POLAND Law and Practice Contributed by: Xawery Konarski, Traple Konarski Podrecki & Partners
2. Cloud and Edge Computing 2.1 Highly Regulated Industries and Data Protection In Poland, no single piece of legislation is dedi - cated to cloud computing. In practice, the legal provisions concerning the processing of person - al data and cyber security are of the greatest importance in projects of this type. For some sectors, regulators have issued guide - lines for the implementation of public or hybrid cloud in entities belonging to these sectors. Such guidelines have been issued for the fol - lowing sectors: financial, public, life science and energy. Failure to comply with these guidelines may result in the imposition of penalties by the supervisory authority responsible for such sec - tor, irrespective of any liability arising from gen - eral legislation, eg, GDPR. The Polish Office for Personal Data Protection has not issued separate guidelines on the pro - cessing of personal data in cloud computing. In practice, the biggest controversy is the assess - ment of the legality of transferring personal data to a third country, including the US. The DPA does not currently question the reliance of such a transfer on standard contractual clauses approved by the European Commission. 3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights Legislative work is currently underway in Poland on an Artificial Intelligence Systems Act, which will implement the EU AI Act regulation. On the basis of this Act, an AI regulator is to operate, which is to be a newly established office – the AI
Development and Safety Commission. The law is planned to be enacted in the first half of 2025. Currently, no codes of ethics for the creation and use of artificial intelligence have been enacted in Poland. There is no separate regulation on the creation and use of deepfakes in the Polish legal system. In court cases concerning deepfakes, the courts have so far ruled on the basis of the provisions of the Civil Code on the protection of personal rights and personal data. In 2024, the Polish government drafted laws that regulate the use and/or testing of autonomous cars and drones. These laws are expected to be enacted in 2025. These laws focus on pro - cedural matters of the use of these innovations and do not regulate the use of AI components as part of them. 4. Internet of Things 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection In Poland, no separate legislation on the use of the Internet of Things has been enacted or planned. No codes of ethics have been adopted in this area either. The following provisions apply to such projects: cyber security, GDPR, e-Priva - cy, IPR and civil law. Electronic communications, including those con - nected to the Internet of Things, are governed by the provisions of the Electronic Communi - cations Law, which implemented the provisions of the European Electronic Communications Code. In practice, the most relevant provision is Article 399 of the Electronic Communications Law, according to which the installation of any application or the recording and transmission of
362 CHAMBERS.COM
Powered by FlippingBook