We are delighted to share an important milestone in the continued development of KG Legal’s Data, AI & Cybersecurity Desk.
It has been a great honour to serve as the exclusive expert contributors for Poland to the OneTrust DataGuidance Privacy Overview – Poland, one of the world’s leading professional legal compliance resources relied upon by in-house counsel, privacy professionals, compliance officers, multinational organisations and technology companies operating across multiple jurisdictions.
The Act amending the Act on the National Cybersecurity System aims to implement Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 (NIS Directive 2) and the partial application of Commission Delegated Regulation (EU) 2024/1366 of 11 March 2024 supplementing Regulation (EU) 2019/943 of the European Parliament and of the Council.
The amendment to the KSC Act significantly expands the scope of the regulations and introduces new obligations in the field of cybersecurity management. The changes include, among other things, the implementation of risk management systems and expanded incident reporting requirements. The new regulations also strengthen the powers of supervisory authorities and significantly increase the maximum amount of financial penalties. It also introduces liability for the management staff (manager) of an entity. In practice, this requires certain entities to take steps to comply with the new regulations.
Just a few years ago, online store owners primarily had to ensure terms and conditions, privacy policies, and efficient order processing. Today, this is clearly not enough. EU regulations such as the Omnibus Directive and the Digital Services Act (DSA), as well as the increasing role of artificial intelligence in assessing store credibility, force businesses to consider their platforms much more broadly. It is no longer just about regulatory compliance, but also about building digital trust, which influences a store’s visibility, legal security, and customer purchasing decisions. Below, we present a practical checklist of the most important actions to implement to reduce the risk of sanctions and increase the credibility of an online store.
The dynamic development of artificial intelligence-based technologies is revolutionizing not only the commercial sector but also the area of state oversight of the digital market. The implementation of multi-agent systems by the Office of Competition and Consumer Protection (UOKiK) opens a new era in consumer rights enforcement, enabling the mass and automated identification of unfair market practices. With the Digital Services Act (DSA) and the Omnibus Directive in force, traditional control methods are giving way to algorithmic interface analysis aimed at eliminating so-called dark patterns and price manipulation. However, the use of “digital controllers” raises fundamental questions for legal science and business practice about the limits of automated decision-making processes in public administration. Although AI agents significantly improve the effectiveness of detecting violations, their legal status as a source of evidence remains the subject of heated debate. The main thesis is that while AI can be a powerful auxiliary tool for regulatory bodies, the ultimate responsibility for determining the facts and assessing the legitimate interests of a party must rest with humans, which is the foundation of a fair procedure in a state governed by the rule of law.
The Polish dietary supplements market is facing the most significant regulatory overhaul in years. The draft amendment to the Act on Food and Nutrition Safety and the Act on the State Sanitary Inspectorate introduces a series of far-reaching changes that will substantially alter the way supplements are notified, monitored, advertised, and supervised in Poland. While the reform does not formally introduce a pre-market authorization system, it undeniably strengthens the position of regulatory authorities and increases the compliance burden imposed on businesses operating in the sector.