<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Polish law - KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</title>
	<atom:link href="https://www.kg-legal.eu/info/tag/polish-law/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.kg-legal.eu/info/tag/polish-law/</link>
	<description>KIELTYKA GLADKOWSKI LEGAL &#124; CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</description>
	<lastBuildDate>Tue, 07 Jul 2026 19:32:02 +0000</lastBuildDate>
	<language>en-GB</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
	<item>
		<title>A Major Milestone for KG Legal&#8217;s Data, AI &#038; Cybersecurity Practice: Exclusive Poland Contribution to OneTrust DataGuidance</title>
		<link>https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/</link>
					<comments>https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 19:32:01 +0000</pubDate>
				<category><![CDATA[KG LEGAL NEWS]]></category>
		<category><![CDATA[AI Act]]></category>
		<category><![CDATA[AI Compliance]]></category>
		<category><![CDATA[AI Regulation]]></category>
		<category><![CDATA[Artificial intelligence]]></category>
		<category><![CDATA[CEE]]></category>
		<category><![CDATA[Corporate Counsel]]></category>
		<category><![CDATA[Cross Border Business]]></category>
		<category><![CDATA[Cross Border Legal Services]]></category>
		<category><![CDATA[Cyber Compliance]]></category>
		<category><![CDATA[Cyber Law]]></category>
		<category><![CDATA[Data Governance]]></category>
		<category><![CDATA[Data Privacy]]></category>
		<category><![CDATA[data protection]]></category>
		<category><![CDATA[DataGuidance]]></category>
		<category><![CDATA[Digital Compliance]]></category>
		<category><![CDATA[Digital Economy]]></category>
		<category><![CDATA[Digital Law]]></category>
		<category><![CDATA[Doing business in Poland]]></category>
		<category><![CDATA[Emerging Technologies]]></category>
		<category><![CDATA[EU Law]]></category>
		<category><![CDATA[European Law]]></category>
		<category><![CDATA[Foreign Investors]]></category>
		<category><![CDATA[gdpr]]></category>
		<category><![CDATA[GDPR Compliance]]></category>
		<category><![CDATA[GDPR Poland]]></category>
		<category><![CDATA[General Counsel]]></category>
		<category><![CDATA[Global Law]]></category>
		<category><![CDATA[Healthcare Law]]></category>
		<category><![CDATA[Healthcare Regulation]]></category>
		<category><![CDATA[In House Counsel]]></category>
		<category><![CDATA[International Law Firm]]></category>
		<category><![CDATA[International Legal Services]]></category>
		<category><![CDATA[Invest in Poland]]></category>
		<category><![CDATA[kglegal]]></category>
		<category><![CDATA[kiełtyka gładkowski]]></category>
		<category><![CDATA[Law Firm Poland]]></category>
		<category><![CDATA[Legal Innovation]]></category>
		<category><![CDATA[Legal Tech]]></category>
		<category><![CDATA[Legal Thought Leadership]]></category>
		<category><![CDATA[Life Sciences Law]]></category>
		<category><![CDATA[NIS2]]></category>
		<category><![CDATA[OneTrust]]></category>
		<category><![CDATA[Pharmaceutical Law]]></category>
		<category><![CDATA[Poland Law]]></category>
		<category><![CDATA[Polish law]]></category>
		<category><![CDATA[Polish Law Firm]]></category>
		<category><![CDATA[Privacy Law]]></category>
		<category><![CDATA[Regulatory Compliance]]></category>
		<category><![CDATA[Technology Law]]></category>
		<category><![CDATA[Technology Transactions]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8822</guid>

					<description><![CDATA[<p>Publication date: July 07, 2026 We are delighted to share an important milestone in the continued development of KG Legal&#8217;s Data, AI &#38; Cybersecurity Desk. It has been a great honour to serve as the exclusive expert contributors for Poland to the OneTrust DataGuidance Privacy Overview – Poland, one of the world&#8217;s leading professional legal [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/">A Major Milestone for KG Legal&#8217;s Data, AI &amp; Cybersecurity Practice: Exclusive Poland Contribution to OneTrust DataGuidance</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: July 07, 2026</mark></strong></p>



<p>We are delighted to share an important milestone in the continued development of <strong>KG Legal&#8217;s Data, AI &amp; Cybersecurity Desk</strong>.</p>



<figure class="wp-block-image size-full"><img fetchpriority="high" decoding="async" width="1000" height="1000" src="https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge.png" alt="" class="wp-image-8823" srcset="https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge.png 1000w, https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge-300x300.png 300w, https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge-150x150.png 150w, https://www.kg-legal.eu/wp-content/uploads/2026/07/DataGuidance-Contributor-Badge-768x768.png 768w" sizes="(max-width: 1000px) 100vw, 1000px" /></figure>



<p>It has been a great honour to serve as the <strong>exclusive expert contributors for Poland</strong> to the <strong>OneTrust DataGuidance Privacy Overview – Poland</strong>, one of the world&#8217;s leading professional legal compliance resources relied upon by in-house counsel, privacy professionals, compliance officers, multinational organisations and technology companies operating across multiple jurisdictions.</p>



<span id="more-8822"></span>



<p>Preparing this contribution was a long-term project that required several months of intensive legal analysis, research and editorial work. Our objective was not simply to describe the application of the GDPR in Poland. Instead, we sought to create a practical and comprehensive guide reflecting the significant transformation of the Polish regulatory landscape that has taken place in recent years as a result of new European legislation and its implementation into Polish law.</p>



<p>The publication therefore extends far beyond a traditional overview of Polish data protection law. It examines the interaction between privacy, digital regulation, cybersecurity and artificial intelligence, providing readers with practical guidance on the most important legal developments affecting organisations operating in Poland.</p>



<p>Our contribution discusses, among other things:</p>



<ul class="wp-block-list">
<li>the practical application of the GDPR within the Polish legal system;</li>



<li>the powers and regulatory practice of the Polish supervisory authority for personal data protection;</li>



<li>employee monitoring and workplace privacy;</li>



<li>cookies, consent mechanisms and online tracking technologies;</li>



<li>electronic communications and direct marketing requirements;</li>



<li>international data transfers;</li>



<li>personal data breaches and notification obligations;</li>



<li>practical compliance with Polish privacy legislation;</li>



<li>cybersecurity-related regulatory developments;</li>



<li>the growing interaction between data protection and artificial intelligence governance.</li>
</ul>



<p>A particularly important aspect of this work was addressing the rapidly evolving legislative environment. During the last few years, Poland has experienced substantial regulatory changes resulting from the implementation of numerous European legal instruments and the entry into force of directly applicable EU regulations that significantly affect organisations processing personal data.</p>



<p>Accordingly, the publication takes into account the practical implications of the evolving European digital regulatory framework, including the interaction between the GDPR and newer legal instruments governing digital services, artificial intelligence, cybersecurity and data governance. The analysis also reflects the impact of the AI regulatory framework, developments concerning data governance and electronic communications, as well as the increasingly interconnected compliance obligations facing businesses operating in today&#8217;s digital economy.</p>



<p>Rather than presenting legislation in isolation, the publication adopts a practical, compliance-oriented perspective. It combines:</p>



<ul class="wp-block-list">
<li>the GDPR and Polish implementing legislation;</li>



<li>guidance issued by the European Data Protection Board (EDPB);</li>



<li>the jurisprudence of the Court of Justice of the European Union;</li>



<li>decisions and regulatory guidance published by the Polish Personal Data Protection Office (UODO);</li>



<li>recent Polish legislative developments and market practice.</li>
</ul>



<p>Our ambition was to create a resource that would assist both international and domestic organisations in navigating one of the fastest-changing areas of European regulation, where privacy law increasingly intersects with cybersecurity, AI governance, digital platforms, online communications and emerging technologies.</p>



<p>The contribution was prepared by <strong>Małgorzata Kiełtyka</strong> and <strong>Jakub Gładkowski</strong>, whose combined experience covers complex cross-border advisory work in data protection, artificial intelligence, life sciences, healthcare, technology law, cybersecurity, intellectual property and regulatory compliance.</p>



<p><a href="https://www.dataguidance.com/experts-directory/Jakub_G%C5%82adkowski" target="_blank" rel="noreferrer noopener">https://www.dataguidance.com/experts-directory/Jakub_G%C5%82adkowski</a></p>



<p><a href="https://www.dataguidance.com/experts-directory/Malgorzata_Kieltyka">https://www.dataguidance.com/experts-directory/Malgorzata_Kieltyka</a></p>



<p>For many years, Małgorzata Kiełtyka has advised international companies on GDPR compliance, healthcare regulation, AI governance, technology transactions and cross-border regulatory matters. Her practice combines strategic legal advice with practical implementation of compliance frameworks for multinational businesses operating in highly regulated sectors.</p>



<p>Jakub Gładkowski focuses on data protection, digital regulation, cybersecurity, intellectual property, IT law and emerging technologies. His practice includes advising innovative businesses on regulatory compliance, digital transformation projects and the implementation of European technology legislation affecting both public and private sector organisations.</p>



<p>Being entrusted with preparing Poland&#8217;s national contribution to OneTrust DataGuidance represents an important recognition of our team&#8217;s expertise and international standing. We are particularly proud that this publication reflects not only our experience in privacy law, but also our broader interdisciplinary approach, integrating data protection with AI regulation, cybersecurity, digital compliance and technology law.</p>



<p>We sincerely thank the editorial team at <strong>OneTrust DataGuidance</strong> for their confidence in our expertise and for the opportunity to contribute to a publication that supports legal and compliance professionals around the world.</p>



<p>For KG Legal, this publication marks another significant milestone in the continued growth of our <strong>Data, AI &amp; Cybersecurity Desk</strong> and reinforces our commitment to delivering practical, business-oriented legal advice at the intersection of privacy, technology and innovation.</p>
<p> </p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/">A Major Milestone for KG Legal&#8217;s Data, AI &amp; Cybersecurity Practice: Exclusive Poland Contribution to OneTrust DataGuidance</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/kg-legal-news/a-major-milestone-for-kg-legals-data-ai-cybersecurity-practice-exclusive-poland-contribution-to-onetrust-dataguidance/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Dietary Supplements Under Tightened Scrutiny: How the 2026 Reform Could Reshape the Polish Market</title>
		<link>https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/dietary-supplements-under-tightened-scrutiny-how-the-2026-reform-could-reshape-the-polish-market/</link>
					<comments>https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/dietary-supplements-under-tightened-scrutiny-how-the-2026-reform-could-reshape-the-polish-market/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 18:09:37 +0000</pubDate>
				<category><![CDATA[PHARMACEUTICAL, HEALTHCARE & LIFE SCIENCES LAW]]></category>
		<category><![CDATA[Administrative Law]]></category>
		<category><![CDATA[Advertising Law]]></category>
		<category><![CDATA[Compliance Risk]]></category>
		<category><![CDATA[CONSUMER PROTECTION]]></category>
		<category><![CDATA[Corporate Compliance]]></category>
		<category><![CDATA[Cross Border Business]]></category>
		<category><![CDATA[Digital Compliance]]></category>
		<category><![CDATA[Doing business in Poland]]></category>
		<category><![CDATA[EU Food Regulation]]></category>
		<category><![CDATA[eu regulation]]></category>
		<category><![CDATA[Food Law]]></category>
		<category><![CDATA[Food Safety]]></category>
		<category><![CDATA[GIS Poland]]></category>
		<category><![CDATA[Healthcare Law]]></category>
		<category><![CDATA[International Law Firms]]></category>
		<category><![CDATA[Invest in Poland]]></category>
		<category><![CDATA[Legal Services Poland]]></category>
		<category><![CDATA[Life Sciences Law]]></category>
		<category><![CDATA[Life Sciences Regulation]]></category>
		<category><![CDATA[Marketing Compliance]]></category>
		<category><![CDATA[Pharmaceutical Law]]></category>
		<category><![CDATA[Poland Law]]></category>
		<category><![CDATA[Polish law]]></category>
		<category><![CDATA[Regulatory Compliance]]></category>
		<category><![CDATA[Sanitary Regulation]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8807</guid>

					<description><![CDATA[<p>Publication date: July 07, 2026 The Polish dietary supplements market is facing the most significant regulatory overhaul in years. The draft amendment to the Act on Food and Nutrition Safety and the Act on the State Sanitary Inspectorate introduces a series of far-reaching changes that will substantially alter the way supplements are notified, monitored, advertised, [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/dietary-supplements-under-tightened-scrutiny-how-the-2026-reform-could-reshape-the-polish-market/">Dietary Supplements Under Tightened Scrutiny: How the 2026 Reform Could Reshape the Polish Market</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: July 07, 2026</mark></strong></p>



<p>The Polish dietary supplements market is facing the most significant regulatory overhaul in years. The draft amendment to the Act on Food and Nutrition Safety and the Act on the State Sanitary Inspectorate introduces a series of far-reaching changes that will substantially alter the way supplements are notified, monitored, advertised, and supervised in Poland. While the reform does not formally introduce a pre-market authorization system, it undeniably strengthens the position of regulatory authorities and increases the compliance burden imposed on businesses operating in the sector.</p>



<span id="more-8807"></span>



<p id="ember2883">The amendment, expected to enter into force six months after publication, reflects both domestic concerns regarding the rapid expansion of the supplements market and the broader European trend toward stricter food safety oversight. For manufacturers, importers, distributors, and marketing agencies, the proposed changes may require a complete reassessment of internal procedures, legal risk management, and commercial strategy.</p>



<p id="ember2884">The reform arrives at a time when the Polish dietary supplements market continues to expand at an exceptional pace. Poland has become one of the largest supplement consumers in the European Union, both in terms of total market value and per capita spending. According to market estimates, the sector exceeded PLN 7 billion in value in 2024 and is expected to continue growing steadily over the coming years. The scale of the market alone has become a challenge for regulators. Between 2017 and 2020, more than 62,000 supplement notifications were submitted to the Chief Sanitary Inspectorate (GIS), while the number of products listed in official registers exceeded 29,000.</p>



<p id="ember2885">At the same time, authorities increasingly pointed to systemic weaknesses in the existing framework. Under the current rules, a business may place a dietary supplement on the market immediately after submitting a notification to GIS, even if doubts exist regarding the product’s composition or classification. The authorities may initiate explanatory proceedings, but the product can still remain commercially available during the investigation. In practice, this system has often been criticized for providing insufficient preventive control and allowing potentially problematic products to circulate before any meaningful assessment takes place.</p>



<p id="ember2886">Another major concern involved the widespread use of aggressive advertising strategies. For years, the dietary supplements industry has been accused of blurring the line between supplements and medicinal products. Many advertisements indirectly suggested therapeutic effects or implied that supplements could substitute proper medical treatment or balanced nutrition. Regulators and pharmaceutical companies repeatedly argued that existing penalties were too low to deter large market participants from engaging in questionable promotional practices.</p>



<p id="ember2887">The lack of a centralized digital supervision system also contributed to inefficiencies. The notification process relied partly on outdated administrative mechanisms, resulting in difficulties with document verification, inconsistent communication, and lengthy proceedings. The new amendment seeks to address these concerns through digitalization, stricter procedural obligations, and substantially higher financial sanctions.</p>



<p id="ember2888">One of the most visible changes introduced by the reform is the mandatory use of the e-Sanepid platform for all supplement notifications. Until now, notifications could be submitted either electronically or in paper form, and businesses had some flexibility regarding the form and timing of submission. Under the new rules, however, the process becomes fully digitized. Notifications will only be accepted through the e-Sanepid system and will require either a qualified electronic signature or a trusted electronic profile.</p>



<p id="ember2889">This change may appear largely technical at first glance, but in reality it significantly increases the formalization of the entire notification process. For large companies with developed compliance departments, adapting to electronic communication systems is unlikely to create serious difficulties. Smaller businesses, however, may face operational and financial challenges connected with digital authentication tools, procedural monitoring, and document management requirements.</p>



<p id="ember2890">The amendment also changes the moment at which the notification obligation arises. Previously, the law referred both to products already introduced to the market and those merely intended for future introduction. The new wording removes the reference to “intended introduction,” meaning that the obligation will arise only once the product is actually being placed on the market. Although this clarification simplifies the legal interpretation of the obligation, it also narrows the flexibility businesses previously enjoyed when planning product launches.</p>



<p id="ember2891">Perhaps the most consequential aspect of the reform concerns explanatory proceedings and scientific opinions. Under the current framework, businesses could effectively delay proceedings indefinitely by postponing the submission of required scientific documentation. While the law imposed certain deadlines on the authorities themselves, it did not establish sufficiently strict obligations for the notifying entity. This created situations where proceedings remained unresolved for years, significantly limiting the effectiveness of supervision.</p>



<p id="ember2892">The amendment introduces a much stricter procedural regime. Once GIS requests a scientific opinion regarding a product’s classification or compliance, the business will have only 14 days to submit an application to a scientific institution or to the President of the Office for Registration of Medicinal Products. Furthermore, the scientific opinion itself must generally be issued within six months, with an absolute maximum period of twelve months in exceptional cases.</p>



<p id="ember2893">The most significant innovation is the introduction of a legal presumption against the entrepreneur. If the entity fails to submit the application for an opinion within the required 14-day period, the law will automatically presume that the proposed classification of the product is incorrect and that the product does not meet the requirements applicable to its category. In practical terms, procedural inactivity itself may lead to negative legal consequences.</p>



<p id="ember2894">This fundamentally changes the balance between businesses and regulatory authorities. Previously, delaying the process often worked in favor of companies by allowing products to remain on the market while proceedings continued. Under the new rules, inaction may immediately weaken the entrepreneur’s legal position. Businesses will therefore need to implement much stricter internal monitoring systems to ensure compliance with procedural deadlines.</p>



<p id="ember2895">The amendment additionally prohibits businesses from circumventing the procedure by repeatedly submitting notifications for identical products. Once proceedings are initiated, companies will no longer be able to submit another notification concerning a product with the same qualitative and quantitative composition. Similarly, withdrawing a notification will not allow the entrepreneur to restart the process with the same formula at a later stage. These restrictions are intended to eliminate procedural abuse and prevent companies from avoiding regulatory scrutiny through repeated filings.</p>



<p id="ember2896">Another major reform concerns transparency and the expansion of the public product register maintained within the SEPIS system. The current register already contains certain information regarding notified products, but the scope of publicly available data remains relatively limited. The new system significantly broadens the amount of information accessible to consumers and competitors alike.</p>



<p id="ember2897">Under the amendment, the register will include the product name, form of the product, qualitative composition, information regarding active substances, details concerning explanatory proceedings, and information about prohibited ingredients. Although quantitative composition data and certain identifying information regarding the reporting entity will remain confidential, the reform nevertheless represents a substantial increase in market transparency.</p>



<p id="ember2898">From the consumer protection perspective, this may be viewed as a positive development. Consumers will gain easier access to information about supplement composition and regulatory status, potentially allowing for more informed purchasing decisions. However, from the business perspective, the new transparency rules create considerable reputational risks. Information regarding ongoing explanatory proceedings may become publicly visible long before any final administrative decision is issued. As a result, companies may face reputational damage even in situations where no violation is ultimately confirmed.</p>



<p id="ember2899">The reform also updates the broader inspection framework to align Polish law with Regulation (EU) 2017/625 on official controls. Although the regulation has already been directly applicable across the European Union since 2019, several references in Polish legislation still pointed to repealed EU acts. The amendment therefore modernizes the legal terminology and adapts national provisions to the currently binding European framework.</p>



<p id="ember2900">Importantly, however, the changes do not significantly expand the substantive powers of sanitary authorities. The amendment primarily introduces terminological adjustments, extending references from “official food controls” to “official controls and other official activities.” Sanitary authorities will continue to possess extensive powers during inspections, including access to facilities, examination of production processes and documentation, and collection of samples for laboratory testing.</p>



<p id="ember2901">The reform does, however, expand the situations in which businesses must bear the costs of inspections and administrative activities. In addition to existing obligations related to violations, follow-up inspections, and border sanitary controls, businesses will now also be required to cover costs associated with official activities performed at their own request, such as the issuance of certain documents. While this change may appear relatively modest compared to other parts of the reform, it nevertheless contributes to the overall increase in operational costs for market participants.</p>



<p id="ember2902">One of the most controversial elements of the amendment concerns advertising and marketing practices. The reform significantly broadens the scope of administrative liability related to the promotion and presentation of dietary supplements. Previously, penalties focused primarily on incorrect product labeling. Under the new rules, liability will explicitly extend to advertising, online promotion, social media activities, and the overall presentation of products.</p>



<p id="ember2903">Most importantly, the amendment introduces severe sanctions for advertising or presenting a supplement before notifying GIS. This is likely to have a major impact on digital marketing strategies commonly used in the supplements industry. Influencer campaigns, online pre-launch promotions, teaser advertisements, and social media product announcements may all potentially fall within the scope of the new sanctions if conducted before formal notification.</p>



<p id="ember2904">The amendment also reinforces existing prohibitions against suggesting that a balanced diet cannot provide sufficient nutrients or implying medicinal properties of supplements. Although these prohibitions already existed under current law, the reform significantly strengthens enforcement mechanisms by attaching much higher financial penalties to violations.</p>



<p id="ember2905">Indeed, the increase in administrative penalties represents one of the most dramatic aspects of the reform. Under the current framework, the maximum administrative fine generally amounts to thirty times the average monthly salary. The amendment raises this threshold to one hundred times the average salary, increasing potential penalties by more than 330 percent.</p>



<p id="ember2906">Based on current economic indicators, maximum fines could exceed PLN 800,000. Such amounts are clearly intended to function as genuinely deterrent sanctions rather than symbolic administrative measures. For large corporations with extensive marketing operations, these penalties may significantly alter risk calculations related to aggressive advertising or borderline compliance practices.</p>



<p id="ember2907">For businesses operating in the supplements sector, the cumulative impact of these changes may be substantial. Compliance costs are likely to increase considerably. Companies may need to invest in legal advisory services, digital infrastructure, scientific assessments, employee training, and enhanced compliance monitoring systems. Marketing departments in particular will face increased scrutiny and will need to carefully verify advertising content before publication.</p>



<p id="ember2908">The reform may also contribute to market consolidation. Large, well-established companies are generally better positioned to absorb increased compliance costs and adapt to stricter regulatory requirements. Smaller businesses, startups, and niche supplement brands may struggle with the financial and administrative burden created by the new framework. As a result, the amendment could unintentionally reduce market diversity and strengthen the competitive position of major industry players.</p>



<p id="ember2909">From the perspective of public authorities, the reform aims to improve the efficiency and credibility of food safety supervision. Digitalization through e-Sanepid and SEPIS is expected to accelerate administrative processes, improve data analysis capabilities, and strengthen market oversight. The introduction of strict procedural deadlines should also reduce the risk of excessively lengthy proceedings and administrative disputes.</p>



<p id="ember2910">At the same time, the implementation of these systems will require significant investments in technological infrastructure and administrative capacity. The effectiveness of the reform will therefore depend not only on the wording of the legislation itself, but also on the practical ability of GIS and related institutions to manage the new digital environment efficiently.</p>



<p id="ember2911">Ultimately, the amendment does not formally transform dietary supplements into products requiring prior authorization before market entry. Businesses will still be able to introduce supplements through a notification-based system rather than a licensing procedure. Nevertheless, the practical reality of operating in the sector is likely to change considerably.</p>



<p id="ember2912">The reform substantially increases the procedural obligations imposed on businesses, strengthens enforcement tools available to authorities, raises financial exposure connected with non-compliance, and introduces far greater transparency into the market. While these changes may improve consumer protection and market oversight, they also create new operational and reputational risks for entrepreneurs.</p>



<p id="ember2913">For companies active in the supplements industry, the coming months may therefore become a critical period of preparation. Businesses that fail to adapt quickly to the new regulatory environment may face not only financial penalties, but also significant disruptions to their commercial operations and marketing strategies.</p>
<p> </p>


<p>Artykuł <a href="https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/dietary-supplements-under-tightened-scrutiny-how-the-2026-reform-could-reshape-the-polish-market/">Dietary Supplements Under Tightened Scrutiny: How the 2026 Reform Could Reshape the Polish Market</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/dietary-supplements-under-tightened-scrutiny-how-the-2026-reform-could-reshape-the-polish-market/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Representatives of our law firm KG LEGAL KIEŁTYKA GŁADKOWSKI will take part in the Data Science Summit AI Edition 2026 – one of the largest events dedicated to artificial intelligence in Central and Eastern Europe</title>
		<link>https://www.kg-legal.eu/info/kg-legal-news/representatives-of-our-law-firm-kg-legal-kieltyka-gladkowski-will-take-part-in-the-data-science-summit-ai-edition-2026-one-of-the-largest-events-dedicated-to-artificial-intelligence-in-centr/</link>
					<comments>https://www.kg-legal.eu/info/kg-legal-news/representatives-of-our-law-firm-kg-legal-kieltyka-gladkowski-will-take-part-in-the-data-science-summit-ai-edition-2026-one-of-the-largest-events-dedicated-to-artificial-intelligence-in-centr/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Thu, 18 Jun 2026 10:22:15 +0000</pubDate>
				<category><![CDATA[KG LEGAL NEWS]]></category>
		<category><![CDATA[AIEdition2026]]></category>
		<category><![CDATA[ArtificialIntelligence]]></category>
		<category><![CDATA[DataScienceSummit]]></category>
		<category><![CDATA[Doing business in Poland]]></category>
		<category><![CDATA[KG Legal]]></category>
		<category><![CDATA[MachineLearning]]></category>
		<category><![CDATA[ModelDistillation]]></category>
		<category><![CDATA[Polish law]]></category>
		<category><![CDATA[WARSAW]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8801</guid>

					<description><![CDATA[<p>Publication date: June 18, 2026 On June 19, 2026, representatives of our law firm will participate in the Data Science Summit AI Edition 2026, which will be held at the Palace of Culture and Science in Warsaw. For many years, the event has been one of the most important technology conferences in Central and Eastern [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/representatives-of-our-law-firm-kg-legal-kieltyka-gladkowski-will-take-part-in-the-data-science-summit-ai-edition-2026-one-of-the-largest-events-dedicated-to-artificial-intelligence-in-centr/">Representatives of our law firm KG LEGAL KIEŁTYKA GŁADKOWSKI will take part in the Data Science Summit AI Edition 2026 – one of the largest events dedicated to artificial intelligence in Central and Eastern Europe</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: June 18, 2026</mark></strong></p>



<p>On June 19, 2026, representatives of our law firm will participate in the <strong>Data Science Summit AI Edition 2026</strong>, which will be held at the Palace of Culture and Science in Warsaw. For many years, the event has been one of the most important technology conferences in Central and Eastern Europe, bringing together specialists responsible for the development and implementation of the most advanced solutions based on artificial intelligence, machine learning, and data analysis. It provides a meeting place for the business, technology, scientific, and administrative communities—a space where implementation practice meets regulatory and strategic reflection.</p>



<p>Link to the event: <a href="https://ml.dssconf.pl/#agenda">https://ml.dssconf.pl/#agenda</a></p>



<p>This year&#8217;s edition focuses on the most important directions of development of modern artificial intelligence, including, among others, generative AI ( Generative AI), large language models (LLM), GPT systems, AI agents, Agent-to-Agent (A2A) architectures, Context Model Protocol (MCP), reinforcement learning, computer vision, predictive analytics, MLOps, LLMOps, AI governance and broadly understood data-driven business transformation.</p>



<p>The conference is aimed at data scientists, AI experts, data engineers, IT system architects, programmers, cybersecurity specialists, digital transformation leaders, product development managers, public administration representatives, and executives of enterprises implementing AI-based solutions. Speakers will include representatives of global technology companies, international corporations, financial institutions, telecommunications operators, energy companies, research and development organizations, academia, and technology startups &#8211; including AI directors, chief system architects, digital transformation leaders, scientists, AI engineers, MLOps experts, cybersecurity specialists, and managers responsible for implementing technological innovations.</p>



<p>The event is distinguished by its practical nature. The program focuses not only on presenting technological innovations, but primarily on showcasing real-world implementations already in place in businesses, public administration, the financial and energy sectors, e-commerce, telecommunications, healthcare, and industry.</p>



<span id="more-8801"></span>



<p><strong><u>Enterprise AI &#8211; From Experiment to Infrastructure</u></strong></p>



<p>One of the most important themes of the conference is the practical use of artificial intelligence in production environments. It is increasingly clear that AI has ceased to be an experimental technology and has become a component of real-world business infrastructure. In this context, we are analyzing ways to counteract the phenomenon of so-called information bubbles and build more sustainable recommendation systems used by the largest media platforms. Methods are emerging to increase the diversity of presented content, reduce algorithmic bias, and design systems that responsibly influence user behavior.</p>



<p>A key issue is the collaboration between classic machine learning and generative AI. Combining both approaches allows for the development of scalable, cost-effective solutions, ready for use by large organizations. A significant portion of the discussion also focuses on countering financial fraud &#8211; methods for detecting fraud and building competitive advantage through structured AI system development processes. Developer experience and modern work environments for AI teams are also gaining importance, including ways to accelerate the creation and maintenance of AI-based applications.</p>



<p>The technological landscape is strongly influenced by the prototyping of AI agents using modern programming environments and platforms supporting the creation of autonomous systems. Simultaneously, there are emerging themes regarding the use of AI in the legal sector &#8211; methods for assessing the reasoning ability of language models, methods for tracing legal sources, and techniques for increasing the reliability of AI-generated responses. From a security perspective, mechanisms for securing autonomous systems against attacks, unauthorized access, and attempts to manipulate their behavior are particularly important.</p>



<p>Equally important is the optimization of language models &#8211; techniques for quantization, distillation, and model size reduction while maintaining high efficiency. In the financial sector, solutions are emerging that include automated document processing, data extraction, and the development of intelligent analytical platforms. As an illustration of the creative potential of AI, the mechanisms behind music generation by artificial intelligence and the application of deep learning in creative processes are also discussed.</p>



<p><strong><u>Generative AI – Multimodality, Agents, and Public Administration</u></strong></p>



<p>Generative AI is one of the fastest-growing areas of contemporary technology. In production practice, it is used to automatically describe works of art, create alternative descriptions that increase the accessibility of digital documents for people with disabilities, and develop strategies for replacing very large and expensive language models with smaller, specialized solutions that can be effectively used in enterprises. The evolution of architectures leads from simple prompts, through RAG mechanisms, to multi-stage pipelines integrating multiple data sources and advanced LLM architectures.</p>



<p>Multimodality plays a significant role &#8211; solutions that can simultaneously analyze text, images, sound, and spatial information &#8211; opening the door to building more versatile AI systems. In enterprise environments where standard communication protocols aren&#8217;t feasible, building agents that exclusively utilize approved APIs, internal tools, and development platforms becomes crucial, while adhering to security and governance principles.</p>



<p>A crucial direction is the use of artificial intelligence in public administration, including the process of transforming an AI project into a product accessible to millions of citizens. Solutions that generate sound, speech, and music using modern diffusion models and transformers are also gaining importance, as are automatic analysis of PDF documents and the extraction of structured data from multi-page administrative materials. Hybrid pipelines combining generative AI, signal processing, and embedded systems for use in resource-constrained devices are also emerging. A separate, increasingly important issue is assessing the quality of RAG chatbots, testing them before deployment, and building reliable conversational systems.</p>



<p><strong><u>Machine learning in practice &#8211; recommendations, energy, finance</u></strong></p>



<p>Classic machine learning remains relevant &#8211; on the contrary, it&#8217;s finding applications in major industrial and financial implementations. Modern recommendation systems are emerging, based on data representation vectors and embedding architectures, where balancing recommendation effectiveness with the ability for users to discover new content is paramount. Digital twins are being used to optimize energy assets and manage industrial infrastructure. In the financial sector, teams of collaborative models are emerging to support decision-making processes.</p>



<p>The challenges associated with AI agents operating in social media are increasingly being discussed &#8211; issues such as user privacy, data security, and customer interaction design. In the banking sector, there&#8217;s a clear trend toward building millions of personalized models operating in parallel, which requires advanced training optimization, system scaling, and efficient processing of massive data sets.</p>



<p><strong><u>Deployments, MLOps, and Security &#8211; The AI Systems Lifecycle</u></strong></p>



<p>One of the most practical areas of the event is implementing, maintaining, and scaling AI systems in production environments. Simply developing a model is no longer the biggest challenge; ensuring its stable, secure, and effective operation in real-world business environments is crucial.</p>



<p>The security of generative AI is becoming one of the most pressing issues. Practical methods are emerging to protect models from prompts, injection, jailbreaking, and attempts to bypass control mechanisms. Referring to OWASP guidelines and modern solutions enabling the implementation of AI systems in accordance with the security- by-design principle is becoming standard.</p>



<p>From a legal perspective, issues related to designing global data platforms operating simultaneously in multiple jurisdictions are particularly important. These challenges include data sovereignty, local regulations, and the need to reconcile legal requirements across different jurisdictions.</p>



<p>A key theme is the full lifecycle of machine learning models &#8211; the processes of building, deploying, monitoring, updating, and retiring AI models, as well as how to manage their performance at scale. System performance optimization plays a significant role &#8211; techniques for reducing latency, shortening inference times, and adapting models to various hardware environments. Case studies from the pharmaceutical sector also appear, demonstrating how to manage chatbots&#8217; deviance from their original purpose and how to minimize the risk of generating undesirable responses. Simultaneously, computer model optimization techniques are being developed, allowing to increase their efficiency many times while maintaining high quality of prediction.</p>



<p>Monitoring LLM systems and AI agents before end-user errors occur is becoming particularly important. Systems for model tracking, automated evaluation, anomaly detection, cost management, and continuous response quality improvement are emerging. Solutions are emerging that enable the management of thousands of AI agents and their evaluation at scale. This is complemented by approaches based on GitMLOps, DevSecOps, and modern observability solutions for systems based on large language models.</p>



<p><strong><u>AI Agents &#8211; Autonomous Decision-Making Systems</u></strong></p>



<p>One of the most important areas of the conference is AI agents. Modern artificial intelligence is increasingly moving beyond the role of a mere tool for human support and instead becoming an autonomous system capable of executing complex business processes. Methods are emerging for assessing the effectiveness of large-scale multi-agent systems &#8211; methods for automated testing, reliability testing, tracing error sources, and building systems that guarantee repeatable results. Significant attention is being paid to monitoring agents in real time, identifying errors, measuring response quality, and continuously improving decision-making processes.</p>



<p>Issues related to the security of AI agents are becoming increasingly important, including attack scenarios that confuse autonomous systems and methods for securing them against manipulation. Practical applications of agents utilizing financial, registry, and business data are emerging, supporting analytical, scoring, and decision-making processes. AI agents are also finding applications in telecommunications and in the construction of systems that independently conduct research and analysis.</p>



<p>Agents&#8217; long-term memory plays a significant role &#8211; solutions utilizing knowledge graphs and mechanisms that enable agents to independently organize and expand their accumulated knowledge. Real-time voice agents are highly practical &#8211; systems capable of conducting telephone conversations with users, analyzing speech, and generating responses that approximate natural communication. Solutions are also emerging that enable automatic detection of problems arising during the operation of production agents and the generation of evaluation processes without human intervention. Applications also include systems supporting energy management, intelligent buildings, and Internet of Things devices. A separate, important area is the evaluation of Text -to-SQL systems, which enable the automatic conversion of natural language into database queries.</p>



<p><strong><u>Development and tuning of large language models</u></strong></p>



<p>A significant portion of the conference was devoted to the creation, training, and refinement of large-scale language models. The most common errors made when building AI models are increasingly understood, as is the significant impact that the proper selection of training data has on their quality. Specialized models for the banking sector are being developed, along with methods for adapting them to specific business applications.</p>



<p>A significant area of research is Polish multimodal models capable of simultaneously understanding text and images, including methods for building them with limited data resources. Techniques for simplifying official and administrative language using language models are also emerging, with a particular emphasis on increasing the accessibility of public transportation. Mechanisms for building trust in artificial intelligence by providing users with justifications for generated responses are gaining increasing importance. Embedding models, used to identify duplicate data, ambiguous names, and unstructured addresses, are becoming increasingly important in everyday business practice.</p>



<p><strong><u>Business Transformation &#8211; Strategy, Data, and Organization</u></strong></p>



<p>From a strategic perspective, artificial intelligence is becoming one of the most important elements in building a competitive advantage for enterprises. Practical experience is emerging with implementing generative AI in international organizations and managing technological transformation processes. Methods for identifying the most promising AI initiatives from among hundreds of potential projects are becoming increasingly important.</p>



<p>Data quality plays a significant role &#8211; proper data preparation is now a prerequisite for the effective implementation of artificial intelligence. Critical analysis of technological trends is also emerging, allowing us to separate the true capabilities of AI from marketing hype. The importance of data architecture and IT systems for the success of transformation projects is becoming increasingly clear. The debate on the future of management in the era of agent-based AI and the changes AI will bring to corporate organizational structures is particularly prominent. Examples of building scalable customer service agents operating simultaneously in multiple countries are also emerging, as are the experiences of large organizations implementing AI, developing data products, supporting business expansion, and transforming the banking sector.</p>



<p><strong><u>AI in Software Development &#8211; Regulation, Security, and Intellectual Property</u></strong></p>



<p>Artificial intelligence is fundamentally changing the way technology teams work. Building local systems to support programming in compliance with European regulations, including the AI Act and NIS2, is becoming increasingly important. Both the potential and limitations of modern programming assistants are emerging, including the reasons for the failure of AI agents working with enterprise data and ways to build more predictable systems.</p>



<p>Cybersecurity, threat modeling, and vulnerability management in AI-based systems are all important topics, as are the practical aspects of building agent platforms capable of operating in production environments. From a legal perspective, issues related to intellectual property protection, commercialization of AI-based solutions, copyright management, and building secure technological product development processes are particularly important.</p>



<p><strong><u>Computer Vision &#8211; intelligent image analysis</u></strong></p>



<p>Modern image analysis goes far beyond classical object recognition. New approaches are emerging to using visual models in unusual applications, including Visual RAG systems that enable automated processing of data contained in spreadsheets and corporate documents. The technological trade-offs involved in designing high-performance pipelines are increasingly understood. computer vision. Computer vision is also used in climate forecasting and analysis of environmental phenomena, as well as in automatic data extraction from Polish administrative and business documents.</p>



<p><strong><u>Debates about the future of artificial intelligence</u></strong></p>



<p>An integral part of the event are expert roundtable discussions. The role of software agents is discussed &#8211; whether they will become merely a tool to support specialists or will they take over some of their responsibilities. The use of AI agents as digital equivalents of junior engineers supporting data science teams is also discussed. Experts engage in debates on the labeling of AI-generated content and the transparency of AI systems.</p>



<p>A separate discussion is devoted to Europe&#8217;s technological sovereignty and the possibility of building an independent artificial intelligence ecosystem. The discussion concludes with a discussion on the competencies of the future and the skills that will become crucial for organizations to function in an AI-based economy.</p>



<p>The Data Science Summit AI Edition 2026 demonstrates that artificial intelligence is no longer just a technology of the future. It has become one of the most important tools shaping modern businesses, public administration, and the financial, energy, industrial, and technology sectors. The scale and scope of the topics covered confirm that AI development today requires not only advanced technological competencies but also appropriate risk management, security, regulatory compliance, and a responsible approach to implementing new technologies &#8211; making law firms&#8217; participation in such events a natural part of tracking the directions in which new technologies law is heading.</p>



<p>#DataScienceSummit #AIEdition2026 #ArtificialIntelligence #AI #MachineLearning #GenerativeAI #LLM #GPT #AIAgents #AgenticAI #AgentToAgent #ModelContextProtocol #MCP #DeepLearning #ReinforcementLearning #ComputerVision #PredictiveAnalytics #MLOps #LLMOps #AIGovernance #ResponsibleAI #AIEthics #AISecurity #PromptInjection #Jailbreaking #SecurityByDesign #OWASP #DevSecOps #GitMLOps #CyberSecurity #DataSovereignty #AIAct #NIS2 #EURegulations #TechSovereignty #DigitalTransformation #BusinessTransformation #DataDriven #DataQuality #DataEngineering #DataScience #CloudComputing #RAG #VisualRAG #Multimodal #Multimodality #Embeddings #VectorSearch #Quantization #ModelDistillation #FineTuning #TextToSQL #KnowledgeGraphs #VoiceAgents #ConversationalAI #Chatbots #DigitalTwins #IoT #SmartBuildings #EnergyManagement #FinTech #BankingAI #LegalTech #LawFirm #IntellectualProperty #Copyright #PublicAdministration #GovTech #HealthcareAI #PharmaAI #Telecommunications #SoftwareDevelopment #AIAssistants #CodingAgents #Innovation #TechConference #Warsaw #CEE #KGLegal #KieltykaGladkowski</p>


<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/representatives-of-our-law-firm-kg-legal-kieltyka-gladkowski-will-take-part-in-the-data-science-summit-ai-edition-2026-one-of-the-largest-events-dedicated-to-artificial-intelligence-in-centr/">Representatives of our law firm KG LEGAL KIEŁTYKA GŁADKOWSKI will take part in the Data Science Summit AI Edition 2026 – one of the largest events dedicated to artificial intelligence in Central and Eastern Europe</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/kg-legal-news/representatives-of-our-law-firm-kg-legal-kieltyka-gladkowski-will-take-part-in-the-data-science-summit-ai-edition-2026-one-of-the-largest-events-dedicated-to-artificial-intelligence-in-centr/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>CE marking</title>
		<link>https://www.kg-legal.eu/info/cross-border-cases/ce-marking/</link>
					<comments>https://www.kg-legal.eu/info/cross-border-cases/ce-marking/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Wed, 13 May 2026 13:13:17 +0000</pubDate>
				<category><![CDATA[CROSS BORDER CASES]]></category>
		<category><![CDATA[CE]]></category>
		<category><![CDATA[cross border cases]]></category>
		<category><![CDATA[KG Legal]]></category>
		<category><![CDATA[Poland]]></category>
		<category><![CDATA[Polish law]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8780</guid>

					<description><![CDATA[<p>Publication date: May 13, 2026 The CE marking was introduced as part of the harmonization of product marking processes within the EU. It is intended to replace all existing conformity markings. The marking itself indicates that the product meets the requirements of the applicable regulations. It is affixed to products intended for introduction into the [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/cross-border-cases/ce-marking/">CE marking</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: May 13, 2026</mark></strong></p>



<p>The CE marking was introduced as part of the harmonization of product marking processes within the EU. It is intended to replace all existing conformity markings. The marking itself indicates that the product meets the requirements of the applicable regulations. It is affixed to products intended for introduction into the EEA and Turkish markets, regardless of where they were manufactured.</p>



<span id="more-8780"></span>



<p class="has-luminous-vivid-amber-background-color has-background has-medium-font-size">Main regulations</p>



<p>The main acts that regulate the CE marking of products and the conformity testing that must accompany this process are: Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93 (consolidated text: OJ L 218, 2008, p. 30, as amended) as well as Decision No 768/2008/EC of the European Parliament and of the Council of 9 July 2008 on a common framework for the marketing of products, and repealing Council Decision 93/465/EEC (consolidated text: OJ L 218, 2008, p. 82).</p>



<p class="has-luminous-vivid-amber-background-color has-background has-medium-font-size">CE marking</p>



<p>Although the mark is generally believed to be an abbreviation of the French expression &#8220;<em>Conformité Européenne&#8221;</em>, no EU legal act provides such an expansion of this abbreviation.</p>



<p>The appearance and method of affixing the CE marking are specified in Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 and Decision No 768/2008/EC of the European Parliament and of the Council of 9 July 2008, stating that it consists of the initials &#8220;CE&#8221; presented in the form specified in the regulation. Unless other regulations specify a different height, it shall be at least 5 mm. In all cases, the proportions of the mark must be maintained. It must be affixed so that it is visible, legible, and indelible from the product. The CE marking is followed by the identification number of the notified body, if it was involved in the production control phase. If the CE marking cannot be affixed to the product, it should be affixed to the packaging or accompanying documentation.</p>



<h2 class="wp-block-heading">Declaration of Conformity</h2>



<p>Union harmonisation legislation requires the manufacturer to draw up and sign an EU declaration of conformity before placing the product on the market.</p>



<p>The manufacturer or its authorized representative established within the EU is required to draw up and sign an EU declaration of conformity as part of the conformity assessment procedure provided for in Union harmonisation legislation. The EU declaration of conformity is a document stating that the product complies with all relevant requirements of the applicable legislation.</p>



<p>By drawing up and signing the EU declaration of conformity, the manufacturer takes responsibility for the product&#8217;s compliance with the regulations.</p>



<p>The EU declaration of conformity must be continuously updated and kept for ten years from the date the product is placed on the market, unless a different period is specified by law.</p>



<p>According to the model declaration in Decision No 768/2008/EC of 9 July 2008, the declaration should include:</p>



<p>1. unique product identifier,</p>



<p>2. name and address of the manufacturer or authorized representative issuing the declaration,</p>



<p>3. a statement that the declaration is issued under the sole responsibility of the manufacturer,</p>



<p>4. Subject of the declaration (product identifier enabling the reconstruction of its history. Where appropriate, it may include a photo),</p>



<p>5. all relevant provisions of Union harmonisation legislation that the product must comply with, referenced standards or other technical specifications (such as national standards and technical specifications) in a precise, complete and clearly defined manner,</p>



<p>6. Where applicable, name and number of the notified body that issued the certificate,</p>



<p>7. Additional information,</p>



<p>8. Date of issue of the declaration, signature and position or equivalent designation of the authorized person,</p>



<p class="has-luminous-vivid-amber-background-color has-background has-medium-font-size">Modules</p>



<p>The mark itself is intended to indicate that the product meets the requirements specified in the law. The product is marked with it by the manufacturer, either independently or with the participation of a national authority (conformity assessment body, notified body). For this purpose, the manufacturer assesses conformity using modules (described in the Commission Notice Blue Guide &#8211; Implementation of EU product regulations 2022 (i.e. OJ EU C. of 2022 No. 247, p. 1) and Decision No 768/2008/EC of the European Parliament and of the Council of 9 July 2008). The modules refer to both the design and production phases. Conformity assessments can be performed using one or two modules. Assessment modules can refer to one of the phases (e.g. only to the production phase), or to both. If a module refers to only one phase, the assessment consists of two modules, while if it refers to both phases, the assessment consists of one.</p>



<p>There are eight modules in total, but with the addition of variants, their number increases to 16 (A, A1, A2, B, C, C1, C2, D, D1, E, E1, F, F1, G, H, H1). Each subsequent module contains further requirements, along with increasing risks posed by the product. In the &#8220;least demanding&#8221; module, A, the manufacturer only prepares technical documentation and takes all necessary measures to ensure the production process ensures compliance of manufactured products with the technical documentation, and then affixes the marking to the product. In the highest module, H1, the manufacturer must have an approved quality assurance system (approved by a notified body) for design, production, and inspection and testing of finished products. It is also subject to supervision by a notified body. The notified body may also pay unannounced visits to the manufacturer, during which it may conduct or commission product tests.</p>



<p class="has-luminous-vivid-amber-background-color has-background has-medium-font-size">Entities involved in conformity assessment</p>



<p>At the outset, it is worth noting that regardless of whether a notified body is involved in the conformity assessment procedure or not, the conformity assessment is the manufacturer&#8217;s responsibility, and the declaration of conformity is made under his sole responsibility.</p>



<p>There are three possibilities for the involvement of other entities in the conformity assessment procedure:</p>



<p>&#8211; No involvement of external entities. In such a case (and this usually applies to products that the legislator has deemed not to pose such a risk that the manufacturer cannot be entrusted with the independent conformity assessment), the manufacturer prepares the declaration itself (along with the appropriate tests and technical documentation), and conducts the tests, inspections, and guarantees compliance during production.</p>



<p>&#8211; Conformity assessment is carried out using an accredited in-house body, i.e., a part of the manufacturer. However, this body cannot perform any tasks other than conformity assessment. It must be independent of commercial, design, and manufacturing entities and must possess the same level of technical competence and impartiality as external assessment bodies. They may conduct assessments within the scope of modules A1, A2, C1, or C2.</p>



<p>&#8211; Conducting the assessment with the involvement of an external entity. If the legislator deems such intervention necessary, an external conformity assessment body will participate in the conformity assessment. This body must be impartial and fully independent of the organization or the product it assesses. It must not engage in any activities that might compromise its independence, and it must not have user or other interests in the product being assessed.</p>



<p>Member States are responsible for designating conformity assessment bodies. They must designate bodies (within their jurisdiction) that have the appropriate competence to assess product conformity.</p>



<p>Even though in-house bodies cannot be notified (i.e. they cannot be external conformity assessment bodies), they must demonstrate at least the same level of technical competence as external bodies through accreditation.</p>



<p>Notified bodies</p>



<p>Conformity assessment bodies (referred to as notified bodies in EU legislation) are entities designated by Member States. Appointed notified bodies must then be notified to the European Commission.</p>



<p>They play roles in the conformity assessment process, responsible for activities such as calibration, testing, certification, and inspection. To qualify as a notified body, a body must be a legal entity established in a Member State, but it may operate or employ personnel outside a Member State or even outside the EU.</p>



<p>The bodies must be accredited, which means that the relevant national accreditation body must confirm that the conformity assessment body meets the requirements set by the harmonised standards and any additional requirements for carrying out specific conformity assessment tasks.</p>



<p>Member States may designate a maximum of one national accreditation body. However, they may choose not to designate such a body and instead have accreditation performed in their territory by an accreditation body from another Member State. In both cases (designation or non-designation), Member States are required to notify the European Commission.</p>



<p>Notified bodies are subject to oversight by national notifying authorities and must keep them informed about their activities (including, for example, availability of resources, performance of conformity assessments, subcontracting of work, and conflicts of interest). They must provide, directly or through another body (e.g., a national accreditation body), all information concerning the proper implementation of the conditions under which they were notified, upon request, both to their notifying authorities and to the Commission.</p>



<p>The notifying authority is responsible for the activities of notified bodies. It must remain capable of ensuring monitoring. If such monitoring is not possible, the notifying authority must withdraw or limit the scope of the notification to the extent necessary.</p>



<p>It&#8217;s also worth mentioning that the independence requirement (which also means that notified bodies &#8220;are and must remain&#8221; third parties independent of their clients) does not mean that only state bodies can become notified bodies. On the contrary, both state and private entities can apply for this status, provided their independence, impartiality, and reliability are guaranteed, and they constitute independent legal entities with appropriate rights and obligations.</p>



<p>Product labeling requirement</p>



<p>The CE marking is not required for every product, only for those for which legislation requires it. Currently, these include toys, electrical products, machinery, personal protective equipment, and cranes. It is prohibited to affix the CE marking to products that are not covered by the CE marking regulations.</p>



<p>Changes in the law</p>



<p>There have been no significant recent changes to the legislation governing the CE marking. However, sector-specific regulations necessarily influence the use of the mark. Such as Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) (OJ EU L 2024, item 2847, as amended) or Regulation (EU) 2025/40 of the European Parliament and of the Council of 19 December 2024 on packaging and packaging waste, amending Regulation (EU) 2019/1020 and Directive (EU) 2019/904 and repealing Directive 94/62/EC (OJ EU L 2025, item item 40) and acts requiring CE marking of products such as Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) Text with EEA relevance (OJ L 1689, 2024).</p>



<p>In its Annex I, Regulation (EU) 2019/1020 of the European Parliament and of the Council of 20 June 2019 lists Union harmonisation legislation.</p>



<p>In summary, the purpose of the CE marking is to signal that a product meets the requirements of the applicable regulations. It is affixed to the product by the manufacturer, either independently or with the involvement of accredited internal bodies or a notified body, following the conformity assessment module(s) appropriate for the level of risk posed by the product, and under their own responsibility.</p>



<p><strong>CE Marking – what really stands behind those two letters?</strong></p>



<p>CE marking is more than just a symbol on a product – it’s a legal declaration that the product complies with all applicable EU requirements and can be placed on the EEA and Turkish markets, regardless of where it was manufactured.</p>



<p>It is the result of a structured conformity assessment process defined in EU harmonisation legislation (including Regulation (EC) No 765/2008 and Decision No 768/2008/EC). Depending on the level of risk, this process may involve the manufacturer alone, internal accredited bodies, or independent notified bodies.</p>



<p>By affixing the CE mark, the manufacturer takes full responsibility for product compliance. In parallel, an EU Declaration of Conformity must be issued, maintained, and kept up to date, confirming that all relevant legal requirements have been met.</p>



<p>The system is built on risk-based modules – from basic self-assessment to highly controlled certification schemes involving external oversight. This ensures proportional control while maintaining product safety and market access across the EU.</p>



<p>In short: CE marking is not a quality label – it is a regulatory passport for products entering the European market.</p>
<p>#CEMarking #EUCompliance #RegulatoryAffairs #ProductCompliance #ConformityAssessment #CECertification #EURegulation #MarketAccess #ProductSafety #NotifiedBody #TechnicalDocumentation #QualityAssurance #ManufacturingCompliance #IndustrialCompliance #LegalMetrology #EUlaw #ProductTesting #DeclarationOfConformity #RiskAssessment #HarmonisedStandards #BlueGuide #RegulatoryCompliance #EngineeringCompliance #SupplyChainCompliance #ProductRegulations #ComplianceManagement</p>
<p> </p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/cross-border-cases/ce-marking/">CE marking</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/cross-border-cases/ce-marking/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>What is a family foundation under Polish law?</title>
		<link>https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/what-is-a-family-foundation-under-polish-law/</link>
					<comments>https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/what-is-a-family-foundation-under-polish-law/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Wed, 12 Nov 2025 11:58:50 +0000</pubDate>
				<category><![CDATA[INVESTMENT LAW AND PROCESSES IN POLAND]]></category>
		<category><![CDATA[family foundation]]></category>
		<category><![CDATA[Family Foundation Act]]></category>
		<category><![CDATA[KG Legal]]></category>
		<category><![CDATA[law firm in Krakow]]></category>
		<category><![CDATA[PIT exemption]]></category>
		<category><![CDATA[Poland]]></category>
		<category><![CDATA[Polish law]]></category>
		<category><![CDATA[Tax benefits]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8482</guid>

					<description><![CDATA[<p>Publication date: November 12, 2025 A family foundation is a relatively new institution in Polish law, introduced two years ago by the Act of January 26, 2023, on Family Foundations. The ability to establish such an entity was introduced primarily to enable entrepreneurs to secure the succession of their businesses in an undivided form, as [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/what-is-a-family-foundation-under-polish-law/">What is a family foundation under Polish law?</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong>Publication date: November 12, 2025</strong></p>



<p>A family foundation is a relatively new institution in Polish law, introduced two years ago by the Act of January 26, 2023, on Family Foundations. The ability to establish such an entity was introduced primarily to enable entrepreneurs to secure the succession of their businesses in an undivided form, as well as to ensure the implementation of their own vision for managing them even longer after the founder&#8217;s death. Only a natural person with full legal capacity can be the founder of a family foundation. They can establish the foundation and designate its beneficiaries—themselves, relatives, or public benefit organizations—in their will or deed of incorporation. Both deeds should be executed by a notary. Unlike an Anglo-Saxon trust, a family foundation is not a legal relationship but a separate legal entity. Upon establishment, it acquires legal capacity and becomes a so-called &#8220;imperfect legal person.&#8221;</p>



<p class="has-luminous-vivid-amber-background-color has-background has-large-font-size"><strong>Tax benefits</strong></p>



<span id="more-8482"></span>



<p>Some use foundations to reduce, or rather optimize, their tax liabilities. According to the Corporate Income Tax Act, a foundation is exempt from, among other things, corporate income tax (CIT) if it conducts business activities. However, permissible business activities are defined by the framework set forth in Article 5 of the Family Foundation Act. Permitted forms of activity include:</p>



<p>&#8211; disposal of property, unless the property was acquired solely for the purpose of further disposal;</p>



<p>&#8211; renting, leasing or making property available for use on another basis;</p>



<p>&#8211; joining commercial companies, investment funds, cooperatives and entities of a similar nature, having their registered office in the country or abroad, as well as participating in these companies, funds, cooperatives and entities;</p>



<p>&#8211; acquisition and sale of securities, derivative instruments and rights of a similar nature (and others).</p>



<p>Establishment of the Family Foundation</p>



<p>According to the law, the establishment of a family foundation requires:</p>



<p>1) submitting a declaration of establishment of a family foundation in the founding act or in the will;</p>



<p>The documents should be in the form of a notarial deed.</p>



<p>2) establishing a statute that</p>



<p>*mandatory includes:</p>



<p>-name of the family foundation;</p>



<p>-seat of the family foundation;</p>



<p>-detailed purpose of the family foundation;</p>



<p>&#8211; the beneficiary or the method of defining it and the scope of the beneficiary’s rights;</p>



<p>&#8211; rules for maintaining the list of beneficiaries;</p>



<p>&#8211; rules, including detailed procedures, for waiving rights by the beneficiary;</p>



<p>-duration of the family foundation, if specified;</p>



<p>-value of the founding fund;</p>



<p>&#8211; the principles of appointment and dismissal, as well as the rights and obligations of members of the bodies of a family foundation, as well as the principles of representation of the family foundation by the management board or by other bodies of the family foundation in cases specified in the Act;</p>



<p>&#8211; entity authorized to approve the activities of the management board of a family foundation in the organization;</p>



<p>-principles of amending the statute;</p>



<p>&#8211; the allocation of the property of a family foundation after its dissolution, including the designation of the beneficiary entitled to the property in connection with the dissolution of the family foundation.</p>



<p>*may additionally contain:</p>



<p>&#8211; principles of cooperation or collaboration between the bodies of a family foundation;</p>



<p>&#8211; detailed circumstances of the dissolution of the family foundation;</p>



<p>&#8211; guidelines for investing the assets of a family foundation;</p>



<p>-provide for the establishment of a field unit or field units.</p>



<p>3) preparing an inventory of property which includes:</p>



<p>&#8211; Property rights contributed by the founder or persons other than the founder to the family foundation, with the indication of the person contributing the property and the specification of the type and value of each of the contributed property components, in the amount determined according to the condition and prices at the time of their contribution and their tax value,</p>



<p>-determination of the proportions used to determine the PIT exemption</p>



<p>&#8211; a list of property contributed to the family foundation to cover the founding fund.</p>



<p>4) establishing the bodies of the family foundation required by law or the statute;</p>



<p>&#8211; the Act enumerates: the management board, the supervisory board and the meeting of beneficiaries.</p>



<p>&#8211; The management board is appointed, unless the statute provides otherwise, by the founder and, after his death, by the supervisory board. In the absence of a supervisory board, the election is made by the meeting of beneficiaries. The management board&#8217;s duties include:</p>



<ul class="wp-block-list">
<li>managing the affairs of the family foundation and representing it;</li>



<li>realization of the goals of the family foundation specified in the statute;</li>



<li>taking actions related to ensuring the financial liquidity and solvency of the family foundation;</li>



<li>creating, maintaining and updating the list of beneficiaries in accordance with the provisions of the Act and the principles contained in the statute;</li>



<li>informing the beneficiary about the benefit he or she is entitled to;</li>



<li>fulfillment of the benefit to which the beneficiary is entitled.</li>
</ul>



<p>&#8211; A supervisory board is not mandatory if there are 25 or fewer beneficiaries. Unless the statute provides otherwise, the appointment and dismissal of supervisory board members is made by the founder, and after the founder&#8217;s death, by the meeting of beneficiaries.</p>



<p>5) contribution of the founding fund</p>



<p>&nbsp;before entering the family foundation register in the case of establishing a family foundation in the founding act, or contributing the founding fund within two years from the date of entering the family foundation in the family foundation register in the case of establishing a family foundation in a will;</p>



<p>&#8211; the founding capital is specified in the statute, but cannot be lower than PLN 100,000</p>



<p>&#8211; the sole person obliged to contribute assets to cover the founding fund is the founder.</p>



<p>&#8211; property contributed to the founding fund cannot be returned.</p>



<p>&#8211; A foundation account may be established outside the territory of the Republic of Poland . This is not subject to restrictions in the European Union. Outside the EU, using such an account will constitute foreign exchange transactions and therefore require a foreign exchange permit from the President of the National Bank of Poland or a director authorized by him.</p>



<p>6) entry into the register of family foundations.</p>



<p>-The register of family foundations is maintained by the District Court in Piotrków Trybunalski, hereinafter referred to as the &#8220;registry court&#8221;.</p>



<p>-the proceedings are generally conducted in accordance with the provisions on non-contentious proceedings,</p>



<p>&#8211; the application for entry is submitted by submitting the foundation to the register by the founder or the board in the case of a foundation established in a will</p>



<p>-The application should include</p>



<ul class="wp-block-list">
<li>name of the family foundation, its registered office and address;</li>



<li>the amount of the founding fund of the family foundation;</li>



<li>names and surnames, PESEL numbers of the management board members, and in the absence of an obligation to have such a number &#8211; date of birth, and their addresses for correspondence, as well as the manner of representing the family foundation;</li>



<li>names and surnames, PESEL numbers of the members of the supervisory board, and in the absence of an obligation to have such a number &#8211; date of birth, and their addresses for correspondence, if a supervisory board is established in the family foundation, if a board has been established at all;</li>



<li>names and surnames, PESEL numbers of beneficiaries who are natural persons who are members of the group of beneficiaries, and in the absence of an obligation to have such a number &#8211; date of birth, and their addresses for service, and in the case of the beneficiary being an entity other than a natural person &#8211; name or company name and REGON identification number, and if the entity is registered in the National Court Register &#8211; also its number in that register;</li>



<li>name, surname and correspondence address of the founder, if the founder is entitled to appoint the management board;</li>



<li>duration of the family foundation, if specified.</li>
</ul>



<p>-The following must be attached to the registration of a family foundation in the register of family foundations:</p>



<p>&#8211; the foundation&#8217;s founding act or the protocol of opening and announcing the will in which the foundation was established;</p>



<p>-statute</p>



<p>&#8211; a declaration by the founder about contributing property to cover the founding fund, and in the case of establishing a family foundation in a will &#8211; a declaration by the members of the management board that the founding fund will be contributed within two years from the date of entering the foundation in the register;</p>



<p>&#8211; proof of establishment of the foundation&#8217;s bodies, specifying their composition, if the composition of the family foundation&#8217;s bodies does not result from its statute</p>



<p>&#8211; consent to serve as a member of a family foundation body.</p>



<p>The notification is subject to the payment of a fee of PLN 500 in accordance with Article 64 a of the Act of 28 July 2005 on court costs in civil cases ( i.e. Journal of Laws of 2025, item 1228, as amended ).</p>



<p>*Before entry in the register, a company does not have legal personality, so its obligations are the responsibility of the founder or his or her representative. This responsibility ceases upon approval of their actions by a resolution of the management board.</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/what-is-a-family-foundation-under-polish-law/">What is a family foundation under Polish law?</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/investment-law-and-processes-in-poland/what-is-a-family-foundation-under-polish-law/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>DUE DILIGENCE CLAUSES IN LABORATORY EMPLOYMENT AGREEMENTS AND THE LEGAL CONSEQUENCES OF VIOLATING THEM VS. GOOD LABORATORY PRACTICE</title>
		<link>https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/due-diligence-clauses-in-laboratory-employment-agreements-and-the-legal-consequences-of-violating-them-vs-good-laboratory-practice-2/</link>
					<comments>https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/due-diligence-clauses-in-laboratory-employment-agreements-and-the-legal-consequences-of-violating-them-vs-good-laboratory-practice-2/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Wed, 12 Nov 2025 11:37:14 +0000</pubDate>
				<category><![CDATA[PHARMACEUTICAL, HEALTHCARE & LIFE SCIENCES LAW]]></category>
		<category><![CDATA[DUE DILIGENCE CLAUSES]]></category>
		<category><![CDATA[glp]]></category>
		<category><![CDATA[GOOD LABORATORY PRACTICE]]></category>
		<category><![CDATA[LABORATORY EMPLOYMENT AGREEMENTS]]></category>
		<category><![CDATA[LABORATORY PRACTICE]]></category>
		<category><![CDATA[Poland]]></category>
		<category><![CDATA[Polish law]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8480</guid>

					<description><![CDATA[<p>Publication date: November 12, 2025 What essentially is GLP? The problem of regulating diligence clauses in employment contracts in the laboratory industry is essential on the basis of Polish and EU law. These issues shall also consider the general consequences of breaching employee obligations in the form of the so-called Good Laboratory Practice (GLP) principles. [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/due-diligence-clauses-in-laboratory-employment-agreements-and-the-legal-consequences-of-violating-them-vs-good-laboratory-practice-2/">DUE DILIGENCE CLAUSES IN LABORATORY EMPLOYMENT AGREEMENTS AND THE LEGAL CONSEQUENCES OF VIOLATING THEM VS. GOOD LABORATORY PRACTICE</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: November 12, 2025</mark></strong></p>



<p class="has-luminous-vivid-amber-background-color has-background has-medium-font-size"><strong>What essentially is GLP?</strong></p>



<p>The problem of regulating diligence clauses in employment contracts in the laboratory industry is essential on the basis of Polish and EU law. These issues shall also consider the general consequences of breaching employee obligations in the form of the so-called Good Laboratory Practice (GLP) principles.</p>



<p>For some time in the business turnover we can observe the practice of including in employment contracts clauses concerning professionalism and professional diligence in the actions of future employees. As a rule, the clause at issue imposes an obligation on the employee to perform their tasks in a professional manner, adequate to their position and in accordance with standard operating procedures. In addition, all actions of the prospective employee must conform to the recommendations and directives of the supervisor and comply with the applicable law.</p>



<p>The laboratory industry is no exception in this area. It imposes an obligation on employees and contractors to act not only diligently but also based on the principles of Good Laboratory Practice. These principles have been in place since 1978 and regulate issues such as quality assurance in drug testing and development, the prevention of pharmaceutical scandals, and ensuring performance standards for laboratory areas. In addition, the principles regulate such key issues as staffing, space requirements and the quality of equipment and inspection processes for laboratory areas.</p>



<span id="more-8480"></span>



<p><strong><em>Polish GLP regulation and the consequences of violating it</em></strong></p>



<p>On the grounds of domestic legislation, the issue of GLP is regulated in the Regulation of the Minister of Health of 3 August 2021 on <strong>Good Laboratory Practice</strong> and the performance of research in accordance with its scope. Annex I to the Regulation defines the standards of work required of the manager of a research center, the study director or members of the research staff. Attention should be paid to the last two categories, since the work standards specified for them determine the scope of diligence to which the employee may be obligated in a contractual clause. According to section 2(6) of the Annex to the said Regulation, the members of staff should be knowledgeable about the GLP of the specific research being conducted. They are required to act on the basis of the study plan and instructions contained in the documents, and to accurately record data obtained from the studies. Each employee should take care of his/her own safety and that of the environment, and report any deterioration of his/her health to his/her supervisor for the purpose of the possible removal from the study. Additional responsibilities are placed on the study supervisor as the person responsible for coordinating the team. These include, but are not limited to: overseeing the study and ensuring that it is conducted with care and accuracy; including cooperation with quality assurance programme officer, accepting the plan and standard operational procedures, and ensuring that adequate copies of the plan are available for the team to rely on when conducting the study.&nbsp;</p>



<p>Employee actions are subject to constant scrutiny &#8211; any deviation from work standards and failure to follow GLP principles is documented and reported to the study director, according to the Regulation. This may result in various employment law consequences for the employee, such as reprimand, disciplinary responsibility, or even termination of employment contract. The detailed rules of an employee&#8217;s liability for a breach of due diligence are always defined in an individual contract constructed for them. It is worth mentioning, however, that omissions of individual employees may negatively influence the outcome of an inspection of the entire testing unit by the Inspector of Chemical Substances &#8211; the body appointed to inspect testing units at the national level.</p>



<p><strong><em>European solutions</em></strong></p>



<p>The basis of the Regulation of the Polish Minister of Health is to be found in the EU legal acts, which have been implemented into Polish law. Therefore, it should not be surprising that the regulations contained in the acts (created before the regulation) do not differ significantly from those adopted in the Regulation. The first of them, Directive 2004/10/EC of the European Parliament and the UE Council from 11February 2004 in Article 1 imposes on Member States the obligation to ensure that laboratories conducting tests on chemical products act in accordance with the principles of the GLP act and the Directive of 1967 on the classification, labelling and packaging of dangerous substances (67/548/EEC). Annex I of the 2004 Directive defines GLP as a quality system that relates to the organizational process and conditions under which non-clinical health and environmental safety studies are planned, conducted, monitored, recorded, archived and reported. It has been determined that the purpose of the establishment of the GLP is to take care of the quality and conditions under which non-clinical safety studies for health and the environment are carried out for the registration or authorisation of products such as pharmaceuticals, pesticides, veterinary products, industrial chemicals or food additives.</p>



<p>Key issue is the regulation set out in Section II, para. 1.4. of the abovementioned act, which constitutes the duties of research personnel. It imposes on personnel the obligation to know the GLP principles applicable to their participation in study being conducted. It orders the personnel to act on the basis of instructions included in study documents, as well as to maintain health protection measures in order to care for the environment and their own safety. They should also record the raw data swiftly and thoroughly. The duties of the study director set forth in this act are similar to those of the Regulation of the Polish Ministry of Health, namely such a director is responsible for supervising the diligent performance of personnel, approves study programs and instructions, and certifies that qualified personnel, familiar with GLP principles and the study plan undertake their duties.</p>



<p>The issue of control of research units, and consequently &#8211; their employees and their compliance with GLP principles, was regulated in Directive 2004/9/EC of the European Parliament and the EU Council of 11February 2004. It stipulates that Member States shall appoint national inspection authorities to supervise the operation of entities in accordance with the principles of professional diligence. If irregularities are detected in the implementation of GLP principles in a given unit, and employees show ignorance in the application of its principles, there will entail negative consequences (ranging from questioning the validity of the tests carried out by the unit to its removal or undertaking legal action). These consequences do not preclude additional action by the national authority, based on the specific rules of a given Member State.</p>



<p>It should not come as a surprise that employers in the laboratory sector are striving to enforce the highest possible degree of professionalism, accuracy and attention to professional duties from their employees &#8211; the specificity of the described branch requires the highest possible diligence in performing tasks and marginalization of mistakes, which may have serious consequences in the environmental and health dimension. EU and Polish regulations enable employers to effectively implement these obligations in the contract, with individual sanctions for failure to do so.</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/due-diligence-clauses-in-laboratory-employment-agreements-and-the-legal-consequences-of-violating-them-vs-good-laboratory-practice-2/">DUE DILIGENCE CLAUSES IN LABORATORY EMPLOYMENT AGREEMENTS AND THE LEGAL CONSEQUENCES OF VIOLATING THEM VS. GOOD LABORATORY PRACTICE</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/pharmaceutical-healthcare-life-sciences-law/due-diligence-clauses-in-laboratory-employment-agreements-and-the-legal-consequences-of-violating-them-vs-good-laboratory-practice-2/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>AI algorithmic pricing and its assessment under Polish and EU competition law</title>
		<link>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/ai-algorithmic-pricing-and-its-assessment-under-polish-and-eu-competition-law/</link>
					<comments>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/ai-algorithmic-pricing-and-its-assessment-under-polish-and-eu-competition-law/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Fri, 10 Oct 2025 13:38:31 +0000</pubDate>
				<category><![CDATA[IT, NEW TECHNOLOGIES, MEDIA AND COMMUNICATION TECHNOLOGY LAW]]></category>
		<category><![CDATA[AI]]></category>
		<category><![CDATA[algorithmic pricing]]></category>
		<category><![CDATA[IT]]></category>
		<category><![CDATA[KG Legal]]></category>
		<category><![CDATA[law firm in Krakow]]></category>
		<category><![CDATA[Polish law]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8352</guid>

					<description><![CDATA[<p>Publication date: October 10, 2025 The development of artificial intelligence Artificial intelligence is an interdisciplinary field of knowledge combining elements of computer science, mathematics, statistics, neuroscience, and cognitive science. Its goal is to create systems capable of performing tasks that previously required human intelligence. This includes the ability to learn from data, reason, make decisions, [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/ai-algorithmic-pricing-and-its-assessment-under-polish-and-eu-competition-law/">AI algorithmic pricing and its assessment under Polish and EU competition law</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[


<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: October 10, 2025</mark></strong></p>



<p><strong>The development of artificial intelligence</strong></p>



<p class="has-medium-font-size">Artificial intelligence is an interdisciplinary field of knowledge combining elements of computer science, mathematics, statistics, neuroscience, and cognitive science. Its goal is to create systems capable of performing tasks that previously required human intelligence. This includes the ability to learn from data, reason, make decisions, recognize patterns, and process and generate natural language. Unlike traditional programming, in which a computer executes strictly defined instructions, artificial intelligence aims to grant machines a degree of autonomy, allowing them to independently adapt their strategies to changing conditions. Today, AI is no longer an abstract theoretical concept, but a practical tool.</p>



<span id="more-8352"></span>



<p>The development of artificial intelligence is one of the most dynamic phenomena in the history of science and technology. Its origins lie in simple deterministic algorithms, based on clearly defined logical and mathematical rules, used to automate repetitive calculations. However, the real breakthrough came in the second half of the 1990s, when, with the increasing availability of data and the development of computing power, machine learning began to be increasingly used. These methods allowed machines not only to perform pre-programmed tasks but, more importantly, to learn from input data and independently improve their results. The application of machine learning meant a shift from rule-based systems to statistical models capable of recognizing patterns and predicting future events. The next stage was the widespread adoption of deep learning, which gained practical significance in the second decade of the 21st century. These techniques utilize multi-layered neural networks capable of analyzing massive datasets in a manner similar to the perceptual processes occurring in the human brain. This enabled the recognition of images, speech, and natural language with unprecedented effectiveness. Deep learning is the basis of many modern solutions, such as recommendation systems.</p>



<p>The most recent phase of development is generative artificial intelligence, which became widely available around 2021. Unlike previous solutions, which focused on classifying and analyzing data, generative systems can create new content—text, images, sounds, and even complex economic strategies. The introduction of this type of technology has radically expanded the potential applications of AI, but it has also revealed new risks related to its impact on society and the economy. Generative models, capable of dynamically shaping information and influencing decision-making processes, can, for example, participate in market price manipulation.</p>



<p><strong>Price manipulation with the help of new technologies</strong></p>



<p>Price manipulation by sellers is unfair or illegal market practices that involve setting prices in a way that misleads consumers or restricts competition. One of the most commonly used strategies is price fixing. It involves agreements between independent businesses aimed at fixing or controlling prices. This can involve jointly setting minimum or maximum selling prices, coordinating price increases, or even fixing discounts. Such actions are automatically considered illegal – the mere fact of agreeing on prices is sufficient, even if the agreement is not fully implemented. The consequence of price fixing is the elimination of natural price competition. Consumers lose the opportunity to choose cheaper offers, and businesses lose the incentive to innovate.</p>



<p>Another form of manipulation is the abuse of a dominant position. A dominant position means that a business entity has an advantage in the relevant market, allowing it to operate largely independently of competitors, contractors, and consumers. Abuse occurs when a business entity uses its power to impose unfair pricing conditions. This can take various forms, such as setting prices that are excessively high relative to the value of the goods or using predatory pricing, i.e., underselling prices to eliminate competition. Each of these practices leads to market distortion, restricting access for new entrants, and worsening consumer conditions.</p>



<p><strong>Pricing algorithms</strong> are computer programs that provide pricing recommendations or, in some cases, automatically adjust prices based on current and historical data on market conditions. These algorithms consider much of the same data that companies have always considered when making pricing decisions, including historical data as well as current supply and demand indicators. Compared to human price managers, algorithms can process significantly more data in a much shorter time. This efficiency allows companies using algorithmic pricing strategies to respond more quickly to changes in supply and demand and make pricing decisions based on a more accurate, real-time understanding of market conditions.</p>



<p><strong>Ways to use algorithms</strong></p>



<p>Algorithms can be used in various ways. One is to use the algorithm as a tool to achieve a goal set by the companies. In such a situation, the parties to the agreement make certain arrangements between themselves, and only their implementation is left to the algorithms. For example, two companies could agree to eliminate price competition between them. Simply using a software function that allows them to retrieve data on the prices of other market participants would be sufficient. A strategy would therefore be to automatically set prices slightly lower than other companies while simultaneously ignoring the prices of the colluding company. However, in this case, the mere fact of detecting the existence of such collusion does not raise any doubts under current competition law, as it is possible to attribute the concept of an agreement to this situation.</p>



<p>Another technique involves the joint use of a single price-response algorithm by several traders. This shared use of the same algorithm can lead to price alignment and less competition. One element of this type of agreement is the awareness of the participants that the information being shared will reach their competitors. Consequently, transparency regarding the future behavior of competitors is established between the recipients. Recipients are aware of the participation of their competitors at the same level of trade in the agreement and that their prices are disclosed to their competitors. However, in such cases, the use of algorithms remains a technical activity and can be assessed through the lens of the underlying conduct, to which existing provisions on anticompetitive agreements can be applied.</p>



<p>However, there does not always have to be any agreement between market players regarding the use of artificial intelligence in sales to raise legal concerns. An example would be the configuration of these modern tools to automatically respond to changes in competitors&#8217; prices. This can take the form of faster price reductions, mimicking price increases, or simply adapting to current market price levels. The increasing use of specialized software by businesses that monitors websites and collects price data is making the online sales market increasingly transparent. This transparency allows for easy tracking of competitors&#8217; pricing policies, quick detection of deviations from established price levels, and immediate response to such situations. This allows companies using algorithms to adjust their prices to rivals&#8217; actions almost in real time. Consequently, traditional price reductions aimed at attracting customers often lose their purpose – competitors can offer the same reduction in a fraction of a second. The situation is different with price increases – if one seller decides to increase prices, others are likely to follow suit, leading to an overall price increase. As a result, prices naturally drift towards a level higher than fully competitive.</p>



<p>The most theoretical scenario is a situation in which <strong>self-learning algorithms</strong>, used independently by different companies, independently conclude that joint coordination is the most profitable strategy. This does not imply a formal agreement or explicit exchange of information, but rather the spontaneous development of behaviors akin to collusion. This could be facilitated by a combination of two factors: on the one hand, the vast amount of available data on competitors and consumers (e.g., thanks to the Internet of Things, transaction analysis, or online behavior tracking), and on the other, the growing capabilities of artificial intelligence algorithms that learn market strategies through experience.</p>



<p>Experimental environments have already demonstrated that algorithms using reinforcement learning are capable of developing stable pricing strategies that reduce competition, even when they are not explicitly programmed to do so. Research shows that such systems can gradually coordinate their behavior, balancing between exploration and exploitation of the environment in a manner resembling tacit collusion. Importantly, this phenomenon can occur even under conditions that hinder cooperation &#8211; for example, when new players enter the market or when demand fluctuates.</p>



<p><strong>What is an AI algorithm?</strong></p>



<p>An AI algorithm is a set of advanced mathematical rules and processes designed to solve tasks, make decisions, or imitate human behavior and thinking using a computer. An AI algorithm often leverages machine learning capabilities to analyze, process, and learn from data. This allows AI tools to more efficiently perform various tasks (predicting patterns, assessing trends, optimizing processes, etc.) that would otherwise require human intervention. AI algorithms form the foundation of artificial intelligence systems, enabling them to learn, reason, recognize patterns, process natural language, and make decisions.</p>



<p>AI algorithms can self-improve by adapting their actions based on the analysis of vast amounts of data. There are three major categories of AI algorithms: supervised learning, unsupervised learning, and reinforcement learning. The key differences between these algorithms lie in how they are trained and how they function.</p>



<p><strong>Competition concerns – communication of algoritms</strong></p>



<p>A problem that raises particular concerns among competition authorities is the potential ability of algorithms to communicate. Although there is currently no evidence that systems learn this type of interaction without human intervention, it theoretically cannot be ruled out that in the future, algorithms will develop their own mechanisms for exchanging information. The European Commission points to the risk of &#8220;novel forms of coordination&#8221; between computer systems. If such a situation were to occur, it would be easier to classify the companies&#8217; actions as prohibited cooperation – similar to traditional information exchange between competitors.</p>



<p>The issue of legal liability, however, remains controversial. If algorithms merely anticipate competitors&#8217; reactions and adapt their own strategies accordingly, companies can be said to have permitted market autonomy (pursuant to Article 101 of the TFEU). However, it is more difficult to assess cases in which the systems themselves create a &#8220;communication channel&#8221; leading to actual price coordination. Some legal doctrine proposes adopting an approach similar to that used in the case of unauthorized employee actions – the company would be liable for the tools used. This was aptly put by EU Competition Commissioner, emphasizing that &#8220;companies cannot hide behind computer code<a href="#_ftn1" id="_ftnref1">[1]</a>&#8220;.</p>



<p>The current state of technology indicates that algorithms are not yet capable of concluding lasting cartel agreements in dynamic market conditions. However, the rapid development of artificial intelligence and the increasing complexity of predictive systems may enable the emergence of such practices in the future. Therefore, regulators are increasingly emphasizing the need to modernize competition law tools to effectively counter not only classic cartels but also &#8220;algorithmic collusion&#8221;. Failure to address this could lead to significant losses for consumers, a reduction in innovation, and the concentration of economic power in the hands of a few technological entities – creating a kind of &#8220;digital plutocracy.&#8221;</p>



<p><strong>The effects of AI algorithmic pricing</strong></p>



<p>One of the key problems with algorithmic pricing is the asymmetry in the speed of response to market changes. Companies with more advanced algorithms can update prices much more frequently—even continuously—while those with less advanced technological tools only make price adjustments at longer intervals, such as weekly. This leads to a structural competitive advantage for the former, as they can flexibly adapt to supply and demand and react almost immediately to competitive price movements. In practice, this means that companies with more advanced systems can aggressively lower prices before competitors have time to adapt their offerings, effectively driving them out of the market. This imbalance not only distorts the principles of fair competition but also leads to deeper market concentration, as smaller or technologically weaker companies gradually lose the ability to maintain their position against dominant players investing in advanced algorithmic solutions.</p>



<p>Predatory pricing, in which a dominant firm incurs short-term losses by deliberately pricing goods and services below cost to eliminate competitors or new entrants, is another practice that modern technology is currently employing. This strategy typically involves two stages: first, the dominant firm aggressively undercuts competitors&#8217; prices to drive them out of the market (the predation phase), and then uses its market power to raise prices to recoup losses and generate profits after the competitors disappear (the loss recovery phase). For predatory pricing strategies to be effective, a firm must maintain low prices long enough to eliminate competitors. Pricing algorithms can help firms target specific customers of competitors by offering them prices even below cost. For example, an established firm might do this to avoid losing customers to a new competitor. An established firm might use an algorithm to target customers most likely to switch suppliers, seeking to retain them rather than offering lower prices to all its customers. This could help an established company minimize losses. These algorithms can also help companies pursue predatory pricing strategies and build a reputation for lowering prices in the future if new entrants struggle. Pricing algorithms can also help companies raise prices for consumers who are more willing to pay or less sensitive to price changes. They enable companies to simultaneously engage in predatory pricing and recover losses without the need for a human intervention, using automated means.</p>



<p>Finally, algorithmic pricing introduces a significant element of uncertainty for consumers, who are unable to predict how much they will ultimately pay for a product or service. These mechanisms, based on automated supply and demand analyses, lead to constant and opaque price fluctuations, undermining market trust and limiting the ability to make rational purchasing decisions. Price instability often causes consumers to feel compelled to buy quickly for fear of further cost increases, which encourages impulsive and economically unfavorable choices. In the long term, such practices destabilize the market, hinder healthy competition, and strengthen the position of dominant players who exploit technological advantages at the expense of weaker market participants.</p>



<p><strong>The question of legality</strong></p>



<p>However, a fundamental question arises regarding the legality of such practices under Polish law. The Act of 9 May 2014 on Information on the Prices of Goods and Services<a href="#_ftn2" id="_ftnref2">[2]</a> imposes on businesses the obligation to clearly and unambiguously disclose the prices of their products. According to the Act, the price should be clearly displayed and allow for comparison with other market offers. However, dynamic price changes, even occurring several times a day, can raise interpretational questions regarding compliance with the requirement of unambiguous price presentation. A consumer who sees significantly different prices for the same product or service within a short period of time may be deprived of the ability to make a rational economic choice. It should be emphasized that the legislator also introduced the obligation to disclose the lowest price applicable within thirty days prior to the discount. In the context of algorithmic pricing, the question arises as to whether every short-term price change resulting from the operation of an algorithm should be treated as a discount within the meaning of the Act, or whether it should be classified as a normal market fluctuation. The lack of clear regulations in this area leads to legal uncertainty for both entrepreneurs and consumers.</p>



<p>The Act of 16 February 2007 on Competition and Consumer Protection<a href="#_ftn3" id="_ftnref3">[3]</a> opens up an even wider field of interpretation. This Act provides both instruments for counteracting practices that violate the collective interests of consumers and protection against anti-competitive practices. In this context, the problem of so-called tacit algorithmic collusion is particularly significant. In this context, independently operating algorithmic systems of various businesses, monitoring and reacting to competitors&#8217; prices, can stabilize them at an inflated level without the need for a formal agreement. This type of phenomenon, although difficult to detect and prove, can be classified as a violation of fair competition principles, potentially subject to intervention by market protection authorities. The literature indicates that the increasing automation of decision-making processes in price setting raises the risk of developing anti-competitive coordination mechanisms that fall outside the traditional categories of antitrust law.</p>



<p>At the same time, the Competition and Consumer Protection Act imposes an obligation on businesses to avoid misleading practices. In the case of dynamic pricing, the lack of full transparency becomes a problem. If consumers are not informed upfront that prices may fluctuate significantly depending on demand or transaction time, they may be deemed misleading, and the practice itself may be deemed to violate collective consumer interests. In this sense, the obligation of transparency takes on particular significance and should also include information about the pricing mechanism, not just the current price level.</p>



<p>An analysis of the applicable regulations leads to the conclusion that algorithmic pricing per se is not a prohibited practice in Poland. However, its legality depends on whether the entrepreneur complies with the obligations arising from specific laws, as well as on whether the use of algorithms does not lead to practices that restrict competition or violate consumer rights. Entrepreneurs are obligated to provide consumers with reliable and complete information and to avoid practices that may destabilize the market. In the event of a violation of these obligations, sanctions may be imposed by both the Trade Inspection Authority (in the case of incorrect pricing information) and the President of the Office of Competition and Consumer Protection (in the case of practices that violate competition rules or are misleading).</p>



<p><strong>Case law review</strong></p>



<p>It is also worth taking a closer look at decisions issued on algorithmic pricing by state and EU authorities.</p>



<p>In the Eturas case, the contested agreement was supported by a digital platform (software for selling travel online), where the system&#8217;s administrator proposed to competing travel agencies the use of a technical instrument imposing a ceiling on discounts on packages offered. The EU Court found it reasonable to assume that travel agencies that were aware of the content of messages sent via the system were participants in an anticompetitive agreement, unless they rebutted that presumption. The Commission also states that the prohibition under Article 101(1) TFEU is likely to cover cases in which &#8220;pricing rules&#8221; were defined by undertakings &#8220;in a common algorithmic tool (e.g., rules for adjusting the price to the lowest price on a specific online platform or in a specific online store), and this qualification would be accepted &#8220;even in the absence of an express agreement to adjust future prices”<a href="#_ftn4" id="_ftnref4">[4]</a>.</p>



<p>In commercial transactions, there are also cases in which entrepreneurs use the same algorithm to set prices for their services, yet there are no grounds to conclude that they have entered into an anticompetitive agreement. An example of a case assessed by the President of the Office of Competition and Consumer Protection (UOKiK) is the UBER app. Its use does result in the restriction or even elimination of price competition between UBER drivers, which is, after all, centrally determined by the app. This also constitutes an agreement between UBER and individual drivers. In this case, however, such algorithmic pricing is necessary for the proper functioning of the UBER system, and at the same time, it does not lead to the elimination of competition, being a proportionate measure. This justifies treating such an agreement as not violating the prohibition of Article 6, Section 1 of the UOKiK based on the construction of ancillary restrictions.</p>



<p>A problematic scenario can arise when a large number of businesses utilize the same or similarly functioning algorithm without any collusion between them regarding the selection of one algorithm over another. In this situation, each of these businesses uses a specific program as a tool to inform them about the market situation and enable a rapid response. In this scenario, there is a significant increase in market transparency, which can have anti-competitive effects, as the use of an algorithm allows businesses to react much more quickly to any market changes, including price reductions by competitors, which can reduce their incentive to make such reductions. In such a case, businesses merely adjust their prices to those of their competitors. Such conduct &#8211; so-called parallel conduct &#8211; has for years been viewed by EU and Polish jurisprudence as not violating antitrust rules. In fact, in this case, it cannot be said that an agreement was concluded. Moreover, under the soft law provisions issued regarding vertical relationships, the Commission itself has indicated that price monitoring using computer programs is not prohibited, or more precisely, it may benefit from an exemption from the prohibition of anticompetitive agreements. Therefore, from the Commission&#8217;s position, it can be deduced that the antitrust permissibility of such algorithmic price monitoring is determined by the lack of grounds for attributing such conduct the status of an agreement, and that it constitutes a manifestation of the parallel conduct mentioned above.</p>



<p>According to the authorities, it would also be possible to attribute antitrust liability to the creator of the algorithm. The VM- Remonts formula, developed in EU case law, could be particularly applicable to this. In this case, while the Court recognized as a rule that an undertaking cannot &#8220;be held liable for participating in a concerted practice on the basis of the actions of an independent service provider”<a href="#_ftn5" id="_ftnref5">[5]</a>, it also identified exceptions to this rule. Fulfilling one of these exceptions justifies the application of Article 101(1) TFEU also to the service provider, for example, the software developer. Polish legal literature also argues that the constructions of extended liability for competition law infringements developed in EU case law (especially the concept of cartel accessory liability) could also be used to attribute antitrust liability to an undertaking that provides participants in an agreement with tools (including digital tools) enabling the conclusion or implementation of a prohibited agreement.</p>



<p><strong>Summary</strong></p>



<p>Dynamic, algorithmic pricing lies at the intersection of two key areas of law: consumer law and competition law. This practice, while permissible, requires particular caution on the part of businesses and the development of consistent interpretative guidelines by the legislature. The lack of clear regulations creates a risk not only for consumers, who may be exposed to non-transparent and unfair practices, but also for businesses themselves, who may suffer severe financial consequences if they violate fair competition regulations. Given the growing importance of algorithmic technologies, it seems necessary to further develop and clarify the legal framework to enable businesses to use innovative price management tools, while also ensuring an adequate level of consumer protection and the integrity of market mechanisms.</p>



<p>The most serious challenge for competition authorities is when algorithms maintain elevated prices without formal information exchange between companies. In such cases, the classic dogmatics of antitrust law may prove insufficient, and consumers will bear the cost in the form of a loss of some of their well-being. Therefore, developing technical competencies of supervisory authorities, enabling them to understand and analyze the mechanisms of algorithms used in business practice, is particularly important.</p>



<p>At this stage, it seems premature to introduce new regulations on algorithmic pricing, as this could hinder the development of innovative technologies and limit their beneficial applications. Further interdisciplinary research combining law, economics, and computer science, as well as careful observation of market practice and case law, is essential.</p>



<hr class="wp-block-separator has-alpha-channel-opacity"/>



<p><a href="#_ftnref1" id="_ftn1">[1]</a> Speech of the European Commissioner for Competition M. Vestager, Berlin, 16/03/2017.</p>



<p><a href="#_ftnref2" id="_ftn2">[2]</a> Act of 9 May 2014 on providing information on prices of goods and services (consolidated text: Journal of Laws of 2023, item 168).</p>



<p><a href="#_ftnref3" id="_ftn3">[3]</a> Act of 16 February 2007 on competition and consumer protection (consolidated text: Journal of Laws of 2024, item 1616, as amended).</p>



<p><a href="#_ftnref4" id="_ftn4">[4]</a> Point 397 of Guidelines 2023/C 259/01.</p>



<p><a href="#_ftnref5" id="_ftn5">[5]</a> Point 33 of the judgment of the Court of Justice of July 21, 2016, C-542/14, SIA &#8220;VM Remonts&#8221; (formerly SIA &#8220;DIV un KO&#8221;) and others. v. Konkurences padom, ECLI:EU:C:2016:578.</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/ai-algorithmic-pricing-and-its-assessment-under-polish-and-eu-competition-law/">AI algorithmic pricing and its assessment under Polish and EU competition law</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/ai-algorithmic-pricing-and-its-assessment-under-polish-and-eu-competition-law/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>KIELTYKA GLADKOWSKI KG LEGAL – KIMES 2026. EU TRADE MISSION TO JAPAN AND KOREA</title>
		<link>https://www.kg-legal.eu/info/kg-legal-news/kieltyka-gladkowski-kg-legal-kimes-2026-eu-trade-mission-to-japan-and-korea/</link>
					<comments>https://www.kg-legal.eu/info/kg-legal-news/kieltyka-gladkowski-kg-legal-kimes-2026-eu-trade-mission-to-japan-and-korea/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Wed, 17 Sep 2025 12:17:07 +0000</pubDate>
				<category><![CDATA[KG LEGAL NEWS]]></category>
		<category><![CDATA[KG Legal]]></category>
		<category><![CDATA[Polish law]]></category>
		<category><![CDATA[The EU Business Hub - Japan and the Republic of Korea i]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8333</guid>

					<description><![CDATA[<p>Publication date: September 17, 2025 The lawyers of KIELTYKA GLADKOWSKI KG LEGAL participate in the EU Info Day &#8211; EU Business Hub @ KIMES 2026 on 23 September 2025. Topic: EU Info Day &#8211; EU Business Hub @ KIMES 2026 The EU Business Hub &#8211; Japan and the Republic of Korea is an EU-funded programme [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/kieltyka-gladkowski-kg-legal-kimes-2026-eu-trade-mission-to-japan-and-korea/">KIELTYKA GLADKOWSKI KG LEGAL – KIMES 2026. EU TRADE MISSION TO JAPAN AND KOREA</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark class="has-inline-color has-vivid-cyan-blue-color" style="background-color: rgba(0, 0, 0, 0);">Publication date: September 17, 2025</mark></strong></p>



<figure class="wp-block-image size-large"><a href="https://eubusinesshub.eu/en" target="_blank" rel=" noreferrer noopener"><img decoding="async" width="1024" height="372" src="https://www.kg-legal.eu/wp-content/uploads/2025/09/Bez-tytulu-1024x372.png" alt="" class="wp-image-8334" srcset="https://www.kg-legal.eu/wp-content/uploads/2025/09/Bez-tytulu-1024x372.png 1024w, https://www.kg-legal.eu/wp-content/uploads/2025/09/Bez-tytulu-300x109.png 300w, https://www.kg-legal.eu/wp-content/uploads/2025/09/Bez-tytulu-768x279.png 768w, https://www.kg-legal.eu/wp-content/uploads/2025/09/Bez-tytulu-1536x558.png 1536w, https://www.kg-legal.eu/wp-content/uploads/2025/09/Bez-tytulu.png 1675w" sizes="(max-width: 1024px) 100vw, 1024px" /></a></figure>



<p class="has-luminous-vivid-amber-background-color has-background"><strong>The lawyers of KIELTYKA GLADKOWSKI KG LEGAL participate in the EU Info Day &#8211; EU Business Hub @ KIMES 2026 on 23 September 2025.</strong></p>



<span id="more-8333"></span>



<p>Topic: EU Info Day &#8211; EU Business Hub @ KIMES 2026</p>



<p>The EU Business Hub &#8211; Japan and the Republic of Korea is an EU-funded programme that supports EU Small and Medium-Sized Enterprises (SMEs) in the green, digital, and healthcare sectors to enter the markets of Japan and the Republic of Korea. The programme aims to strengthen EU businesses&#8217; export and investment activities and to foster more resilient, sustainable, and technologically advanced value chains with both markets.</p>



<p><a href="https://eubusinesshub.eu/en">https://eubusinesshub.eu/en</a></p>



<p>The programme is organising 10 business missions in Japan and 10 in the Republic of Korea between 2024 and 2027, each business mission allowing a group of 50 innovative EU companies to benefit from extensive business coaching.</p>



<p>The Asia-Pacific region is the largest destination of Foreign Direct Investments (FDIs) globally and it is a powerhouse for global trade. The EU Business Hub &#8211; Japan and the Republic of Korea aims to boost the presence and visibility of EU companies operating in the green, digital, and healthcare sectors where potential for increased cooperation between European and Japanese and European and Korean companies exists.</p>



<p>The programme aims to strengthen EU businesses&#8217; internationalisation, export and investment activities, as well as foster more resilient, sustainable, and technologically advanced value chains with the two Asian markets. Thus, significantly supporting the implementation of EU-RoK Free Trade Agreement (FTA) and the EU-Japan Economic Partnership Agreement (EPA).</p>
<p> </p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/kieltyka-gladkowski-kg-legal-kimes-2026-eu-trade-mission-to-japan-and-korea/">KIELTYKA GLADKOWSKI KG LEGAL – KIMES 2026. EU TRADE MISSION TO JAPAN AND KOREA</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/kg-legal-news/kieltyka-gladkowski-kg-legal-kimes-2026-eu-trade-mission-to-japan-and-korea/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Optical Illusions in AI Systems, the Danger of Adversarial Attacks, Biological Technologies, Explainable AI – topics discussed during Futurology Congress 2025</title>
		<link>https://www.kg-legal.eu/info/kg-legal-news/optical-illusions-in-ai-systems-the-danger-of-adversarial-attacks-biological-technologies-explainable-ai-topics-discussed-during-futurology-congress-2025/</link>
					<comments>https://www.kg-legal.eu/info/kg-legal-news/optical-illusions-in-ai-systems-the-danger-of-adversarial-attacks-biological-technologies-explainable-ai-topics-discussed-during-futurology-congress-2025/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 16 Sep 2025 12:29:23 +0000</pubDate>
				<category><![CDATA[KG LEGAL NEWS]]></category>
		<category><![CDATA[ai ac]]></category>
		<category><![CDATA[AI Act]]></category>
		<category><![CDATA[Biological Technologies]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Explainable AI – topics discussed during Futurology Congress 2025]]></category>
		<category><![CDATA[KG Legal]]></category>
		<category><![CDATA[Optical Illusions in AI Systems]]></category>
		<category><![CDATA[Polish law]]></category>
		<category><![CDATA[the Danger of Adversarial Attacks]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8324</guid>

					<description><![CDATA[<p>Publication date: September 15, 2025 On September 12-14, 2025, lawyers from KIELTYKA GLADKOWSKI KG LEGAL participated in the annual Futurology Congress in Krakow. The participants, among which there was AGH University of Science and Technology&#8217;s Artificial Intelligence Center of Excellence discussed aspects of new technologies, including: • Optical Illusions in AI Systems: The Danger of [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/optical-illusions-in-ai-systems-the-danger-of-adversarial-attacks-biological-technologies-explainable-ai-topics-discussed-during-futurology-congress-2025/">Optical Illusions in AI Systems, the Danger of Adversarial Attacks, Biological Technologies, Explainable AI – topics discussed during Futurology Congress 2025</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><strong><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color">Publication date: September 15, 2025</mark></strong></p>



<figure class="wp-block-image size-large"><a href="https://kongres.pffn.org.pl/nauka/" target="_blank" rel=" noreferrer noopener"><img decoding="async" width="1024" height="536" src="https://www.kg-legal.eu/wp-content/uploads/2025/09/wydarzenie-FB-1024x536.png" alt="" class="wp-image-8325" srcset="https://www.kg-legal.eu/wp-content/uploads/2025/09/wydarzenie-FB-1024x536.png 1024w, https://www.kg-legal.eu/wp-content/uploads/2025/09/wydarzenie-FB-300x157.png 300w, https://www.kg-legal.eu/wp-content/uploads/2025/09/wydarzenie-FB-768x402.png 768w, https://www.kg-legal.eu/wp-content/uploads/2025/09/wydarzenie-FB-1536x804.png 1536w, https://www.kg-legal.eu/wp-content/uploads/2025/09/wydarzenie-FB.png 1920w" sizes="(max-width: 1024px) 100vw, 1024px" /></a></figure>



<p>On September 12-14, 2025, lawyers from KIELTYKA GLADKOWSKI KG LEGAL participated in the annual Futurology Congress in Krakow.</p>



<span id="more-8324"></span>



<p>The participants, among which there was AGH University of Science and Technology&#8217;s Artificial Intelligence Center of Excellence discussed aspects of new technologies, including:</p>



<p>• Optical Illusions in AI Systems: The Danger of Adversarial Attacks. Adversarial attacks on vision systems are a topic of growing interest in both science and the technology industry – not only due to autonomous vehicles but also medical systems. The panelists demonstrated how subtle, almost invisible image modifications can completely confuse AI algorithms, leading to situations where the algorithm fails to recognize a STOP road sign or makes an error when analyzing medical images. Examples of such attacks from both transportation and medicine were presented, highlighting their impact on everyday life and safety. There were explained the mechanisms behind these phenomena and their consequences for machine learning-based systems. In this area, there is a constant race between the creators of such attacks and the engineers developing protection methods, and ensuring complete security remains a major challenge for the AI industry.</p>



<p>• The development of the Polish space sector, combining engineering, science, and modern technologies. Domestic entities are among the leaders building Poland&#8217;s position in the global space industry supply chain. During the panel, there were discussed the most important achievements and participation of Polish teams in prestigious international missions. Representatives of key companies discussed their projects, challenges, and role in the global space ecosystem. There were also considered barriers to sector development and legislative and financial needs. The panel was an opportunity to look to the future and attempt to answer the question of Poland&#8217;s potential role in the exploration and use of space. Participants shared their experiences collaborating with the European Space Agency and other international partners.</p>



<p>• Modern biotechnology. Biotechnology is becoming one of the pillars of modern civilization, offering breakthrough solutions in medicine, diagnostics, agriculture, and environmental protection. Faced with global challenges such as aging societies, the growing number of lifestyle diseases, and the need for sustainable development, the dynamic development of biotechnology is opening up new opportunities to improve the quality of life. The panel discussed the potential of gene and cell therapies, the importance of innovative drugs in the fight against cancer, and the role of collaboration between science, the investment sector, and industry. Guests addressed ethical, regulatory, and social issues related to the implementation of new biological technologies. The discussion explored how biotechnology can truly benefit humanity in the coming decades.</p>



<p>The Congress lectures are related to specific examples and problems that scientists are struggling with in daily lives – for example, how to easily delude artificial intelligence in software in an unmanned vehicle resulting in a failure to recognize a STOP sign</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="483" src="https://www.kg-legal.eu/wp-content/uploads/2025/09/17mzrsqhz99v3xkgvk2gwyzoxvvm-1024x483.png" alt="" class="wp-image-8326" srcset="https://www.kg-legal.eu/wp-content/uploads/2025/09/17mzrsqhz99v3xkgvk2gwyzoxvvm-1024x483.png 1024w, https://www.kg-legal.eu/wp-content/uploads/2025/09/17mzrsqhz99v3xkgvk2gwyzoxvvm-300x142.png 300w, https://www.kg-legal.eu/wp-content/uploads/2025/09/17mzrsqhz99v3xkgvk2gwyzoxvvm-768x362.png 768w, https://www.kg-legal.eu/wp-content/uploads/2025/09/17mzrsqhz99v3xkgvk2gwyzoxvvm.png 1034w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p>source: <a href="https://www.drmalinowski.edu.pl/posts/2824-adwersarialne-ataki-na-sztuczna-inteligencje">https://www.drmalinowski.edu.pl/posts/2824-adwersarialne-ataki-na-sztuczna-inteligencje</a></p>



<p></p>


<p>Artykuł <a href="https://www.kg-legal.eu/info/kg-legal-news/optical-illusions-in-ai-systems-the-danger-of-adversarial-attacks-biological-technologies-explainable-ai-topics-discussed-during-futurology-congress-2025/">Optical Illusions in AI Systems, the Danger of Adversarial Attacks, Biological Technologies, Explainable AI – topics discussed during Futurology Congress 2025</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/kg-legal-news/optical-illusions-in-ai-systems-the-danger-of-adversarial-attacks-biological-technologies-explainable-ai-topics-discussed-during-futurology-congress-2025/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>CSIRT GOV Poland – Computer Security Incident Response Team recently published a very interesting and insightful report on the state of cybersecurity in Poland in 2024.</title>
		<link>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/csirt-gov-poland-computer-security-incident-response-team-recently-published-a-very-interesting-and-insightful-report-on-the-state-of-cybersecurity-in-poland-in-2024/</link>
					<comments>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/csirt-gov-poland-computer-security-incident-response-team-recently-published-a-very-interesting-and-insightful-report-on-the-state-of-cybersecurity-in-poland-in-2024/#respond</comments>
		
		<dc:creator><![CDATA[jakub]]></dc:creator>
		<pubDate>Tue, 26 Aug 2025 17:47:08 +0000</pubDate>
				<category><![CDATA[IT, NEW TECHNOLOGIES, MEDIA AND COMMUNICATION TECHNOLOGY LAW]]></category>
		<category><![CDATA[cross border cases]]></category>
		<category><![CDATA[CSIRT GOV]]></category>
		<category><![CDATA[Poland]]></category>
		<category><![CDATA[Polish law]]></category>
		<guid isPermaLink="false">https://www.kg-legal.eu/?p=8219</guid>

					<description><![CDATA[<p>Publication date: August 26, 2025 What is CSIRT GOV and what is its legislative environment The Polish Computer Security Incident Response Team (CSIRT GOV), led by the Head of the Internal Security Agency, serves as the national CSIRT. The CSIRT GOV is responsible for coordinating the response process to computer incidents occurring in the area [&#8230;]</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/csirt-gov-poland-computer-security-incident-response-team-recently-published-a-very-interesting-and-insightful-report-on-the-state-of-cybersecurity-in-poland-in-2024/">CSIRT GOV Poland – Computer Security Incident Response Team recently published a very interesting and insightful report on the state of cybersecurity in Poland in 2024.</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p><mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-cyan-blue-color"><strong>Publication date: August 26, 2025</strong></mark></p>



<p class="has-luminous-vivid-amber-background-color has-background has-medium-font-size"><strong>What is CSIRT GOV and what is its legislative environment</strong></p>



<p>The Polish Computer Security Incident Response Team (CSIRT GOV), led by the Head of the Internal Security Agency, serves as the national CSIRT. The CSIRT GOV is responsible for coordinating the response process to computer incidents occurring in the area specified in Article 26, Section 7 of the Act of 5 July 2018 on the National Cybersecurity System.</p>



<span id="more-8219"></span>



<p>The first European cybersecurity regulation is Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union, known as the <strong><u>Network and Information System Directive (NIS)</u></strong>. The directive imposes numerous obligations on Member States, primarily involving the establishment of appropriate institutions, the adoption of a national strategy for the security of network and information systems, and the introduction of cooperation mechanisms. This directive established a network of computer security incident response teams (CSIRTs).</p>



<p>The Act on the National Cybersecurity System, adopted by the Polish legislator on 28 August 2018, serves to achieve the objectives set out in the NIS Directive. Pursuant to Article 1 of the Act on the National Cybersecurity System, the act specifies: the organization of the national cybersecurity system and the tasks and responsibilities of the entities comprising this system, the method of exercising supervision and control over the application of the provisions of the act, as well as the scope of the Cybersecurity Strategy of the Republic of Poland.</p>



<h2 class="wp-block-heading">The legislator, in principle, decided to create three teams:</h2>



<p>• CSIRT GOV – Computer Security Incident Response Team operating at the national level, led by the Head of the Internal Security Agency,</p>



<p>• CSIRT MON – Computer Security Incident Response Team operating at the national level, led by the Minister of National Defence and</p>



<p>• CSIRT NASK – Computer Security Incident Response Team operating at the national level, led by the Scientific and Academic Computer Network – National Research Institute (Article 2 of the Act on the National Cybersecurity System).</p>



<p>The competence of CSIRT GOV and CSIRT MON is defined in Article 27 of the Act on the national cybersecurity system as follows: &#8220;CSIRT GOV is competent in the scope of incidents related to events of a terrorist nature, referred to in Article 2 point 7 of the Act of June 10, 2016 on counter-terrorist activities (Journal of Laws of 2024, item 92); CSIRT MON is competent in the scope of incidents related to events of a terrorist nature, referred to in Article 5 paragraph 1 point 2a of the Act of June 9, 2006 on the Military Counterintelligence Service and the Military Intelligence Service (Journal of Laws of 2023, items 81, 1834 and 1860).</p>



<p>One of the basic <strong><u>tasks of CSIRT NASK is to recognize, prevent, and detect threats to the security of public administration bodies&#8217; ICT systems or ICT systems and networks</u></strong> covered by the uniform list of facilities, installations, devices, and services constituting critical infrastructure, as well as ICT systems of owners and holders of critical infrastructure facilities, installations, or devices, referred to in Art. 5b paragraph 7 item 1 of the Act of 26 April 2007 on Crisis Management.</p>



<h2 class="wp-block-heading"><strong>CSIRT GOV Annual Report</strong></h2>



<p>CSIRT GOV has just published a report on the state of cybersecurity in 2024. The document comprehensively presents statistics on the number and types of incidents and threats, comparing them with data from previous years. It presents the most significant threats and undesirable cyber activity targeting the IT infrastructure of public authorities, critical infrastructure operators, and entities providing essential services. The report is based on an analysis of IT security incidents reported and identified by CSIRT GOV, data obtained using systems enabling autonomous threat detection, and information obtained from the Team&#8217;s active activities. The study also includes analyses of the changing cybersecurity landscape, significant trends, and potential security weaknesses.</p>



<p>The Report highlights at least two interconnected circumstances that seem to force reflection on the significance of cybersecurity threats and the systems designed to eliminate or mitigate them. On the one hand, it highlights the technological trend that is increasingly permeating our lives with each passing moment. The result is rapid digitization, which is taking place through the transfer of increasing amounts of data relating to citizens, public services, communications, and finances to the digital sphere. The undeniable convenience of such applications also means that cyberspace can be increasingly effectively used to launch attacks on a scale that seriously threatens the security of the state and its citizens.</p>



<p>The second factor is the geopolitical environment and context. On March 1, 2024, the CRP alert level for cyber threats was lowered from the previously applicable <strong>CHARLIE-CRP</strong>, the third of four alert levels, to the currently applicable <strong>BRAVO-CRP</strong>, the second alert level. This, however, means that we are still dealing with a state of heightened threat in Polish cyberspace, despite a slight reduction in the intensity of this threat. The changing landscape of conflicts between states was also highlighted. Unlike in the past, conflicts take the form of not only kinetic clashes but also involve the use of a full spectrum of tools, including those extending into cyberspace. Ultimately, they most often take the form of &#8220;hybrid operations or wars,&#8221; which can complement military actions, serve as an alternative, or serve as a precursor to a kinetic strike. For this reason, it is important to consider the broader context of emerging incidents.</p>



<p>2024 was a year of dual elections: local government and the European Parliament, which each time requires vigilance on the part of bodies like CSIRT GOV due to the much more widespread threat of disinformation. It is also necessary to ensure the proper functioning of the IT systems used to conduct elections, with citizens&#8217; trust in the democratic process ultimately at stake.</p>



<h2 class="wp-block-heading"><strong>CSIRT GOV Coordinated Incident Statistics</strong></h2>



<p>In 2024, a decrease in reports registered by the CSIRT GOV Team regarding potential ICT incidents was observed. Of the 17,439 reports, 3,991 were classified as <strong>actual ICT security incidents</strong>. In 2022, 26,753 reports and 4,959 incidents were recorded, followed by 19,888 reports and 4,676 incidents in 2023. These statistics do not include reports from the ARAKIS GOV system. The lack of data from ARAKIS, a dedicated, distributed early warning system for ICT threats occurring at the interface between internal networks and the internet, may be due to the need to separate these statistics, which will be discussed later in this article.</p>



<p>There are no significant differences in registered reports and incidents between individual quarters in 2024. However, the highest number of incidents was recorded in the second quarter, which was related to an increase in resource unavailability and <strong>the publication of sensitive data in open sources, i.e., leaks</strong>.</p>



<p>The CSIRT GOV team indicates that the factors that led to the decrease in incidents include: 1) proactive activities conducted by CSIRT GOV to increase user awareness through training; 2) reporting on identified vulnerabilities within the area of competence; 3) ongoing issuance of CSIRT GOV recommendations – appropriate to the CRP threat level; 4) regular distribution of compromise indicators for monitored campaigns; 5) periodic security assessments of IT systems; 6) the institution&#8217;s implementation of security solutions that mitigate attacks in their early stages.</p>



<h2 class="wp-block-heading"><strong>Division of incidents reported by entities of the national cybersecurity system into categories</strong></h2>



<p>The highest percentage of recorded incidents, and the most significant increase, occurred in the <strong>Vulnerability category. </strong>The numbers for incidents in this category are as follows: 1,105 incidents compared to 993 in the previous year. This category refers to security vulnerabilities identified by the CSIRT GOV Team resulting from the vulnerability of resources and services accessible via the Internet by entities under the CSIRT GOV&#8217;s jurisdiction.</p>



<p>Vulnerability refers to a weakness in an IT system, e.g., in procedures, design, implementation, or internal controls, that can be exploited for unauthorized access, data destruction or disclosure, data alteration, system weakening, etc.</p>



<p>The next category is <strong>Publication. </strong>In this regard, there was a decrease in such incidents from 1,052 in 2023 to 902 in 2024. Publication refers to the disclosure of sensitive data through leaks, including login credentials for electronic services, private PGP keys, or information about the specifications of an institution&#8217;s IT infrastructure.</p>



<p>Among the activities recorded in the <strong>Social Engineering category</strong>, the GOV CSIRT Team identified phishing emails aimed at obtaining login credentials for electronic services or other sensitive data, infecting them with malware, or extorting funds. There was a noticeable and significant decline in incidents in this category. In 2024, 815 such incidents were recorded, compared to 1,362 in the previous year. A decrease was also noted in the</p>



<p><strong>Unavailability </strong>category, which includes DoS / DDoS attacks (773 incidents in 2023 and 478 in 2024). The remaining, smaller categories, to which a similar number of incidents were assigned as in 2023, are <strong>Attack </strong>(325 in 2023 to 261 in 2024) – events recorded in this category included attempts to break security by exploiting vulnerabilities, bruteforce attacks, compromise of accounts and systems, and exfiltration of data from adopted IT resources, <strong>Cascade </strong>(235 incidents in 2024, category not presented in previous years) – referring to reports and incidents related to terrorist events, based on Article 27 of the Act on the National Cybersecurity System. These include all activities aimed at minimizing terrorist threats undertaken by CSIRT GOV in coordinating incident management.</p>



<p><strong>Scanning</strong>, or reconnaissance of IT infrastructure to identify vulnerable systems and services, is a category that has seen an increase compared to the previous year (108 incidents in 2024, compared to 101 in 2023). This category includes incidents indicating the possibility of preparing offensive actions aimed at breaching security or compromising the availability of services. The two smallest incidents in terms of number of incidents are <strong>Content </strong>(53 incidents in 2023, 56 in 2024) and <strong>Virus </strong>(37 incidents in 2023, 31 in 2024). The former concerns incidents violating broadly understood public goods, such as information damaging the image of state entities or publishing disinformation content. This primarily includes the mass use of the image of persons holding leadership positions in the state, for example, to extort funds from citizens. <strong>The Virus </strong>category classifies incidents involving malware identified on workstations, servers, and network devices.</p>



<p>The report also includes data on the number of incidents reported by entities within the national cybersecurity system in 2024, broken down by sector. According to this data, the largest number of incidents occurred in the Institutions and Critical Infrastructure Operators sectors. The next sectors in terms of the number of recorded incidents were: State Authority, Office, Ministry, Other, and Service.</p>



<p><strong>Social engineering campaigns in 2024</strong></p>



<p>Social engineering campaigns identified by CSIRT GOV in 2024 most often involve attempts to obtain confidential data, such as login credentials, by impersonating various institutions (phishing), while creating various fictitious scenarios to lend credibility to requests, such as a password reset via a hyperlink sent in an email that led to a fake website. Among the most interesting social engineering campaigns cited by CSIRT GOV in the Report was a phishing campaign involving the sending of messages from a compromised email address belonging to a district office, with a terse subject line and content intended to give the impression that it was part of prior arrangements or correspondence between the sender and recipient. The messages contained attachments named <em>additional (02).docx.exe </em>or <em>additional (03).docx.exe</em>, which contained <strong>the Agent Tesla Trojan malware</strong>.</p>



<p>Another social engineering campaign, based on a similar theme, also stands out. The goal was to infect recipients&#8217; devices with malware. The sender impersonated PGNiG Obrót Detaliczny sp. z o. o. in the email. The email, titled &#8220;PGNiG – Request for Offer: Suwalki Project 2025/2026,&#8221; was intended to intrigue the recipient and persuade them to interact with the attachment. The attached archive, titled &#8220;PGNIG Request for Offer: Suwalki Project 20252026.gz,&#8221; contained a VBS file with the same name. Analysis conducted by the CSIRT GOV team revealed that the script was responsible for downloading malware classified as the GuLoader Trojan from the mobiera.ro domain.</p>



<p>Since the end of August 2024, the CSIRT GOV team has received information about a phishing campaign in which an adversary impersonates the Chancellery of the Prime Minister to obtain login credentials for banking portals (officially used as a login method for government e-services such as mObywatel and Trusted Profile). The website in question was located in the environment.odszkodowanie-gov.com domain. The website used the image of the Chancellery of the Prime Minister and the style of the official government website, which is used by the state administration within the gov.pl domain. The website displayed information about a supposed compensation that every household was entitled to in excess of PLN 400. To receive these funds, users had to authenticate using a bank of their choice. After selecting a financial institution from the list, the fake bank&#8217;s website loaded, displaying a login panel.</p>



<p>The most important trends in social engineering attacks in 2024 include: the use of compromised email accounts of local, provincial, national or international institutions, including the takeover of government email accounts (including those in the gov.pl domain), the use of QR codes instead of classic links, allowing the bypassing of automatic scanning of potentially malicious content by email security filters, signing documents using services such as DocuSign and encouraging the display of shared documents on real services such as Microsoft SharePoint or Google Drive, and the use of the image (e.g. logo) of Polish and European law enforcement agencies to intimidate the recipient into taking appropriate action.</p>



<p><strong>The threat from sponsored and hacktivist groups</strong></p>



<p>Threats stemming from sponsored groups are typically characterized by a high level of technical sophistication and sophistication. A key characteristic of these groups is remaining hidden while simultaneously ensuring access to compromised infrastructure. Due to its geopolitical location, Poland is particularly vulnerable to these threats, stemming primarily from the activity of adversaries supporting primarily Russian goals or narratives. Furthermore, in 2024, attacks attributed to hacktivist groups continued to be a constant feature of the cyberthreat landscape. Unlike sponsored groups, these groups intensively published information about their activities on social media to reach the widest possible audience and thus promote their ideological goals. These groups focused their activities on DDoS attacks aimed at disrupting the availability of services and websites, a continuation of the activities from 2022 and 2023. In 2024, a wide range of APT activity was recorded, with the dominant actor in the CRP being the APT group known as APT28, also known as Fancy Bear, which, according to some sources, was actually part of the Russian GRU. ATPs pose a serious threat to the Polish state. ATP28&#8217;s mission is primarily to conduct espionage operations, and its targets primarily include government and military institutions, international organizations, and strategic sectors of the economy. ATP activity was characterized by the use of advanced, multi-stage techniques aimed at obtaining credentials, installing malware, and providing persistent access to victim systems.</p>



<p><strong>Example of an ATP28 attack using&#8230; Windows Calculator</strong></p>



<p>Perhaps the most spectacular attack involved the distribution of the HEADLACE malware. According to the report, the attack began with an email containing a malicious link, simulating an offer to sell a car from the diplomatic fleet. The email was sent from an email address in the bigmir.net domain, which indicated a Ukrainian email provider. The message encouraged users to open a link under the guise of an Audi car for sale, when in reality the link referred to a webhook.site website. The website&#8217;s script verified the value of the browser&#8217;s UserAgent header. If the victim was using a non-Windows system, a benign image was displayed; otherwise, a ZIP archive containing three files was downloaded to the victim&#8217;s computer: EXE, DLL, and BAT. The executable file had a double.jpg.exe extension to imitate a graphic file, as in previous campaigns. The image in question was a so-called decoy file:</p>



<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="605" height="375" src="https://www.kg-legal.eu/wp-content/uploads/2025/08/image-12.png" alt="" class="wp-image-8220" srcset="https://www.kg-legal.eu/wp-content/uploads/2025/08/image-12.png 605w, https://www.kg-legal.eu/wp-content/uploads/2025/08/image-12-300x186.png 300w" sizes="auto, (max-width: 605px) 100vw, 605px" /></figure>



<p>Most interestingly, the file with the .jpg.exe extension was a copy of the authentic Windows Calculator application. However, the Windows Calculator was vulnerable to the so-called DLL Side-Loading technique. (Malware readily exploits the characteristics of dynamic link libraries ( .dll ). The fundamental characteristic of dll libraries is that they require a process to execute the code contained within them. This is where all the abuses in the form of injecting malicious .dll libraries into trusted program processes occur. If Windows or an installed application only checks the name of the .dll library to be loaded, without verifying the checksum or digital signature, it is possible to replace such a .dll library with a malicious one). The purpose of the library in question was to execute the last of the three files, a BAT script. As a result of executing the BAT file, a file with the .jpg20 extension was downloaded from a resource in the webhook [.] site domain using Microsoft Edge. This file was then transferred to another location, changing the file extension to .cmd using the script for execution. Following the attack, some artifacts were deleted to minimize the risk of detection. The final payload returned information from the victim&#8217;s workstation, including a list of files from the Desktop and Downloads folders, as well as the IP address.</p>



<p><strong>What else is the ATP28 group responsible for?</strong></p>



<p>ATP28 activity also included another type of phishing activity, involving impersonating email administrators and persuading users to provide their login credentials in a fake Outlook Web Access panel. In 2024, several such campaigns targeted government administrations, including password change panels in both Polish and English, as well as those designed to increase the size of email inboxes. This type of phishing is a classic method of obtaining sensitive data, and the effectiveness of the attack is related to the maturity of individual entities in terms of their cybersecurity measures, which are also within the actor&#8217;s area of interest.</p>



<p>Among the activities that most likely fit into the APT28 cluster of activity were password bruteforce attacks, spraying and credential stuffing email accounts and VPN services27 to gain access to email and other resources processed by employees of entities targeted by Russian-sounding APT groups. To conceal the attempted breach, the actor used access through anonymizing networks and residential proxies, using compromised network devices belonging to private users or small businesses, usually geolocated in the same country. In 2024, the actor also reportedly used the DCSync technique to mass replicate user login data within a domain controller, the so-called credential dump. This may result in ensuring the actor&#8217;s long-term access to the infrastructure by creating the so-called Golden Ticket -ui to carry out the Pass the Ticket attack. These activities are consistent with the group&#8217;s modus operandi, which, after gaining access to infrastructure, employs so-called living- off-the-land techniques, involving the use of available system tools to escalate privileges or exfiltrate data.</p>



<h2 class="wp-block-heading"><strong>Hacktivists and Cybercrime</strong></h2>



<p>Following the outbreak of the war in Ukraine, numerous groups and collectives emerged, conducting a kind of guerrilla activity in cyberspace. The term &#8220;hacktivism&#8221; itself comes from a combination of the words &#8220;hack&#8221; and &#8220;activism,&#8221; and is—as the name suggests—the transference to cyberspace of the activities of activists fighting for various political or ideological goals. In the case of pro-Russian &#8221; hacktivists ,&#8221; the motivation they present on social media is primarily support for Russian military actions and &#8220;punishing&#8221; NATO alliance members for their military support of Ukraine. The most well-known groups include Killnet , Anonymous Sudan (despite its name, it aligns with Russia&#8217;s narrative), Cyber Army of Russia Reborn , XAKNET, Solntsepek , UserSec , NoName057(16), Zarya , Beregini, and Z- Pentest. Their primary method of operation is DDoS attacks, usually technically unsophisticated but heavily publicized for propaganda purposes. In 2024, the CSIRT GOV team also recorded malicious activity targeting domestic entities, including attempted hacks into IIoT ( Industrial Internet of Things ) systems with remote access over the internet, including through HMI (Human-Machine Interface) panels. This is a new manifestation of hacktivist threats, which have somehow become a focus of interest for these groups. Attacks on such devices were often due to the lack of adequate remote access protection. These weaknesses were also noticed by hacktivist groups. These groups, taking advantage of online login panels, engaged in activities aimed at gaining unauthorized access, primarily through the use of default login credentials. This threat particularly affected facilities such as sewage treatment plants, water treatment plants, waste incineration plants, and facility management facilities.</p>



<p>In 2024, CSIRT GOV also noted cybercriminal activity, including Chinese groups belonging to the Quad7 botnet using vulnerable TP-Link devices. The botnet was used to anonymize attacks, including attempts to take over Microsoft 365 accounts. The UAC-0050 ( DaVinci Group) group also operated, conducting widespread phishing campaigns, including in Poland. Unlike APT groups, which strive to remain hidden and attack precisely selected targets, the DaVinci Group&#8217;s modus operandi is different. The group prefers broad attacks and pays little attention to effectiveness. An example of this type of attacks was a campaign recorded in 2024, in which messages were sent to recipients in Poland in Kazakh, which did not fit into any Polish context. This group was also responsible for a disinformation campaign from the end of 2024, in which false threats were sent to plant explosives on government buildings in Poland and Ukraine (as Fire Cells Group). It was a psychological operation intended to cause panic, not an actual attack.</p>



<h2 class="wp-block-heading"><strong>Malware</strong></h2>



<p>The CSIRT GOV team analyzed over 15,000 files reported by entities in the national cybersecurity system, 650 of which were deemed malicious. The dominant categories among the analyzed malware samples in 2024 were HTML Phisher, Snake Keylogger, Formbook, and Remcos. HTML Phisher is used in phishing attacks. This type of software is most often distributed by sending victims spoofed emails containing HTML/HTM attachments. After opening the attachment, the user sees a page imitating the service (e.g., online banking or an email login panel). The page is designed to closely resemble the original website. An HTML Phisher attack is also dangerous because it is often able to bypass spam filters and can operate partially offline, as it is opened locally on the victim&#8217;s device. Snake Keylogger is software that records all keyboard input by the user. Of course, this also includes login credentials. Snake Keylogger is often distributed via malicious email attachments or as part of a bundle with other software. Once installed, it runs in the background and is often able to evade detection by standard antivirus programs.</p>



<p>Formbook is a popular infostealer malware that focuses on stealing user data, such as login credentials, files, and information stored in web browsers (e.g., saved passwords and cookies). Formbook is sold, among other things, as malware -as-a-service, making it easily accessible to cybercriminals. It is primarily distributed via infected attachments (e.g., PDF files, Office documents) or links in phishing emails. Once a computer is infected, Formbook saves data in hidden files and uploads it to attacker-controlled servers. This type of malware supports functions such as keylogging, taking screenshots, and downloading and executing additional files sent by the attacker. Another malware family is Remcos. Remcos is a remote administration tool that can be used to gain complete control over an infected system. This software allows it to perform a range of actions, such as keylogging, screenshots, webcam and microphone monitoring, and even run arbitrary programs and commands on the victim&#8217;s computer. Remcos was initially promoted as a legitimate computer management tool, but quickly became a popular tool used by cybercriminal groups. It is most commonly distributed through phishing campaigns, where victims are tricked into opening infected attachments. Its features include the ability to run in stealth mode, making it difficult for standard security systems to detect.</p>



<p><strong>ARAKIS GOV</strong></p>



<p>The ARAKIS GOV system, mentioned earlier, is included separately in the statistics for a reason. The system&#8217;s primary purpose is to detect and automatically describe threats occurring in IT networks based on the aggregation, analysis, and correlation of data from various sources. In 2024, the system generated 5,446,734 alerts, including 3,322,068 with urgent priority, meaning they required an immediate response from administrators. A small percentage of alerts were high and medium priority, while nearly 40% were low priority, meaning they were purely informational alerts regarding the current situation at the interface between the internal network and the internet. Each recorded alert has precise technical data allowing for its verification and is classified in detail by the system. 56.60% of alerts were type 1 (communication to malicious addresses). These alerts resulted from attempts to establish communication with IP addresses or domains deemed malicious or potentially posing a threat.</p>



<h2 class="wp-block-heading"><strong>Safety Assessment Summary</strong></h2>



<p>One of the tasks carried out by the CSIRT GOV Team is to assess the security of government administration institutions&#8217; information and communication systems and critical infrastructure. In 2024, in accordance with the plan adopted for this year, assessments were conducted at 14 institutions, assessing a total of 64 network/IT system segments and 26 domains/subdomains and websites. As part of the security assessments, the CSIRT GOV Team conducted a series of tests to identify significant vulnerabilities affecting the security of the assessed entities&#8217; information and communication infrastructure. These tests included passive and active data collection, identifying vulnerabilities in the architecture of network systems and services, web applications, exploiting vulnerabilities, and analyzing the impact of social engineering. As a result of the security assessments, the CSIRT GOV Team identified a range of vulnerabilities, ranging from low to critical. Critical and high threats were identified as the most important groups of vulnerabilities. These vulnerabilities included, for example: outdated software versions present in a number of systems and services used by entities, primarily concerning Apache HTTP Server, OpenSSL, VMware, use of unsupported software versions (Microsoft Windows 2008 R2 std . – end of support January 14, 2020, Microsoft SQL Server 2008 R2 – end of support July 9, 2019, VMware 6.7.x – end of support November 15, 2023), anonymous access, without required authentication or based on default passwords, etc.</p>



<h2 class="wp-block-heading"><strong>Security Assessment &#8211; Examples of detected vulnerabilities:</strong></h2>



<p><strong>1. Unsecured access to the Docker API</strong> &#8211; Access equivalent to accessing the server as a user with the highest privileges – root.</p>



<p><strong>2.</strong> <strong>Discovery of the primary domain administrator&#8217;s credentials on the sysvol share.</strong></p>



<p><strong>3. High-privilege MSSQL user</strong> &#8211; As a result of a Password Spraying attack, access was gained to a network share containing the source code of a web application. A configuration file containing the credentials of the MSSQL service user was found within the code structure. During reconnaissance of the database engine using the compromised credentials, it was discovered that this user had high privileges, allowing them to reconfigure the database server. This was used to execute commands directly on the operating system.</p>



<p><strong>4. Credential disclosure through fuzzing and directory listing:</strong> The HP Web Jetadmin service version 10.5.114213 (10.5 SR1) was detected on port 8085/tcp. As a result of the fuzzing tools (wfuzz), unsecure access to the log directory was detected. By enabling the Directory listing option, it was possible to quickly identify resources in a given path and proceed directly to further analysis and attacks on subsequent resources.</p>



<p>5<strong>. RCE &#8211; Java DebugWireProtocol (JDWP)</strong>: Java DebugWireProtocol (JDWP) is a protocol used for communication between the debugger and the Java virtual machine. It does not use any authentication and can be exploited to execute remote commands (Remote Code Execution, RCE).</p>



<p><strong>6. Cross-Site Scripting (XSS):</strong> By sending a POST request to https://[redacted]/4ses/servlet/</p>



<p>MainServlet?wbts:page=core.search.results.list, it was possible to inject JavaScript code into the search_text parameter. The lack of server-side validation caused the injected code returned in the HTTP response to be executed by the victim&#8217;s browser (Reflected XSS).</p>



<p><strong>7. Sensitive data was included in the application logs.</strong></p>



<p><strong>8. DEBUG mode was enabled in the production application.</strong></p>



<p>To properly protect an organization against incidents related to supply chain attacks (depending on the type of cooperation between entities), appropriate security measures may include:</p>



<p>● Risk assessment – a process aimed at identifying, assessing, and managing risks in the existing supply chain, as well as its new/potential connections;</p>



<p>● Regular audits and inspections – tasks confirming or denying the supplier&#8217;s ability to safely perform contractual activities;</p>



<p>● Controlling necessary authorizations – an activity involving regular verification of granted resource authorizations, solely on the basis of the so-called Least Privilege;</p>



<p>● Business continuity planning – developing business continuity plans and mitigating the effects of an incident should it occur;</p>



<p>● Data encryption – encrypting data during transmission and storage to ensure its proper security;</p>



<p>● Continuous monitoring – the use of threat and incident monitoring and reporting systems to ensure prompt action;</p>



<p>● Selection of suppliers who meet standards, such as those developed by the International Organization for Standardization (ISO).</p>
<p>Artykuł <a href="https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/csirt-gov-poland-computer-security-incident-response-team-recently-published-a-very-interesting-and-insightful-report-on-the-state-of-cybersecurity-in-poland-in-2024/">CSIRT GOV Poland – Computer Security Incident Response Team recently published a very interesting and insightful report on the state of cybersecurity in Poland in 2024.</a> pochodzi z serwisu <a href="https://www.kg-legal.eu">KIELTYKA GLADKOWSKI LEGAL | CROSS BORDER POLISH LAW FIRM RANKED IN THE LEGAL 500 EMEA SINCE 2019</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.kg-legal.eu/info/it-new-technologies-media-and-communication-technology-law/csirt-gov-poland-computer-security-incident-response-team-recently-published-a-very-interesting-and-insightful-report-on-the-state-of-cybersecurity-in-poland-in-2024/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
