (19/08/2011)
  • Act amending the Banking Law and certain other acts (29/07/2011)
  • Act amending the Banking Law and certain other acts (10/06/2011)
  • Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision (28/04/2011)
  • Act amending the Banking Law, the Insurance Activity Act, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act (25/06/2010)
  • Act amending the Act on the Bank Guarantee Fund and the Banking Law (16/07/2009)
  • Act amending the Act on cooperative savings and credit unions and the Banking Law (18/06/2009)
  • Act amending the Act on the Bank Guarantee Fund and other acts (23/10/2008)
  • Act amending acts to standardize IT terminology (04/09/2008)
  • Act amending the Banking Law (04/09/2008)
  • Act amending the Act on court bailiffs and enforcement and certain other acts (24/05/2007)
  • Act amending the Banking Law (26/01/2007)
  • Act amending the Banking Law (18/10/2006)
  • Act amending the Act on the Protection of Classified Information and certain other acts (15/04/2005)
  • Act amending and repealing certain acts in connection with the Republic of Poland’s accession to the EU (20/04/2004)
  • Act amending the Banking Law Act and other acts (01/04/2004)
  • Act amending the Act – Law on Public Trading in Securities and amending other acts (12/03/2004)
  • Act amending the Act on the National Bank of Poland and other acts (18 December 2003)
  • Act amending the Commercial Companies Code and certain other acts (12/12/2003)
  • Act amending the Act on the Social Insurance System and certain other acts (18 December 2002)
  • Act amending the Tax Ordinance Act and certain other acts (12/09/2002)
  • Act amending the Banking Law (27/07/2002)
  • Act amending the Act on Mortgage Bonds and Mortgage Banks and amending certain other acts (05/07/2002)
  • Act on transformation of the customs administration and on amending certain acts (20/03/2002)
  • Act on changes in the organization and functioning of central government administration bodies and their subordinate units and on amending certain acts (01/03/2002)
  • Act amending the Act on bailiffs and execution and on amending certain other acts (18/09/2001)
  • Act amending the Banking Law and other acts (23/08/2001)
  • Act amending the Police Act, the Insurance Act, the Banking Law, the County Self-Government Act and the Act – Provisions introducing acts reforming public administration (27/07/2001)
  • Act amending the Act on the Bank Guarantee Fund and the Banking Law (15/12/2000)
  • Act amending the Penal Code, the Code of Criminal Procedure, the Act on Combating Unfair Competition, the Public Procurement Act and the Banking Law (09/09/2000)
  • Act amending the Act on the Bank Guarantee Fund and certain other acts (09/04/1999)
• Press Law (26/01/1984)
  • Act amending the Press Law (20/07/2018)
  • Act amending the Press Law (27/10/2017)
  • Act amending the Press Law (10/05/2013)
  • Act amending the Press Law (14/09/2012)
  • Act amending the Press Law (19/08/2011)
  • Act amending the Civil Code (23/08/1996)
  • Act amending the Press Law (30/05/1989)
• Regulation of the Council of Ministers on the National Interoperability Framework, minimum requirements for public registers and the exchange of information in electronic form, and minimum requirements for ICT systems (21/05/2024)

Personal Data

• Regulation (EU) 2025/327 (EHDS) (11/05/2025)
• Regulation (EU) 2023/2854 (Data Act) (13/12/2023)
• Regulation (EU) 2018/1725 (EUDPR) (23/10/2018)
• Regulation (EU) 2017/2394 (12/12/2017)
  • Directive (EU) 2024/1799 amending Regulation (EU) 2017/2394, Directive (EU) 2019/771 and Directive (EU) 2020/1828 (13/06/2024)
  • Directive (EU) 2019/771 amending Regulation (EU) 2017/2394 and Directive (EU) 2009/22 and repealing Directive (EU) 1999/44 (20/05/2019)
  • Regulation (EU) 2018/302 amending Regulation (EU) 2006/2004, Regulation (EU) 2017/2394 and Directive 2009/22 (28/02/2018)
• Regulation (EU) 2016/679 (GDPR) (27/04/2016)
• Directive (EU) 2016/680 (LED) (27/04/2016)
• Act on the protection of personal data processed in connection with the prevention and combating of crime (14/12/2018)
• Personal Data Protection Act (10/05/2018)
  • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
• Detective Services Act (06/07/2011)
  • Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC (21/02/2019)
  • Act amending certain acts in connection with the standardization of certain templates of documents in administrative procedures (24/04/2014)
  • Act amending the Act on detective services (26/11/2010)
  • Act amending certain acts in connection with the entry into force of the Protocol to the Agreement between the European Community and its Member States, of the one part, and the Swiss Confederation, of the other, on the free movement of persons (05/09/2008)

Non-Personal Data

• Regulation (EU) 2023/2854 (Data Act) (13/12/2023)
• Regulation (EU) 2022/868 (Data Governance Act) (30/05/2022)
• Directive (EU) 2019/1024 (20/06/2019)
• Regulation (EU) 2018/1807 (14/11/2018)

Legal Acts

• Regulation (EU) 2016/679 (GDPR) http://data.europa.eu/eli/reg/2016/679/2016-05-04
  • The GDPR applies to the processing of personal data of European Union citizens. This covers all data-related operations, such as collection, storage, analysis, and sharing, regardless of whether they are carried out by automated means. The regulation aims to protect the privacy of individuals and ensure that their personal data is processed securely and lawfully. The GDPR covers the protection of personal data, which is any information that can identify a natural person. The regulation imposes several principles on entities processing data, such as the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. The GDPR grants data subjects a number of rights, such as the right to access, rectification, erasure (the right to be forgotten), restriction of processing, data portability, and the right to object to processing. Data processors must implement appropriate technical and organizational measures to ensure data security and compliance with the GDPR principles. The GDPR applies to all organizations that process personal data of EU citizens, regardless of their location. Violation of GDPR provisions may result in the imposition of high financial penalties.
  • GUIDE https://www.edpb.europa.eu/system/files/2023-06/edpb_guidelines_042022_calculationofadministrativefines_en.pdf
• Regulation 2025/327 (EHDS)http://data.europa.eu/eli/reg/2025/327/oj
  • The European Health Data Space regulates the exchange and use of health data in the European Union. The main goals of the regulation are to ensure secure access to citizens’ health data across the EU, facilitate the exchange of information between healthcare providers, and promote innovation in the field of health. The regulation aims to:
    • Increasing patient control over their health data:
      • Citizens will have the right to access their electronic health data and control its use.
      Improving the exchange of health data between Member States:
      • This will enable secure data sharing between different medical facilities in the EU, contributing to better healthcare.
      Supporting research and innovation:
      • EHDS is intended to facilitate access to health data for research purposes, which is expected to accelerate the development of new therapies and improve disease prevention.
      Increase preparedness for future health crises:
      • Through improved information flow, EHDS is intended to help respond to health crises more quickly and effectively.
  • The introduction of the EHDS requires adapting national healthcare systems to new requirements. As a member state, Poland must adapt its regulations and IT infrastructure to the new regulations to ensure full compliance with the EHDS.
• Regulation (EU) 2022/2554 (DORA) http://data.europa.eu/eli/reg/2022/2554/oj
  • DORA governs the digital operational resilience of the EU financial sector by establishing a comprehensive framework for managing risks related to information and communication technologies (ICT). Key aspects regulated by DORA include:
    • ICT Risk Management: DORA requires financial institutions to proactively and comprehensively manage all types of ICT-related risks.Incident Reporting: The Regulation specifies which ICT-related incidents are subject to mandatory reporting and sets out detailed reporting procedures.Resilience Testing: Financial institutions are required to regularly conduct digital resilience testing, including penetration testing.Third-party ICT service providers: DORA establishes a supervisory framework for key third-party ICT service providers and regulates their relationships with financial institutions.Harmonisation of standards: The Regulation aims to create a unified front for cyber resilience across the EU by harmonising security standards.
    The main goal of DORA is to ensure financial stability by strengthening the digital resilience of financial institutions to cyberattacks and other digital threats, which translates into increased trust in the financial sector.Regulation (EU) 2025/295 supplements DORA with regard to regulatory technical standards for the harmonisation of the conditions for conducting supervisory activities. http://data.europa.eu/eli/reg_del/2025/295/oj
  • GUIDE https://www.enisa.europa.eu/sites/default/files/2025-05/2025.04311_01_ms_v2.0_Handbook%20for%20Cyber%20Stress%20Tests_en.pdf
• Regulation (EU) 2023/1781 (Chips Act )http://data.europa.eu/eli/reg/2023/1781/oj
• • The European Chips Act aims to strengthen the European semiconductor ecosystem, increase the European Union’s competitiveness and technological sovereignty by supporting research, production, and development of innovative technologies in this sector, and ensure the resilience of supply chains and reduce dependence on non-EU suppliers. Main objectives and provisions:
• • Strengthening research and technological leadership: The Act aims to boost Europe’s capacity to innovate in the design, production and packaging of advanced chips;
• • Increasing production capacity: A legal framework and investments, including support for pioneering production facilities, are provided to increase semiconductor production in the EU and double the EU’s share of the global market by 2030;
• • Supply chain coordination and monitoring: The Regulation introduces mechanisms to monitor global supply chains, anticipate shortages and coordinate actions with Member States to ensure stability of supply;
• • Development of skilled workforce: The activities also aim to attract new talent and address the shortage of skilled labor in the semiconductor sector;
  • Increasing resilience and technological sovereignty: By strengthening the European semiconductor ecosystem, the Act aims to increase Europe’s autonomy and resilience to global crises and supply disruptions.
• Regulation (EU) 2024/2847 (Cyber Resilience Act) http://data.europa.eu/eli/reg/2024/2847/2024-11-20
  • The CRA is an EU legal act establishing uniform cybersecurity requirements for all digital products introduced to the European Union market. Its main goal is to ensure that, from design and production, and throughout the product lifecycle, hardware and software are built with security in mind, minimizing security vulnerabilities and reducing the risk of attacks. The CRA addresses:
    • Manufacturers: Holds them responsible for the security of their digital products throughout their lifespan;
• • • Importers and distributors: Responsible for placing compliant products on the market;
• • • Consumers: Influences their choices by giving access to more secure devices;
• • The Regulation entered into force on December 10, 2024. Most of the CRA requirements will become mandatory from September 11, 2026, and will be fully applicable on December 11, 2027.
• • In the event of non-compliance with the regulation, high financial penalties are foreseen.
• • In summary, CRA is introducing security standards that will make digital products such as smartwatches, smart refrigerators and antivirus software safer for users and better protected against cyber threats.
  • GUIDE https://www.enisa.europa.eu/sites/default/files/2024-11/Cyber%20Resilience%20Act%20Requirements%20Standards%20Mapping%20-%20final_with_identifiers_0.pdf
• Regulation (EU) 2023/2854 (Data Act ) http://data.europa.eu/eli/reg/2023/2854/oj
  • The Data Regulation is an EU law aimed at regulating access to, exchange, and use of data, particularly data generated by devices connected to the Internet of Things (IoT). The Data Act aims to increase competitiveness and innovation in the European market by facilitating access to data for various entities, including consumers, businesses, and public administrations. The main objectives of the Data Act are:
    • Data sharing by manufacturers and service providers:
      • The Data Act imposes an obligation to share data generated by IoT devices with their users, other companies (including competitors) and, in certain cases, public authorities;
      Protection of personal data:
      • Sharing of personal data may only occur at the user’s request and must be in accordance with the General Data Protection Regulation (GDPR);
      Contract transparency:
      • The Data Act aims to counteract unfair contractual provisions regarding access to and use of data;
      Possibility to change cloud service providers:
      • The regulation aims to facilitate the switching of cloud computing service providers and improve the interoperability of data and services;
      Supporting innovation:
      • Easier access to data is intended to support the creation of new products and services, especially by small and medium-sized enterprises;
      Competition and choice:
      • Consumers will gain greater control over their data and a wider choice of service providers.
    Data Act applies to:
    • IoT devices (e.g. smart household appliances, cars, agricultural machinery);Service providers who process data from these devices;IoT devices (both consumers and businesses);Companies that want to use data to create new products and services;Public administration.
    The Data Act is scheduled to enter into force on September 12, 2025.The Data Act complements the GDPR by regulating access to and use of data beyond just personal data. While the GDPR continues to protect personal data, the Data Act introduces additional provisions for the sharing and use of data, including non-personal data, to promote innovation and competitiveness.
  • GUIDE https://www.enisa.europa.eu/sites/default/files/publications/Data%20Spaces%20Report.pdf
• Regulation (EU) 2022/868 (Data Governance Act) http://data.europa.eu/eli/reg/2022/868/oj
  • Data Governance Act is a European Union regulation that establishes rules for the secure and transparent sharing and reuse of data, especially data held by the public sector. The regulation introduces mechanisms to support data exchange, including data brokerage services (aggregating and sharing data) and promoting data altruism (voluntary, free data sharing). Its goal is to support the digital economy, innovation, and better use of data for public and commercial purposes. The Act facilitates access to protected public data in a secure and controlled manner, while requiring its anonymity and compliance with personal data protection law (e.g., GDPR). It creates a framework for trusted providers who can act as intermediaries in data exchange. It promotes voluntary and free sharing of data by individuals and organizations with other entities. Improved conditions for data use are intended to foster the development of new data-driven products and services and increase the competitiveness of European businesses. Trust in data-sharing mechanisms is crucial for the development of a data-driven economy. The DGA is the EU’s first step in creating a comprehensive legal framework for data management. It is complemented by the Data Act, which focuses on regulating access to data generated by Internet of Things (IoT) devices.
  • GUIDE https://www.enisa.europa.eu/sites/default/files/publications/Data%20Spaces%20Report.pdf
• Regulation (EU) 2017/2394 http://data.europa.eu/eli/reg/2017/2394/2025-01-19
  • Regulation (EU) 2017/2394 governs cooperation between national authorities responsible for enforcing consumer protection laws. Its main objective is to ensure effective international cooperation in combating infringements of consumer rights, so as to protect the interests of consumers in the EU single market. Key aspects of the regulation include:
    • Establishes a framework for cooperation between authorities such as those operating in the Consumer Protection Cooperation (CPC) network;
• • • It aims to guarantee a high level of consumer protection in all Member States, regardless of where they purchase or travel;
• • • Enables coordinated action against unfair commercial practices that harm consumers across the European Union;
• • • Enforcement authorities can require businesses to make good the damage, compensate consumers and apply effective sanctions, which can amount to up to 4% of the company’s turnover in a given EU country.
• • This regulation applies to a wide range of consumer protection issues, including unfair commercial practices, product safety, personal data protection, financial services, and e-commerce. In short, Regulation 2017/2394 is a key instrument in EU consumer policy, aiming to ensure that consumers across the European Union are protected from unfair practices and can benefit from safe products and services.
• • Directive (EU) 2024/1799 amends Regulation (EU) 2017/2394 and Directives (EU) 2019/771 and (EU) 2020/1828 on common rules promoting the repair of goods. http://data.europa.eu/eli/dir/2024/1799/oj
• • Directive (EU) 2019/771 amends Regulation (EU) 2017/2394 and Directive (EU) 2009/22 and repeals Directive (EU) 1999/44 on certain aspects concerning contracts for the sale of goods. https://eur-lex.europa.eu/legal-content/PL/TXT/HTML/?uri=CELEX:02019L0771-20190522 [link in Polish]
  • Regulation (EU) 2018/302 amends Regulation (EU) 2006/2004 and Regulation (EU) 2017/2394 and Directive 2009/22 on unjustified geo-blocking and other forms of discrimination against customers based on their nationality, place of residence or place of establishment in the internal market. http://data.europa.eu/eli/reg/2018/302/oj
• Regulation (EU) 2024/1689 (AI Act )http://data.europa.eu/eli/reg/2024/1689/oj
  • The AI Act establishes a comprehensive legal framework for AI in the EU. It classifies AI systems based on risk levels and imposes specific obligations on AI providers and implementers. The goal is to foster trustworthy AI, ensure security, protect fundamental rights, and promote innovation. Due to the scope of the regulations, the individual elements of the AI Act are being implemented gradually. The AI Act stipulates:
    • Harmonised rules for the placing on the market, putting into service and use of AI systems in the EU;
• • • Prohibitions on certain AI practices;
• • • Specific requirements for high-risk AI systems and obligations incumbent on operators of such systems;
• • • Harmonized transparency rules for certain AI systems;
• • • Harmonized rules for placing general-purpose AI models on the market;
• • • Provisions relating to marketing monitoring, market surveillance, management and enforcement;
• • • Measures to support innovation, with particular emphasis on SMEs, including start-ups.
    The AI Act applies to:
    • Providers placing AI systems or general purpose AI models on the market in the EU, regardless of whether those providers are established or located in the EU or in a third country;Entities using AI systems that are established or located in the EU;Providers of AI systems and entities using AI systems that are established or located in a third country where the results produced by the AI system are used in the EU;Importers and distributors of AI systems;Product manufacturers who, under their own name or trademark, and together with their product, introduce an AI system into the market or put it into use;Authorised representatives of suppliers not established in the EU;People affected by AI who are located in the EU.
  • GUIDE https://www.enisa.europa.eu/sites/default/files/publications/Artificial%20Intelligence%20and%20Cybersecurity%20Research.pdf
• Regulation (EU) 2018/1725 (EUDPR)http://data.europa.eu/eli/reg/2018/1725/oj
  • Regulation (EU) 2018/1725 governs the processing of personal data by European Union institutions, bodies, and other agencies. This regulation repeals previous regulations in this area and introduces personal data protection principles similar to those contained in the GDPR. Individuals whose data is processed by EU institutions have the right to access, rectify, block, or erase their data. In case of doubts or problems, you can contact the data controller and, in the event of a dispute, the Data Protection Officer or the European Data Protection Supervisor (EDPS).
• Regulation (EU) 2018/1807http://data.europa.eu/eli/reg/2018/1807/oj
  • Regulation (EU) 2018/2018 provides a framework for the free flow of non-personal data within the European Union. Its main goal is to ensure the free movement of non-personal data within the EU single market, while prohibiting Member States from imposing data localization requirements (e.g., storing them in a specific country) unless justified by public security concerns. The regulation aims to foster the development of modern technologies, such as the cloud and artificial intelligence, by facilitating the cross-border mobility of non-personal data. The regulation ensures that competent authorities have access to non-personal data for control, inspection, and audit purposes. It makes it easier for professional users to transfer data from one processing or storage service provider to another, preventing market disruptions. It entered into force on May 28, 2019.
• Regulation (EU) 2024/903 (Interoperable Europe Act)http://data.europa.eu/eli/reg/2024/903/oj
  • Regulation (EU) 2024/903 establishes a framework for cooperation between Member States’ public administrations to enable them to deliver public services efficiently across borders, while supporting the digital transformation and the “only once” principle. This act aims to simplify administrative processes for citizens and businesses, providing them with access to high-quality digital services regardless of their place of residence in the EU. It enables various public administrations, as well as systems and services, to exchange data and effectively interact. It ensures the efficient provision of public services (e.g., health, taxation, professional qualifications) between different Member States. The Interoperable Europe Act introduces mechanisms to support the goal of making all key public services available electronically by 2030 – including enabling citizens and businesses to share data for official purposes only once, without having to submit the same information repeatedly. An Interoperable Europe Council was established, responsible for the development and oversight of the implementation of common solutions. The act supports openness and cooperation with the private and scientific sectors. Emphasis is placed on the accessibility of digital public services for all, including the elderly, people with disabilities, and other vulnerable groups.
  • GUIDE https://interoperable-europe.ec.europa.eu/sites/default/files/document/2025-03/Local%20Policy%20Brief%20-%20Digital%20Counter.pdf
• Regulation (EU) 648/2012 (EMIR) http://data.europa.eu/eli/reg/2012/648/2025-01-17
  • European Market Infrastructure Regulation enhances the security and transparency of the European over-the-counter (OTC) derivatives market by introducing obligations regarding transaction clearing, risk management, and reporting to trade repositories. Its purpose is to reduce systemic and operational risk, prevent future financial crises, and provide market reassurance. This regulation applies to financial contracts not concluded on regulated exchanges, such as energy, gas, foreign exchange, and interest rate contracts. EMIR requires certain transactions to be cleared through a central counterparty (CCP), which is intended to increase security. It obliges entities to report details of concluded transactions to a trade repository. It introduces requirements for managing the risks associated with derivative contracts, including the obligation to conclude transaction processing agreements. The regulation applies to various entities that conclude derivatives transactions. The main objectives of EMIR:
    • Reducing systemic risk associated with the derivatives market;
• • • Calming markets through better risk management and increased transparency;
• • • Enabling regulators to better monitor and oversee the market.
• • Regulation (EU) 2021/23 amends Regulation (EU) 1095/2010, Regulation (EU) 648/2012, Regulation (EU) 600/2014, Regulation (EU) 806/2014, Regulation (EU) 2015/2365, Directive (EU) 2002/47, Directive (EU) 2004/25, Directive (EU) 2007/36, Directive (EU) 2014/59 and Directive (EU) 2017/1132 on a framework for the recovery and resolution of central counterparties. http://data.europa.eu/eli/reg/2021/23/oj
• • Regulation (EU) 2017/2402 amends Directive (EU) 2009/65, Directive (EU) 2009/138, Directive (EU) 2011/61, Regulation (EU) 1060/2009 and Regulation (EU) 648/2012 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation. http://data.europa.eu/eli/reg/2017/2402/2021-04-09
• • Regulation (EU) 2015/2365 amends Regulation (EU) 648/2012 on transparency of securities financing transactions and reuse. http://data.europa.eu/eli/reg/2015/2365/2024-01-09
• • Regulation (EU) 600/2014 amends Regulation (EU) 648/2012 on markets in financial instruments. http://data.europa.eu/eli/reg/2014/600/2025-01-17
• • Directive (EU) 2014/59 amends Directive (EU) 82/891, Directive (EU) 2001/24, Directive (EU) 2002/47, Directive (EU) 2004/25, Directive (EU) 2005/56, Directive (EU) 2007/36, Directive (EU) 2011/35, Directive (EU) 2012/30, Directive (EU) 2013/36, Regulation (EU) 1093/2010 and Regulation (EU) 648/2012 for the recovery and resolution of credit institutions and investment firms. http://data.europa.eu/eli/dir/2014/59/2025-01-17
• • Regulation (EU) 575/2013 amends Regulation (EU) 648/2012 on prudential requirements for credit institutions. http://data.europa.eu/eli/reg/2013/575/2025-06-29
  • GUIDE https://www.esma.europa.eu/sites/default/files/2024-03/ESMA12-2121844265-3254_Guidelines_on_position_calculation_under_EMIR_Refit.pdf
• Regulation (EU) 2017/745 (MDR)http://data.europa.eu/eli/reg/2017/745/2025-01-10
  • The Medical Device Regulation establishes uniform and more stringent rules for the marketing, distribution, and monitoring of medical devices in the European Economic Area. The main objectives and key aspects of the MDR:
    • Ensuring a robust, transparent and sustainable regulatory framework for medical devices;
• • • More detailed regulations regarding the classification of medical devices according to their risk;
• • • Stricter regulations for medical device conformity assessment bodies responsible for confirming compliance with MDR requirements;
• • • Introduction of new, extended obligations for manufacturers, importers, authorized representatives and distributors;
• • • Requirements for the traceability of medical devices across the market, facilitating tracking and inventory management.
• • The regulation became fully applicable on 26 May 2021, replacing the MDD.
  • GUIDE https://www.medical-device-regulation.eu/wp-content/uploads/2019/06/md_mfr_factsheet.pdf
• Regulation (EU) 2017/746 (IVDR)http://data.europa.eu/eli/reg/2017/746/2025-01-10
  • The IVDR applies to in vitro diagnostic medical devices (IVDs). Its goal is to ensure the effectiveness, safety, and quality of these devices on the EU market. The IVDR introduces stringent requirements, a four-level classification system for devices (A, B, C, D) based on risk and increases oversight of notified bodies. The IVDR replaced the old IVDD (98/79/EC), adapting the regulations to technological and medical progress. The new regulations aim to enhance public health and patient safety. Companies must undergo additional clinical trials and tighten the technical documentation of their products. Manufacturers are required to report serious incidents, and member states are required to facilitate reporting by healthcare professionals, patients, and users. A centralized database (Eudamed) has been introduced to provide access to information about medical devices available in the EU.
  • GUIDE https://health.ec.europa.eu/document/download/12f9756a-1e0d-4aed-9783-d948553f1705_en
• Directive (EU) 2000/31 (e-commerce directive) http://data.europa.eu/eli/dir/2000/31/2024-02-17
  • The E-Commerce Directive establishes harmonised legal rules for information society services (including online services) across the European Union. It aims to remove barriers to cross-border online services, increase legal certainty, and regulate issues such as information requirements for providers, rules on advertising, spam, and online contracts. The Directive also introduces safe harbors. The directive introduces so-called “safe harbors” for intermediary service providers, exempting them from liability for third-party content if they meet certain conditions. The directive eliminates obstacles to cross-border services provided online. It ensures regulatory clarity for businesses and consumers using online services. It also establishes rules for advertising and other forms of commercial communication. It requires the publication of basic company data (name, address, and registration number). Recognizing online contracts as equivalent to paper contracts requires clearly defining the terms and allowing consumers to store them. The e-commerce directive limits the liability of intermediary service providers (so-called “safe harbors”) for illegal content shared by their users, provided that certain procedures are followed (e.g., notice and takedown). It also introduces provisions regarding unsolicited commercial communications.
• Directive (EU) 2016/680 (LED)http://data.europa.eu/eli/dir/2016/680/2016-05-04
  • Directive (EU) 2016/680, also known as the Criminal Data Protection Directive, covers the protection of personal data processed by competent authorities for the purposes of preventing, investigating, detecting, or prosecuting criminal offences, or executing criminal penalties. It establishes a legal framework to ensure a high level of protection of the personal data of persons involved in criminal proceedings, such as witnesses, victims, and suspects. The directive aims to:
    • Schengen countries, which is intended to facilitate cooperation in combating crime;
• • • Ensuring the protection of personal data of people involved in criminal proceedings, which is intended to increase trust in the justice system and law enforcement agencies;
• • • Establishing a comprehensive legal framework: regarding the processing of personal data in a criminal context;
• • • The Directive is part of the EU data protection reform package, alongside the General Data Protection Regulation (GDPR) and Regulation (EU) 2018/1725;
• • In short, Directive (EU) 2016/680 regulates how personal data may be processed in a criminal context in order to protect the rights and freedoms of data subjects while at the same time enabling the effective prosecution of criminal offences.
  • GUIDE https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Report%20-%20PSIRT%20Expertise%20%20And%20Capabilities%20Development%20-%20Health%20and%20Energy.pdf
• Directive (EU) 2022/2555 (NIS 2)http://data.europa.eu/eli/dir/2022/2555/oj
  • NIS 2 improves cybersecurity across the European Union by establishing high, common standards for networks and information systems, particularly in key economic sectors. It introduces new, broader regulations on cybersecurity risk management and incident reporting obligations for entities across various industries, replacing the previous NIS Directive. The regulations cover a broader group of companies and institutions, including those in sectors such as manufacturing, energy, finance, and healthcare. A multi-stage cybersecurity incident reporting procedure has been established, requiring entities to provide specific information at various stages of incident handling. Management requirements have been increased through mandatory training for members of management bodies to enhance their cybersecurity awareness. More powers have been introduced for regulatory bodies to enforce compliance with the directive.
  • GUIDE https://www.edpb.europa.eu/system/files/2023-02/edpb_03-2022_guidelines_on_deceptive_design_patterns_in_social_media_platform_interfaces_v2_en_0.pdf
• EU Directive 2022/2557 (CER)http://data.europa.eu/eli/dir/2022/2557/oj
  • Entities The Resilience Directive aims to increase the resilience of Member States and critical entities to threats such as natural disasters, terrorism, and sabotage. It creates a common EU legal framework to ensure the continuity of essential services and strengthen the physical resilience of critical infrastructure, including energy, transport, health, and public administration. The Directive takes a comprehensive approach, not just cybersecurity- related threats. Member States must develop and implement national strategies to strengthen the resilience of critical entities, including risk assessments, mitigation measures, and response plans. The Directive specifies criteria for identifying critical infrastructure entities. The CER is one element of the EU regulatory framework for cybersecurity and resilience, harmonizing its activities with NIS 2. Examples of sectors covered by the CER include:
    • Energy (electricity, oil, gas);
• • • Transport (air, rail, water, road);
• • • Health (healthcare, production and distribution of medicines);
• • • Digital infrastructure;
• • • Public administration;
• • • Food production, processing and distribution.
  • GUIDE https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202003_healthdatascientificresearchcovid19_en.pdf
• Directive (EU) 96/9http://data.europa.eu/eli/dir/1996/9/2019-06-06
  • The aim of the directive is to establish a system of legal protection for databases, covering both copyright and sui generis, which protect the investment in the creation and collection of databases by preventing their unauthorized use.
    • Copyright protects original databases as literary or artistic works.
• • • Sui law generis (own kind) protects the investment in acquiring, verifying and presenting database content.
• • The Directive protects the financial, time, and labor investment in database creation, ensuring that creators and producers can reap the benefits of these investments. It applies to databases as a whole, not just to their individual components. As a Directive, it is a legal act that European Union Member States must implement into their national law.Directive (EU) 2019/790 amends Directive (EU) 98/9 and Directive (EU) 2001/29 on copyright and related rights in the Digital Single Market. http://data.europa.eu/eli/dir/2019/790/oj
  • GUIDE https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Cybersecurity%20guide%20for%20SMEs-online-single_page.pdf
• Directive (EU) 2002/58http://data.europa.eu/eli/dir/2002/58/2009-12-19
  • The e-Privacy Directive regulates the protection of privacy and data confidentiality in the electronic communications sector, complementing the general principles of the GDPR. It introduces specific requirements regarding the confidentiality of correspondence, cookies, and user metadata, such as location data. The directive establishes rules for the processing of data in electronic communications to ensure the free flow of data and services while protecting the fundamental rights and freedoms of EU citizens. It aims to harmonize national regulations to ensure the free flow of data and telecommunications services within the EU internal market.
  • GUIDE https://www.enisa.europa.eu/sites/default/files/publications/Technical%20Guideline%20on%20Security%20measures%20for%20Article4%20%26%20Article13a.pdf
• Directive (EU) 2020/1828http://data.europa.eu/eli/dir/2020/1828/2024-12-13
  • Directive (EU) 2020/1828 of the European Parliament and of the Council on representative actions, also known as the Representative Actions Directive, protects the collective interests of consumers in the European Union by harmonising rules on representative actions. This directive aims to ensure that consumers can effectively enforce their rights in the event of infringements by traders, while also introducing safeguards against abusive actions. The main objectives of the directive are:
    • Unification of the rules for representative actions:
      • The directive aims to approximate the rules of the Member States on representative actions so that consumers have easier access to this type of protection throughout the EU;
      Protection of the collective interests of consumers:
      • The Directive applies to actions relating to infringements of EU law in various areas such as data protection, financial services, travel and tourism, energy and telecommunications;
      Prescriptive and corrective measures:
      • The Directive provides for the possibility of seeking both injunctive relief and corrective measures, such as return, replacement or repair;
      Incorporation into national law:
      • Member States are obliged to implement the provisions of the Directive into their national law, which means that uniform rules on representative actions will apply in each EU country;
      Entities entitled to bring actions:
      • The Directive specifies which entities may represent consumers in representative actions, e.g. consumer organisations;
      Protection against abuse:
      • The Directive contains provisions aimed at preventing the abuse of representative actions, for example by specifying the criteria that entities entitled to bring them must meet.
    Directive 2020/1828 is an important step towards strengthening consumer protection in the EU and providing them with more effective access to justice in the event of infringements of their rights by traders, informs the European Commission.
• • Directive (EU) 2024/1799 amends Regulation (EU) 2017/2394 and Directives (EU) 2019/771 and (EU) 2020/1828 on common rules promoting the repair of goods. http://data.europa.eu/eli/dir/2024/1799/oj
  • Regulation (EU) 2022/1925 amends Directive (EU) 2019/1937 and Directive (EU) 2020/1828 on contestable and fair markets in the digital sector. http://data.europa.eu/eli/reg/2022/1925/2022-10-12
• Directive (EU) 2015/2366 (PSD 2)http://data.europa.eu/eli/dir/2015/2366/2025-01-17
  • Payment Services Directive 2 concerns payment services. Its goal is to standardize and increase the security of the electronic payments market in the EU, taking into account technological developments and new payment services. It introduces, among other things, open banking, which allows third-party companies (with the customer’s consent) to access bank account data and limits customer liability for unauthorized transactions to €50. The directive introduces more stringent transaction authentication requirements (e.g., strong customer authentication, PIN authentication for contactless transactions). Customers are better protected against fraud, and their liability for unauthorized transactions is limited. PSD 2 promotes the emergence of innovative services and providers (so-called Third Party Providers), introducing the principle of open banking – customers can use third-party applications (with their consent) to manage their accounts and make payments. It defines strong customer authentication (SCA), which requires two-factor transaction authentication, for example, using a password and an SMS code. The deadline for considering complaints regarding payment transactions has been shortened to 15 business days.
  • GUIDE https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Report%20-%20EU%20Cybersecurity%20Initiatives%20in%20the%20Finance%20Sector.pdf
• Directive (EU) 2019/1024 http://data.europa.eu/eli/dir/2019/1024/oj
  • The aim of this directive is to enable citizens and businesses to reuse public information, such as documents from public authorities and public undertakings, as well as research data, for the development of the economy and society. The directive also introduces the concept of high-value datasets, which are made available under specific conditions to increase their benefits for society and the economy. Member States are required to make information available in open, machine-readable formats to enable free commercial and non-commercial use. The directive had to be implemented into the national law of the Member States. In Poland, implementation occurred through the Act of 11 August 2021 on Open Data and the Reuse of Public Sector Information. The directive aims to adapt the legal framework to technological advances, such as machine learning and artificial intelligence, in order to fully exploit the potential of public data for the European economy and society.
• Personal Data Protection Act https://uodo.gov.pl/en/file/754
  • The Polish Personal Data Protection Act of 10 May 2018 governs the processing of personal data and the rights of individuals whose data is processed in datasets, in accordance with European Union law, in particular the General Data Protection Regulation (GDPR). This Act aims to ensure that personal data is processed in a lawful, fair, and transparent manner, respecting the privacy of data subjects. Specifically, the Act specifies:
    • Principles of personal data processing:
      • including the principles of legality, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability;
      Rights of data subjects:
      • including the right to access data, the right to rectification, deletion, restriction of processing, the right to data transfer and the right to object;
      Obligations of data controllers and processors:
      • including ensuring data security, maintaining processing documentation, appointing a data protection officer in certain cases;
      Sanctions for violations of regulations:
      • including financial penalties and other legal consequences.
    In short, the Act aims to protect the rights and freedoms of natural persons in relation to the processing of their personal data, while ensuring the free flow of data within the European Union.
  • The Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC introduces new rules on general provisions, the appointment of a data protection officer, requests for prior consultations before the processing of personal data, provisions on administrative fines, criminal provisions, and the prevention of inspections of compliance with personal data protection provisions. https://gdpr.pl/wp-content/uploads/2019/05/Zmiana-niektorych-ustaw-21-lutego-2019_.pdf [link in Polish]
• Electronic Communications Lawhttps://eli.gov.pl/eli/DU/2024/1221/ogl
  • The EPC replaces the previous Telecommunications Law and implements EU regulations, such as the European Electronic Communications Code. The new law comprehensively regulates the telecommunications and electronic communications market in Poland, introducing changes aimed at better consumer protection, streamlining market operations, and adapting regulations to the dynamic development of the digital age. Key changes include:
    • Marketing consent and cookie policy;
• • • Information obligations for operators;
• • • New regulations on contract termination and access to services for people with disabilities.
• • The Act introduces new consumer protection mechanisms, such as transparency of offers, easier comparison of services, and rules for contract amendments. The law includes new regulations regarding the management of network infrastructure, frequencies, and orbital resources. Limitations have been introduced on unilateral changes to contract terms by providers and the ability for consumers to more easily terminate contracts in the event of significant non-compliance with the contract. The Act requires the use of technical measures to protect the confidentiality of electronic communications against unauthorized disclosure.
• • The Act amending the Prison Service Act and certain other acts introduces new provisions regarding the obligation to ensure conditions for access to and recording of data. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250000820/O/D20250820.pdf [link in Polish]
  • The Act amending the Act on State Emergency Medical Services and certain other acts introduces new provisions regarding the obligation to provide information on the location of the network termination point from which an emergency call was made. https://orka.sejm.gov.pl/proc10.nsf/ustawy/1058_u.htm [link in Polish]
• Act on clinical trials of medicinal products for human use https://polishpharmacy.ptfarm.pl/download/?file=File%2FFarmacja+Polska%2F2023%2F12%2F05_SZ_Ustawa_o_badaniach_klinicznych_n.pdf
  • The Act on Clinical Trials of Medicinal Products for Human Use establishes new rules for conducting clinical trials in Poland, harmonizing Polish law with European Union regulations (Regulation (EU) 536/2014). The Act primarily addresses the procedure for obtaining trial authorizations, the appointment of the Supreme Bioethics Committee, ethical review principles, the responsibilities of the sponsor and investigator, the Compensation Fund, and the financing of trial-related medical services. Bureaucratic and legal obstacles for the pharmaceutical industry have been reduced. Changes have been introduced, including changes to data commercialization, a ban on using data from non-commercial trials for commercial purposes, and the removal of individuals from the list of entities authorized to conduct trials. Principles and procedures for conducting clinical trial inspections have been established.
• Act on the protection of personal data processed in connection with the prevention and combating of crime https://uodo.gov.pl/en/file/875
  • This Act implements Directive (EU) 2016/680 within its scope of regulation. It specifies:
    • Principles and conditions for the protection of personal data processed by competent authorities for the purpose of recognizing, preventing, detecting and combating prohibited acts, including threats to public security and order, as well as the execution of temporary arrest, penalties, fines and coercive measures resulting in deprivation of liberty;
• • • The rights of persons whose personal data are processed by competent authorities and the legal remedies available to such persons;
• • • The method of supervising the protection of personal data processed by competent authorities, excluding personal data processed by the prosecutor’s office and courts;
• • • Tasks of the supervisory body and the forms and manner of their performance;
• • • Obligations of the controller and processor and the data protection officer and the procedure for his appointment;
• • • How to secure personal data;
• • • Mode of cooperation with supervisory authorities in other European Union countries;
• • • Criminal liability for violation of regulations.
  • This Act applies to the processing of personal data by competent authorities in a manner
    • Fully or partially automated;
    • Other than automated processing where the data is or is intended to be part of a data set.
• Act on Medical Activity https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20111120654/U/D20110654Lj.pdf [link in Polish]
  • The Act on Medical Activity regulates the principles of:
    • Performing medical activities in Poland;
• • • The functioning of entities conducting it (both entrepreneurs and other entities);
• • • Rules for registration of medical entities in the Register of Entities Performing Medical Activities (RPWDL);
• • • Working time standards for medical workers;
• • • Principles of supervision over this activity.
• • Medical activity involves providing health services, promoting health, and conducting teaching and research activities. The Act specifies which entities may conduct medical activities, including entrepreneurs, independent public health care facilities, research institutes, foundations, associations, and even churches.
• • The Act amending the Act on State Emergency Medical Services and certain other acts introduces new provisions regarding shift work allowances. https://orka.sejm.gov.pl/proc10.nsf/ustawy/1058_u.htm [link in Polish]
• • The Act amending the Act on Healthcare Services Financed from Public Funds and Certain Other Acts introduces new provisions regarding healthcare entities and agreements on the transfer of public funds. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250000129/O/D20250129.pdf [link in Polish]
• • The Act amending the Act on the Medical Center for Postgraduate Education and certain other acts introduces new provisions regarding medical schools, the establishment of SPZOZs, property management principles, the liquidation of SPZOZs, the merger of SPZOZs, agreements between transferring entities and acquiring entities, the transformation of SPZOZs, the obligation to perform tasks, and agreements on providing access to an organizational unit to medical schools. https://www.nia.org.pl/wp-content/uploads/2024/12/23.12.24-ustawa-o-CMKP.pdf [link in Polish]
• • The Act amending the Act on Patients’ Rights and the Patient Ombudsman and certain other acts introduces new provisions regarding monitoring of rooms, hospital discharge, and identification of hospital staff and patients. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230001675/O/D20231675.pdf [link in Polish]
• • The Act amending the Act on Healthcare Services Financed from Public Funds and Certain Other Acts introduces new regulations regarding working time for employees of healthcare entities. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210002120/O/D20212120.pdf [link in Polish]
• • The Act amending the Act on health care services financed by public funds and certain other acts introduces new provisions regarding sources of financing, the fund of an SPZOZ facility and covering SPZOZ net losses.
    https://eli.gov.pl/eli/DU/2021/1773/ogl [link in Polish]
• • The Act amending the Act on Healthcare Services Financed from Public Funds and Certain Other Acts introduces new provisions regarding agreements on the transfer of public funds. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200002345/O/D20202345.pdf [link in Polish]
• • The Act amending certain acts in order to ensure the availability of medical personnel during the period of declaration of an epidemic threat or epidemic status introduces new provisions regarding the exercise of the professions of physician, nurse and physiotherapist within the framework of medical activity. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200002401/U/D20202401Lj.pdf [link in Polish]
• • The Act amending certain acts in connection with counteracting crisis situations related to the occurrence of COVID-19 introduces new provisions regarding requirements for the premises and equipment of an entity performing medical activities, principles of property management and coverage of net losses of SPZOZ. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200002112/U/D20202112Lj.pdf [link in Polish]
• • The Act amending certain acts to ensure the functioning of health care in connection with the COVID-19 epidemic and after its termination introduces new provisions regarding the head of a medical entity that is not an entrepreneur, the competition procedure for certain positions in a medical entity that is not an entrepreneur and the report on the economic and financial situation of SPZOZ. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200001493/O/D20201493.pdf [link in Polish]
• • The Act amending certain acts in the field of the health care system related to the prevention, counteraction, and combating of COVID-19 introduces new provisions regarding the coverage of net losses of public healthcare facilities. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200000567/U/D20200567Lj.pdf [link in Polish]
• • The Act amending the Commercial Companies Code and certain other acts introduces new provisions on the establishment and management of healthcare entities, specific regulations regarding healthcare companies with public participation, agreements between entities establishing SPZOZs and agreements on the transfer of public funds. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190001655/U/D20191655Lj.pdf [link in Polish]
• • The Act amending the Pharmaceutical Law and certain other acts introduces new provisions on fines for selling medicinal products in violation of the regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000959/O/D20190959.pdf [link in Polish]
• • The Act amending the Act on the principles of state property management and certain other acts introduces new provisions concerning specific regulations regarding medical companies with public participation. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000492/T/D20190492L.pdf [link in Polish]
• • The Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC introduces new rules on general provisions, the appointment of a data protection officer, requests for prior consultations before the processing of personal data, provisions on administrative fines, criminal provisions, and the prevention of inspections of compliance with personal data protection provisions. https://gdpr.pl/wp-content/uploads/2019/05/Zmiana-niektorych-ustaw-21-lutego-2019_.pdf [link in Polish]
• • The Act amending the Act on Healthcare Services Financed by Public Funds and Certain Other Acts introduces new rules regarding general provisions and working time for employees of healthcare entities. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001532/U/D20181532Lj.pdf [link in Polish]
• • The Act amending the Act on Public-Private Partnership and certain other acts introduces new provisions regarding property management principles.  https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001693/O/D20181693.pdf  [link in Polish]
• • The Act amending the Pharmaceutical Law and certain other acts introduces new provisions regarding applications for entry into the register of entities performing medical activities, refusal of entry into the register and fines for selling medicinal products in violation of the regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001375/U/D20181375Lj.pdf [link in Polish]
• • The Act amending the Act on health care services financed by public funds and certain other acts introduces new provisions regarding the agreement on the transfer of public funds. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001128/O/D20181128.pdf [link in Polish]
• • The Act Amending the Act on Medical Activity introduces new provisions concerning specific regulations concerning certain medical entities. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001697/O/D20151697.pdf [link in Polish]
• • The Act amending the Act on State Emergency Medical Services, the Act on Medical Activity and the Act amending the Act on Medical Activity and certain other acts introduces new provisions regarding the adjustment obligations of entities performing medical activities. https://orka.sejm.gov.pl/proc7.nsf/ustawy/3864_u.htm [link in Polish]
• • The Act Amending the Act on the Nursing and Midwifery Professions and Certain Other Acts introduces new provisions regarding the conditions for conducting medical activities by nurses and employment standards for nurses in medical entities that are not entrepreneurs. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001640/O/D20151640.pdf [link in Polish]
• • The Act amending the Act on Medical Devices and certain other acts introduces new provisions regarding the conditions for conducting business activity. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001918/O/D20151918.pdf [link in Polish]
• • The Act amending the Act on Medical Activity introduces new provisions regarding a military unit, a medical entity that is not an entrepreneur, the founding entity, medical entities, the establishment and management of medical entities, entities providing health services other than hospitals, the admissibility of performing activities other than medical and the prohibition of advertising funeral services, medical activity as a business activity, requirements for the premises and equipment of an entity performing medical activity, temporary cessation of medical activity, special regulations regarding certain medical entities, medical entities with special regulations, the establishment, transformation and liquidation of medical budgetary units, the principles of financial management of a medical budgetary unit, the working time of employees of medical entities, specialization and the maintenance in force of implementing provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150000905/O/D20150905.pdf [link in Polish]The Act amending the Act on health care services financed by public funds and certain other acts introduces new provisions regarding the principles of awarding contracts for health care services and public funds transferred to entities performing medical activities. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20140001138/U/D20141138Lj.pdf [link in Polish]
• • The Act amending the Public Procurement Law and certain other acts introduces new provisions regarding the principles of awarding contracts for health services. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20140000423/O/D20140423.pdf [link in Polish]
  • The Act amending the Act on Medical Activity and certain other acts introduces new rules regarding general provisions, medical entities performing medical activities such as stationary and 24-hour health services, medical entities with special regulations, medical entities that are not entrepreneurs, an independent public health care facility, a medical entity in the form of a budgetary unit, a register of entities performing medical activities, rules for the transfer of public funds to entities performing medical activities, control and supervision, and transitional provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20120000742/T/D20120742L.pdf [link in Polish]
• Act on Trading in Financial Instruments https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20051831538/U/D20051538Lj.pdf [link in Polish]
  • The Act regulates the principles, procedures, and conditions for undertaking and conducting business in the field of trading in financial instruments, the rights and obligations of entities participating in such trading, and the exercise of supervision in this regard. The provisions of the Act do not apply to bills of exchange and checks within the meaning of the Bills of Exchange and Checks Law. Financial instruments, as defined by the Act, are:
    • Securities;
• • • Non-securities:
      • Shares in collective investment institutions;
• • • • Money market instruments;
• • • • Options, futures, swaps, forward interest rate agreements, other derivatives whose underlying instrument is a security, currency, interest rate, yield index, emission allowance or other derivative, financial index or financial index that are executed by delivery or settlement in cash;
• • • • Options, futures, swaps, forward rate agreements and other derivative instruments the underlying of which is a commodity and which are settled in cash or may be settled in cash at the option of one of the parties;
• • • • Options, futures, swaps and other derivatives whose underlying instrument is a commodity and which can be executed by delivery, provided that they are admitted to trading on a financial instruments trading venue, excluding energy products traded wholesale on an OTF, which must be executed by delivery;
• • • • Options, futures, swaps, forward contracts and other derivative instruments whose underlying instrument is a commodity and which can be executed by delivery, which are not intended for trading purposes and have the characteristics of other derivative financial instruments, not admitted to trading on a financial instruments trading venue;
• • • • Credit risk transfer derivatives;
• • • • Contracts for Difference;
• • • • Options, futures, swaps, forward interest rate agreements and other derivative instruments relating to climate change, freight rates and inflation rates or other official statistics that are settled in cash or may be settled in cash at the option of one of the parties, as well as derivative instruments and other instruments that exhibit the characteristics of other derivative financial instruments;
• • • • Emission allowances.
• • The Act regulates which entities have access to which data and the ability to share this information. At the same time, it emphasizes customer and data security, including the protection of confidential information or professional secrecy.The Act amending the Act on the Defense of the Homeland and certain other acts introduces new provisions regarding securities accounts. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250001014/O/D20251014.pdf [link in Polish]
• • The Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds introduces new provisions regarding Regulation (EU) 2022/2554, ICT, the acquisition or disposal of financial instruments through the use of algorithmic trading, service security, customer and data protection, and the recovery plan. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250001069/O/D20251069.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments introduces new provisions regarding general requirements for the regulated market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250000923/O/D20250923.pdf [link in Polish]
  • The Act amending the Act on the Prison Service and certain other acts introduces new provisions on the permitted disclosure of professional secrets on the capital market. https://orka.sejm.gov.pl/proc10.nsf/ustawy/993_u.htm [link in Polish]

• The Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Oversight, and certain other acts introduces new provisions concerning the inspection and supervisory powers of the Polish Financial Supervision Authority (KNF), the mandate to commission an audit firm to perform an inspection, the obligation to notify, submit documents, and provide explanations upon the KNF’s request, the permitted disclosure of professional secrecy on the capital market, and information that does not violate professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240001863/U/D20241863Lj.pdf [link in Polish]
  • The Act amending certain acts in connection with ensuring the development of the financial market and investor protection on this market introduces new rules regarding the concept of financial instruments, investment certification, discretionary nature, Regulation (EU) 2022/858, DLT-based ATS, DLT-based SS, DLT-based TSS, parent entity, subsidiary entity, capital group, financial instrument operated by DLT, secondary DLT registration, DLT account, securities accounts, derivatives accounts, general provisions, deposit and dematerialization, dematerialized securities, agreement on performing the function of an agent for the issue of securities, obligations of an issue agent, information obligations towards the National Depository for Securities incumbent on issuers of securities entering into an agreement on performing the function of an agent for the issue of capital bonds or an agreement on storing capital bond documents and maintaining a register of persons entitled under capital bonds, electronic declarations of will, orders to other entities organizing the market for trading in Treasury securities, outsourcing of operational functions, taking into account the risk related to outsourcing, liability of the outsourcer and the company operating the regulated market, general requirements regarding the regulated market, the company operating the regulated market, changes in the statute of the company operating the regulated market and in the rules of the regulated market, parties to transactions on the regulated market, admission to trading on the regulated market, ineffectiveness of specific proceedings, the Organization of the National Depository, the Tasks of the National Depository, participants of the depository, settlement and clearing system, the security fund, the amount of contributions to the security fund, the rules of the security fund, the nature of the assets of the security fund, the depository and settlement system, the clearing house and the settlement house, the security fund, regulated entities, the scope of brokerage activities, exclusion of the application of regulations, a report on the best order execution systems, purchasing or selling financial instruments on own account, conducting business by investment firms, an agreement with an investment firm agent, entry in the register of investment firm agents, taking into account the risk related to outsourcing in the risk management system, liability for damages, sub-outsourcing of investment firms, application for a permit to conduct brokerage activities, qualifications of employees, general partners and partners in investment firms, service security, customer and data protection, general organizational requirements of an investment firm, risk management by an investment firm, internal audit system, internal control system, distribution strategy, limitation of the application of regulations in the case of providing selected brokerage services, examination of an application for a permit to conduct brokerage activities, refusal to grant a permit, information obligations towards the Polish Financial Supervision Authority, expiry or withdrawal of a permit, register of investment firms, register of state-owned banks conducting brokerage activities, statutory delegations, consent of the Commission to appoint the president of the management board of a brokerage house and a member of the management board of a brokerage house who will be responsible for supervising the risk management system, separation of the function of the president and the position of a member of the management board supervising the risk management system in the activities of a brokerage house, internal division of powers in the management board, significant blocks of shares of brokerage houses, deadline for delivery of the decision on the objection, indicators in recovery plans, bank’s brokerage activity permit, banks conducting brokerage activities, principles conducting business by a foreign investment firm, control powers of the Commission, custodian banks, practicing the profession of a broker or investment advisor, entry on the list of brokers or investment advisors, removal of a broker or investment advisor from the list, suspension of the right to practice the profession, grounds for removal from the list of brokers or investment advisors, compensation scheme, investor compensation scheme, obligation to participate in the compensation scheme, subjective scope of the obligation to maintain professional secrecy on the capital market, permitted disclosure of professional secrecy on the capital market, information not infringing professional secrecy on the capital market, conditions for disclosing information submitted to the PFSA as part of its supervision, exchange of information covered by professional secrecy, liability for damages, maximum amount of fees, amount of supervision fees, withdrawal of the permit to operate a regulated market, fine, withdrawal of the permit to operate an auction platform, prohibition to operate a regulated market, sanctions imposed on an entity operating a foreign regulated market, withdrawal of the permit to conduct brokerage activities, limitation of the scope of brokerage activities performed, sanctions imposed on an investment holding company, a financial holding company or a mixed-income holding company, fees, suspension of an approved publishing arrangement or an approved reporting mechanism’s authorisation to provide information disclosure services, a fine in the event of withdrawal of an approved publishing arrangement or an approved reporting mechanism’s authorisation to provide information disclosure services, infringement of regulations when providing intermediation services in concluding a structured deposit agreement, administrative sanctions for infringement of regulations, sanctions for infringement of regulations on the organisation of a regulated market or conducting brokerage activities, sanctions for infringement of regulations on the operation of an auction platform, a sanction imposed on the National Depository, a ban on performing activities, a sanction imposed on a company operating a clearing house, a sanction imposed on a company operating a settlement house, sanctions for breach of obligations related to trading in significant blocks of shares, a fine for breaching prohibitions or restrictions imposed by ESMA or EBA, unauthorised acquisition of own shares or stabilisation of prices of financial instruments, sanctions imposed on financial counterparties, sanctions imposed on non-financial counterparties, sanctions imposed on CCPs, sanctions for conducting transactions during a closed period, publication of information on decisions taken in the event of a breach of regulations, the offence of unauthorized trading in financial instruments, the offence of violating the issuer’s disclosure obligations and the offence of obstructing the control activities of the Polish Financial Supervision Authority. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230001723/U/D20231723Lj.pdf [link in Polish]
• • The Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee Scheme and Compulsory Restructuring, and certain other acts introduces new rules regarding the concept of financial instruments, Regulation (EU) 2021/33, the agreement on performing the function of an issue agent for securities, the obligations of an issue agent, general provisions, the information obligations towards the National Depository for securities issuers entering into an agreement on performing the function of an issue agent or an agreement on storing capital bond documents and maintaining a register of persons entitled under capital bonds, the depository and settlement system, significant blocks of shares in brokerage houses, specific rules for conducting business by brokerage houses and small brokerage houses, information that does not violate professional secrecy on the capital market, and administrative sanctions for violating the regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230000825/O/D20230825.pdf [link in Polish]The Act amending the Act on the handling of complaints by financial market entities and on the Financial Ombudsman and certain other acts introduces new provisions on the permitted disclosure of professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220002640/O/D20222640.pdf [link in Polish]
• • The Act amending certain acts to simplify administrative procedures for citizens and businesses introduces new provisions regarding the obligation to notify the Polish Financial Supervision Authority (KNF), the application for a brokerage license, the obligation for investment firms to employ individuals with appropriate qualifications, and the requirement for banks to obtain brokerage licenses. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220002185/O/D20222185.pdf [link in Polish]
• • The Act amending the Act on the Prison Service and certain other acts introduces new provisions on the permitted disclosure of professional secrets on the capital market. https://orka.sejm.gov.pl/Druki9ka.nsf/0/31F27D27D29E1AF6C125886E004A3BBF/%24File/2384.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions regarding Regulation (EU) 575/2013, Regulation (EU) 2019/2033, a brokerage house applying Regulation (EU) 575/2013, banking law provisions applied by certain brokerage houses, the receipt by the Commission of reports on infringements of regulations, the provision by a brokerage house of intermediation services in concluding a structured deposit agreement or investment advice in this respect, an application for a permit to conduct brokerage activities, security of services, customer and data protection, recommending to an investment firm to cease a specific action or not to undertake it in the future, the initial capital of a brokerage house, the amount of the initial capital, ordering an audit by an audit firm, the notification obligation, the assessment of compliance with requirements by members of the management board and supervisory board of a brokerage house, the dismissal or suspension from duties of a member of the management board of a brokerage house, members of the management board and supervisory board of a brokerage house, brokerage houses. brokerage firms, conducting business by investment firms, specific principles of conducting business by certain brokerage houses, risk management system at a brokerage house, responsibilities of the management board and supervisory board of a brokerage house, management board of a brokerage house as a management body, estimation of internal capital, recognition of a branch of a foreign investment firm as significant, entities being indirect EU parent undertakings, fulfillment of obligations by a brokerage house, consolidated supervision, actions in the event of extraordinary situations or unfavorable changes in the markets, cooperation of the Commission with other supervisory authorities in the scope of consolidated supervision, supervision of a subsidiary, provision of information to the Commission by a holding company on mixed activity, assessment of equivalence of consolidated supervision principles, documentation of systems and processes, recording of transactions by a brokerage house, examination and assessment of the brokerage house’s activities undertaken in the field of risk management, verification of compliance with the conditions regarding the method of calculating own funds used by the brokerage house, remuneration policy of the brokerage house, report on the unit’s activities, statutory delegations, supervisory measures applied in the event of infringement of the provisions by a brokerage house or the probability of their infringement, the obligation to provide the Commission with information necessary for the exercise of supervision, recovery plans and early intervention principles for certain brokerage houses, recovery plans, approval of the recovery plan by the Commission, group recovery plan, consultation on the group recovery plan, agreement on the necessity of preparing and submitting a recovery plan by the brokerage house, limitation of the scope of information in the recovery plan, change of the frequency of updating the recovery plan, agreement on providing financial support, conditions of concluding an agreement on providing financial support, conditions of providing financial support, consent of the Commission to concluding an agreement on providing financial support, conclusion of an agreement on providing financial support within a group, forwarding a copy of the agreement to other authorities, consent of the Commission to providing financial support, public disclosure of information on the conclusion of an agreement on providing financial support, early intervention measures, appointment of a curator or receivership, cooperation of the Commission with other authorities, authorisation for bank brokerage activities, the principle of a single passport, branches of foreign legal entities, provision of a service that does not constitute brokerage activities requiring a permit to conduct them, foreign entities conducting brokerage activities in the territory of the Republic of Poland, fiduciary activities of banks, claims for the return of transferred amounts, information that do not violate professional secrecy on the capital market, the maximum amount of fees, the withdrawal of a brokerage license, limitations on the scope of brokerage activities, fines, sanctions imposed on a financial holding company, notification to the supervisory authority of another Member State of an infringement of legal provisions by a foreign investment firm, a ban on conducting business by a foreign investment firm, the provision of aggregate information to the European Market and Securities Authority (ESMA) and sanctions for breaching disclosure obligations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210002140/O/D20212140.pdf [link in Polish]
• • The Act amending the Capacity Market Act and certain other acts introduces new provisions regarding the clearing house and settlement house. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210001505/O/D20211505.pdf [link in Polish]
• • The Act amending the Act on Investment Funds and the Management of Alternative Investment Funds and certain other acts introduces new rules regarding exemptions from the provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210001595/O/D20211595.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions regarding the approved publishing entity, approved reporting mechanism, provider of information disclosure services, separated markets, official listing market, organizing an alternative trading system, operating an OTF, a company operating a regulated market, providing services in the scope of disclosing information on transactions on a regulated market, tasks of the National Depository, providing services in the scope of disclosing information on transactions on a regulated market, conducting business by investment firms, participation in trading in financial instruments, conducting business in the scope of disclosing information on transactions, submitting documents and providing explanations at the request of the Polish Financial Supervision Authority, procedures for anonymous reporting of violations of legal provisions, procedures and ethical standards in an entity providing services in the scope of disclosing information on transactions, maximum fees, amount of supervision fees, administrative sanctions for violation of regulations, withdrawal of a permit to provide services in the scope of disclosing information on transactions on a regulated market, fines, sanctions for violating regulations on organizing a regulated market or conducting brokerage activities and administrative sanctions for violating regulations. https://orka.sejm.gov.pl/proc9.nsf/ustawy/868_u.htm [link in Polish]
• • The Act amending the Act on special solutions related to the prevention, counteraction, and combating of COVID-19, other infectious diseases and the resulting crisis situations, and certain other acts, introduces new provisions regarding the conduct of business by investment firms. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200000568/U/D20200568Lj.pdf [link in Polish]
• • The Act Amending the Act on Government Administration Departments and Certain Other Acts introduces new provisions regarding information that does not violate professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200000284/O/D20200284.pdf [link in Polish]
• • The Act amending the Commercial Companies Code and certain other acts introduces new rules regarding the form of securities, general provisions, certificates of entitlement to participate in a general meeting and a list of persons authorized to participate in a general meeting of a public company, the Rules of the National Depository, the concept of professional secrecy on the capital market, and information that does not violate professional secrecy on the capital market. https://eli.gov.pl/api/acts/DU/2019/1798/text/U/D20191798Lj.pdf [link in Polish]
• • The Act amending the Commercial Companies Code and certain other acts introduces new provisions regarding information that does not violate professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190001655/U/D20191655Lj.pdf [link in Polish]
• • The Act amending the Act on Financial Market Supervision and certain other acts introduces new provisions regarding information that does not violate professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000875/O/D20190875.pdf [link in Polish]
• • The Act amending certain acts in connection with ensuring the application of the GDPR introduces new provisions regarding the GDPR, the conduct of business by investment firms, and the permitted disclosure of professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000730/O/D20190730.pdf [link in Polish]
• • The Act amending certain acts in connection with strengthening financial market supervision and investor protection introduces new rules regarding the form of securities, registration with the National Depository for Securities (KDPW) based on specific provisions, general provisions, the tasks of the National Depository, broker and investment advisor examinations, information that does not violate professional secrecy on the capital market, and criminal provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180002243/U/D20182243Lj.pdf [link in Polish]
• • The Act amending certain acts in order to introduce simplifications for entrepreneurs in tax and economic law introduces new provisions regarding the content of a deposit certificate, mandatory contributions to the compensation scheme and exclusion from participation in the scheme. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180002244/O/D20182244.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new rules concerning the subject of regulation, the concept of financial instruments, the form of securities, the issuance of a certificate and the blocking of securities, filing a complaint to the Commission, the taking over by the Commission of notifications of infringements of regulations, the definition of a regulated market, the powers of entities operating foreign regulated markets, separate markets, official listing markets, organizing an alternative trading system, secondary trading in financial instruments, statutory delegation – detailed principles of organization and operation of a regulated market, official listing market, auction platform, obligations of a company operating a regulated market, general requirements regarding a regulated market, suspension of admission to trading and exclusion from trading, companies operating a regulated market, organization and principles of operating a regulated market, a permit to operate a regulated market, the management board of a company operating a regulated market, foreign operations of a company operating a regulated market, refusal to issue a permit to operate a regulated market, the rules of a regulated market, the provision of services in the scope of disclosing information on transactions on a regulated market, the control and supervisory powers of the Polish Financial Supervision Authority, the tasks of the National Depository for Securities, the clearing house and settlement house, guarantee system, security fund, scope of brokerage activity, conducting business by investment firms, exclusion of application of regulations, agreement on offering financial instruments, agreement on executing orders to purchase or sell financial instruments, agreement on accepting and transmitting orders to purchase or sell financial instruments, agreement on managing a portfolio of financial instruments, investment advisory agreement, alternative trading system, agreement with an investment firm agent, entry in the register of investment firm agents, outsourcing of investment firms, liability for damages, obligation to notify the Polish Financial Supervision Authority (KNF), exclusion of application of regulations on outsourcing agreements, application for a permit to conduct brokerage activity, qualifications of employees, general partners and partners in investment firms, security of services, protection of clients and data, consideration of an application for a permit to conduct brokerage activity, refusal to grant a permit, information obligations towards the KNF, expiry of a permit, application of regulations to foreign investment firms, recommendation to an investment firm to cease a specific activity or not to undertake it in the future, statutory delegations, forms of operation of brokerage houses, opinions of supervisory authorities of other countries, the amount of the initial capital, ordering an audit by an audit firm, the notification obligation, brokerage houses, members of the management board and supervisory board of a brokerage house, cross-border provision of services, establishing branches in other Member States, installing IT systems and technical equipment in the territory of other Member States, information presented with the notification of the intention to acquire a significant block of shares, a substitute declaration, objections by the Polish Financial Supervision Authority, civil and administrative sanctions, informing the brokerage house about the acquisition of shares, specific rules for conducting business by certain brokerage houses, a brokerage house, a recovery plan, a bank’s brokerage permit, the appropriate application of regulations, the principle of a single passport, branches of foreign legal entities, foreign entities conducting brokerage activities in the territory of the Republic of Poland, rules for conducting business by a foreign investment firm, installing IT systems and technical equipment in the territory of Poland by a foreign investment firm, the division of supervisory powers, practicing the profession of broker or investment advisor, the time of making available and publishing information by an approved publishing entity, the scope of published information, the time of making available and publishing information by the consolidated information provider, the scope of published information, additional obligations incumbent on the consolidated information provider, submitting documents and providing explanations at the request of the PFSA, conducting business in the field of disclosing information on transactions, the admissibility of disclosing professional secrecy when the PFSA provides information to the minister, the maximum fees, the amount of supervision fees, fees, withdrawal of the authorisation to operate a regulated market, fines, a ban on operating a regulated market, administrative sanctions for infringement of regulations, sanctions imposed on an entity operating a foreign regulated market, withdrawal of the authorisation to conduct brokerage activities, withdrawal of the authorisation to provide services in the field of disclosing information on transactions on a regulated market, sanctions imposed on a foreign investment firm or an agent of such a firm, sanctions for violating the regulations on the organisation of a regulated market or conducting brokerage activities, providing aggregate information to the European Securities and Markets Authority (ESMA and PWM), sanctions for violating the regulations on the operation of an auction platform, unauthorized acquisition of own shares or stabilization of prices of financial instruments, criminal provisions and the offence of obstructing the inspection activities of the PFSA. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180000685/O/D20180685.pdf [link in Polish]
• • The Act amending the Act on Certain Powers of Employees of the Office Serving the Minister of Internal Affairs and Officers and Employees of Offices Supervised by that Minister, and Certain Other Acts, introduces new provisions regarding the permitted disclosure of professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180000106/U/D20180106Lj.pdf [link in Polish]
• • The Act amending the Penal Code and certain other acts introduces new provisions regarding the permitted disclosure of professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20170000768/O/D20170768.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions regarding Regulation (EU) 596/2014, Regulation (EU) 909/2014, organized trading platform, emission allowance market participant, central securities depository, designated entity, Alternative Investment Company manager, confidential information, acceptance by the Commission of reports of infringements of regulations, suspension of admission to trading and exclusion from trading, secondary trading in financial instruments, authorisation to operate a regulated market, rules of the regulated market, authorisation to operate an auction platform for futures contracts, principles of operating an auction platform, regulated market, application for authorisation for a brokerage house to acquire contracts at auctions organised by an auction platform, alternative trading system, application for authorisation to conduct brokerage activities, security of services, customer and data protection, amount of initial capital, prohibition on a brokerage house acquiring shares in a parent entity, credit institution, and authorisation for brokerage activities, information that does not violate professional secrecy on the capital market, confidential information, withdrawal of a license to operate an auction platform, fines, withdrawal of a license to conduct brokerage activities, administrative sanctions for violating regulations, unauthorized acquisition of own shares or stabilization of prices of financial instruments, sanctions for using confidential information, sanctions for failure to comply with disclosure obligations, delisting of securities from trading, the crime of unauthorized disclosure of confidential information regarding financial instruments, the crime of unauthorized use of confidential information regarding financial instruments, the crime of unauthorized granting of a recommendation or incitement to purchase or sell financial instruments to which confidential information relates, and the crime of manipulation of financial instruments. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20170000724/O/D20170724.pdf [link in Polish]
• • The Act amending the Act on Investment Funds and certain other acts introduces new rules concerning the management company, EU managers, general provisions, securities accounts, general requirements regarding the regulated market, shares and shareholders of a company operating a stock exchange, shares and shareholders of a company operating an over-the-counter market, assessment of conduct in order to determine accepted market practices, exclusion of the application of regulations, entry in the register of investment firm agents, application for a permit to conduct brokerage activities, qualifications of employees, general partners and partners in investment firms, information provided together with the notification of the intention to acquire a significant block of shares, information presented together with the notification of the intention to acquire a significant block of shares, formal requirements for entry on the register of brokers or the list of investment advisers, grounds for removal from the register of brokers or investment advisers, the compensation system, the subjective scope of the obligation to maintain professional secrecy on the capital market, permissible disclosure of professional secrecy on the capital market, information not infringing professional secrecy on the capital market, maximum fees, withdrawal of the permit to conduct brokerage activities and penalties. monetary. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20160000615/O/D20160615.pdf [link in Polish]
• • The Act amending the Acts Governing the Conditions of Access to Certain Professions introduces new provisions regarding the conduct of business by investment firms, custodian banks, securities brokers and investment advisors, and professional secrecy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001505/O/D20151505.pdf [link in Polish]
• • The Act amending the Act on Competition and Consumer Protection and certain other acts introduces new provisions regarding the permitted disclosure of professional secrecy on the capital market. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001634/O/D20151634.pdf [link in Polish]
• • The Act amending the Act on Capital Market Supervision and certain other acts introduces new provisions on professional secrecy and fees. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001260/U/D20151260Lj.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new rules regarding Regulation (EU) 236/2012, Regulation (EU) 648/2012, short selling, CCPs, general provisions, the stock market, the depository and clearing system, the conduct of business by investment firms, and professional secrecy. https://orka.sejm.gov.pl/proc7.nsf/ustawy/2734_u.htm [link in Polish]
• • The Act amending the Act on supplementary supervision of credit institutions, insurance companies, reinsurance companies and investment firms in a financial conglomerate and certain other acts introduces new provisions concerning brokerage houses. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20140000586/O/D20140586.pdf [link in Polish]
• • The Act Amending the Act on Trading in Financial Instruments and Certain Other Acts introduces new provisions regarding secondary trading in financial instruments, accepted market practices, the conduct of business by investment firms and brokerage houses, and administrative sanctions for violations of the regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20120001385/O/D20121385.pdf [link in Polish]
• • The Act Amending the Act on Trading in Financial Instruments and Certain Other Acts introduces new rules regarding securities depository, equivalent state, custodian bank, general provisions, the depository and settlement system, the conduct of business by investment firms, custodian banks, securities brokers and investment advisors, the compensation system, professional secrecy, and administrative sanctions for violations of the regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20112341391/O/D20111391.pdf [link in Polish]
• • The Act amending the Banking Law, the Act on Trading in Financial Instruments and the Act on Financial Market Supervision introduces new provisions regarding the conduct of business by investment firms, brokerage houses and administrative sanctions for violation of the provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20111310763/O/D20110763.pdf [link in Polish]
• • The Act amending the Banking Act, the Insurance Act, the Investment Funds Act, the Financial Instruments Trading Act, and the Financial Market Supervision Act introduces new provisions regarding brokerage houses and confidential information. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20101260853/O/D20100853.pdf [link in Polish]The Act amending the Act on Trading in Financial Instruments introduces new rules regarding transitional and final provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20100440252/O/D20100252.pdf [link in Polish]
• • The Act amending the Act on Toll Motorways and the National Road Fund and the Act on Trading in Financial Instruments introduces new regulations regarding the conduct of business by investment firms. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20092231776/O/D20091776.pdf [link in Polish]
• • The Act amending the Commercial Companies Code and the Act on Trading in Financial Instruments introduces new rules regarding general provisions, the National Depository, and the depository and settlement system. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20090130069/O/D20090069.pdf [link in Polish]
  • The Act amending acts to standardize IT terminology introduces new provisions regarding the terms “IT data carrier,” “IT system,” and “electronic communication means.” https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20081711056/O/D20081056.pdf [link in Polish]
• Detective Services Act https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20020120110/U/D20020110Lj.pdf  [link in Polish]
  • The Detective Services Act is a legal act regulating the business of detective services in Poland, defining the rights and obligations of detectives, as well as the rules and procedures for obtaining licenses to practice this profession. The act requires that this activity be entered in a register maintained by the Ministry of Internal Affairs and Administration, and detectives themselves must be licensed. The act defines detective services, meaning activities involving the acquisition, processing, and transmission of information at the client’s request. It specifies what detectives may and may not do, including the obligation to maintain professional confidentiality. Detectives are authorized to process personal data without the consent of the individuals concerned, but only to the extent necessary to conduct an investigation.The Act amending certain acts in connection with ensuring the application of the GDPR in connection with the processing of personal data and on the free movement of such data, and repealing Directive (EU) 95/46/EC introduces new rules on general provisions, the appointment of a data protection officer, requests for prior consultations before the processing of personal data, provisions on administrative fines, criminal provisions, and the prevention of inspections of compliance with personal data protection provisions. https://gdpr.pl/wp-content/uploads/2019/05/Zmiana-niektorych-ustaw-21-lutego-2019_.pdf [link in Polish]
• • The Act amending certain acts in connection with the standardization of certain document templates in administrative procedures introduces new provisions regarding the principles of conducting business activity in the field of detective services. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20140000822/O/D20140822.pdf [link in Polish]
• • The Act Amending the Detective Services Act introduces new provisions regarding the rights and obligations of detectives, the principles of conducting business activities in the field of detective services, the principles of conducting business activities in the field of detective services, and the qualification requirements for detectives. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20110060017/O/D20110017.pdf [link in Polish]
  • The Act amending certain acts in connection with the entry into force of the Protocol to the Agreement between the European Community and its Member States, on the one part, and the Swiss Confederation, on the other, on the free movement of persons introduces new provisions regarding the qualification requirements for detectives. https://orka.sejm.gov.pl/proc6.nsf/ustawy/552_u.htm [link in Polish]
• Banking law
  https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19971400939/U/D19970939Lj.pdf [link in Polish]
  • This Act specifies:
    • Principles of conducting banking activities, establishing and organizing banks, branches and representative offices of foreign banks, as well as branches of credit institutions;Principles of creating and functioning of the protection system;Principles of bank restructuring, liquidation and bankruptcy proceedings;Certain principles for the conduct of business by financial holding companies and mixed financial holding companies and for the organisation of these companies, as well as certain principles for the supervision of these companies;Principles of banking supervision, including consolidated supervision.
    The Act specifies the information covered by banking secrecy, while at the same time indicating the obligation to provide information covered by banking secrecy to specific entities in the specified circumstances.
• • The Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds introduces new provisions regarding Regulation (EU) 2022/2554, the objectives of the risk management system and the objectives and activities of banking supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250001069/O/D20251069.pdf [link in Polish]The Act amending certain acts in order to deregulate economic and administrative law and improve the principles of developing economic law introduces new provisions regarding joint accounts. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250000769/O/D20250769.pdf [link in Polish]
• • The Act amending the Act on the Prison Service and certain other acts introduces new provisions on the permitted disclosure of professional secrets on the capital market. https://orka.sejm.gov.pl/proc10.nsf/ustawy/993_u.htm [link in Polish]
• • The Act amending the Act on Development Cooperation and certain other acts introduces new provisions regarding special treatment of state-owned banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250000525/O/D20250525.pdf [link in Polish]
• • The Act amending the Goods and Services Tax Act, the Excise Duty Act, and certain other acts introduces new rules regarding the obligation to provide information covered by banking secrecy and credit information bureaus. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250000222/O/D20250222.pdf [link in Polish]
• • The Act Amending the Accounting Act, the Act on Statutory Auditors, Audit Firms and Public Oversight, and Certain Other Acts introduces new provisions regarding outsourcing terms, notifying the Polish Financial Supervision Authority of the intention to enter into an outsourcing agreement, the obligation to provide information covered by banking secrecy, credit bureaus, auditing financial statements, re-examination of a bank’s financial situation, and the obligation to report facts indicating a crime or violation of regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240001863/U/D20241863Lj.pdf [link in Polish]
• • The Act amending the Act on the exchange of tax information with other countries and certain other acts introduces new provisions on the obligation to provide information covered by bank secrecy and credit information offices. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240000879/O/D20240879.pdf [link in Polish]
• • The Act amending certain acts in connection with ensuring the development of the financial market and investor protection on this market introduces new rules regarding mortgage banks, receivables funds, internal methods, extensions or significant changes in the scope of internal methods, other extensions or changes in the scope of internal methods, banking activities, advisory services in relation to structured deposits, other bank activities, scope of insourcer’s liability, outsourcing conditions, notification to the Polish Financial Supervision Authority of the intention to conclude an outsourcing agreement, general provisions, statutory delegation – conditions of functioning of the risk management system related to outsourcing, obligation of professional secrecy, decisions issued by the Polish Financial Supervision Authority, delivery of documents in restructuring proceedings, application of the Polish Financial Supervision Authority for the dismissal of a member of the governing body of a bank, financial holding company or mixed financial holding company, prohibition of exercising voting rights from shares, application for a permit to establish a bank, permit to establish a bank and to amend the statute, permit for commencement of business activity by a bank, entry of a domestic bank in the register of entrepreneurs, performance of certain forms of banking activity by a financial institution in the territory of the host country, scope of activity that can be performed by credit institution, the scope of application of Polish law to credit institutions, an explanation of the applicant’s creditworthiness assessment, structured deposits, the issuance of bank derivative rights, the transfer of receivables by the bank, the obligation to observe banking secrecy, the obligation to provide information covered by banking secrecy, the credit information bureau, entities authorized to obtain aggregate information from the central information on accounts, the obligation to publish information on outsourcers , information obligations towards the municipality related to the termination or expiration of a bank account agreement, own funds, internal capital and the financial management of banks, the objectives and activities of banking supervision, legal remedies available to the Polish Financial Supervision Authority, the imposition of a fine, the implementation of actions under the recovery plan despite failure to achieve indicator levels and criminal sanctions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230001723/U/D20231723Lj.pdf [link in Polish]The Act amending certain acts to limit certain effects of identity theft introduces new provisions regarding the obligation to provide information covered by banking secrecy, credit information bureaus, and specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230001394/O/D20231394.pdf [link in Polish]
• • The Act amending the Goods and Services Tax Act and certain other acts introduces new provisions regarding the crediting and debiting of VAT accounts. https://orka.sejm.gov.pl/proc9.nsf/ustawy/3025_u.htm [link in Polish]
• • The Act amending the Goods and Services Tax Act and certain other acts introduces new provisions regarding the obligation to provide information covered by bank secrecy and banking information bureaus. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230000996/O/D20230996.pdf [link in Polish]
• • The Act amending the Act on Investment Funds and the Management of Alternative Investment Funds, the Act on Bonds, the Act on the Bank Guarantee Fund, the Deposit Guarantee Scheme and Compulsory Restructuring, and certain other acts introduces new provisions regarding decisions issued by the Polish Financial Supervision Authority (KNF), the acquisition of significant stakes in banks, the qualification of capital instruments and subordinated loans, equity, internal capital, and the financial management of banks, legal remedies available to the KNF, the grounds for submitting a bank’s recovery plan, and the grounds for suspending operations and declaring a bank bankrupt. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230000825/O/D20230825.pdf [link in Polish]
• • The Act amending the Act on the Processing of Complaints by Financial Market Entities and on the Financial Ombudsman and certain other acts introduces new provisions regarding the obligation to provide information covered by banking secrecy and credit information bureaus. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220002640/O/D20222640.pdf [link in Polish]
• • The Act Amending the Excise Duty Act and Certain Other Acts introduces new rules regarding the obligation to observe banking secrecy, the obligation to provide information covered by banking secrecy, credit information bureaus, transitional provisions, changes to existing regulations, episodic provisions, and final provisions. https://orka.sejm.gov.pl/proc9.nsf/ustawy/2764_u.htm [link in Polish]
• • The Act amending the Acts to Combat Usury introduces new provisions regarding the scope of application of Polish law to credit institutions, credits, and loans, as well as the principles of exposure concentration, the obligation to provide information covered by banking secrecy, and credit information bureaus. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220002339/U/D20222339Lj.pdf [link in Polish]
• • The Act amending the Prison Service Act and certain other acts introduces new provisions regarding the obligation to provide information covered by banking and credit bureau secrecy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220001933/T/D20221933L.pdf [link in Polish]
• • The Act amending the Act on Assistance to Citizens of Ukraine in Connection with the Armed Conflict in the Territory of Ukraine and certain other acts introduces new provisions regarding cash benefits. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20220000830/O/D20220830.pdf [link in Polish]
• • The Act amending certain acts to improve terminological consistency within the legal system introduces new provisions regarding court jurisdiction in disputes between the National Bank of Poland and banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210002052/O/D20212052.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new rules concerning Directive (EU) 2013/36, Regulation (EU) 575/2013, Regulation (EU) 2019/2033, brokerage houses applying Regulation (EU) 575/2013, general provisions, the establishment and organization of banks, branches and representative offices of banks, and the organization of financial holding companies and mixed financial holding companies, banking supervision payments, the powers of the Polish Financial Supervision Authority (KNF) in the event that a financial holding company or financial holding company conducts business without the required approval or ceases to meet the conditions for conducting such business, and the list of holding companies. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210002140/O/D20212140.pdf [link in Polish]
• • The Act amending the Goods and Services Tax Act and the Banking Law introduces new provisions regarding the crediting and debiting of VAT accounts, transfers using VAT accounts, and funds exempt from seizure. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210001626/T/D20211626L.pdf [link in Polish]
• • The Act amending the Act on the Bank Guarantee Fund, the Deposit Guarantee Scheme and Compulsory Restructuring, and certain other acts introduces new provisions regarding entities subject to compulsory restructuring, groups subject to compulsory restructuring, the obligation to observe banking secrecy, the processing and disclosure of information covered by banking secrecy, restrictions on the application of personal data protection regulations due to the implementation of tasks related to counteracting money laundering and terrorist financing, approval of recovery plans, supplementation or amendments to recovery plans, and the conditions for submitting a bank’s recovery program. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20210001598/U/D20211598Lj.pdf [link in Polish]
• • The Act amending the Goods and Services Tax Act and certain other acts introduces new provisions regarding the crediting and debiting of VAT accounts and the closing of VAT accounts. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200002419/O/D20202419.pdf [link in Polish]
• • The Act amending the Code of Civil Procedure and certain other acts introduces new provisions regarding the obligation to provide information covered by banking and credit bureau secrecy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200000288/U/D20200288Lj.pdf [link in Polish]
• • The Act Amending the Act on Government Administration Departments and Certain Other Acts introduces new provisions regarding the statute of a state bank and the procedure for transforming a state bank. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200000284/O/D20200284.pdf [link in Polish]
• • The Act amending the Act on Administrative Enforcement Proceedings and certain other acts introduces new provisions regarding the Code of Civil Procedure. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190002070/U/D20192070Lj.pdf [link in Polish]
• • The Act amending the Goods and Services Tax Act and certain other acts introduces new provisions regarding the crediting and debiting of VAT accounts, funds exempt from seizure, and closure of VAT accounts. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190001751/U/D20191751Lj.pdf [link in Polish]
• • The Act amending certain acts to reduce regulatory burdens introduces new provisions regarding the continued operation of a deceased entrepreneur’s bank account. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190001495/U/D20191495Lj.pdf [link in Polish]
• • The Act amending certain acts to reduce payment backlogs introduces new provisions regarding the obligation to provide information subject to banking and credit bureau secrecy. https://orka.sejm.gov.pl/proc8.nsf/ustawy/3475_u.htm [link in Polish]
• • The Act amending the Act on Support for Borrowers in Financial Difficulty Who Have Taken Out a Housing Loan and Certain Other Acts introduces new provisions regarding the obligation to maintain professional secrecy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190001358/O/D20191358.pdf [link in Polish]
• • The Act amending the Act on Employee Capital Plans, the Act on the Organization and Operation of Pension Funds, and the Banking Law introduces new provisions regarding joint accounts. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190001074/T/D20191074L.pdf [link in Polish]
• • The Act amending the Act on Financial Market Supervision and certain other acts introduces new provisions regarding the obligation to maintain professional secrecy and to disclose information about administrative sanctions imposed by the Polish Financial Supervision Authority. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000875/T/D20190875L.pdf [link in Polish]
• • The Act amending certain acts in connection with ensuring the application of the GDPR introduces new rules regarding general provisions, profiling, requirements for members of bank bodies, creditworthiness, credit and monetary loans, and the principles of exposure concentration, the obligation to provide information covered by banking secrecy, credit information offices, processing and sharing information covered by banking secrecy, and the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000730/O/D20190730.pdf [link in Polish]
• • The Act amending the Act on the Bank Guarantee Fund, the deposit guarantee scheme and compulsory restructuring and certain other acts introduces new provisions regarding the Code of Administrative Procedure, basic types of bank accounts, the status of bank accounting books, the obligation to observe banking secrecy, the obligation to provide information covered by banking secrecy, the credit information bureau, capital standards, changes to the content of the obligation of an acquired bank, the liquidation of a bank, other powers and obligations of the liquidator, and provisions applicable to agreements concluded by banks before January 1, 1998. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190000326/O/D20190326.pdf [link in Polish]
• • The Act amending certain acts in connection with strengthening financial market supervision and investor protection in that market introduces new provisions regarding the objectives and activities of banking supervision, banking supervision, recovery plans and early intervention, bank liquidation and bankruptcy, grounds for suspension of operations, and bank bankruptcy and insolvency. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180002243/U/D20182243Lj.pdf [link in Polish]
• • The Act amending the Act on the National Revenue Administration and certain other acts introduces new provisions regarding the obligation to provide information covered by banking and credit bureau secrecy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180002354/T/D20182354L.pdf [link in Polish]
• • The Act amending the Payment Services Act and certain other acts introduces new provisions regarding the obligation to provide information covered by banking and credit bureau secrecy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001075/T/D20181075L.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new rules regarding Regulation (EU) 596/2014, Regulation (EU) 2017/565, structured deposits, retail clients, professional clients, eligible counterparties, relevant persons, durable media, banking activities, general provisions, prohibition on exercising voting rights attached to shares, banks incorporated as joint-stock companies, applications for authorization to establish a bank, authorization to establish a bank and to amend its statutes, authorization to commence business activities by a bank, capital standards, the objectives and activities of banking supervision, and legal remedies available to the Polish Financial Supervision Authority. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001355/T/D20181355L.pdf [link in Polish]
• • The Act amending the Act on Certain Powers of Employees of the Office Serving the Minister of Internal Affairs and Officers and Employees of Offices Supervised by that Minister, and Certain Other Acts, introduces new provisions regarding the obligation to provide information covered by banking secrecy and credit bureau confidentiality. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180000106/U/D20180106Lj.pdf [link in Polish]
• • The Act Amending the Penal Code and Certain Other Acts introduces new provisions regarding the obligation to provide information covered by banking secrecy, credit bureaus, counteracting terrorism financing and money laundering, and the obligation to notify the prosecutor. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20170000768/O/D20170768.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions regarding the objectives and activities of banking supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20170000724/O/D20170724.pdf [link in Polish]
• • The Act amending the Code of Civil Procedure and certain other acts introduces new provisions regarding the obligation to provide information subject to banking and credit bureau secrecy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20170000085/T/D20170085L.pdf [link in Polish]
• • The Act amending the Family and Guardianship Code and certain other acts introduces new provisions regarding basic types of bank accounts, joint accounts, bank accounts, and the form and content of bank account agreements. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20160001177/O/D20161177.pdf [link in Polish]
• • The Act Amending the Act on Investment Funds and Certain Other Acts introduces new provisions regarding investment fund companies, securitization funds, subparticipation agreements, management companies, EU managers, the content of notifications of the intention to acquire a significant block of shares in a bank, supplementary information to the notification, complaint handling by financial market entities, and banking supervision payments. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20160000615/O/D20160615.pdf [link in Polish]
• • The Act amending the Act on Payment Terms in Commercial Transactions, the Civil Code, and certain other acts introduces new provisions regarding the establishment and organization of banks and their branches and representative offices. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001830/O/D20151830.pdf [link in Polish]
• • The Act Amending the Banking Law and Certain Other Acts introduces new regulations regarding the commencement and conduct of business by domestic banks in the territory of the host country and by credit institutions in the territory of the Republic of Poland, credits and loans, and the principles of exposure concentration and specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001854/O/D20151854.pdf [link in Polish]
• • The Act amending the Act on Competition and Consumer Protection and certain other acts introduces new provisions regarding the obligation to provide information covered by banking and credit bureau secrecy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001634/O/D20151634.pdf [link in Polish]
• • The Act amending the Civil Code, the Code of Civil Procedure, and certain other acts introduces new provisions concerning the scope of application of Polish law to credit institutions, the protection of savings deposits from enforcement, the obligation to provide information covered by banking secrecy, credit information bureaus, and the specific obligations and powers of banks. https://orka.sejm.gov.pl/proc7.nsf/ustawy/2678_u.htm [link in Polish]
• • The Act Amending the Act on Capital Market Supervision and Certain Other Acts introduces new rules regarding general provisions, specific obligations, and powers of banks and banking supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20150001260/U/D20151260Lj.pdf [link in Polish]
• • The Act amending the Act on supplementary supervision of credit institutions, insurance undertakings, reinsurance undertakings and investment firms in a financial conglomerate and certain other acts introduces new rules regarding the parent institution in a Member State, the parent entity of a financial holding company in a Member State, general provisions, the EU parent institution, the EU parent entity of a financial holding company, the EU parent mixed financial holding company, and consolidated supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20140000586/O/D20140586.pdf [link in Polish]The Act amending the Act on Financial Market Supervision and certain other acts introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20130001567/O/D20131567.pdf [link in Polish]
• • The Act amending the Banking Law and the Investment Funds Act introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20130000777/O/D20130777.pdf [link in Polish]
• • The Act amending the Act on Trading in Financial Instruments and certain other acts introduces new provisions concerning the procedure for establishing banks, the taking up and conducting of business by domestic banks in the territory of the host country and by credit institutions in the territory of the Republic of Poland, own funds, internal capital and financial management of banks, banking supervision, supervision over branches of credit institutions and consolidated supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20120001385/O/D20121385.pdf [link in Polish]
• • The Act Amending the Banking Law and the Consumer Credit Act introduces new rules for entrepreneurs, general provisions, and specific obligations and powers of banks and banking supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20112011181/O/D20111181.pdf [link in Polish]
• • The Act amending the Banking Law and certain other acts introduces new provisions on credits and loans and the principles of concentration exposure. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20111650984/O/D20110984.pdf [link in Polish]
• • The Act amending the Banking Law and certain other acts introduces new provisions concerning banks in the form of joint-stock companies, the procedure for establishing banks and supervision over branches of credit institutions. https://eli.gov.pl/api/acts/DU/2011/781/text/O/D20110781.pdf [link in Polish]
• • The Act amending the Banking Law, the Act on Trading in Financial Instruments, and the Act on Financial Market Supervision introduces new rules regarding entities linked by capital or organization, general provisions, credits and loans, and the principles of exposure concentration, specific obligations and powers of banks, affiliation, mergers, and divisions of banks, own funds, internal capital and financial management of banks, banking supervision, consolidated supervision, and recovery proceedings. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20111310763/O/D20110763.pdf [link in Polish]
• • The Act amending the Banking Law, the Insurance Activity Act, the Investment Funds Act, the Financial Instruments Trading Act, and the Financial Market Supervision Act introduces new rules regarding management companies, general provisions, joint-stock banks, and banking supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20101260853/O/D20100853.pdf [link in Polish]
• • The Act amending the Act on the Bank Guarantee Fund and the Act – Banking Law introduces new provisions regarding the procedure for establishing banks and the taking up and conducting of business by domestic banks in the territory of the host country and by credit institutions in the territory of the Republic of Poland. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20091441176/T/D20091176L.pdf [link in Polish]The Act amending the Act on Cooperative Savings and Credit Unions and the Banking Law introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20091271045/O/D20091045.pdf [link in Polish]
• • The Act amending the Act on the Bank Guarantee Fund and other acts introduces new provisions regarding the procedure for establishing banks and the taking up and conducting of business by domestic banks in the territory of the host country and by credit institutions in the territory of the Republic of Poland. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20082091315/O/D20081315.pdf [link in Polish]The Act amending acts to standardize IT terminology introduces new rules regarding general provisions and monetary settlements conducted through banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20081711056/O/D20081056.pdf [link in Polish]
• • The Act Amending the Banking Law introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20081921179/O/D20081179.pdf [link in Polish]
• • The Act amending the Act on Bailiffs and Enforcement and certain other acts introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20071120769/O/D20070769.pdf [link in Polish]
• • The Act amending the Banking Law introduces new rules regarding a parent institution in a Member State, a parent entity in a financial holding company in a Member State, an EU parent institution, an EU parent entity in a financial holding company, general provisions, banks in the form of joint-stock companies, bank accounts, credits and loans, and the principles of concentration of exposures, specific obligations and powers of banks, own funds, internal capital and financial management of banks, funds, obligations of the bank, holding companies, banking supervision and consolidated supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20070420272/O/D20070272.pdf [link in Polish]
• • The Act Amending the Banking Law introduces new provisions regarding the affiliation, merger, and division of banks, cooperative banks, and joint-stock banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19971400939/U/D19970939Lj.pdf [link in Polish]
• • The Act Amending the Act on the Protection of Classified Information and Certain Other Acts introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20050850727/O/D20050727.pdf [link in Polish]
• • The Act amending and repealing certain acts in connection with the Republic of Poland’s accession to the EU introduces new provisions concerning the implementation of EU directives and the taking up and conduct of business by domestic banks in the territory of the host country and by credit institutions in the territory of the Republic of Poland. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20040960959/O/D20040959.pdf [link in Polish]
• • The Act amending the Banking Law Act and other acts introduces new rules regarding international financial institutions, financial institutions, financial holding companies, foreign bank holding companies, domestic bank holding companies, hybrid holding companies, general provisions, entrepreneurs, establishment and organization of banks and branches and representative offices of banks, state banks, cooperative banks, banks in the form of joint-stock companies, procedures for establishing banks, undertaking and conducting business by domestic banks in the territory of host countries and by credit institutions in the territory of the Republic of Poland, bank accounts, monetary settlements conducted through banks, credits and loans, as well as the principles of concentration of exposures, the sum of bank receivables, borrowers, principles of loan interest, loan security, loan to a third party, credit and loan agreements, granting loans, bank guarantees, sureties and letters of credit, issuing bank securities, specific obligations and rights of banks, association and mergers of banks, own funds and financial management of banks, banking supervision, supervision over branches of credit institutions, consolidated supervision, recovery proceedings, liquidation, bank takeover and bankruptcy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20040910870/O/D20040870.pdf [link in Polish]
• • The Act amending the Act on Public Trading in Securities and other acts introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20040640594/O/D20040594.pdf [link in Polish]
• • The Act amending the Act on the National Bank of Poland and other acts introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20032282260/O/D20032260.pdf [link in Polish]
• • The Act amending the Commercial Companies Code and certain other acts introduces new provisions regarding banks’ own funds and financial management. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20032292276/O/D20032276.pdf [link in Polish]
• • The Act amending the Act on the Social Insurance System and certain other acts introduces new provisions regarding bank accounts and the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20022412074/U/D20022074Lj.pdf [link in Polish]The Act amending the Tax Ordinance Act and certain other acts introduces new provisions regarding the specific obligations and powers of banks and bank bankruptcy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20021691387/U/D20021387Lj.pdf [link in Polish]
• • The Act amending the Banking Law introduces new provisions regarding banks’ own funds and financial management. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20021441208/O/D20021208.pdf [link in Polish]
• • The Act amending the Act on Mortgage Bonds and Mortgage Banks and amending certain other acts introduces new provisions concerning the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20021261070/T/D20021070L.pdf [link in Polish]
• • The Act on Transformation of Customs Administration and Amending Certain Acts introduces new provisions regarding specific obligations and powers of banks. https://orka.sejm.gov.pl/proc4.nsf/ustawy/262_u.htm [link in Polish]
• • The Act on Changes in the Organization and Operation of Central Government Administration Bodies and Their Subordinate Units and on Amending Certain Acts introduces new provisions regarding the specific obligations and powers of banks, banking supervision, and consolidated supervision. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20020250253/U/D20020253Lj.pdf [link in Polish]
• • The Act amending the Act on Bailiffs and Enforcement and certain other acts introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20011301452/O/D20011452.pdf [link in Polish]
• • The Act Amending the Banking Law and Other Acts introduces new rules regarding general provisions, the establishment and organization of banks, branches and representative offices of banks, state banks, and joint-stock banks, the procedure for establishing banks, bank accounts, monetary settlements conducted through banks, cash settlements, cashier’s checks, clearing houses, the President of the National Bank of Poland, credits and loans, and the principles of debt concentration, the issuance of bank securities, specific obligations and powers of banks, the association and merger of banks, own funds and the financial management of banks, banking supervision, consolidated supervision, rehabilitation proceedings, civil and criminal liability, and transitional provisions, changes to applicable regulations and final provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20011111195/O/D20011195.pdf [link in Polish]
• • The Act amending the Police Act, the Insurance Act, the Banking Law, the County Government Act, and the Public Administration Reform Act introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20011001084/O/D20011084.pdf [link in Polish]
• • The Act amending the Act on the Bank Guarantee Fund and the Banking Law introduces new provisions on bank accounts, specific obligations and powers of banks, restructuring proceedings and bank bankruptcy. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20001221316/O/D20001316.pdf [link in Polish]
• • The Act amending the Penal Code, the Code of Criminal Procedure, the Act on Combating Unfair Competition, the Public Procurement Act, and the Banking Law introduces new provisions regarding the specific obligations and powers of banks. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20000931027/O/D20001027.pdf [link in Polish]
  • The Act amending the Act on the Bank Guarantee Fund and certain other acts introduces new rules regarding general provisions, bank accounts, credits, loans, and the principles of debt concentration, specific obligations and powers of banks, recovery proceedings, bank bankruptcy, and transitional provisions, changes to existing and final provisions. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19990400399/O/D19990399.pdf [link in Polish]
• Press law
• https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19840050024/U/D19840024Lj.pdf  [link in Polish]
  • Press law regulates publishing and journalism. It defines the rights and obligations of journalists, the procedures for obtaining information for press materials, and the principles of maintaining journalistic confidentiality. The act guarantees freedom of speech and the right of citizens to reliable information, transparency in public life, and social scrutiny and criticism. It requires confidentiality towards informants, which is crucial for protecting information sources. The act defines the editorial office as an entity responsible for preparing materials for publication. It emphasizes the role of the press in realizing citizens’ rights to reliable information, transparency in public life, and social criticism, and also ensures freedom of expression. Journalists have the right to public information, and state bodies are obligated to create conditions enabling the performance of these duties. The act contains provisions regarding the publication of corrections, which should be posted or submitted to the appropriate editorial office.
• • The Act Amending the Press Law introduces new provisions regarding the right to provide information to the press, the disclosure of personal data and images of individuals subject to legal proceedings, the exemption from journalistic confidentiality, the forfeiture of press materials, and the legal protection of criticism, satire, and caricature. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001570/O/D20181570.pdf [link in Polish]
• • The Act Amending the Press Law introduces new provisions concerning the obligations of state authorities towards the press, subject-matter exclusion from the scope of press law, legal protection of criticism, satire, and caricature, journalists’ obligations, authorization of statements, the obligation to obtain consent to publish certain information, the rights and obligations of journalists, the Press Council, the application for registration of a daily newspaper or magazine, the editor-in-chief, the editorial board, the editorial council, legal liability, and the application of provisions on proceedings in misdemeanor cases. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20170002173/O/D20172173.pdf [link in Polish]
• • The Act Amending the Press Law introduces new provisions regarding legal liability and procedure in press matters. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20130000771/O/D20130771.pdf [link in Polish]
• • The Act Amending the Press Law introduces new provisions regarding corrections, corrections of inaccurate or false information contained in press materials, publication of corrections or responses, refusal to publish corrections or responses, legal liability, and proceedings in press matters. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20120001136/U/D20121136Lj.pdf [link in Polish]
• • The Act Amending the Press Law introduces new provisions regarding the rights and obligations of journalists. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20112051204/O/D20111204.pdf [link in Polish]
• • The Act amending the Civil Code introduces new provisions regarding legal liability. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19961140542/O/D19960542.pdf [in Polish]
• Act on the National Cybersecurity Systemhttps://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001560/U/D20181560Lj.pdf [link in Polish]
  • The Act on the National Cybersecurity System establishes the National Cybersecurity System. The Act aims to ensure cybersecurity at the national level by protecting essential and digital services and the IT systems that support them. The National Cybersecurity System encompasses, among others, essential service operators (e.g., in energy, transport, and healthcare), digital service providers, and public administration. The Act’s main objectives:
    • Ensuring continuity of services: Guaranteeing the uninterrupted provision of key services for the state and the economy;
• • • System security: Achieving a high level of security of IT systems;
• • • Definition of tasks and responsibilities: Defining the roles and responsibilities of entities comprising the National Cybersecurity System, including essential service operators, digital service providers and public authorities;
• • • Incident response: Creating a legal framework for detecting, preventing and minimizing the effects of cyberattacks, including the functioning of national CSIRTs.
    The Act covers, among others:
    • Key service operators;
• • • Digital service providers;
• • • Public administration bodies.
    The Act implemented the requirements and standards of the EU directive, which constitutes minimum harmonization, but also extended its scope to the Polish administration and telecommunications sector. The Act formally strengthened the operations of existing national teams, such as CERT GOV (CSIRT GOV), CSIRT MON, and CSIRT NASK.
• • The Act amending certain acts in connection with ensuring the operational digital resilience of the financial sector and issuing European green bonds introduces new provisions regarding the obligations of essential service operators and the tasks, composition, chairperson, secretary, detailed scope of activities, and procedures of the Council. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20250001069/O/D20251069.pdf [link in Polish]
• • The Act amending certain acts related to the functioning of government administration introduces new provisions regarding the tasks of the minister responsible for computerization, maximum limits of expenditure from the state budget. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240000834/O/D20240834.pdf [link in Polish]
• • The Act amending certain acts regarding protective measures in connection with the spread of the SARS-CoV-2 virus introduces new provisions regarding the tasks of the management boards. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20200000875/U/D20200875Lj.pdf [link in Polish]
  • The Act amending the Education Law and certain other acts introduces new provisions regarding maintenance in force of implementing regulations. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190002248/O/D20192248.pdf [link in Polish]
• Regulation of the Council of Ministers on the National Interoperability Framework, minimum requirements for public registers and the exchange of information in electronic form, and minimum requirements for ICT systems https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240000773/O/D20240773.pdf [link in Polish]
  • The National Interoperability Framework Regulation regulates the principles of interoperability in public administration, including:
    • National Interoperability Framework: Defines the framework and standards that ensure the proper functioning of ICT systems in public administration;
    • Minimum requirements for public records: Indicates the minimum requirements for records maintained by public entities to be consistent and compliant with the National Interoperability Framework;
    • Electronic Information Exchange: Establishes rules for the exchange of information between public entities, including standards for the security and efficiency of such exchange.
    • Minimum requirements for IT systems: Specifies the minimum requirements for IT systems used by public entities, including information security systems, so that they can cooperate with each other and exchange data;
    • This regulation is a legal act specifying what standards and principles should apply in Polish public administration in order to ensure interoperability – i.e. the ability to cooperate and exchange information between different IT systems.
• Regulation of the Minister of Health on the types of medical documentation of occupational health services, the method of maintaining and storing it, and the templates of the documents used https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20101491002/O/D20101002.pdf [link in Polish]
  • Medical documentation of the occupational health service in the field of preventive health care for employees includes:
    • Individual medical documentation, which is a preventive examination card;
• • • Collective medical documentation.
• • Medical records are stored by the occupational health service unit that maintains them. Medical records are stored in conditions that ensure the protection of the data contained therein and protect against destruction, damage, or loss, as well as against unauthorized access, while also enabling their use without undue delay. The regulation specifies the retention period for occupational health service medical records. Medical records are the property of the entities obligated to maintain them.
  • The Regulation of the Minister of Health amending the Regulation on the types of medical documentation of the occupational health service, the manner of maintaining and storing it, and the templates of the documents used introduces new provisions regarding the title and period of storage of medical documentation of the occupational health service. https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240001311/O/D20241311.pdf [link in Polish]
• Labor Codehttps://natlex.ilo.org/dyn/natlex2/natlex2/files/download/45181/The-Labour-Code%20consolidated%201997.pdf
  • The Labor Code is a set of legal provisions regulating the rights and obligations of both employees and employers in Poland. It includes rules regarding, among other things:
    • Establishing and terminating employment relationships;
• • • Wages and salaries;
• • • Working time, holidays;
• • • Occupational health and safety.
  • This is the most important legal act regulating employment relations in Poland. The Labor Code contains provisions regarding the employment of minors. It defines the principles of employee liability for damage caused to the employer and the principles for resolving disputes between employees and employers. Sanctions apply for offenses against employee rights. The Labor Code specifies the limitation periods for claims related to the employment relationship. It applies to all employees employed under an employment contract and, in some cases, also to those employed under other legal bases, to the extent not regulated by specific provisions. It is worth remembering that the Labor Code is a legal act that is subject to regular amendments.
• Educational Information System Act https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20111390814/U/D20110814Lj.pdf [link in Polish]
  • The Education Information System introduces and defines the operational principles of the Education Information System – a Polish electronic database system used to collect and process information about schools, institutions, students, and teachers. The Education Information System is a key tool for supporting education management at various levels, data analysis, educational policy planning, and graduate career monitoring. The main goals of the Education Information System are:
    • Supporting Educational Governance: Provides the data necessary for informed decision-making by policymakers at national, regional and local levels;
    • Education financing: Enables effective management of public funds allocated to education;
    • Analysis and monitoring: Allows us to examine the effectiveness of the education system and track the career paths of graduates;
    • Quality Improvement: Assists in overseeing and coordinating pedagogical supervision and improving the quality of education.
• Act on the Security of Mass Events https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20090620504/U/D20090504Lj.pdf
  • The Event Safety Act regulates the principles of ensuring safety during mass events, defining what constitutes a mass event (e.g., a concert, a sports match with a specified number of participants), the organizer’s responsibilities, the rules for issuing permits, and also provides penalties for violating regulations, such as bringing dangerous objects or disrupting the event. The Act defines a mass event as any gathering of at least 1,000 people outdoors or 300 people indoors, and which is for artistic and entertainment purposes (e.g., concerts) or sporting activities (e.g., football matches). The organizer of a mass event is primarily responsible for ensuring safety. Their responsibilities include:
    • Ensuring an adequate number of security staff;
• • • Maintaining public order;
• • • Security of participants and property;
  • The law provides penalties for violating its provisions. For example, anyone bringing weapons or pyrotechnics to a mass event is subject to a fine or imprisonment.
• Law on Higher Education and Science https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001668/U/D20181668Lj.pdf [link in Polish]
  • The Law on Higher Education and Science is a key Polish legal act that regulates the operation of the higher education system and scientific activity. The act specifies, among other things:
    • organization and functioning of universities;
• • • rights and obligations of students;
• • • doctoral students and research workers;
• • • principles of conducting scientific research and development.
  • The Act places significant emphasis on the autonomy of the academic community and universities as such. It outlines the system’s mission to ensure the highest quality of education, shape civic attitudes, and support economic innovation. The Act guarantees freedom in teaching, creating, conducting scientific research, and publishing its results. Universities enjoy autonomy in their operations. Public authorities are responsible for creating conditions for the development of science, and universities fulfill a mission important to the state and society.
• Act on the Military Police and Military Law Enforcement Bodies https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20011231353/U/D20011353Lj.pdf [link in Polish]
  • The Act on the Military Police and Military Law Enforcement Bodies is a 2001 legal act that regulates the activities of the Military Police as a specialized military service and other military law enforcement bodies in Poland. The Act defines their organization, powers, responsibilities, and tasks, including ensuring military discipline, protecting public order in military areas, detecting crimes, and combating threats. The main tasks of the Military Police and military law enforcement bodies:
    • Military discipline;
    • Public order;
    • Protection of life, health and property;
    • Prevention and detection of crimes;
    • Anti-terrorist operations;
    • International cooperation;
    • Combating threats.
• Act on the remuneration of persons managing certain legal entities https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20000260306/U/D20000306Lj.pdf [link in Polish]
  • The Act on the Remuneration of Persons Managing Certain Legal Entities, commonly known as the “Salary Cap Act,” is a set of regulations that restrict the remuneration of managerial staff in entities related to the public sector, such as state-owned enterprises, state-owned organizations, and local government units. The main goal of the act is to limit excessive remuneration for managers in these institutions, covering them under both employment contracts and civil law contracts.
• Act on the Supreme Audit Officehttps://www.nik.gov.pl/en/about-us/legal-regulations/act-on-the-supreme-audit-office.html
  • The Act on the Supreme Audit Office defines the scope of its authority, including the right to examine the activities of state and local government bodies in terms of legality, efficiency, purposefulness, and reliability, as well as the principles of its work and the submission of audit results. The Supreme Audit Office submits the results of its audits to the Sejm, the President of the Republic of Poland, and the Prime Minister. It also publicly discloses the results of major audits.
• Accounting Act https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19941210591/U/D19940591Lj.pdf [link in Polish]
  • The Act implements European Community directives in its regulations. It defines accounting principles and the rules for providing bookkeeping services. It includes data protection rules:
    • When maintaining accounting books using a computer, data protection should consist in the use of threat-resistant data carriers, the selection of appropriate external protection measures, the systematic creation of reserve copies of data sets stored on IT data carriers, provided that the durability of the accounting system information recording is ensured for a period no shorter than that required for storing accounting books, and ensuring the protection of computer programs and data of the accounting IT system by using appropriate software and organizational solutions to protect against unauthorized access or destruction.
    • Unless separate provisions provide otherwise, making collections or parts thereof available to a third party:
      • Inspection on the premises of the unit requires the consent of the head of the unit or a person authorized by him;
      • Outside the seat of the entity’s management board, written consent of the entity’s head is required and a certified list of the documents taken over must be left at the entity.
• Geodetic and cartographic lawhttps://www.gov.pl/attachment/95f99183-a84e-40a3-8e46-10975e5eacaf [link in Polish]
  • Geodetic Law defines the principles of geodesy and cartography in Poland, covering, among other things, the performance of measurements, the preparation of maps, the maintenance of land and building records, the demarcation of properties, and the management of state geodetic and cartographic resources. This Act also governs the organization of the Geodetic and Cartographic Service and defines professional qualifications in this field. Surveyors are granted the right to access land and buildings to perform necessary surveying work. The scope of geodetic work includes the design and execution of geodetic measurements, control network measurements, as well as the measurement of basic gravimetric and magnetic control networks.
• Regulation of the Minister of National Education on the manner of maintaining documentation of the teaching process, educational and care activities by public kindergartens, schools and other institutions and on the types of such documentationhttps://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240000050/O/D20240050.pdf [link in Polish]
  • The regulation regulates the types of documentation required in public preschools, schools, and educational institutions, how they should be maintained, and what each must contain, including documentation of teaching, educational, and care activities. It applies to all public preschools, schools, and educational institutions.

Definitions

Data

Data – collected facts, numbers, symbols, or observations describing phenomena, objects, or people that can be processed to give them meaning. Personal data is any information that allows for the identification of an individual, directly or indirectly, such as name, surname, email address, Personal Identification number, as well as physical, mental, or cultural characteristics. Non-personal data does not allow for the identification of an individual and is usually anonymized or aggregated data, such as website visitor statistics, partially masked IP addresses, or anonymous system logs.

AI

Artificial intelligence is a technology that enables machines to perform tasks traditionally requiring human intelligence through the ability to learn, reason, and solve problems. AI systems are advanced software and machines that simulate human cognitive abilities by analyzing data, learning from experience, and adapting to new situations. AI can perform tasks such as prediction, generating recommendations, and making decisions autonomously based on processed data. This definition is dynamic and evolving, and organizations such as the OECD and EU legislators are working to standardize it. The AI Act regulates the use of AI in the European Union within the limits of the competences granted to the EU by the member states. EU law does not cover AI applications beyond these competences.

Hacker Attack

A hacker attack is a deliberate, usually criminal, act aimed at gaining unauthorized access to computer systems, networks, or digital devices in order to steal, modify, or destroy data, disrupt services, or gain other benefits. These attacks can be carried out by individuals or groups of hackers, exploiting security vulnerabilities and malware such as viruses, keyloggers, or ransomware. A hacker attack compromises the integrity, confidentiality, or availability of systems and data and is treated as a cybercrime, subject to the Polish Penal Code and European Union law implementing directives on cybercrime and personal data protection. Data protection is a set of strategies and processes designed to protect confidential information from damage, security breaches, loss, or unauthorized access. A data breach occurs when a security incident compromises the confidentiality, integrity, or availability of data.

Cybersecurity

Cybersecurity is the set of activities, practices, processes, and technologies designed to protect computer systems, networks, devices, and data from digital threats, such as malware and attacks, while ensuring the confidentiality, integrity, and availability of information. It encompasses attack prevention, detection, and incident response in cyberspace. Data cybersecurity focuses on protecting personal, financial, and business information, as well as other digital assets, from cyberattacks, theft, and unauthorized access. Cybersecurity also encompasses technical and organizational measures designed to protect systems, data, and services from unauthorized access, damage, loss, or disruption.

ABA AI AI Act Artificial intelligence Att Jakub Gładkowski BIOTECH ACT biotechnology business activity in Poland cross border cases cybersecurity cybersecurity certificates Doing business in Poland EMA energy law european funds fairs Investing in Poland IT KG Legal kglegal kiełtyka gładkowski law firm in Cracow law firm in Krakow law firm in Poland legal assistance letter of credit liquidation liquidation procedure Małgorzata Kiełtyka notarial deed Notional shares in Poland ONLINE SEMINAR Orphan Drug Poland Polish attorney Polish law Polish Law Firm Polish lawyer Polish Patent Office start-up symposium taxation uokik vat webinar

Artykuł PRIVACY, DATA PROTECTION, AI AND CYBERSECURITY – LAW MAP pochodzi z serwisu KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019.