Fintech 2025

POLAND Trends and Developments Contributed by: Michał Mostowik, Karol Juraszczyk, Kamila Mróz and Jakub Lach, Deloitte Legal, Gizicki i Wspólnicy sp.k.

Cybersecurity The Digital Operational Resilience Act or DORA marks a key milestone in the cybersecurity of the Polish financial industry, even though the existing regulatory framework in this area was already relatively extensive and included several recommendations issued by Polish and Euro - pean supervisory authorities. The implementa - tion of DORA was also one of the top priorities for the KNF. Most projects carried out in the Polish mar - ket were completed on time (at least to a large extent). However, the legal qualification of key services (including financial market infrastruc - ture providers) and the contract amendment process remain the main challenges for the financial industry. For many institutions, contrac - tual requirements resulted in the need to pro - cess thousands of annexes to already binding commercial agreements. The market also had to face the lack of regulatory clarity throughout the implementation processes due to the late adoption of crucial secondary legislation by the European Commission and the European super - visory authorities. Following changes in the regulatory environment at the EU level, the KNF decided to withdraw key soft law regulations in the area of cybersecurity. The changes included the repeal of the Cloud Communication and numerous recommenda - tions on the management of risks associated with ICT systems for various branches of the financial market. Although the reduction in the number of regulations was well received by the financial industry, it has led to unexpected con - sequences. In many aspects the scope of these regulations went beyond the requirements of DORA, pro - viding, for example, the basis for implementing

have access to solutions developed by their organisation or officially acquired from third- party providers. Respondents often attribute the use of non-approved tools to either the absence of officially adopted solutions or their inferiority compared to market alternatives. A lack of trust remains a significant hurdle in the adoption of AI, affecting both regulatory frame - works and the technology itself. Only half of respondents to the study believe that AI will be used ethically and 53% indicate that this tech - nology would be adopted more widely if it were regulated. The use of AI technology still faces significant challenges in terms of trust. Accord - ing to respondents, key factors for building trust include data security (68%), human oversight (62%), confidence in received results and under - standing of algorithms (60%). Representatives of the financial sector increas - ingly see building AI governance frameworks (mostly on the basis of compliance with the AI Act) as an opportunity to gain control over the use of cutting-edge technology rather than solely a regulatory burden. The industry’s efforts were also accelerated by the KNF, which sent a detailed questionnaire on the use of AI to super - vised entities. Some efforts have already been made to incor - porate the AI Act into Polish law. Notably, the current draft law proposes the establishment of a new supervisory body, the Commission for AI Safety and Development (the “KRIBSI” ) designed as a single collegial supervisory authority for the entire economy, including the financial sector. While the decision seems definitive, the legisla - tive process is still in its early phases, leaving room for potential changes.

673 CHAMBERS.COM

Powered by