<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Legal Tech - KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</title>
	<atom:link href="https://www.kg-legal.eu/info/tag/legal-tech/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.kg-legal.eu/info/tag/legal-tech/</link>
	<description>KIELTYKA GLADKOWSKI LEGAL &#124; CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</description>
	<lastBuildDate>Tue, 07 Jul 2026 19:32:02 +0000</lastBuildDate>
	<language>en-GB</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
	<item>
		<title>A Major Milestone for KG Legal&#8217;s Data, AI &#038; Cybersecurity Practice: Exclusive Poland Contribution to OneTrust DataGuidance</title>
		<link>https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/</link>
					<comments>https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 19:32:01 +0000</pubDate>
				<category><![CDATA[KG LEGAL NEWS]]></category>
		<category><![CDATA[AI Act]]></category>
		<category><![CDATA[AI Compliance]]></category>
		<category><![CDATA[AI Regulation]]></category>
		<category><![CDATA[Artificial intelligence]]></category>
		<category><![CDATA[CEE]]></category>
		<category><![CDATA[Corporate Counsel]]></category>
		<category><![CDATA[Cross Border Business]]></category>
		<category><![CDATA[Cross Border Legal Services]]></category>
		<category><![CDATA[Cyber Compliance]]></category>
		<category><![CDATA[Cyber Law]]></category>
		<category><![CDATA[Data Governance]]></category>
		<category><![CDATA[Data Privacy]]></category>
		<category><![CDATA[data protection]]></category>
		<category><![CDATA[DataGuidance]]></category>
		<category><![CDATA[Digital Compliance]]></category>
		<category><![CDATA[Digital Economy]]></category>
		<category><![CDATA[Digital Law]]></category>
		<category><![CDATA[Doing business in Poland]]></category>
		<category><![CDATA[Emerging Technologies]]></category>
		<category><![CDATA[EU Law]]></category>
		<category><![CDATA[European Law]]></category>
		<category><![CDATA[Foreign Investors]]></category>
		<category><![CDATA[gdpr]]></category>
		<category><![CDATA[GDPR Compliance]]></category>
		<category><![CDATA[GDPR Poland]]></category>
		<category><![CDATA[General Counsel]]></category>
		<category><![CDATA[Global Law]]></category>
		<category><![CDATA[Healthcare Law]]></category>
		<category><![CDATA[Healthcare Regulation]]></category>
		<category><![CDATA[In House Counsel]]></category>
		<category><![CDATA[International Law Firm]]></category>
		<category><![CDATA[International Legal Services]]></category>
		<category><![CDATA[Invest in Poland]]></category>
		<category><![CDATA[kglegal]]></category>
		<category><![CDATA[kiełtyka gładkowski]]></category>
		<category><![CDATA[Law Firm Poland]]></category>
		<category><![CDATA[Legal Innovation]]></category>
		<category><![CDATA[Legal Tech]]></category>
		<category><![CDATA[Legal Thought Leadership]]></category>
		<category><![CDATA[Life Sciences Law]]></category>
		<category><![CDATA[NIS2]]></category>
		<category><![CDATA[OneTrust]]></category>
		<category><![CDATA[Pharmaceutical Law]]></category>
		<category><![CDATA[Poland Law]]></category>
		<category><![CDATA[Polish law]]></category>
		<category><![CDATA[Polish Law Firm]]></category>
		<category><![CDATA[Privacy Law]]></category>
		<category><![CDATA[Regulatory Compliance]]></category>
		<category><![CDATA[Technology Law]]></category>
		<category><![CDATA[Technology Transactions]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8822</guid>

					<description><![CDATA[<p>Publication date: July 07, 2026 We are delighted to share an important milestone in the continued development of KG Legal&#8217;s Data, AI &#38; Cybersecurity Desk. It has been a great honour to serve as the exclusive expert contributors for Poland to the OneTrust DataGuidance Privacy Overview – Poland, one of the world&#8217;s leading professional legal [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/">A Major Milestone for KG Legal&#8217;s Data, AI &amp; Cybersecurity Practice: Exclusive Poland Contribution to OneTrust DataGuidance</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: July 07, 2026</mark></strong></p>



<p>We are delighted to share an important milestone in the continued development of <strong>KG Legal&#8217;s Data, AI &amp; Cybersecurity Desk</strong>.</p>



<figure class="wp-block-image size-full"><img fetchpriority="high" decoding="async" width="1000" height="1000" src="https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge.png" alt="" class="wp-image-8823" srcset="https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge.png 1000w, https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge-300x300.png 300w, https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge-150x150.png 150w, https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge-768x768.png 768w" sizes="(max-width: 1000px) 100vw, 1000px" /></figure>



<p>It has been a great honour to serve as the <strong>exclusive expert contributors for Poland</strong> to the <strong>OneTrust DataGuidance Privacy Overview – Poland</strong>, one of the world&#8217;s leading professional legal compliance resources relied upon by in-house counsel, privacy professionals, compliance officers, multinational organisations and technology companies operating across multiple jurisdictions.</p>



<span id="more-8822"></span>



<p>Preparing this contribution was a long-term project that required several months of intensive legal analysis, research and editorial work. Our objective was not simply to describe the application of the GDPR in Poland. Instead, we sought to create a practical and comprehensive guide reflecting the significant transformation of the Polish regulatory landscape that has taken place in recent years as a result of new European legislation and its implementation into Polish law.</p>



<p>The publication therefore extends far beyond a traditional overview of Polish data protection law. It examines the interaction between privacy, digital regulation, cybersecurity and artificial intelligence, providing readers with practical guidance on the most important legal developments affecting organisations operating in Poland.</p>



<p>Our contribution discusses, among other things:</p>



<ul class="wp-block-list">
<li>the practical application of the GDPR within the Polish legal system;</li>



<li>the powers and regulatory practice of the Polish supervisory authority for personal data protection;</li>



<li>employee monitoring and workplace privacy;</li>



<li>cookies, consent mechanisms and online tracking technologies;</li>



<li>electronic communications and direct marketing requirements;</li>



<li>international data transfers;</li>



<li>personal data breaches and notification obligations;</li>



<li>practical compliance with Polish privacy legislation;</li>



<li>cybersecurity-related regulatory developments;</li>



<li>the growing interaction between data protection and artificial intelligence governance.</li>
</ul>



<p>A particularly important aspect of this work was addressing the rapidly evolving legislative environment. During the last few years, Poland has experienced substantial regulatory changes resulting from the implementation of numerous European legal instruments and the entry into force of directly applicable EU regulations that significantly affect organisations processing personal data.</p>



<p>Accordingly, the publication takes into account the practical implications of the evolving European digital regulatory framework, including the interaction between the GDPR and newer legal instruments governing digital services, artificial intelligence, cybersecurity and data governance. The analysis also reflects the impact of the AI regulatory framework, developments concerning data governance and electronic communications, as well as the increasingly interconnected compliance obligations facing businesses operating in today&#8217;s digital economy.</p>



<p>Rather than presenting legislation in isolation, the publication adopts a practical, compliance-oriented perspective. It combines:</p>



<ul class="wp-block-list">
<li>the GDPR and Polish implementing legislation;</li>



<li>guidance issued by the European Data Protection Board (EDPB);</li>



<li>the jurisprudence of the Court of Justice of the European Union;</li>



<li>decisions and regulatory guidance published by the Polish Personal Data Protection Office (UODO);</li>



<li>recent Polish legislative developments and market practice.</li>
</ul>



<p>Our ambition was to create a resource that would assist both international and domestic organisations in navigating one of the fastest-changing areas of European regulation, where privacy law increasingly intersects with cybersecurity, AI governance, digital platforms, online communications and emerging technologies.</p>



<p>The contribution was prepared by <strong>Małgorzata Kiełtyka</strong> and <strong>Jakub Gładkowski</strong>, whose combined experience covers complex cross-border advisory work in data protection, artificial intelligence, life sciences, healthcare, technology law, cybersecurity, intellectual property and regulatory compliance.</p>



<p><a href="https://www.dataguidance.com/experts-directory/Jakub_G%C5%82adkowski" target="_blank" rel="noreferrer noopener">https://www.dataguidance.com/experts-directory/Jakub_G%C5%82adkowski</a></p>



<p><a href="https://www.dataguidance.com/experts-directory/Malgorzata_Kieltyka">https://www.dataguidance.com/experts-directory/Malgorzata_Kieltyka</a></p>



<p>For many years, Małgorzata Kiełtyka has advised international companies on GDPR compliance, healthcare regulation, AI governance, technology transactions and cross-border regulatory matters. Her practice combines strategic legal advice with practical implementation of compliance frameworks for multinational businesses operating in highly regulated sectors.</p>



<p>Jakub Gładkowski focuses on data protection, digital regulation, cybersecurity, intellectual property, IT law and emerging technologies. His practice includes advising innovative businesses on regulatory compliance, digital transformation projects and the implementation of European technology legislation affecting both public and private sector organisations.</p>



<p>Being entrusted with preparing Poland&#8217;s national contribution to OneTrust DataGuidance represents an important recognition of our team&#8217;s expertise and international standing. We are particularly proud that this publication reflects not only our experience in privacy law, but also our broader interdisciplinary approach, integrating data protection with AI regulation, cybersecurity, digital compliance and technology law.</p>



<p>We sincerely thank the editorial team at <strong>OneTrust DataGuidance</strong> for their confidence in our expertise and for the opportunity to contribute to a publication that supports legal and compliance professionals around the world.</p>



<p>For KG Legal, this publication marks another significant milestone in the continued growth of our <strong>Data, AI &amp; Cybersecurity Desk</strong> and reinforces our commitment to delivering practical, business-oriented legal advice at the intersection of privacy, technology and innovation.</p>
<p> </p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/">A Major Milestone for KG Legal&#8217;s Data, AI &amp; Cybersecurity Practice: Exclusive Poland Contribution to OneTrust DataGuidance</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>NIS2 in Poland: Practical Implications of the New Cybersecurity Framework for Businesses</title>
		<link>https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/nis2-in-poland-practical-implications-of-the-new-cybersecurity-framework-for-businesses/</link>
					<comments>https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/nis2-in-poland-practical-implications-of-the-new-cybersecurity-framework-for-businesses/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 18:40:05 +0000</pubDate>
				<category><![CDATA[INVESTMENT LAW AND PROCESSES IN POLAND]]></category>
		<category><![CDATA[Business Law]]></category>
		<category><![CDATA[CEE]]></category>
		<category><![CDATA[Corporate Governance]]></category>
		<category><![CDATA[corporate law]]></category>
		<category><![CDATA[Critical Infrastructure]]></category>
		<category><![CDATA[Cross Border Business]]></category>
		<category><![CDATA[Cyber Compliance]]></category>
		<category><![CDATA[Cyber Law]]></category>
		<category><![CDATA[Cyber Resilience]]></category>
		<category><![CDATA[Cyber Risk;]]></category>
		<category><![CDATA[data protection]]></category>
		<category><![CDATA[Digital Infrastructure]]></category>
		<category><![CDATA[Digital Regulation]]></category>
		<category><![CDATA[EU Law]]></category>
		<category><![CDATA[In House Counsel]]></category>
		<category><![CDATA[Incident Response]]></category>
		<category><![CDATA[Information Security]]></category>
		<category><![CDATA[International Law]]></category>
		<category><![CDATA[Law Firm]]></category>
		<category><![CDATA[Legal Tech]]></category>
		<category><![CDATA[NIS2]]></category>
		<category><![CDATA[Poland]]></category>
		<category><![CDATA[Regulatory Compliance]]></category>
		<category><![CDATA[Risk Management]]></category>
		<category><![CDATA[Technology Law]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8816</guid>

					<description><![CDATA[<p>Publication date: July 07, 2026 The Act amending the Act on the National Cybersecurity System aims to implement Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 (NIS Directive 2) and the partial application of Commission Delegated Regulation (EU) 2024/1366 of 11 March 2024 supplementing Regulation (EU) 2019/943 of [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/nis2-in-poland-practical-implications-of-the-new-cybersecurity-framework-for-businesses/">NIS2 in Poland: Practical Implications of the New Cybersecurity Framework for Businesses</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color"><strong>Publication date: July 07, 2026</strong></mark></p>



<p>The Act amending the Act on the National Cybersecurity System aims to implement Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 (NIS Directive 2) and the partial application of Commission Delegated Regulation (EU) 2024/1366 of 11 March 2024 supplementing Regulation (EU) 2019/943 of the European Parliament and of the Council.</p>



<p id="ember4587">The amendment to the KSC Act significantly expands the scope of the regulations and introduces new obligations in the field of cybersecurity management. The changes include, among other things, the implementation of risk management systems and expanded incident reporting requirements. The new regulations also strengthen the powers of supervisory authorities and significantly increase the maximum amount of financial penalties. It also introduces liability for the management staff (manager) of an entity. In practice, this requires certain entities to take steps to comply with the new regulations.</p>



<span id="more-8816"></span>



<p id="ember4588"><strong>The first experiences of entrepreneurs after the amendment came into force – practical conclusions</strong></p>



<p id="ember4589">The few months that the amended Act on the National Cybersecurity System has been in effect demonstrate that the biggest challenge for businesses is no longer the analysis of the new regulations, but their practical implementation. For many organizations, the adaptation process began with a seemingly simple task: determining whether a given entity is even subject to the new regulations. In practice, this step proves to be one of the most problematic.</p>



<p id="ember4590">Under the previous legal framework, many businesses awaited a formal administrative decision confirming their status as an essential service operator. This approach is no longer appropriate. The status of a key or important entity stems directly from the Act, and obligations arise regardless of whether the business has already been entered on the register. This means that the responsibility for properly assessing their own situation rests primarily with the business itself.</p>



<p id="ember4591">Practice also shows that many companies focus solely on the issue of being entered into the register of key and important entities. However, entry itself is not the purpose of the regulation. The greatest challenges remain the actual implementation of an information security management system, conducting a risk analysis, developing incident response procedures, and adequately documenting the actions taken. In the future, supervisory authorities will primarily assess an organization&#8217;s actual level of compliance with the Act, not merely the formal fulfillment of registration obligations.</p>



<p id="ember4592">Another significant change is the significant increase in management responsibility. Management can no longer treat cybersecurity as a matter solely within the purview of IT departments. The Act requires active management involvement in the organization of the cybersecurity management system, oversight of its operation, and provision of adequate organizational and financial resources. In practice, this requires regular reporting on cybersecurity issues at the management level and documentation of decisions made.</p>



<p id="ember4593">Supply chain security is also becoming increasingly important. Businesses are required not only to secure their own IT systems but also to consider the risks arising from collaboration with IT service providers, cloud computing operators, software vendors, and outsourcing providers. In practice, this means reviewing supplier contracts, verifying the security measures in place, and implementing appropriate provisions for incident management and crisis cooperation.</p>



<p id="ember4594">It&#8217;s also noticeable that a growing number of businesses are choosing to conduct internal compliance audits before the statutory deadlines expire. This approach allows for early identification of organizational and technical gaps, reducing the risk of subsequent violations and costly remedial actions.</p>



<p id="ember4595">In practice, the best solution is to treat the implementation of the Act&#8217;s requirements not as a one-time project, but rather as a process encompassing regular risk analysis, procedure updates, employee training, and ongoing oversight of the organization&#8217;s security. This approach not only increases compliance but also significantly reduces the risk of cybersecurity incidents.</p>



<p id="ember4596">It&#8217;s worth emphasizing that the current transition period should be used to calmly prepare organizations for the full application of the new regulations. Postponing implementation until the final months before the statutory deadlines expire can be risky, especially for large organizations where implementing information security management systems requires the involvement of multiple departments and adequate time to prepare procedures and documentation.</p>



<h2 class="wp-block-heading" id="ember4597">Change in the circle of entities to which the Act applies.</h2>



<p id="ember4598">Under the previous wording of the Act, an administrative decision was required to recognize an entity as an essential service operator (Article 5 of the Act before the amendment). Currently, the group of key and important entities is determined automatically (ex lege). The criteria for qualifying an entity as essential are found in Article 5, Section 1, and as an important entity in Article 5, Section 2 of the Act. It is possible that an entity meets the criteria for both key and important entities; such an entity is considered a key entity under Article 5, Section 4. When attempting to qualify entities, the Act also refers to EU regulations, particularly Regulation 651/2014/EU, which defines SMEs. Therefore, the primary criteria taken into account will be the number of employees and annual turnover. It is also necessary to refer to Annexes 1 and 2 of the Act, which precisely define the categories of entrepreneurs in specific sectors and subsectors.</p>



<p id="ember4599">The added Article 5a in paragraph 1 provides that key and important entities are subject to the obligations arising from the Act if they reside in the territory of the Republic of Poland or conduct their business in the territory of the Republic of Poland.</p>



<p id="ember4600">Articles 7 et seq. regulate matters related to the list of key and important entities. Before the amendment, the list contained only operators of essential services; now it includes key and important entities. Unlike the previous legal status, in which entry was made at the request of the authority responsible for cybersecurity (former wording of Article 7, paragraph 3 of the Act), entry is now made at the request of a key or important entity within six months of the occurrence of the conditions (Article 7c, paragraph 1 of the Act). Ex officio entry will generally only apply to existing operators of essential services, trust service providers, telecommunications companies, and public entities. This means that for entities meeting the conditions on the date the amendment comes into force, the deadline for submitting an application is October 3, 2026. Pursuant to the Announcement of the Minister of Digitization of April 8, 2026, regarding the schedule for submitting applications for entry in the register of key and important entities and for key or important entities to commence using the ICT system , self-registration on the list is possible from May 7, 2026, to October 3, 2026. The platform operating in the S46 system is available at <a href="https://wykaz-ksc.gov.pl/">https://wykaz-ksc.gov.pl/</a> . By April 3, 2027, key and important entities are required to commence using the ICT system specified in Art. 46 sec. 1 of the Act. This deadline begins depending on whether the entities were parties to agreements regarding the use of the ICT system referred to in Art. 46 sec. 1 of the Act concluded before April 3, 2026. For the former, the possibility of using the system was opened on April 8, 2026, and for the latter, this possibility will be available from June 12, 2026 (point 2 of the Communication of the Minister of Digital Affairs).</p>



<p id="ember4601">If an entity that meets the criteria for being considered a key or important entity fails to submit an application for entry, the authority responsible for cybersecurity may enter the entity on the list ex officio (Article 7j, paragraph 1 of the Act). Failure to comply with certain obligations related to the list (failure to timely complete missing data on the list or failure to correct data despite a request or failure to submit an application for entry) may result in the imposition of a substantial fine (Article 73, paragraph 1, point 1 and Article 73, paragraph 1a, point 1 of the Act). The catalogue of data to be included on the list has also been changed (expanded) (Article 7, paragraph 2).</p>



<p id="ember4602"><strong>In practice: </strong>The expansion of the scope of entities and the shift from administrative decision-making to automatic regulation mean that many entities may be subject to the Act without formal confirmation of this status. In practice, independent qualification analysis and continuous monitoring of compliance with statutory criteria become crucial. An incorrect assessment (or failure to comply) may result in exposure to sanctions (severe fines).</p>



<h2 class="wp-block-heading" id="ember4603">New responsibilities for cybersecurity management.</h2>



<h3 class="wp-block-heading" id="ember4604">Duties</h3>



<p id="ember4605">Chapter 3, which governs the obligations of key and important entities, has been expanded, and Chapters 3a and 3b have been added, addressing domain name registration service providers and public entities. Article 8 of the Act governs obligations related to the implementation of an information security management system. Compared to the previous legal framework, numerous obligations have been added. The responsibility of the manager of a key or important entity for the performance of its cybersecurity obligations has been introduced (Article 8c of the Act), and the manager&#8217;s responsibilities have also been defined (Articles 8d–8f of the Act).</p>



<p id="ember4606">The regulations regarding incident reporting have also changed. A key or important entity classifies a given incident as serious (after meeting the requirements of Article 2, Section 7 of the Act), then issues an early warning, reports the incident, and finally submits a final report on the handling of the serious incident to the CSIRT (a three-step reporting model instead of the previous one-step model – Article 11 of the Act).</p>



<h2 class="wp-block-heading" id="ember4607">Deadlines</h2>



<p id="ember4608">Pursuant to Article 15 of the Act, key entities must conduct a security audit of the information system used in the service provision process at least once every three years. For key entities that were not previously classified as key service operators, the first audit should be conducted within 24 months of the date the conditions are met (Article 16, point 2, therefore, for these entities, the deadline for conducting the audit is April 3, 2028).</p>



<p id="ember4609">The Act amending the KSC Act establishes a 12-month transition period during which key and important entities have time to fulfill the obligations specified in Chapter 3 of the Act (except for the obligation to conduct the first audit, which entities have 24 months to conduct). Therefore, with respect to obligations such as implementing an information security management system, risk assessment, implementing technical and organizational measures, reporting and managing incidents, and verifying personnel&#8217;s criminal records, the deadline for compliance with these regulations expires on April 3, 2027.</p>



<p id="ember4610"><strong>In practice: </strong>The imposed obligations require the implementation of an information security management system. Furthermore, the single-tier incident reporting system has been changed, replaced by a more complex three-tier system. Essential entities will be required to conduct audits. Importantly, entities that were not previously considered essential service operators will be required to conduct an audit within two years of the amendment&#8217;s entry into force. However, most of the new obligations will have to be implemented by April 3, 2027. Failure to comply with these obligations will result in the manager of the relevant entity being held liable.</p>



<h2 class="wp-block-heading" id="ember4611">Change in the amount and grounds for imposing fines.</h2>



<p id="ember4612">Until April 2, 2026, the maximum amount of the fine imposed on entities (only for the most serious violations) was PLN 1 million (former wording of Article 73, paragraph 5 in fine). Currently, the maximum amount of the fine is, as a rule, EUR 10 million (Article 73, paragraph 3 of the Act), and for the most serious violations, up to PLN 100 million (Article 73, paragraph 5 in fine of the Act).</p>



<p id="ember4613">With the imposition of a large number of obligations on key and important entities, the list of violations for which a fine may be imposed has also been expanded (Article 73 of the Act).</p>



<p id="ember4614">The new provisions on fines come into force only two years after the entry into force of the Act (i.e. from April 3, 2028).</p>



<p id="ember4615"><strong>In practice: </strong>Increasing the amount of fines disciplines key entities and important entities to take their cybersecurity obligations very seriously. It is worth emphasizing, however, that the amended regulations on fines will not enter into force until April 3, 2028.</p>



<h2 class="wp-block-heading" id="ember4616">Changes in the supervision and control of key and important entities.</h2>



<p id="ember4617">Chapter 11 of the Act, which deals with the supervision and control of key and important entities, has been significantly expanded. Some provisions remain unchanged (the requirement to apply the provisions of the Entrepreneurs&#8217; Law or the Act on Audit in Government Administration, the powers of the person conducting the audit, most of the obligations of audited entities, and provisions regarding audit protocols and post-audit recommendations).</p>



<h2 class="wp-block-heading" id="ember4618">Important changes</h2>



<p id="ember4619">The most important changes in the scope of supervision include a significant expansion of Article 53, which describes the powers of the authority responsible for cybersecurity regarding supervision and oversight of key entities. It empowers the competent authority to issue various types of administrative decisions aimed at enforcing the provisions of the Act. This article also contains a number of procedural provisions defining the nature of the proceedings. Generally, the regulations contained in this article apply only to key entities, but as stated in Article 53, paragraph 17, certain provisions also apply to inspections of important entities. Article 53, paragraph 3 states that supervision of key entities is both post-empty and preventive, while for important entities, supervision is only post-empty.</p>



<p id="ember4620">A new obligation for both key and important entities is the information obligation specified in Article 53c, which requires a key or important entity to provide certain data at the request of the authority responsible for cybersecurity.</p>



<p id="ember4621">A new institution is the ad hoc review added in Article 59c, which may be carried out only if the conditions specified in the cited Article are met.</p>



<p id="ember4622"><strong>In practice: </strong>Strengthening the powers of supervisory authorities and introducing ad hoc inspections means increased risk of inspections and the need to maintain constant readiness to demonstrate compliance with regulations. Entities should also prepare for more frequent requests for information from authorized bodies.</p>



<h2 class="wp-block-heading" id="ember4623">Minor changes</h2>



<p id="ember4624">Chapter 10 has been amended and Chapters 10a – 10c have been added, but they do not contain any standards addressed to entities and are therefore not relevant from a practical point of view.</p>



<p id="ember4625">Several changes concern Chapter 12 concerning the Government Plenipotentiary for Cybersecurity and the Cybersecurity Board, but these changes do not have any significant impact on the entities.</p>



<p id="ember4626">Article 12a has been added, addressing specific measures to ensure cybersecurity at the national level. It primarily contains provisions on recommendations from the Government Plenipotentiary for Cybersecurity (Article 67a), the procedure for designating a supplier as a high-risk supplier (Articles 67b–67f), and a safeguarding order in the event of a critical incident (Articles 67g–67i).</p>



<p id="ember4627">Minor changes also apply to the Cybersecurity Strategy of the Republic of Poland (Articles 68–72). The changes primarily concern the content and method of developing the strategy, as well as the frequency of strategy reviews (2.5 years instead of the previous 2 years).</p>



<p id="ember4628">The amendment to the Act on the National Emergency Response Plan creates the basis for the adoption of the National Emergency Response Plan (Articles 72a – 72f of the Act).</p>



<h2 class="wp-block-heading" id="ember4629">Recommended actions.</h2>



<p id="ember4630">In light of the amendments to the Commercial Companies Code, entities subject to the new regulations should take steps to ensure their operations are in compliance with the law. It is recommended that:</p>



<p id="ember4631">1)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Self-identification in order to determine whether a given entity qualifies as a key or important entity within the meaning of the Act.</p>



<p id="ember4632">2)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Implementation or update of an information security management system.</p>



<p id="ember4633">3)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Development of procedures for identifying and reporting incidents, taking into account the new procedure.</p>



<p id="ember4634">4)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Ensuring the involvement of management staff, e.g. the manager&#8217;s implementation of the obligations under Article 8d or 8e.</p>



<p id="ember4635">5)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Preparing the organization for potential supervisory activities, e.g. inspections.</p>



<ul class="wp-block-list">
<li><em>Action:</em></li>
</ul>



<p id="ember4637">ex officio entries carried out by the Minister of Digital Affairs (current key service operators, trust service providers, telecommunications companies and public entities)</p>



<ul class="wp-block-list">
<li><em>Deadline:</em></li>
</ul>



<p id="ember4639">April 13 – May 6, 2026</p>



<ul class="wp-block-list">
<li><em>Action:</em></li>
</ul>



<p id="ember4641">self-registration in the list of key and important entities</p>



<ul class="wp-block-list">
<li><em>Deadline:</em></li>
</ul>



<p id="ember4643">May 7 – October 3, 2026</p>



<ul class="wp-block-list">
<li><em>Action:</em></li>
</ul>



<p id="ember4645">launching the possibility of using the S46 system for new entities</p>



<ul class="wp-block-list">
<li><em>Deadline:</em></li>
</ul>



<p id="ember4647">June 12, 2026</p>



<ul class="wp-block-list">
<li><em>Action:</em></li>
</ul>



<p id="ember4649">end of the deadline for starting to use the S46 system and implementing obligations (end of the adjustment period)</p>



<ul class="wp-block-list">
<li><em>Deadline:</em></li>
</ul>



<p id="ember4651">April 3, 2027</p>



<ul class="wp-block-list">
<li><em>Action:</em></li>
</ul>



<p id="ember4653">the first ISMS audit (for key entities that were not key service operators) and the beginning of the application of the provisions on penalties</p>



<ul class="wp-block-list">
<li><em>Deadline:</em></li>
</ul>



<p id="ember4655">April 3, 2028</p>
<p> </p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/nis2-in-poland-practical-implications-of-the-new-cybersecurity-framework-for-businesses/">NIS2 in Poland: Practical Implications of the New Cybersecurity Framework for Businesses</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/nis2-in-poland-practical-implications-of-the-new-cybersecurity-framework-for-businesses/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Is Your Online Store Ready for the New Era of Control? A Practical Guide to E-Commerce Responsibilities in 2026</title>
		<link>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/is-your-online-store-ready-for-the-new-era-of-control-a-practical-guide-to-e-commerce-responsibilities-in-2026/</link>
					<comments>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/is-your-online-store-ready-for-the-new-era-of-control-a-practical-guide-to-e-commerce-responsibilities-in-2026/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 18:33:36 +0000</pubDate>
				<category><![CDATA[IT, NEW TECHNOLOGIES, MEDIA AND COMMUNICATION TECHNOLOGY LAW]]></category>
		<category><![CDATA[AI Compliance]]></category>
		<category><![CDATA[Artificial intelligence]]></category>
		<category><![CDATA[Business Law]]></category>
		<category><![CDATA[CEE]]></category>
		<category><![CDATA[Competition Law]]></category>
		<category><![CDATA[CONSUMER PROTECTION]]></category>
		<category><![CDATA[corporate law]]></category>
		<category><![CDATA[Cross Border Business]]></category>
		<category><![CDATA[Digital Compliance]]></category>
		<category><![CDATA[Digital Economy;]]></category>
		<category><![CDATA[Digital Services Act]]></category>
		<category><![CDATA[DSA]]></category>
		<category><![CDATA[Ecommerce]]></category>
		<category><![CDATA[EU Law]]></category>
		<category><![CDATA[Foreign Investment]]></category>
		<category><![CDATA[In House Counsel]]></category>
		<category><![CDATA[International Law]]></category>
		<category><![CDATA[Law Firm]]></category>
		<category><![CDATA[Legal Tech]]></category>
		<category><![CDATA[Marketplace]]></category>
		<category><![CDATA[Omnibus Directive]]></category>
		<category><![CDATA[Online Retail]]></category>
		<category><![CDATA[Platform Regulation]]></category>
		<category><![CDATA[Poland]]></category>
		<category><![CDATA[Regulatory Compliance]]></category>
		<category><![CDATA[Technology Law]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8813</guid>

					<description><![CDATA[<p>Publication date: July 07, 2026 Just a few years ago, online store owners primarily had to ensure terms and conditions, privacy policies, and efficient order processing. Today, this is clearly not enough. EU regulations such as the Omnibus Directive and the Digital Services Act (DSA), as well as the increasing role of artificial intelligence in [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/is-your-online-store-ready-for-the-new-era-of-control-a-practical-guide-to-e-commerce-responsibilities-in-2026/">Is Your Online Store Ready for the New Era of Control? A Practical Guide to E-Commerce Responsibilities in 2026</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: July 07, 2026</mark></strong></p>



<p>Just a few years ago, online store owners primarily had to ensure terms and conditions, privacy policies, and efficient order processing. Today, this is clearly not enough. EU regulations such as the Omnibus Directive and the Digital Services Act (DSA), as well as the increasing role of artificial intelligence in assessing store credibility, force businesses to consider their platforms much more broadly. It is no longer just about regulatory compliance, but also about building digital trust, which influences a store&#8217;s visibility, legal security, and customer purchasing decisions. Below, we present a practical checklist of the most important actions to implement to reduce the risk of sanctions and increase the credibility of an online store.</p>



<span id="more-8813"></span>



<h2 class="wp-block-heading" id="ember4228">Practical guidelines for online store owners</h2>



<h2 class="wp-block-heading" id="ember4229">I.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Avoiding UOKiK fines and compliance with the Omnibus Directive</h2>



<p id="ember4230">a. <strong>Implement transactional verification</strong>: You should configure your feedback system so that each review you post is technically linked to the unique order number and email address of the customer who actually completed the purchase.</p>



<p id="ember4231">b. <strong>Updating the content of the regulations</strong>: In the &#8220;Rules for publishing opinions&#8221; section, the verification procedure should be described in detail, whether all opinions (including critical ones) are published and how the average product rating is calculated.</p>



<p id="ember4232">c. <strong>Transparent labeling</strong>: Each review should have a clear status indication (e.g., &#8220;Purchase confirmed&#8221;). If a benefit is provided in exchange for reviews (e.g., a discount code), this information must be clearly and prominently displayed within the review text.</p>



<p id="ember4233">d. <strong>Lowest price mechanism</strong>: In accordance with the requirements of price transparency, each discount must display the lowest price of the product that was valid in the 30 days prior to the introduction of the discount.</p>



<p id="ember4234"><strong>Legal basis</strong>: Act of 30 May 2014 on consumer rights ( Journal of Laws of 2024, item 1796, as amended); Directive (EU) 2019/2161 of the European Parliament and of the Council of 27 November 2019 amending Council Directive 93/13/EEC and Directives 98/6/EC, 2005/29/EC and 2011/83/EU of the European Parliament and of the Council as regards the better enforcement and modernisation of Union consumer protection rules (OJ EU L 328 of 2019, No. 328, p. 7, as amended); Act of 23 August 2007 on counteracting unfair market practices ( i.e. Journal of Laws of 2023, item 845).</p>



<h2 class="wp-block-heading" id="ember4235">II.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Ensuring compliance with the Digital Services Act (DSA)</h2>



<p id="ember4236">a. <strong>Implementing a &#8220;report content&#8221; mechanism</strong>: Every review or user-generated content must have an easily accessible button to report suspected illegality or manipulation of the content.</p>



<p id="ember4237">b. <strong>Procedure for justifying decisions</strong>: In the event of deletion of an opinion or blocking of a user account, the platform is obliged to send the author a detailed justification indicating a specific violation of the regulations or legal provisions.</p>



<p id="ember4238">c. <strong>Internal Complaints Process</strong>: Users must be able to appeal moderation decisions for a period of at least 6 months from the date the platform takes action.</p>



<p id="ember4239">d. <strong>Designation of a contact point</strong>: The entrepreneur must designate an electronic contact point for supervisory authorities and users, enabling efficient communication on matters relating to digital security.</p>



<p id="ember4240"><strong>Legal basis:</strong> Regulation<strong> </strong>(EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act) (OJ EU L 277, 2022, No. 277, p. 1, as amended), in particular Articles 16, 17 and 20.</p>



<h2 class="wp-block-heading" id="ember4241">III.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Reducing the risk of “algorithmic exclusion”</h2>



<p id="ember4242">a. <strong>Design Patterns (UX) Audit</strong>: Eliminate so-called dark patterns, such as asymmetric selector buttons, hard-to-close pop-ups, or mechanisms that make it difficult to unsubscribe. Supervisory algorithms treat such practices as signals of poor interface quality.</p>



<p id="ember4243">b. <strong>Data Certification for AI</strong>: Ensure structured review data is provided, allowing shopping assistants and crawlers to properly verify the “digital provenance” of the data.</p>



<p id="ember4244">c. <strong>Filtering synthetically generated content</strong>: It is worth implementing tools that monitor review language for bot-like patterns (unnatural correctness, lack of detail) to avoid indexing false enthusiasm that results in lower trust rankings.</p>



<p id="ember4245"><strong>Legal basis</strong>: REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 October 2022 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act) (OJ EU L 277, 2022, p. 1, as amended) – Article 25 (prohibition of deceptive interfaces)</p>



<h2 class="wp-block-heading" id="ember4246">IV.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Proper management of data and opinions (CaaS model)</h2>



<p id="ember4247">a. <strong>Digital</strong> <strong>Audit</strong> <strong>Trail</strong>: It is recommended to store logs containing transaction metadata related to opinions for a period enabling verification of data reliability (e.g. 12-24 months).</p>



<p id="ember4248">b. <strong>Active mediation systems</strong>: Instead of deleting negative feedback, use complaint management systems that document the process of resolving customer disputes. Resolving a problem is treated by ranking systems as evidence of high-quality service.</p>



<p id="ember4249"><strong>c.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; “Know Your Business Customer” principle</strong>: When running a marketplace model, it is essential to verify the identity of sellers before allowing them to offer goods, collecting registration numbers and contact details.</p>



<p id="ember4250"><strong>Legal basis</strong>: REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 October 2022 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act) (OJ EU L of 2022, No. 277, p. 1, as amended) – Article 30; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L of 2016, No. 119, p. 1, as amended).</p>
<p> </p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/is-your-online-store-ready-for-the-new-era-of-control-a-practical-guide-to-e-commerce-responsibilities-in-2026/">Is Your Online Store Ready for the New Era of Control? A Practical Guide to E-Commerce Responsibilities in 2026</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/is-your-online-store-ready-for-the-new-era-of-control-a-practical-guide-to-e-commerce-responsibilities-in-2026/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Multi-agent system in the service of the Polish Office of Competition and Consumer Protection &#8211; a new era of e-commerce control and the limits</title>
		<link>https://www.kg-legal.eu/info/cross-border-cases/multi-agent-system-in-the-service-of-the-polish-office-of-competition-and-consumer-protection-a-new-era-of-e-commerce-control-and-the-limits/</link>
					<comments>https://www.kg-legal.eu/info/cross-border-cases/multi-agent-system-in-the-service-of-the-polish-office-of-competition-and-consumer-protection-a-new-era-of-e-commerce-control-and-the-limits/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 18:20:43 +0000</pubDate>
				<category><![CDATA[CROSS BORDER CASES]]></category>
		<category><![CDATA[Administrative Law]]></category>
		<category><![CDATA[AI Act]]></category>
		<category><![CDATA[Artificial intelligence]]></category>
		<category><![CDATA[Business Law]]></category>
		<category><![CDATA[CEE]]></category>
		<category><![CDATA[Competition Law]]></category>
		<category><![CDATA[CONSUMER PROTECTION]]></category>
		<category><![CDATA[Corporate Counsel;]]></category>
		<category><![CDATA[Cross Border Business]]></category>
		<category><![CDATA[Data Governance]]></category>
		<category><![CDATA[Digital Compliance]]></category>
		<category><![CDATA[Digital Markets]]></category>
		<category><![CDATA[Digital Services Act]]></category>
		<category><![CDATA[DSA]]></category>
		<category><![CDATA[Ecommerce]]></category>
		<category><![CDATA[EU Law]]></category>
		<category><![CDATA[Foreign direct investment]]></category>
		<category><![CDATA[International Law]]></category>
		<category><![CDATA[Law Firm]]></category>
		<category><![CDATA[Legal Tech]]></category>
		<category><![CDATA[Omnibus Directive]]></category>
		<category><![CDATA[Platform Regulation]]></category>
		<category><![CDATA[Poland]]></category>
		<category><![CDATA[Regulatory Investigations]]></category>
		<category><![CDATA[Technology Law]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8811</guid>

					<description><![CDATA[<p>Publication date: July 07, 2026 The dynamic development of artificial intelligence-based technologies is revolutionizing not only the commercial sector but also the area of state oversight of the digital market. The implementation of multi-agent systems by the Office of Competition and Consumer Protection (UOKiK) opens a new era in consumer rights enforcement, enabling the mass [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/cross-border-cases/multi-agent-system-in-the-service-of-the-polish-office-of-competition-and-consumer-protection-a-new-era-of-e-commerce-control-and-the-limits/">Multi-agent system in the service of the Polish Office of Competition and Consumer Protection &#8211; a new era of e-commerce control and the limits</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color"><strong>Publication date: July 07, 2026</strong></mark></p>



<p>The dynamic development of artificial intelligence-based technologies is revolutionizing not only the commercial sector but also the area of state oversight of the digital market. The implementation of multi-agent systems by the Office of Competition and Consumer Protection (UOKiK) opens a new era in consumer rights enforcement, enabling the mass and automated identification of unfair market practices. With the Digital Services Act (DSA) and the Omnibus Directive in force, traditional control methods are giving way to algorithmic interface analysis aimed at eliminating so-called dark patterns and price manipulation. However, the use of &#8220;digital controllers&#8221; raises fundamental questions for legal science and business practice about the limits of automated decision-making processes in public administration. Although AI agents significantly improve the effectiveness of detecting violations, their legal status as a source of evidence remains the subject of heated debate. The main thesis is that while AI can be a powerful auxiliary tool for regulatory bodies, the ultimate responsibility for determining the facts and assessing the legitimate interests of a party must rest with humans, which is the foundation of a fair procedure in a state governed by the rule of law.</p>



<span id="more-8811"></span>



<h2 class="wp-block-heading" id="ember3873">Dark Patterns: Legal and Ethical Aspects of Prohibiting Manipulation in Digital Interfaces</h2>



<p id="ember3874">A key obligation of internet platform providers in light of modern regulations is to design interfaces in a transparent and ethical manner. The prohibition of manipulation, formulated, among others, in the Digital Services Act (Article 25), directly affects the structure of so-called deceptive interfaces (dark patterns). Websites and applications cannot be designed in a way that limits the recipient&#8217;s cognitive autonomy, interferes with their ability to rationally assess the situation, or forces them to make a purchasing decision that they would not have made under other circumstances.</p>



<p id="ember3875">One of the most glaring examples of such violations is the asymmetry in the contract conclusion and termination process, <strong>particularly evident in subscription models</strong>. This mechanism relies on extreme simplification of the purchase path while simultaneously mounting procedural barriers when attempting to cancel the service. Visual techniques are used here, among other things: payment activation buttons are highlighted with bright colors and a central location, while contract termination options are deliberately hidden at the bottom of the page, written in small font or masked with colors that blend with the background. Furthermore, canceling a subscription on online platforms often requires multiple selections or confirmation of the desire to cancel, despite the consumer&#8217;s prior explicit choice. Artificial intelligence algorithms, analyzing the page structure and visual hierarchy of elements, can pinpoint these disparities with mathematical precision, creating a list of violations that serves as hard evidence.</p>



<p id="ember3876">In the context of the Omnibus Directive, the obligation to disclose the lowest price 30 days before the discount has become a market standard, but its implementation is open to abuse. The practice of &#8220;empty promotions&#8221; involves artificially inflating the base price just before a planned discount or providing a false reference amount. In this area, AI agents demonstrate particular effectiveness, acting as real-time monitoring systems; they can archive the price history of each product, creating an independent database. Comparing this information with the entrepreneur&#8217;s declaration visible on the website allows for immediate detection of manipulation of the promotional algorithm.</p>



<p id="ember3877">An equally important area of control is the phenomenon of drip pricing , or hiding the real costs of a transaction until the final stage of the shopping cart. Businesses often employ a &#8220;decoy&#8221; strategy, presenting an attractive unit price, which, at the time of order finalization, is increased by mandatory, previously undisclosed costs, such as service fees, packaging costs, or payment processing fees. Pursuant to Article 12 of the Consumer Rights Act, businesses are obligated to clearly and understandably inform consumers about, among other things, the total price for the proposed service. Automated control systems are capable of conducting a full simulation of the purchasing process, from product selection to the payment gateway. Any discrepancy between the price presented in the product list and the amount required to complete the contract is reported by AI as an attempt to circumvent disclosure obligations and a direct violation of the collective interests of consumers.</p>



<p id="ember3878">According to Article 5 of the Act on Combating Unfair Market Practices, the key criterion for assessing a trader&#8217;s behavior is the impact of their actions on the recipient&#8217;s decision-making process. A <strong>market practice is considered misleading</strong> if &#8220;this action in any way causes or is likely to cause the average consumer to make a transactional decision that they would not otherwise have made&#8221;. The legislator specifies that both &#8220;spreading false information&#8221; and &#8220;spreading true information in a manner that is likely to be misleading&#8221; can constitute an infringement. In the digital environment, these manipulations most often focus on the &#8220;existence of a product, its type, or availability.&#8221; A common method of exerting unjustified pressure on consumers is the use of social proof mechanisms and an artificial sense of scarcity. This manifests itself in messages such as: &#8220;this product is now being viewed by x people,&#8221; &#8220;x items have already been purchased today,&#8221; or displaying timers indicating that &#8220;only 30 minutes left until the end of the promotion.&#8221; Particularly problematic from the perspective of trade ethics is the use of so-called false advertising. Timers – clocks counting down to the finale of a supposedly unique price opportunity. In reality, these are fake mechanisms, as after the specified deadline, the offer remains active and the product price remains unchanged or becomes even more favorable. This type of activity, a classic example of dark patterns, is designed to induce fear of missing out (FOMO) in customers and induce them to rush into a transaction. Using AI agents allows regulators to serially monitor such counters and prove their cyclical recurrence, providing direct evidence of deceptive practices.</p>



<h2 class="wp-block-heading" id="ember3879">The algorithm as a controller</h2>



<p id="ember3880">With millions of transactions taking place across the country in just a few minutes or hours, standard order verification procedures prove insufficient to effectively fulfill the statutory responsibilities of supervisory authorities. Technological advancements in the form of AI algorithms come to the rescue. These algorithms can automatically monitor numerous commercial transactions simultaneously, generating preliminary opinions that are ultimately subject to human review. Such systems not only save significant processing time but, above all, enable oversight of a much broader range of businesses and their online platforms. The AI multi-agents used in this process are virtual &#8220;consumer robots&#8221; capable of mass-auditing e-commerce websites, simulating the natural behavior of online users to detect irregularities that a human controller would be unable to detect on such a large scale.</p>



<p id="ember3881">To conduct reliable and effective inspections, Polish law already offers supervisory authorities a toolkit in the form of the &#8220;mystery shopper&#8221; institution. Traditionally, this involves a person unrelated to the inspected company or the inspecting authority making a purchase and then completing a survey regarding specific activities they observe during standard shopping. The implementation of AI technology by the Office of Competition and Consumer Protection (UOKiK) aims to entrust AI multi-agents with the role of such digital &#8220;mystery shoppers.&#8221; Their task is to interact with the website interface, add a product to the cart, and complete the entire purchasing process without disclosing that this activity is being performed by an algorithm or that it is part of an official inspection procedure. This approach allows for direct verification of whether the entrepreneur is not using prohibited manipulative practices, known as dark patterns. However, it should be emphasized that <strong>the activity of AI multi-agents is strictly regulated by legal procedures and cannot be arbitrary</strong>. The algorithm operates under the strict supervision of the President of the Office of Competition and Consumer Protection, who, pursuant to Article 105ia of the Act on Competition and Consumer Protection, must always obtain prior consent from the Court of Competition and Consumer Protection. This mechanism serves as a key safeguard against abuse of power. Furthermore, after completing the inspection, the office is obligated to immediately provide the entrepreneur with an official ID and authorization for the inspection. In the age of digital administration, this obligation can be fulfilled electronically immediately after the AI multi-agents withdraw from the sales platform.</p>



<p id="ember3882">The key legal framework for the operation of algorithms commissioned by the regulator is provided by the EU AI Act. According to its provisions, AI systems used by public authorities for control and supervisory purposes should be considered high-risk AI systems. This entails a strict requirement to design them with appropriate transparency, which allows both the controlling and the controlled entities to properly interpret the system&#8217;s results and use them fairly. In practice, this means that algorithms must be built in an &#8220;explainable&#8221; model. A business subject to allegations based on an algorithmic audit has the statutory right to request full insight into the operation of AI tools. This transparency is essential for the controlled entity to understand the basis and criteria on which the authority deemed its online platform unfair or infringing on the collective interests of consumers (Article 24). This balance between the effectiveness of digital supervision and the right to defense is the foundation of a modern rule of law in the age of algorithms.</p>



<h2 class="wp-block-heading" id="ember3883">The opinion of AI multi-agents as evidence in the case</h2>



<p id="ember3884">After completing the inspection activities on the entrepreneur&#8217;s online platform, the AI algorithm&#8217;s role evolves towards an analytical function, consisting of preparing an opinion indicating detected violations. In the context of potential proceedings against an entity employing unfair market practices, the admissibility of using such an analysis as valid evidence becomes a key issue. Pursuant to Article 7 of the Code of Administrative Procedure (hereinafter referred to as the Code of Administrative Procedure), which establishes the principle of objective truth, a public administration body is obligated to take all steps necessary to thoroughly clarify the factual circumstances. This obligation is consistent with Article 75 § 1 of the Code of Administrative Procedure, which introduces an open catalog of evidence, allowing as evidence anything that may contribute to the clarification of the case, provided it is not contrary to the law.</p>



<p id="ember3885">Under these regulations, the results of AI multi-agent work &#8211; taking the form of reports, opinions, or analyses generated after conducting an audit with court approval &#8211; fully fall within the statutory definition of evidence. However, it should be clearly stated that an AI opinion cannot be equated with an expert opinion within the meaning of Article 84 of the Code of Administrative Procedure. This stems from the fact that an algorithm does not possess the status of a natural person equipped with specialized knowledge, which is a statutory requirement for appointing an expert. Instead, documentation generated by an AI agent should be classified as a private document or so-called &#8220;unnamed evidence.&#8221;</p>



<p id="ember3886">Practical justification for this position can be found in the case law concerning digital evidence. The judgment of the Court of Appeal in Szczecin of September 19, 2016, I ACa 364/15, LEX no. 2147337 aptly describes this issue, pointing out that evidence in a case may include official and private documents, but also means other than those listed in Articles 305-308 of the Code of Civil Procedure. Electronic evidence, currently increasingly used in civil proceedings, is not explicitly listed in the catalog of means of evidence. However, the Code of Civil Procedure does not contain a closed list of evidence sources; anything relevant to the case may constitute evidence. Although the above ruling was issued in the context of civil procedure, due to the identical approach to the openness of the evidence system, it remains fully applicable to administrative proceedings conducted by the President of the Office of Competition and Consumer Protection.</p>



<p id="ember3887">The key element of algorithmic evidence remains the human factor, which serves as a primary safeguard over the autonomous operation of technology. It&#8217;s important to note that AI multi-agents, despite their high sophistication, operate based on statistical probability models, which carries the risk of misinterpreting dynamic website elements. For example, the system may incorrectly classify a standard technical error as intentional dark web activity. patterns or misinterpret the interface&#8217;s intentions in a specific cultural or linguistic context. Therefore, opinions generated by AI agents cannot constitute a standalone and final basis for a decision, but should be subjected to thorough, critical review by an official. Only such a comparison of the &#8220;raw&#8221; algorithmic result with human knowledge and experience allows for avoiding errors that could lead to unjustified penalties. This approach is directly supported by Article 80 of the Code of Administrative Procedure, according to which a public administration body assesses whether a given circumstance has been proven based on the entirety of the evidence. In this process, the &#8220;AI opinion&#8221; is only one of many components that must be weighed against other evidence and evaluated through the prism of principles of logic and life experience, ultimately guaranteeing the implementation of the principle of objective truth and protecting the entrepreneur from the automaticity of decisions made by the algorithm.</p>



<h2 class="wp-block-heading" id="ember3888">Summary</h2>



<p id="ember3889">Multi-agent system implemented by the Office of Competition and Consumer Protection for automatic control of the e-commerce sector poses a significant challenge for entrepreneurs, forcing strict compliance with regulations regarding dark patterns, price transparency (Omnibus Directive, Art. 6a) and information obligations (Consumer Rights Act, Art. 12). These tools are used to mass detect manipulative practices such as drip pricing, fake timers or making it difficult to unsubscribe. Although AI agents perform a function similar to &#8220;mystery shoppers,&#8221; their activity must meet the rigors of Article 105ia of the Act on Competition and Consumer Protection, including the requirement to obtain court consent for a controlled purchase. What is crucial from a procedural perspective is that the findings made by the algorithm do not have the status of an expert opinion within the meaning of Article 84 of the Code of Administrative Procedure (lack of the status of a natural person with specialist knowledge), but constitute only a private document or &#8220;other evidence&#8221; subject to the authority&#8217;s free assessment (Article 80 of the Code of Administrative Procedure).</p>



<p id="ember3890">Consequently, the official is required to subject AI reports to thorough human review to eliminate the risk of misclassification resulting from so-called &#8220;AI hallucinations&#8221; or technical errors in the interpretation of the website&#8217;s code. The entrepreneur has full rights of defense based on the principle of active participation of the party (Article 10 of the Code of Administrative Procedure) and the principle of objective truth (Article 7 of the Code of Administrative Procedure), which means the right to question the bot&#8217;s logic and to access the instructions and parameters of the AI system, in accordance with the &#8220;explainability&#8221; requirement enshrined in the AI Act (Article 13). Any decision based solely on the automated generation of conclusions, without providing the party with an opportunity to comment on the evidence (Article 81 of the Code of Administrative Procedure), constitutes a gross violation of administrative procedure and may constitute an effective basis for challenging the authority&#8217;s decision.</p>



<h2 class="wp-block-heading" id="ember3891">Sources:</h2>



<p id="ember3892">Regulation 2022/2065 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act) (OJ EU L 277, 2022, No. 277, p. 1, as amended).</p>



<p id="ember3893">Directive (EU) 2019/2161 of the European Parliament and of the Council of 27 November 2019 amending Council Directive 93/13/EEC and Directives 98/6/EC, 2005/29/EC and 2011/83/EU of the European Parliament and of the Council as regards the better enforcement and modernisation of Union consumer protection rules (OJ L 328, 2019, p. 7, as amended).</p>



<p id="ember3894">Act of 30 May 2014 on consumer rights (consolidated text: Journal of Laws of 2024, item 1796, as amended).</p>



<p id="ember3895">Act of 23 August 2007 on counteracting unfair market practices (consolidated text: Journal of Laws of 2023, item 845).</p>



<p id="ember3896">Act of 16 February 2007 on competition and consumer protection (consolidated text: Journal of Laws of 2025, item 1714).</p>



<p id="ember3897">Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) Text with EEA relevance (OJ L 1689, 2024).</p>



<p id="ember3898">Act of 14 June 1960, the Code of Administrative Procedure (consolidated text: Journal of Laws of 2025, item 1691).</p>



<p id="ember3899">Judgment of the Court of Appeal in Szczecin of 19 September 2016, I ACa 364/15, LEX no. 2147337.</p>
<p> </p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/cross-border-cases/multi-agent-system-in-the-service-of-the-polish-office-of-competition-and-consumer-protection-a-new-era-of-e-commerce-control-and-the-limits/">Multi-agent system in the service of the Polish Office of Competition and Consumer Protection &#8211; a new era of e-commerce control and the limits</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/cross-border-cases/multi-agent-system-in-the-service-of-the-polish-office-of-competition-and-consumer-protection-a-new-era-of-e-commerce-control-and-the-limits/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Digital evidence bundle as a modern means of organizing evidence</title>
		<link>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/digital-evidence-bundle-as-a-modern-means-of-organizing-evidence/</link>
					<comments>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/digital-evidence-bundle-as-a-modern-means-of-organizing-evidence/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 18:15:36 +0000</pubDate>
				<category><![CDATA[IT, NEW TECHNOLOGIES, MEDIA AND COMMUNICATION TECHNOLOGY LAW]]></category>
		<category><![CDATA[Artificial intelligence]]></category>
		<category><![CDATA[Business Law]]></category>
		<category><![CDATA[Civil Litigation]]></category>
		<category><![CDATA[Civil Procedure]]></category>
		<category><![CDATA[Commercial Law]]></category>
		<category><![CDATA[Commercial Litigation]]></category>
		<category><![CDATA[corporate law]]></category>
		<category><![CDATA[Cross Border Litigation]]></category>
		<category><![CDATA[Cyber Law]]></category>
		<category><![CDATA[Data Governance]]></category>
		<category><![CDATA[Digital Evidence]]></category>
		<category><![CDATA[Digital Forensics]]></category>
		<category><![CDATA[Dispute Resolution]]></category>
		<category><![CDATA[E Discovery]]></category>
		<category><![CDATA[Electronic Evidence]]></category>
		<category><![CDATA[ESI]]></category>
		<category><![CDATA[Evidence Law]]></category>
		<category><![CDATA[In House Counsel]]></category>
		<category><![CDATA[International Law]]></category>
		<category><![CDATA[International Litigation]]></category>
		<category><![CDATA[Law Tech]]></category>
		<category><![CDATA[Lawyers Of LinkedIn]]></category>
		<category><![CDATA[Legal Innovation]]></category>
		<category><![CDATA[Legal Tech]]></category>
		<category><![CDATA[Litigation]]></category>
		<category><![CDATA[Metadata]]></category>
		<category><![CDATA[Online Disputes]]></category>
		<category><![CDATA[Technology Law]]></category>
		<category><![CDATA[Unfair Competition]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8809</guid>

					<description><![CDATA[<p>Publication date: July 07, 2026 The contemporary economic and social reality is undergoing an irreversible process of digitalization. Business activity, commercial communication, and marketing have largely shifted to the internet, e-commerce platforms, and social media. As a consequence, key legal events, infringements of entrepreneurs&#8217; personal rights, acts of unfair competition, and unlawful actions affecting the [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/digital-evidence-bundle-as-a-modern-means-of-organizing-evidence/">Digital evidence bundle as a modern means of organizing evidence</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color"><strong>Publication date: July 07, 2026</strong></mark></p>



<p>The contemporary economic and social reality is undergoing an irreversible process of digitalization. Business activity, commercial communication, and marketing have largely shifted to the internet, e-commerce platforms, and social media. As a consequence, key legal events, infringements of entrepreneurs&#8217; personal rights, acts of unfair competition, and unlawful actions affecting the goodwill and reputation of companies now leave traces almost exclusively in the digital sphere. Consequently, the traditional perception of evidence through the prism of paper documents bearing handwritten signatures has become insufficient in the realities of business transactions. Polish civil procedure meets these needs through the fundamental assumption of an open catalog of evidence. However, the dynamic development of technology forces the constant evolution of judicial practice and a full openness to next-generation evidence. In addition to traditional text files, today&#8217;s multifaceted economic processes require the management of complex data structures, such as metadata, advanced web analytics, system logs, and screenshots from social media platforms.</p>



<span id="more-8809"></span>



<p id="ember3370">Presenting such complex, non-linear evidence, which often encompasses many gigabytes of data, requires the implementation of modern procedural information management tools. The concept of a &#8220;digital evidence folder&#8221; emerges as a key tool for structuring, selecting, and correlating digital data directly with precisely formulated evidentiary theses.</p>



<h2 class="wp-block-heading" id="ember3371">The concept of electronic evidence</h2>



<h3 class="wp-block-heading" id="ember3372">Legal status before the 2016 amendment to the Code of Civil Procedure.</h3>



<p id="ember3373">To fully understand the revolution that has taken place in the Polish legal system regarding electronic evidence, it is necessary to refer to the legal status prior to the entry into force of the Act of 10 July 2015. The civil law system at that time lacked a legal definition of a document. Consequently, doctrine and case law equated this term exclusively with the written form of legal acts within the meaning of Article 78 of the Civil Code. The constitutive elements of a document were considered to be its written form and the handwritten signature of the issuer. A document was defined as human thoughts conveyed through graphic symbols arranged in a logical sequence of concepts on a material basis. This legal structure resulted in procedural limitations regarding electronic evidence. Any information transmitted electronically, e.g., in emails or text messages, that bore only a simple electronic signature, could not be accepted as documentary evidence (see, among others, Supreme Court judgments I CK 32/04, I CKN 1280/00). Photocopies, scans, blueprints, and computer printouts were treated as so-called secondary documents. According to the then-established Supreme Court case law, such reproductions did not constitute a document within the meaning of the Code of Civil Procedure. Although the Code of Civil Procedure did not contain a closed catalog of evidence, allowing computer printouts to be considered &#8220;other evidence&#8221; under Articles 308 and 309 of the Code of Civil Procedure, errors occurred in court practice. Some courts took the erroneous position that since a printout or photocopy was not a document, it did not constitute evidence at all and was beyond the court&#8217;s jurisdiction.</p>



<h2 class="wp-block-heading" id="ember3374">Legal definition of a document and its form</h2>



<p id="ember3375">A breakthrough in the approach to electronic evidence occurred on September 8, 2016, when a legal definition of a document was introduced, along with a new form of legal act: the documentary form (Article 77 § 2, Article 73 § 1, Article 74 of the Civil Code). These changes were complemented by a broad amendment to the Code of Civil Procedure of November 7, 2019, which reformulated the rules of evidence (including Article 243 § 2 of the Code of Civil Procedure). Under the current wording of Article 77 § 3 of the Civil Code, a document is content (information constituting a human thought) contained on a medium enabling its review. A key element of this definition is the complete separation of the concept of a document from its physical, paper medium. Nowadays, a medium can be traditional or electronic. All devices and technical spaces used for collective data storage and reading, such as a flash drive, computer disk, server, or cloud computing, are permissible. The introduced amendment to the Code of Civil Procedure explicitly requires that the provisions on documentary evidence apply to all documents containing text that allow for the identification of their issuers. This change removed obstacles to treating digital data as full-fledged documents. However, the mere existence of a medium and the text recorded on it does not automatically allow for the recognition that the documentary form requirements have been met. A necessary premise and minimum condition for granting such evidence material validity is the ability to establish the identity of the person (issuer) from whom the declaration of will or knowledge originated. The act does not impose a rigid catalog of identification methods, meaning that the issuer&#8217;s identity can be proven in any objective manner, adapted to the technical realities of the given tool. Identification may result directly from the document&#8217;s content or from the circumstances surrounding its creation, for example, based on the mobile number from which the text message was sent or the email address from which the email was sent. As a consequence of the changes introduced by the amendment, the distinction between document evidence containing text and documentary evidence in other forms (e.g., audio recording, image recording, or image and sound recording) has become more important. Depending on the form in which the document&#8217;s content is expressed, the procedural system provides for completely different procedures. Article 2341 of the Code of Civil Procedure applies to documents containing text if they meet the conditions (they contain text and their issuers can be identified). If these conditions are met, the provisions on documentary evidence apply to documents in written, electronic, and documentary form. Differences in application include, for example, the appropriate application of Article 244 of the Code of Civil Procedure to documents containing text. Article 308 of the Code of Civil Procedure applies to documents in other forms (consisting of image, sound, or image and sound recordings). When examining them, the court will apply the provisions on visual inspection and documentary evidence, as appropriate.</p>



<p id="ember3376">Although the amended provisions of Polish civil procedure, through a technologically neutral definition of a document, have paved the way for the widespread use of electronic data in proceedings, generally applicable legal provisions still do not provide a legal definition of &#8220;digital evidence&#8221; itself. Such a concept is hard to find not only in the Civil Procedure Code, but also in criminal or administrative procedures. Consequently, the burden of developing a conceptual framework has fallen on legal doctrine and case law. Among the existing definitions used in international trade, the one adopted by the US Department of Justice is worth citing as the most clear and precise. It states that &#8220;digital evidence should be treated as information or data recorded in the form of digital data, of value to ongoing proceedings, and stored, downloaded, or sent using an electronic device. Analyzing the subject matter of digital evidence, it should be noted that this phenomenon can only be discussed when the information useful for evidentiary proceedings is in the form of digital data. From a technical perspective, &#8220;digital data&#8221; constitutes an ordered logical sequence of characters recorded on appropriate media, which, after decoding by an IT system, can take the form of human-readable content. Consequently, the evidence itself (understood as specific information) is highly immaterial, even abstract. This characteristic occurs even when the data is stored using the most tangible objects, such as hard drives or CDs. Therefore, the evidence in a case is solely the content of the digital recording, while the digital evidence carrier itself becomes, in essence, merely a &#8220;piece of plastic&#8221; and a physical medium. From the perspective of evidence theory, data recorded on a computer medium is not a thing. The essence of this distinction is best captured by a forensic analogy: evidence in a case is the information contained on the disk, not the disk itself – just as evidence is a secured fingerprint, not the entire door along with the doorknob on which the fingerprint was left. This information, hidden in a digital structure, can take two forms. On the one hand, these are forms visible to the naked eye to the average system user, such as photos, text files, or programs on a computer. On the other hand, full-fledged digital evidence requires specialized knowledge, as it is found, for example, in system logs, command history, print traces, or metadata. The lack of a legal definition does not constitute any obstacle to the jurisdictional admissibility of digital evidence in the Polish legal system. This fact is confirmed in all key court proceedings. In civil proceedings, the implementation of Article 77 § 3 of the Civil Code neutralizes the technological barrier.</p>



<h2 class="wp-block-heading" id="ember3377">Digital evidence bundle</h2>



<p id="ember3378">A digital evidence bundle is a structured collection of evidence stored on an electronic medium. It is organized according to a predetermined evidentiary logic (evidence theses). It differs from a standard set of electronic files in that each file is marked to enable its identification during the hearing, and there is a documented link between the theses and specific files. A digital evidence bundle is not a separate legal institution in the Polish legal system. The situation is different in the British legal system. In that system, the bundle (e- bundle) is regulated by general court guidelines for e- bundles, designed to ensure a uniform standard of preparation. In the UK, the bundle must be submitted in PDF format, all pages must be numbered, and the file name must include the case reference number. Furthermore, the UK Supreme Court requires that the bundle index be hyperlinked to the pages or documents to which it refers, and attorneys should refer to the bundle numbering rather than the original page numbers during the hearing. In the Polish digital process, a digital file is not a new, separate means of evidence, but a structured collection of many text and non-text documents, logically and technically linked into one coherent information system, subject to the provisions on documentary evidence (and evidence from other documents.</p>



<h2 class="wp-block-heading" id="ember3379">Creating a digital evidence bundle</h2>



<h3 class="wp-block-heading" id="ember3380">1. The method of presenting the file to the court</h3>



<p id="ember3381">In the practice of Polish civil courts, the digital file can be presented in two ways</p>



<p id="ember3382">Transfer on a physical data carrier – in light of the analyzed technological neutrality of the document definition, the evidence file may (and, if larger, must) be transferred on a physical carrier such as a flash drive, portable external drive, or DVD. This carrier will be attached to the procedural document (e.g., an evidentiary motion).</p>



<p id="ember3383">Transmission via teleinformatics – e.g. via an information portal (smaller size)</p>



<p id="ember3384">A necessary condition is to maintain the integrity and durability of the data and to provide the opposing party with full access to the same version of the file.</p>



<h3 class="wp-block-heading" id="ember3385">2. Construction of the Digital Evidence Bundle</h3>



<p id="ember3386">To ensure clarity, the portfolio should have a rigorous and transparent structure. A key element will be an interactive table of contents, modeled after the British e-bundle. This should be a PDF file located in the root directory of the medium. Each item in the table of contents must be a hyperlink, which, when clicked, takes the user to the appropriate source file stored on the medium. The table of contents must also include metadata to facilitate orientation, such as a unique serial number, file name, date of creation, and description.</p>



<p id="ember3387">Effective implementation of a digital evidence folder requires assigning each digital trace to a predefined directory subgroup:</p>



<h3 class="wp-block-heading" id="ember3388">text documents (group code: TXT)</h3>



<p id="ember3389">&#8211; Includes, among others, digital contracts, general terms and conditions, regulations and other documents in electronic form</p>



<p id="ember3390">&#8211; Files in .pdf/ .docx /.txt formats</p>



<p id="ember3391">&#8211; Basis: Evidence from a document containing text</p>



<h3 class="wp-block-heading" id="ember3392">email messages (EML)</h3>



<p id="ember3393">&#8211; Business correspondence between the parties, commercial threats, offer arrangements, order confirmations</p>



<p id="ember3394">&#8211; eml / .msg format (source files) and export of the thread to a searchable .pdf file</p>



<p id="ember3395">&#8211; Evidence from a document containing text</p>



<h3 class="wp-block-heading" id="ember3396">instant messaging (MSG) correspondence</h3>



<p id="ember3397">&#8211; Conversations from applications such as WhatsApp, Messenger, Telegram, Signal, Teams documenting operational arrangements, attempts to induce unfair competition</p>



<p id="ember3398">&#8211; Full, non-editable export of chat history to PDF with timestamps, and raw .csv or .json files for IT backup</p>



<p id="ember3399">&#8211; Evidence from a document containing text</p>



<h3 class="wp-block-heading" id="ember3400">Screenshots (SCR)</h3>



<p id="ember3401">&#8211; Screenshots showing, for example, defamatory social media posts, unlawful use of trademarks</p>



<p id="ember3402">&#8211; Format . png /.jpg/. tiff . The screenshot should be made with the URL, system date and time visible.</p>



<p id="ember3403">&#8211; Requires metadata enhancement and metadata verification (as to date)</p>



<p id="ember3404">&#8211; Depending on what the evidence shows, either from a document containing text or from another document containing an image</p>



<h3 class="wp-block-heading" id="ember3405">Graphic materials (IMG)</h3>



<p id="ember3406">&#8211; E.g. packaging designs, logos, advertising graphics</p>



<p id="ember3407">&#8211; Format: .jpg/ .png / .tiff</p>



<p id="ember3408">&#8211; Evidence from other documents (Article 308 of the Code of Civil Procedure)</p>



<h3 class="wp-block-heading" id="ember3409">Audio Recordings (AUD)</h3>



<p id="ember3410">&#8211; Telephone conversation records, dictaphone recordings of negotiations</p>



<p id="ember3411">&#8211; Format: .mp3/.wav and text transcription in PDF format</p>



<p id="ember3412">&#8211; Evidence from other documents</p>



<h3 class="wp-block-heading" id="ember3413">Video Recordings (VID)</h3>



<p id="ember3414">&#8211; E.g. Materials from YouTube and TikTok platforms</p>



<p id="ember3415">&#8211; Format: .mp4/ .mkv / .avi</p>



<p id="ember3416">&#8211; Evidence from other documents</p>



<h3 class="wp-block-heading" id="ember3417">Analytical Reports (ANL)</h3>



<p id="ember3418">E.g. Official reports from CRM and SAP systems</p>



<p id="ember3419">Format: PDF with a qualified electronic signature of the issuer</p>



<h3 class="wp-block-heading" id="ember3420">Documentary evidence</h3>



<p id="ember3421">Statistical data (DAT)</p>



<p id="ember3422">For example, raw data from analytical tools</p>



<p id="ember3423">Formats: .xlsx / .csv</p>



<p id="ember3424">If they contain only numbers and tables, they are evidence from other documents</p>



<p id="ember3425">Internet Archives (ARC)</p>



<h2 class="wp-block-heading" id="ember3426">Complete copies of the defendant&#8217;s websites, the status of websites secured through tools</h2>



<p id="ember3427">Format: .html / .warc</p>



<p id="ember3428">Evidence from other documents</p>



<p id="ember3429">Metadata (MET)</p>



<p id="ember3430">&#8220;Data about data&#8221; is crucial for authenticity: technical email headers (establishing the true sending server IP), EXIF photo data (indicating the exact camera model, GPS coordinates, and time the photo was taken), and PDF file properties (revealing the author and the legality of the software).</p>



<p id="ember3431">Formats: .txt/.xml / .json or extracts generated by programs</p>



<p id="ember3432">Metadata is an integral part of the digital document from which it originates.</p>



<p id="ember3433">Evidence theses should be linked by headings in the table of contents (PDF):</p>



<p id="ember3434">E.g. TD-1 (Evidence Thesis No. 1) as a result of the defendant&#8217;s breach of contract, the plaintiff suffered damage (LINK) &#8212;&#8212;&gt; subfolder [TXT] &#8212;-&gt; agreement.docx</p>



<h2 class="wp-block-heading" id="ember3435">Examples of formulated evidentiary theses:</h2>



<h3 class="wp-block-heading" id="ember3436">Sample Thesis on the Dissemination of Information on the Internet</h3>



<p id="ember3437">Pursuant to Article 235 § 1 of the Code of Civil Procedure, I request the admission and taking of evidence from materials collected in section TD-1 of the Digital Evidence Folder filed on a data carrier constituting Annex No. [no.] to this letter, including, according to the table of contents of the folder, the following categories of evidence: analytical documents (TD-1/ANL), screenshots (TD-1/SCR), internet archives (TD-1/ARC) and a metadata and checksum report (TD-1/MET) regarding the scope of dissemination of the information contained in the publication [exact designation: title, URL, date], posted by the defendant via the [name] platform, including: the total number of views of this publication in the period from [date] to [date]; the number of websites that reprinted, quoted or linked to this publication; the secondary reach resulting from sharing by users within and outside the same platform; as well as the persistence of accessibility of the challenged content, as measured by its presence in the search engine index after [number] months from its initial publication. A detailed list of the files comprising section TD-1, along with a description of each, SHA-256 checksums, and hyperlinks to individual documents, is included in the table of contents of the Digital Evidence Folder.</p>



<h2 class="wp-block-heading" id="ember3438">Regarding the number of interactions</h2>



<p id="ember3439">Pursuant to Article 235¹ of the Code of Civil Procedure, I request the admission and taking of evidence from materials collected in section TD-2 of the Digital Evidence Folder filed on a data carrier constituting Annex No. [no.] to this letter, which includes, in accordance with the table of contents of the folder, video files from screen recordings (TD-2/VID), screenshots of interaction sections (TD-2/SCR) and exported comment databases in text/JSON format (TD-2/DAT), regarding the scale and nature of internet users’ interaction with the disputed video material/post [exact designation, URL], posted by the defendant on the [name] platform, including: the total number and dynamics of growth of public reactions (likes, shares, retweets); the number, content and tone of comments posted under the material, in particular those repeating the defendant’s narrative; the degree of audience engagement measured by ER (Engagement Rate) indicators; and the fact and date of the defendant&#8217;s modification or deletion of selected comments in order to manipulate public perception, as evidenced by discrepancies in the checksums and metadata of files secured at intervals.</p>



<h3 class="wp-block-heading" id="ember3440">For the purpose of conducting paid promotional campaigns</h3>



<p id="ember3441">Pursuant to Article 235¹ of the Code of Civil Procedure, I request the admission and taking of evidence from materials collected in section TD-3 of the Digital Evidence Folder submitted on a data carrier constituting Annex No. [No.] to this letter, including extracts from the public Meta Advertising Library (TD- 3/ANL), raw analytical reports in CSV/XLSX format generated from the Meta Ads Manager panel and related settlement invoices (TD-3/TXT), in the event of deliberate, organized and paid increase in the market reach of the defendant&#8217;s message, including: the precise period of broadcasting of paid advertising campaigns, the amount of the budget involved and the profit generated; the artificial multiplication of the number of views and unique recipients obtained in this way); geotargeting criteria and demographic targeting aimed at the plaintiff&#8217;s market; and, above all, the circumstance of intentional selection of behavioral targeting criteria and interests based on the plaintiff&#8217;s brand and customers, which, in the light of Article 3 et seq. UZNK constitutes an action contrary to good practice aimed at unfairly taking over customers.</p>



<h3 class="wp-block-heading" id="ember3442">Documenting the extent of interaction</h3>



<p id="ember3443">Internet reach (Reach) is the total number of unique users who have viewed a given piece of content at least once. It is measured using advanced telemetry systems, tracking scripts, and server logs that record unique queries sent by user browsers and applications to the servers storing the content. Reach should be distinguished from Impressions, which define the total number of times content is played or appears on device screens, regardless of whether it was generated by the same person. In summary, the main difference between reach and impressions comes down to the group of people – reach counts unique users (meaning the same person is not counted twice), while impressions count the total number of impressions (which includes impressions generated multiple times by the same person). Engagement is a separate category, requiring active action on the part of the user, such as clicking, liking, or commenting.</p>



<p id="ember3444">With regard to market practice, it should be noted that for the marketing industry, the above-mentioned indicators are among the basic instruments of ongoing analytics, used to evaluate the effectiveness of campaigns and optimize advertising budgets. Passive indicators, such as reach and impressions, allow marketing agencies to determine the upper limits of the sales funnel and estimate brand awareness among the selected target group (audience active metrics, in turn, range from raw engagement, through click -through rates, to advanced metrics such as virality (the ability of information to rapidly spread online through reciprocal shares) and amplification (an indicator measuring how widely content is shared beyond the author&#8217;s original audience). They are interpreted as a direct measure of the quality and appeal of the advertising creative. High levels of these parameters mean that the message effectively resonates with audience needs, prompting them to interact and organically distribute the content further. Importantly, in business realities, the marketing industry treats this data as a currency of account, as it is based on them, for example, the market value of influencers. The widespread use and high methodological sophistication of these measurements in marketing give the reports generated by advertising systems a strong mandate of objectivity.</p>



<p id="ember3445">In court practice, these indicators can serve as evidence. The reach indicated by the number of unique users can determine the scale and prevalence of infringements of personal rights. In the context of infringement of personal rights, indicators such as virality can be useful to demonstrate the irreversibility of the effects of the infringement.</p>



<h3 class="wp-block-heading" id="ember3446">Proving your social media activity</h3>



<p id="ember3447">When assessing the scale of a tort and estimating the amount of damages or compensation (Article 233 § 1 of the Code of Civil Procedure), a court cannot rely on general statements. It requires hard metrics that illustrate the strength, reach, and dynamics of the unlawful communication. Each leading internet platform operates its own unique data architecture. For digital evidence to be fully understandable and legible to the adjudicating panel, it is necessary to precisely identify and name indicators native to a given online environment. Each of the most popular social media platforms differs in which indicators are most relevant.</p>



<h3 class="wp-block-heading" id="ember3448">Measurable metrics for each platform</h3>



<p id="ember3449">X (formerly Twitter) – a text and information platform.</p>



<p id="ember3450">Number of publications – the number of posts (tweets) posted by a given person</p>



<p id="ember3451">Number of mentions – the number of posts that quote a given person&#8217;s post</p>



<p id="ember3452">Number of views – an indicator visible under each post, used to show how many times the information appeared on users&#8217; screens</p>



<p id="ember3453">Number of interactions – number of likes, retweets, and bookmarks of the tweet</p>



<p id="ember3454">Number of comments – number of replies to a tweet</p>



<p id="ember3455">Number of followers – determines the size of a person&#8217;s profile and may determine the basic reach of the entry</p>



<p id="ember3456">Facebook</p>



<p id="ember3457">Number of views, audiences and unique users</p>



<p id="ember3458">Number of reactions (like, great, haha, etc.) – important for demonstrating the engagement rate and social reception of a given post</p>



<p id="ember3459">Number of comments and shares</p>



<p id="ember3460">Instagram – a visual and audiovisual platform – is crucial in cases of unfair competition committed by influencers (e.g., failure to indicate collaboration).</p>



<p id="ember3461">Number of views, audience, reach – for stories measured within 24 hours of publication (before it is automatically archived)</p>



<p id="ember3462">Number of interactions, reactions</p>



<p id="ember3463">Number of followers</p>



<p id="ember3464">YouTube is a video platform. As a result, disputes mainly concern defamatory videos or unlawful product placement.</p>



<p id="ember3465">Number of views and total watch time (watch time) is crucial for showing whether the audience watched the entire video or turned it off after a few seconds</p>



<p id="ember3466">Number of interactions or comments (thumbs up and down)</p>



<p id="ember3467">Number of channel subscribers</p>



<p id="ember3468">Tik Tok – short video content based on a recommendation algorithm. Currently, this is crucial when it comes to the virality of a given video or topic.</p>



<p id="ember3469">Number of views</p>



<p id="ember3470">Number of interactions – likes, favorites, shares</p>



<p id="ember3471">Video completion rate – how many users watched the video to the end</p>



<p id="ember3472">LinkedIn – a business platform. Any posts that violate the personal rights of entrepreneurs are of a serious nature due to the greater potential for reaching business partners.</p>



<p id="ember3473">Number of publications, mentions, views</p>



<p id="ember3474">Number of interactions and reactions</p>



<p id="ember3475">Recipient structure – identification of positions, industries, and company sizes</p>



<p id="ember3476">Reddit and other forums of this type, e.g. Wykop – platforms based on threaded structure and user anonymity</p>



<p id="ember3477">The number of interactions and reactions – up or down votes (Upvotes or Downvotes) – determine the position of the thread on the main page of the website and the time of its visibility</p>



<p id="ember3478">Number of comments &#8211; entries in the thread</p>



<p id="ember3479">Number of unique users</p>



<p id="ember3480">Blogs and news portals, e.g. Onet, WP, Interia – violations concern in particular press articles or unlawful use of graphics.</p>



<p id="ember3481">Number of publications</p>



<p id="ember3482">Number of unique users and number of views</p>



<p id="ember3483">Time spent on the site</p>



<p id="ember3484">Number of comments under articles</p>



<p id="ember3485">With respect to analytical tools for measuring and verifying metrics in the virtual space, three categories of tools are used in litigation, providing objective evidence with a high level of credibility. The first are native social media platform panels, such as Meta Business Suite, YouTube Studio, X Analytics, and LinkedIn Page Analytics. These, as internal statistical systems of service providers, provide direct insight into relational databases and enable the generation of official analytical reports (filed in the ANL subfolder of the digital file) containing precise structure of views, reach, and audience demographics. In situations where the infringement occurred on third-party profiles or external portals to which the plaintiff does not have administrative access, professional media and internet monitoring systems, such as Brand24, SentiOne, the Institute of Media Monitoring (IMM), and Press-Service, are used. These systems aggregate public mentions in real time, measure the total algorithmic reach, and automatically qualify the sentiment of statements, creating reports that resemble private documents. This set of instruments is complemented by specialized web analytics and market intelligence tools (SEO Tools), including Google Analytics 4, Similarweb, Semrush, Ahrefs and Senuto; they allow for the examination of the number of unique users and page views on the defendant&#8217;s external blogs or news portals, proving the intensity of unfair advertising campaigns by a competitor, and demonstrating the dynamics of traffic decline on the plaintiff&#8217;s website.</p>



<h2 class="wp-block-heading" id="ember3486">MetaAds advertising campaigns</h2>



<p id="ember3487">Within the Meta Ads Manager advertising system, system reports and the public Meta Ad Library (powered by extended data under the EU Digital Services Act DSA), you can prove key campaign parameters, such as the exact broadcast period and creative activity status, campaign budget supported by invoices from Meta Platforms , total number of impressions, unique audience (reach), click statistics (including CTR and CPC), as well as precise geotargeting criteria (countries, cities or radii around specific points) and advanced parameters of demographic (age, gender) and behavioral targeting, including interests, Lookalike lists and Custom groups. Audiences are created based on, among other things, email databases and Pixel Meta code. To effectively present this data to a Polish court as digital evidence (e.g., under Article 308 of the Code of Civil Procedure), you must export raw, certified reports from the ad manager panel in .xlsx or .csv formats containing unique Campaign IDs or Ad IDs, create a secure screencast of the login and statistics generation process with a visible URL, SSL certificate, and system time, submit official financial documentation corresponding to the ad account ID, and notarize a public extract from the Ad Library.</p>



<p id="ember3488">Ads data is crucial evidence in unfair competition cases, as it helps demonstrate the scale, intent, content, and target audience of unlawful market activities. In the context of misleading designations of companies, goods, or imitations of products listed in Articles 5, 10, and 13 of the Act on Combating Unfair Competition (UZNK), and unfair advertising under Article 16 of the UZNK, statistics on the number of views and audiences demonstrate the mass nature of the infringement and the degree to which it has caused confusion in the market. Secured graphic and video materials illustrate the very fact of unlawfully copying a product&#8217;s external appearance or using a competitor&#8217;s trademarks. In turn, precisely demonstrating behavioral targeting based on a competitor&#8217;s company or brand name exposes intentional bad faith, involving parasitizing another&#8217;s reputation and aggressively acquiring customers, which directly violates good practices and the interests of another entrepreneur, pursuant to the general clause of Article 3 of the UZNK. Moreover, detailed emission parameters, prices, campaign budgets and click statistics constitute a solid basis for demonstrating the dissemination of false information about prices or the legal situation (Article 14 of the Advertising Law), and also allow for a precise estimation of the amount of damage suffered, lost profits or the degree of unjust enrichment of the perpetrator.</p>



<h2 class="wp-block-heading" id="ember3489">Video materials</h2>



<p id="ember3490">Video materials constitute an independent piece of evidence in contemporary civil and commercial proceedings, classified under the Code of Civil Procedure as evidence from devices recording or transmitting images and sounds, to which the provisions on evidence from visual inspection apply accordingly. As with screenshots, raw video recordings are subject to the principle of limited trust due to the risk of manipulation. Therefore, to maintain full procedural immunity and rebuttal, they must be properly recorded along with their network environment. This, in the event of technological disputes, paves the way for specialized verification of their metadata by a computer forensics expert.</p>



<p id="ember3491">Securing and verifying YouTube recordings for legal purposes requires immediate capture of the material in its entirety and without any editing, which is best achieved through screen recording (including audio and visible page context) or using external download tools. For evidence to be credible in court, the circumstances of its recording (who recorded it, when, and on what device) must be precisely described in an evidence log, and the number of file transfers must be minimized, protecting the original metadata. The author&#8217;s identity and the authenticity of the video itself are confirmed through content analysis, witness testimony, and, in cases of risk of disinformation and manipulation, using tools such as DataViewer for reverse image search of video thumbnails (which allows for detection of old videos) and geolocation. Because view, reaction, and comment statistics can be deleted or modified by the author at any time, it is crucial to capture them by smoothly scrolling through the interaction section during the screen recording. They can also be demonstrated using external tools such as SocialBlade (if they haven&#8217;t been deleted by then). You should also prepare a written transcript of the dialogue in case of technical problems in the courtroom.</p>



<p id="ember3492">Securing and verifying evidence from live streams and disappearing content (such as Instagram Stories, TikTok Live, or streams on Twitch and Kick) requires instant, real-time data capture. For live streams, it&#8217;s crucial to simultaneously record the raw stream using command-line tools (e.g., yt-dlp, which will automatically save the recording to disk in real time) and full screen recording (e.g., in OBS Studio) along with dynamic chat. If broadcasts on Twitch and Kick haven&#8217;t been deleted, the platforms provide tools for creating clips during the broadcast or from the live stream recording. For time-sensitive content, immediate screen recording with system audio or using mobile certification apps (e.g., TrueScreen ) is the priority, which generate evidence with a qualified timestamp that prevents editing. To ensure the integrity of the chain of custody, secured files must be immediately provided with a SHA-256 checksum (a sequence of numbers and letters that serves as a &#8220;<strong>cryptographic fingerprint</strong>&#8221; of a file or document) and the technical parameters of the recording must be precisely described in the protocol, including full URLs and UTC time zones. <strong>Due to frequent changes in usernames and pseudonyms, the author&#8217;s identity is determined by extracting persistent, unique network identifiers from the source code</strong> (such as TikTok &#8216;s authorId), as well as by analyzing voice, facial, and background characteristics. Identifying the exact publication time of disappearing materials requires finding UNIX timestamps in the browser cache or mathematically reconstructing the time by comparing the relative application time (e.g., &#8220;3 hours ago&#8221;) with the certified atomic time (e.g., from the <a href="http://time.is/">time.is</a> website) visible in the recording. Finally, because reach statistics and interaction sections can be deleted at any time, and the publicly invisible view counts of the story prevent direct measurement, it is crucial to capture peak moments of viewership, public reactions and shares by smoothly scrolling the screen or exporting the chat database to structured text files with precise timestamps for each comment.</p>



<h2 class="wp-block-heading" id="ember3493">Metadata and computer forensics</h2>



<p id="ember3494">Metadata, or &#8220;data about data,&#8221; is structured, precisely defined, and uniformly named information used to describe, identify, organize, and access a specific object, digital resource, or research dataset. It operates based on sets of information units arranged in a structure with definitions and usage rules. Institutions can create these themselves or adopt ready-made standards developed by internationally recognized organizations such as ISO, ANSI, RDA, OpenAire, or Metadata 2020. Within this framework, three main types of metadata are distinguished: descriptive metadata, which provides information necessary to identify or locate a resource (e.g., title, author, keywords, production technique, or history of the object). Structural metadata, which describes relationships and dependencies between collection elements to facilitate navigation. Administrative metadata, on the other hand, assists in resource management (e.g., storage location or insurance premium). Administrative metadata also includes technical metadata, typically created automatically in files such as EXIF (containing, for example, creation date, file type, and resolution), intellectual property rights management metadata, and preservation metadata necessary for archiving and maintaining the resource. From the user&#8217;s perspective, consistent application of the schema according to the instructions is crucial, as complete metadata provides information about the structure and limitations of the data, explains its meaning, indicates how to cite it, and is a necessary condition for its understanding and reuse. Digital forensics plays a significant role in analyzing metadata and using it as evidence in proceedings. The process of data analysis in computer forensics is based on methodologies focused on identifying, securing, examining, and presenting digital traces in a manner acceptable to law enforcement. In the context of digital forensics, raw content (e.g., document text, an image in a screenshot) constitutes only the surface layer of evidence. Its full value is achieved only by combining this layer with deep analysis, encompassing metadata, system logs, file change history, user identifiers, as well as location, server, and analytical data. Defining the individual components of the data layer is crucial; in practice, they constitute the essence of computer forensics. The first and most common group are timestamps, precisely defined chronological reference points automatically generated by operating systems or applications, recording the date and time of a specific event. This most often occurs in the form of so-called MAC attributes, documenting the moment of creation, content modification, and last file opening (Access). Their direct extension are system logs, called event logs. They take the form of automatically created, chronological text files or databases. They contain all critical activities, process errors, and correct or incorrect user login attempts recorded by the operating system and running programs. These logs are inextricably linked to the file change history, a sequence of digital traces illustrating the entire evolution and modifications to which a given resource has been subjected throughout its lifecycle. This history reveals sequences of overwriting, deletion, or addition of data sections, allowing for the reconstruction of the original file content before editing. To assign these operations to a specific entity, digital experts forensics examine user identifiers, which are unique alphanumeric, numeric, or address strings permanently assigned to a specific account in a system, corporate network, or online platform. These identifiers are used for authorization and are automatically associated with every action performed by a given profile. Location data (geolocation) provides additional physical and geographical context. This information identifies the physical geographic location of a device based on raw GPS coordinates, cellular base station (BTS) identifiers, or Wi-Fi MAC addresses. These data are often automatically embedded in the structure of multimedia files. All these operations are embedded in the network architecture, recorded by server data, including HTTP server Access Logs and DNS records, which record the client&#8217;s IP address, the exact date of the request, the HTTP method, the URL, and the User-Agent string identifying the user&#8217;s browser type and operating system. The final link in this structure is analytical data generated by external tracking systems and scripts (e.g., Google Analytics, Meta Pixel), which aggregate the behavior of thousands of unique users online, measuring parameters such as the number of unique users, page views, click-through rates, etc. Only such a comprehensive approach to these seven technical components allows computer forensics to go beyond the layer of raw, visual description of data and reach its digital foundation.</p>



<p id="ember3495">In civil and commercial cases, where key evidence consists of digital traces, statistical reports, or screenshots, expert witness testimony becomes a key instrument for fact-checking. The main advantage of engaging an expert witness is that it gives the collected network traces substantive, indisputable probative value. Pursuant to Article 278 § 1 of the Code of Civil Procedure, expert witness testimony is conducted when the assessment of a specific issue requires specialized knowledge, beyond the knowledge of an average person. This procedure is formally initiated by filing an application meeting the requirements of a procedural document (Article 126 of the Code of Civil Procedure), in which the party identifies the facts to be ascertained and specifies the expert&#8217;s desired specialization. After hearing the parties&#8217; submissions, the court issues a decision on the admission of evidence, appointing an expert from the list of the president of the district court or appointing an ad hoc expert, formulating an evidentiary thesis, and setting a deadline for preparing the expert&#8217;s opinion. After receiving the decision and possibly reviewing the case files or the subject of the inspection, the expert, acting under penalty of perjury and pursuant to an oath, begins research activities, culminating in the preparation of a reasoned opinion in writing or its oral presentation in the transcript. In civil and commercial proceedings, expert opinions in this field are most often used in cases involving the verification of digital evidence provided by the parties – its authenticity and the content thereof.</p>



<p id="ember3496">Screenshots are defined as a specific recording of the current image displayed on a computer monitor, tablet, smartphone, or other device equipped with a display. In essence, they constitute a type of digital &#8220;photograph&#8221; or &#8220;still&#8221; that permanently captures and depicts the content currently being generated on the screen. Under Polish civil procedure and the case law of common courts and the Supreme Court, printouts and files containing screenshots have the status of evidence in the case. In court practice, a screenshot is most often classified as private document evidence (constituting an information carrier enabling review of its content and confirming the submitter&#8217;s assertion of specific circumstances) or as other evidence within the meaning of Article 309 of the Code of Civil Procedure. Screenshots are widely used, among others, in family matters (documenting parents&#8217; conversations), consumer matters (shop offers, prohibited clauses in regulations), copyright infringements (use of a protected photo) or disputes over the infringement of reputation and personal rights on social networking sites, forums and blogs.</p>



<p id="ember3497">The main limitation of this evidence is that it is subject to the principle of limited confidence due to its susceptibility to simple and arbitrary interference. Parties to the proceedings frequently challenge the authenticity of screenshots, alleging that they can be easily modified, are incomplete, taken out of context, or have partially removed content. The mere submission of a single screenshot does not determine the veracity of the facts, and this evidence only demonstrates that a computer recording of specific content existed at the time the recording or printout was made. The Court of Appeal in Warsaw (ref. no. I ACa 2111/15) explicitly stated that the potential ease of modification does not deprive a screenshot of its evidentiary value; however, it requires the court to conduct a thorough analysis. The Court of Appeal in Kraków adopted a similar approach in judgment I ACa 315/16. An additional limitation is the legality of the source of their acquisition, as malicious actions or hacking into the application in order to perform a dump may result in criminal liability for violating the secrecy of correspondence and result in the rejection of evidence by the court.</p>



<p id="ember3498">To increase the credibility of screenshots and protect against allegations of manipulation, additional archiving or procedural measures are necessary. The evidentiary value of a screenshot can be enhanced by securing the page in digital form (saving it on a hard drive or in the cloud) or by preparing a proper protocol by a notary, who will personally confirm the credibility and existence of the content. Furthermore, it is crucial that the screenshot is accompanied by other electronic documents and objective verification data. From a procedural perspective, the evidentiary value of screenshots varies progressively depending on their degree of IT integration, with the screenshot itself, devoid of additional elements, having the lowest probative value. In such cases, it merely constitutes a private document demonstrating that a computer recording of specific content existed at a given moment. However, due to the widespread and easy possibility of graphic modification, it is most susceptible to challenge by the opposing party. A screenshot presented with an analytical report has slightly higher and more objective value. It constitutes enhanced evidence, in which the raw image is supplemented with external system data, allowing for a precise demonstration in court of the scale, dynamics, and situational context of the digital tort being analyzed. The probative value of the screenshot with metadata option is low to medium, as submitting the original, source image file only allows for the identification of the device and recording time. The raw metadata of the image file only documents the moment the image itself was created. The highest probative value, fully accepted and sanctioned by, among others, the case law of the Court of Justice of the European Union, is characterized by a screenshot combined with a parallel website archive. Combining screenshots with information from independent internet archives, which store copies of the historical code of websites and record any changes made to it, undoubtedly confirms that specific content, statements or graphic materials were actually published on a specific date, while the potential technical possibility of subsequent modification of the website by its author does not invalidate the probative value of such a package, as external data from digital archives effectively verifies and confirms the full authenticity of the submitted screenshot.</p>



<h2 class="wp-block-heading" id="ember3499">Documenting the course of events on the internet – a timeline as reconstructive evidence</h2>



<p id="ember3500">Digital events that are procedurally significant, such as the publication of a defamatory post, the launch of an advertising campaign that violates personal rights or the principles of fair competition, are rarely one-off and momentary phenomena. In fact, they constitute processes spread over time, composed of successive stages, each of which leaves a separate, identifiable digital trace. A complete reconstruction of these stages in the form of a chronological timeline evidence) performs a function similar to that of a protocol recording the course of events in real time, the integration of which requires specialist knowledge and methodology.</p>



<h2 class="wp-block-heading" id="ember3501">Time reconstruction model</h2>



<h3 class="wp-block-heading" id="ember3502">1. Content publishing – moment zero</h3>



<p id="ember3503">This is the starting point of the entire timeline. Reconstructing moment zero requires determining the exact date and time of the first publication, with at least minute accuracy (via a timestamp in the platform&#8217;s metadata, HTTP headers of the server response, or the WARC archive from the first dump); the URL at which the content was available, including the permalink or canonical URL, which identifies the content regardless of subsequent address changes; the identity of the author or account from which the publication was made (e.g., through the user ID in the page&#8217;s source code, domain WHOIS data, email headers notifying about a new entry); and the original content in its entirety, before any subsequent edits (the source could be the first WARC or MHTML archive, a copy from the Google Cache, or a record in the Wayback Machine).</p>



<p id="ember3504">The start of an advertising campaign – equivalent to the moment the content is published. It has particular evidentiary significance in cases involving acts of unfair competition. The reconstruction of this layer is based, among other things, on data from the Meta Ad Library.</p>



<h3 class="wp-block-heading" id="ember3505">2. First shares and initial reach</h3>



<p id="ember3506">This layer reconstructs the mechanism by which content first spread beyond the original publication. This is key evidence for demonstrating that the violation has spread beyond the author&#8217;s immediate followers and has become public. Data for this layer&#8217;s reconstruction comes from publicly available sharing data (e.g., retweets on X) or through media monitoring tools. The reconstruction report should present this layer as a map of the initial distribution nodes, using a graph or table indicating which platforms and when the content reached within the first 24-48 hours of publication.</p>



<h3 class="wp-block-heading" id="ember3507">3. Increase in the number of interactions</h3>



<p id="ember3508">This layer documents the acceleration of the phenomenon, meaning the moment the content ceased to be a niche post and began to generate significant user engagement. Its reconstruction is crucial for demonstrating that the violation was not a marginal event. Data needed to establish this includes a daily or hourly chart of the increase in the number of likes, comments, shares, and views obtained by exporting data from the platform&#8217;s dashboard or analytical tools; identification of the moment the content exceeded virality thresholds ; and data on the engagement of high-reach accounts that shared the content, which provides evidence that the plaintiff&#8217;s damaged reputation reached influential circles.</p>



<h3 class="wp-block-heading" id="ember3509">4. Increased geographic and demographic reach</h3>



<p id="ember3510">This layer documents the territorial and demographic extension of the publication&#8217;s impact, which may be important both for assessing the scale of damage and for establishing jurisdiction in cross-border cases, e.g., <strong>by determining the place where the damage was caused under the Brussels Ia Regulation</strong>. This data is obtained from geolocation reports of some platforms, showing the countries and regions from which users came, as well as the demographic data of the recipients (gender and age indicated when creating an account).</p>



<h3 class="wp-block-heading" id="ember3511">5. User reactions and sentiment</h3>



<p id="ember3512">This layer documents the qualitative dimension of the publication, i.e., how recipients reacted to the published content, which can, for example, be the basis for demonstrating that the infringement actually harmed the plaintiff&#8217;s reputation and did not go unnoticed. Reconstruction of this layer includes, among other things, a sentiment analysis of comments and mentions from social media monitoring tools, indicating the percentage distribution of positive, neutral, and negative reactions towards the plaintiff or company during the period under review; and the provision of representative quotes from the comments, e.g., in the form of screenshots. In the reconstruction report, this layer should be presented with methodological caution, as sentiment analysis generated automatically by monitoring tools is not always fully reliable and should be verified by an expert or accompanied by information about the algorithm&#8217;s margin of error.</p>



<h3 class="wp-block-heading" id="ember3513">6. Business implications</h3>



<p id="ember3514">This is the final layer of the timeline and is the most important for demonstrating pecuniary or non-pecuniary damage within the meaning of Article 361 of the Civil Code. It documents the measurable consequences of the infringement on the plaintiff&#8217;s business. Evidence in this layer may include data showing a decline in organic traffic on the plaintiff&#8217;s website in correlation with the escalation of the infringement (daily session chart, bounce rate, average session time before and after the infringement); data from the plaintiff&#8217;s CRM or ERP system documenting a decline in the number of quotations; data from e-commerce platforms, e.g., Allegro, Amazon, showing changes in sales volume or the number of views of the plaintiff&#8217;s offers; documentation of costs incurred in managing the reputational crisis, e.g., invoices from PR agencies, costs of remedial advertising campaigns, legal costs in the pre-litigation phase; and reports from industry media or specialized market monitoring services that noted the infringement and its effects.</p>



<h2 class="wp-block-heading" id="ember3515">Reconstruction report form</h2>



<p id="ember3516">The reconstruction report should be a PDF document with a qualified electronic signature and a certified time stamp. Its structure should include a title page with the file reference number, date of preparation, and author information; a chronological timeline in graphical form with key points for each layer; an event and evidence correlation table linking each event on the timeline to the source file reference number in the digital evidence folder; and a narrative description of each layer with references to specific file reference numbers and folder page numbers.</p>



<p id="ember3517">Such a report, incorporated into a digital file, becomes a key orientation document for the court and allows for understanding the entire evidence without having to independently review hundreds of source files, constituting the procedural equivalent of the dispute plan used in English and American proceedings.</p>



<h2 class="wp-block-heading" id="ember3518">Description of evidence</h2>



<p id="ember3519">The description of digital evidence in a lawsuit or a procedural document containing an evidentiary motion serves a much broader purpose than traditional evidence labeling. Digital evidence, when included in a multi-gigabyte digital evidence file, requires a description that allows the court to understand its technical nature, origin, method of acquisition, and relationship to the evidentiary thesis. This description therefore fulfills four distinct procedural functions. The first is the identification function, as it precisely identifies the evidence with a signature, file name, and location within the file, making it uniquely identifiable at every stage of the proceedings, during the hearing, and in the transcript. The second is the verification function, fulfilled by providing the SHA-256 checksum and the date of acquisition, allowing the opposing party and the court to verify whether the submitted file is identical to the one that formed the basis of the claims in the lawsuit. The third is the contextualizing function, a substantive description and an indication of the connection with the factual situation allows the court to understand, already at the stage of reading the claim, what specific fact a given file is used to prove.</p>



<p id="ember3520">The digital evidence description template should be used consistently for each item in the digital evidence index. Below is an example of a professional description template for a text document.</p>



<h2 class="wp-block-heading" id="ember3521">Pattern &#8211; Text Document</h2>



<p id="ember3522">The evidence ID is TD-1/TXT/0001. The file name in the folder is distribution_agreement_2026-01-16.pdf, and the original source file name is Sales Agreement No. 12/2026.pdf. The date the evidence was obtained is June 16, 2026, which is the date the file was included in the digital evidence folder and the checksum was calculated. The source of the evidence is the plaintiff&#8217;s electronic mailbox: a file attached to an email dated January 16, 2026, sent by the defendant from j.kowalski@pozwani.p. The file&#8217;s SHA-256 checksum is a3f1d8&#8230;9b2c (the full string in file TD-1/MET/0001 of the digital folder).</p>



<p id="ember3523">The technical description indicates that the evidence is an 842 KB PDF/A-1b file with a searchable text layer. The file does not contain active scripting or embedded multimedia. The document&#8217;s metadata identifies the author as Jan Kowalski, the creation date as January 14, 2026, 10:47:22 UTC, and the file was generated using Microsoft Word 2019. The metadata was extracted using exiftool version 12.60 and archived in file TD-1/MET/0001.</p>



<p id="ember3524">The substantive description indicates that the file contains an agreement signed by both parties for the exclusive distribution of the plaintiff&#8217;s products in the Masovian Voivodeship, concluded for a period of three years from March 15, 2022. Paragraph 7 of the agreement prohibits the defendant from conducting parallel distribution of products competing with the plaintiff&#8217;s product range. Paragraph 12 specifies contractual penalties for violating this prohibition at PLN 50,000 for each identified violation.</p>



<p id="ember3525">The evidentiary thesis for this evidence is: the fact that the parties concluded distribution agreement No. 12/2026 on 16 January 2026, the content of the defendant’s obligation to provide exclusive distribution and prohibit the distribution of competitive products, the amount of the stipulated contractual penalties, as well as the fact that the defendant submitted a declaration of intent with the content corresponding to paragraph 7 of this agreement, which demonstrates his full awareness of the limitations imposed on him.</p>



<p id="ember3526">The connection with the factual circumstances lies in the fact that this evidence constitutes the primary source of the legal relationship between the parties. A finding of violation of the prohibition by the defendant, documented by further evidence from section TD-2 of the file, is possible only by reference to the content of the contractual obligation arising from this document.</p>



<figure class="wp-block-image"><img decoding="async" src="https://media.licdn.com/dms/image/v2/D4D12AQGe014loHWlLg/article-inline_image-shrink_1500_2232/B4DZ8ibmXzK8AU-/0/1782989088478?e=1784764800&amp;v=beta&amp;t=CSsXExMl-dgbgKxqP7ZECjbwVGI7kWVhMEpTtrJGnMY" alt="Article content"/><figcaption class="wp-element-caption">summary table</figcaption></figure>



<p id="ember3528">A sample summary table for cases involving multiple files, which replaces the separate listing of each piece of evidence in the procedural document. A separate table should be created for the most important pieces of evidence.</p>



<h2 class="wp-block-heading" id="ember3529">Final conclusions</h2>



<p id="ember3530">Contemporary commercial disputes unfold in two parallel realities. The first is the traditional, paper-based reality, well-known to civil litigation theory and practice, which is gradually losing its significance. The second is the digital, networked reality, generating billions of electronic traces daily and becoming the dominant environment in which contracts are concluded, negotiations are conducted, marketing campaigns are launched, infringements are committed, and damages are inflicted. The paradox is that procedural law, which is formally prepared for this change, for example, thanks to an open catalog of evidence and the technologically neutral definition of a document in Article 77³ of the Civil Code. However, in court practice, it is still often applied through the prism of categories developed for the paper-based reality. The main thesis of this article is simple and yet practically significant: evidence in 21st-century commercial cases cannot be limited solely to traditional paper documents, because the facts crucial to resolving a dispute increasingly do not exist in paper form at all. A contract concluded through an exchange of messages on corporate messaging, a violation of a non-compete clause documented in system logs – none of these events leave a paper trail. They exist solely as digital data, and their occurrence, content, and effects must be proven using appropriate methods and tools.</p>



<p id="ember3531">The online activity of businesses, as well as their contractors, competitors, and customers, leaves a vast amount of digital traces that are susceptible to analysis. As demonstrated in the individual chapters of this article, these traces include not only obvious electronic documents such as text files and emails, but also metadata and analytical data from social media platforms. The key to the effectiveness of this evidence, however, is its proper preparation, security, and presentation. A raw screenshot devoid of metadata and an online archive has minimal evidentiary value and is easily challenged. The same screenshot, provided with a qualified timestamp, supported by a parallel archive, supplemented by an analytical report documenting reach and sentiment, and integrated with a timeline reconstructing the course of events, becomes highly persuasive evidence, difficult to refute even with an active defense by the opposing party.</p>



<h2 class="wp-block-heading" id="ember3532">Digital evidence folder as a system tool</h2>



<p id="ember3533">The concept of a digital evidence folder, proposed in this article as an adaptation of the Anglo-Saxon electronic institution trial Bundle, a Polish civil procedure tool, addresses a fundamental procedural challenge: how to present tens or hundreds of gigabytes of electronic data to the court in a way that is understandable, verifiable, and procedurally efficient. A bundle is not a new piece of evidence, but an organizational tool that organizes existing evidence according to the logic of evidentiary thesis, assigns each file a unique reference number, links evidence to facts, ensures the integrity of the file, and enables immediate retrieval of each piece of evidence during the hearing via an interactive table of contents with hyperlinks. A properly prepared digital evidence bundle is one of the most effective tools for presenting evidence in court. First, it forces the attorney to select and prioritize the material before filing a procedural document, eliminating chaotic and overwhelming collections of unselected files. Secondly, it makes the evidence transparent for the opposing party and the court, because each piece of evidence is described, classified and linked to a specific thesis, which eliminates the objection of ambiguity and facilitates an effective defense or procedural attack.</p>



<h2 class="wp-block-heading" id="ember3534">Postulates de lege ferenda</h2>



<p id="ember3535">The analysis conducted in this article reveals significant regulatory gaps, the filling of which would significantly improve the effectiveness of evidence in cases involving digital materials. These proposals are both legislative and quasi-legislative in nature, involving standardization through case law and court rules.</p>



<p id="ember3536">The first and most important proposal is to introduce a legal definition of digital evidence into the Code of Civil Procedure. While the lack of such a definition does not prevent the taking of electronic evidence, it generates terminological uncertainty in case law and doctrine, leading to inconsistent assessment of the evidentiary value of the same categories of materials by different adjudicating panels. The definition should encompass all information recorded in the form of digital data, of value to ongoing proceedings, stored, downloaded, or transmitted via an electronic device.</p>



<p id="ember3537">The second postulate is the introduction of the English Practice Rules into the court regulations. The e- bundle guidelines should standardize the presentation of electronic evidence in cases where it exceeds a certain volume or number of files. Such regulations should mandatorily require: a uniform file identification system, a table of contents in PDF format with hyperlinks, and the provision of identical copies of the medium to the court and the opposing party no later than a specified number of days before the hearing. This solution, implemented without amending the law through orders of court presidents or guidelines from the Minister of Justice, would immediately improve the evidentiary culture in proceedings involving mass digital evidence.</p>



<h2 class="wp-block-heading" id="ember3538">Sources:</h2>



<p id="ember3539">Tacij Przemysław, Digital content and uncertified copies as evidence in civil proceedings</p>



<p id="ember3540">Lewulis Piotr, Social Media as a Source of Evidence in Civil Cases: Results of a Preliminary Survey Among Attorneys and Legal Counselors</p>



<p id="ember3541">Rafał Prabucki, Metadata related to a document and evidentiary proceedings in a civil trial</p>



<p id="ember3542">Wręczycka Katarzyna, Electronic evidence in civil proceedings</p>



<p id="ember3543">Nowak Mariusz, Types of electronic evidence in civil proceedings</p>
<p> </p>


<p>Artykuł <a href="https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/digital-evidence-bundle-as-a-modern-means-of-organizing-evidence/">Digital evidence bundle as a modern means of organizing evidence</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/digital-evidence-bundle-as-a-modern-means-of-organizing-evidence/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
