HOME/All Jurisdictions/PL

PL — Country Profile

Poland

44TOTAL
28OFFICIAL SOURCES
5TOPIC AREAS
Law / Act9
Executive Order4
National Strategy6
Working Paper1
Other24
20 MAR 2026 · Working Paper

Poland Establishes Single National AI Regulator (Central Authority)

Poland established a single, new national regulator for AI enforcement: the Central Authority for AI Supervision. This contrasts with other member states using distributed models. The Oxfors BSG analysis notes this reveals an "enforcement gap" across member states as the August 2026 deadline approaches, with most countries not having national laws ready.

National Implementation ·Regulatory Authoritybsg.ox.ac.uk ↗
19 FEB 2026 · Other

Personal Data Protection Office's investigation into Glovo over alleged unlawful data collection practices of identity documents

On 19 February 2026, Poland’s Personal Data Protection Office (UODO) announced a fine of PLN 5.898 million against Glovo over the unlawful data collection practices in its mobile application. The authority found that the company unlawfully required users to submit scans or photos of identity cards or passports for fraud verification, including suspected theft, counterfeit payments, or mismatched card details, relying incorrectly on legitimate interest under Article 6(1) of the General Data Pr...

National Strategyorzeczenia.uodo.gov.pl ↗
16 OCT 2025 · Other

Lawsuit relating to classification of internet protocol addresses and cookie identifiers as personal data under General Data Protection Regulation

On 16 October 2025, Poland's Supreme Administrative Court issued a ruling in the lawsuit relating to the classification of Internet Protocol (IP) addresses and cookie identifiers as personal data under the General Data Protection Regulation. The Court upheld the Administrative Court's finding that the authority failed to properly justify whether dynamic IP addresses and cookie identities constituted personal data. The ruling clarifies that online identifiers are not automatically personal dat...

✓ OfficialNational Strategyorzeczenia.nsa.gov.pl ↗
18 SEP 2025 · Law / Act

Personal Data Protection Office's proposal to introduce law to address dissemination of harmful deepfake content

On 18 September 2025, the President of the Personal Data Protection Office (UODO) presented a proposal to introduce a law protecting individuals from harmful deepfakes. The proposal focuses on technology companies and social media platforms hosting manipulated images, audio, or video of identifiable persons. It proposes legal accountability for creating and sharing deepfakes, stronger personal data protection, mandatory platform detection and labelling systems, rapid removal of illegal conten...

Content Moderationuodo.gov.pl ↗
01 AUG 2025 · Other

Office for Personal Data Protection lawsuit against Bank Millennium over data processing practices

On 8 January 2025, the Supreme Administrative Court in Warsaw (NSA) issued a ruling against Bank Millennium, thereby affirming the stance previously adopted by the President of the Office for Personal Data Protection (UODO). The court dismissed the bank's cassation appeal, thereby upholding the decision that the bank could not process the personal data of former customers under Article 6(1)(f) of the General Data Protection Regulation (RODO) to defend against potential future claims. The UODO...

✓ OfficialNational Strategyuodo.gov.pl ↗
05 JUL 2025 · Other

Data Protection Authority investigation into election-related privacy breaches

On 7 May 2025, the Polish Office for Personal Data Protection (UODO) announced that it is investigating potential breaches of data protection law during the presidential election campaign. The announcement emphasises that political candidates and election committees are subject to data protection obligations and that public figures are not exempt. The Office is examining several incidents in which personal data, including names, addresses, and sensitive contextual information such as health s...

National Strategyuodo.gov.pl ↗
02 JUN 2025 · Other

Office of the Data Protection Commissioner guidance including recommendations against use of DeepSeek due to data protection concerns

On 6 February 2025, the Office of Data Protection Commissioner (UODO) adopted an outline cautioning against the use of DeepSeek over data protection concerns. It was highlighted that the chatbot, developed by Chinese companies Hangzhou DeepSeek AI and Beijing DeepSeek AI, has been downloaded 3.6 million times in two weeks. UODO warned that user data may be stored on servers in China, which lacks an adequacy decision from the European Union (EU). It was also highlighted that Chinese authoriti...

✓ OfficialNational Strategyuodo.gov.pl ↗
20 FEB 2025 · Other

Office for the Protection of Personal Data updated guide on obligations of administrators related to personal data protection breaches

On 20 February 2025, the Personal Data Protection Office (UODO) adopted the updated version of its guide on personal data breaches, which includes new General Data Protection Regulation (GDPR) interpretations, revised risk assessment criteria, and updated reporting procedures. The guide outlines a range of cybersecurity measures, such as ransomware protection, phishing detection, and encryption practices, and clarifies the 72-hour notification deadline and exceptions. A new section addresses...

✓ OfficialNational Strategyuodo.gov.pl ↗
13 JAN 2025 · Other

Ministry of Digital Affairs guidelines on implementation procedure for content moderation under European Union's Digital Services Act

On 13 January 2025, the Ministry of Digital Affairs adopted guidelines on the implementation procedure for content moderation under European Union's Digital Services Act (DSA) in Poland. It was highlighted that DSA aims to hold digital companies accountable for platform content, focusing on combating illegal content and enhancing transparency. Currently, platforms including Facebook manage illegal content independently, but the DSA introduces state involvement through administrative procedure...

✓ OfficialContent Moderationgov.pl ↗
31 DEC 2024 · Other

Ministry of Digital Affairs brochure on forbidden AI systems

On 31 December 2024, the Ministry of Digital Affairs in Poland closed the consultation process for the implementation of the Regulation on Artificial Intelligence (AI Act), focusing on the prohibition of goods and services related to ML and AI development. This national-level action aims to align with the European Union's efforts to create a uniform regulatory framework for AI and educate the affected people and businesses about the regulation. The consultation seeks to gather input on prohib...

National Strategygov.pl ↗
11 DEC 2024 · Other

PDPO investigation into ClickQuickNow's compliance with GDPR

On November 12, 2024, Poland's Supreme Administrative Court upheld a fine of PLN 201,559.50 against ClickQuickNow, dismissing the company’s appeal and confirming the earlier decision by the President of the Personal Data Protection Office (PDPO) concerning violations of the GDPR, including making it unnecessarily difficult to withdraw consent for personal data processing and failing to comply with the “right to be forgotten.” The Court agreed that ClickQuickNow employed misleading and overly ...

✓ OfficialNational Strategyedpb.europa.eu ↗
02 DEC 2024 · Other

Personal Data Protection Office's Sectoral Inspections Plan 2024

On 12 February 2024, the Personal Data Protection Office in Poland announced its plan for sectoral inspections for the year. Specifically, the Office will focus on entities processing data using Internet applications, among other sectors.

National Strategyuodo.gov.pl ↗
31 OCT 2024 · Executive Order

Ministry of Digital Affairs order on designation of authorities for the enforcement of fundamental rights protections in the EU Artificial Intelligence Act

On 31 October 2024, the Ministry of Digital Affairs designated three public bodies to oversee and enforce protections of fundamental rights related to high-risk artificial intelligence (AI) systems, as defined under Article 6 of the EU AI Act. Article 77(1) of the AI Act grants certain public authorities in EU Member States the responsibility to protect fundamental rights, including the right to non-discrimination, in relation to AI systems. These authorities are permitted to access documenta...

✓ OfficialNational Strategygov.pl ↗
15 OCT 2024 · Other

UODO lawsuit over data leak from pandabuy website

On 15 October 2024, the District Court for Warsaw-Śródmieście mandated the District Prosecutor's Office for Warszawa Śródmieście-Północ to investigate the data leak impacting Polish customers of the pandabuy platform. On 29 April 2024, the Personal Data Protection Office (UODO) had notified the prosecutor's office of a suspected crime involving the unauthorised leak of personal data from pandabuy platform, which included names, email addresses, phone numbers, and other information belonging t...

National Strategyuodo.gov.pl ↗
12 OCT 2024 · Other

Personal Data Protection Office investigation into Meta over publishing advertisements using Omenaa Mensah's data in Poland

On 10 December 2024, the Provincial Administrative Court in Warsaw (WSA) denied the appeal filed by Meta Platforms Ireland Limited, which sought to suspend the enforcement of orders issued by the President of the Office for Personal Data Protection (PUODO) banning the dissemination of purportedly false advertisements. The legal dispute pertained to allegations of unauthorised use of personal data and images of journalist Omena Mensah and entrepreneur Rafał Brzoska in advertisements deemed to ...

✓ OfficialNational Strategyuodo.gov.pl ↗
30 SEP 2024 · Other

UODO investigation into the President of the District Court of Zgierz over alleged Dara Protection Breach

On 30 September 2024, the Supreme Administrative Court (NSA) dismissed the cassation appeal of the President of the District Court in Zgierz and upheld the decision of the Provincial Administrative Court (WSA) in Warsaw. It confirms the Polish Data Protection Authority's (UODO) decision to impose a financial penalty for inadequate data protection measures. The investigation was started based on a personal data breach involving the loss of an unencrypted pen drive containing the data of 400 in...

✓ OfficialNational Strategyuodo.gov.pl ↗
16 SEP 2024 · Other

UODO investigation into Morele.net over allegedly violating GDPR provisions

On 16 September 2024, the Provincial Administrative Court (WSA) dismissed Morele.net's complaint against the Personal Data Protection Office (UODO) regarding its decision finding that Morele.net had violated several GDPR provisions and imposing a fine of over PLN 3.8 million. The case was reconsidered after the Supreme Administrative Court (NSA) annulled a previous ruling from 2023, which had initially dismissed Morele.net's appeal against a smaller fine of 2.8 million PLN imposed in 2019. Th...

✓ OfficialNational Strategyuodo.gov.pl ↗
07 AUG 2024 · Other

UODO guidelines on protecting children's privacy and images on the internet

On 8 July 2024, the Office for Personal Data Protection (UODO) published a guide to support institutions, organisations, and adults in protecting children's privacy and images on the internet. The guide outlines the legal and ethical considerations of sharing children's images online. Furthermore, the guide lists potential risks such as hate speech, cyberbullying, and identity theft and emphasises raising awareness about children's privacy in digital environments.

✓ OfficialNational Strategyuodo.gov.pl ↗
31 JUL 2024 · Other

UODO National Inquiry on data access rights under GDPR as part of EDPB Coordinated Enforcement Framework

On 31 July 2024, the Office for Personal Data Protection closes its consultation on the national study focusing on the exercise of the right of access to personal data by controllers. This study invites administrators to participate in a survey developed within the European Data Protection Board's (EDPB) Coordinated Enforcement Framework (CEF). The survey aims to promote GDPR compliance and disseminate best practices among organisations. This initiative, part of a broader effort involving 31 ...

National Strategyuodo.gov.pl ↗
10 JUL 2024 · Law / Act

Act on National Cybersecurity System

On 7 October 2024, the Poland Ministry of Digital Affairs published an announcement on the Amendment to the Act on the National Cybersecurity System after conducting a public consultation from 24 April to 24 May 2024. The Act would emphasise the integration of the NIS 2 Directive and the implementation of the 5G Cybersecurity Toolbox to ensure compliance with EU standards and to enhance Poland's digital security resilience. The Ministry of Digital Affairs aims to improve supervision over crit...

National Strategygov.pl ↗
21 JUN 2024 · Executive Order

UODO guidelines on personal data protection in the workplace

On 21 June 2024, the Polish Data Protection Authority (UODO) closed its consultation on guidelines for personal data protection in the workplace. The guideline explains how employers should handle the personal data of job candidates and employees in compliance with the General Data Protection Regulation (GDPR). It covers data processing during recruitment and employment, including various employment arrangements. Further, it emphasises that employers should only collect data authorised by law...

National Strategyuodo.gov.pl ↗
28 MAY 2024 · Other

Lawsuit against Polish National Data Protection Regulation over alleged violation of right to privacy

On 28 May 2024, the European Court of Human Rights delivered a decision regarding the Polish legislation on secret surveillance and data retention. The case, brought forward by five Polish nationals, challenged the national laws authorising operational control and the retention of telecommunications, postal, and digital communications data for potential future use by national authorities. The Court found three violations of Article 8 of the European Convention on Human Rights, highlighting th...

✓ OfficialNational Strategyhudoc.echr.coe.int ↗
30 APR 2024 · Law / Act

Implementation Legislation of the EU Data Act (Directive (EU) 2020/1828)

On 30 April 2024, the Ministry of Digital Affairs in Poland closed its public consultation on a Bill implementing the EU Data Act (Directive (EU) 2020/1828) into Polish national Law. The pre-consultation aimed to gather initial opinions all stakeholders on how best to integrate the Data Act into Poland's legal system. Stakeholders were invited to share information on whether one or more authorities should be entrusted with the application and enforcement of the Data Act and if a new market su...

National Strategygov.pl ↗
23 APR 2024 · Law / Act

Bill on designation of market surveillance authority and notifying authority under EU AI Act

On 23 April 2024, the Ministry of Digitization in Poland closed the consultation on a Bill on the designation of market surveillance authority and notifying authority under the European Union Artificial Intelligence Act (AI Act). The Ministry gathered initial opinions from AI sector stakeholders on how best to integrate the Act into Poland's legal system. Stakeholders were invited to share information on whether a new market surveillance authority under Polish law should be established or new...

National Strategygov.pl ↗
15 MAR 2024 · Other

Data Protection Authority Statement Regarding Processing of Employee Health Data by Medical Entities

On 15 March 2024, the Polish Data Protection Authority (UODO) issued a statement on the processing of health data by medical entities in a dual role as both employers and medical service providers. This was the case in the judgment of 21 December 2023 in the case of sygn. C-667/21 Krankenversicherung Nordrhein. According to the judgment of the Court of Justice of the European Union, if a medical entity processes health data of one of its employees not as an employer, but as a medical service,...

✓ OfficialNational Strategyuodo.gov.pl ↗
28 FEB 2024 · Other

Public Lawsuit involving Mayor of Aleksandrow Kujawski regarding data protection contract with processor

On 28 February 2024, the Supreme Administrative Court of Poland upheld a decision of the Warsaw Administrative Court. The ruling confirmed a penalty of PLN 40’000 imposed on the Mayor of Aleksandrow Kujawski for violating Art.28 of the General Data Protection Regulation (GDPR). The case revolved around the Mayor's failure to enter into a data processing agreement with the company hosting the Public Information Bulletin (BIP) resources of the Aleksandrow Kujawski Municipal Office, and the enti...

✓ OfficialNational Strategyuodo.gov.pl ↗
10 FEB 2024 · Law / Act

Draft Act on Data Management

On 2 October 2024, the Polish government closes its public consultation on the Draft Act on Data Management (UC67). This Draft Act would align national regulations with the EU Data Governance Act (DGA), facilitating the sharing of both personal and non-personal data across various sectors. This Draft Act would align national regulations with the EU Data Governance Act (DGA), facilitating the sharing of both personal and non-personal data across various sectors. The Act proposes the establishm...

National Strategygov.pl ↗
10 JAN 2024 · Other

Poland-United States of America Memorandum of Understanding concerning Cybersecurity and Emerging Technology Cooperation

On 1 October 2024, the Department of Homeland Security (DHS) of the United States of America and the Polish Ministry of Digital Affairs (MDA) signed a Memorandum of Understanding (MOU) to enhance their collaboration in the fields of cybersecurity and emerging technology. The objective of this agreement is to establish a structured framework for future policy and operational cooperation across a range of domains, including cyber policy and strategy, Secure by Design principles, information sha...

✓ OfficialNational Strategydhs.gov ↗
23 NOV 2023 · Other

UODO investigation into Link4 regarding failure to report a data breach

On 23 November 2023, the Polish Personal Data Protection Office (UODO) announced it fined the insurance company Link4 for failure to report a data breach. The company sent a damage compensation message to an unauthorised recipient, containing various personal data. The company was informed by the unauthorised recipient about the event but did not take any action. Later, the company explained that the message was sent as a result of human error. The fine amounts to PLN 103'752.

✓ OfficialNational Strategyuodo.gov.pl ↗
12 AUG 2023 · Executive Order

Personal Data Protection Office order approving additional requirements for entities certifying compliance of personal data processing with GDPR

On 8 December 2023, the Personal Data Protection Office (PDPO) approved additional requirements for the accreditation of certifying entities. The order aims to verify the compliance of personal data processing operations carried out by controllers and processors. The certification, which is voluntary, is intended to increase transparency and improve compliance with personal data protection standards, taking into account the specificity of various sectors. Entities that receive a certificate w...

✓ OfficialNational Strategyuodo.gov.pl ↗
29 DEC 2022 · Other

Office of Competition and Consumer Protection Investigation into Allegro for Alleged Abuse of Dominance through Self-Preferencing

On 29 December 2022, the Polish Office of Competition and Consumer Protection (UOKiK) sanctioned the online shopping platform Allegro with a fine of PLN 206 million for abusing its dominant position through self-preferencing. Allegro is both an intermediary platform in e-commerce (allegro.pl), and also sells goods on its own online store, called Official Allegro Store (OSA). OSA was the largest seller on allegro.pl. UOKiK decided to sanction Allegro for using non-public information from the s...

✓ OfficialCompetitionuokik.gov.pl ↗
16 AUG 2022 · Other

Investigation into Sulkowice Cultural Centre for alleged personal data protection violations

On 16 August 2022, the Polish President of the Personal Data Protection Office issued a ruling in its investigation into personal data protection violations by the Sułkowice Cultural Centre. The investigation revealed that the controller outsourced the management and processing of personal data without entering into an official contract with the processor. In addition, the Persident found that the controller did not take the necessary steps required to ensure that the processor complies with ...

✓ OfficialNational Strategyuodo.gov.pl ↗
13 DEC 2021 · Other

Poland Competition investigation on Apple new privacy policy rules

The Office of Competition and Consumer Protection (UOKiK) announced an investigation into the Privacy Policy introduced by Apple, which increases the requirements that the apps on iOS devices need to fulfil to track user activity. In particular, the Authority investigates whether the new rules are designed to promote and self-preference Apple's personalised advertising service (Apple Search Ads), determining a case of exclusionary abuse of market power. Apple also reduced the amount of datafl...

Competitionuokik.gov.pl ↗
29 SEP 2021 · Executive Order

Personal Data Protection Office addresses legal gap in GDPR compliance

The Personal Data Protection Office (UODO) in Poland noticed a legal gap while adjusting the provisions of the GDPR to the activities of psychological and pedagogical counselling centers. Currently, the Polish Education Law and the implementing acts related to it only cover partial protection of personal data contained in the documentation kept by the counselling centers. Therefore, the UODO President sent a formal request to the Minister of Education and Science to consider a comprehensive l...

✓ OfficialNational Strategyuodo.gov.pl ↗
02 JAN 2021 · Law / Act

Content moderation restriction in draft Polish "free speech law"

The Draft of the law on the protection of freedom of speech on social networking websites is announced by the Polish Minister of Justice. According to the drafted law, the social networks would be forbidden to delete entries or block the accounts of Polish users if their content does not violate Polish law. Moreover, a five-person Freedom of Speech Council would be established to monitor the constitutional freedom of expression on social networking sites. The law also requests the social med...

Content Moderationgov.pl ↗
National Strategy

Piaskownice regulacyjne w obszarze AI - Ministerstwo Cyfryzacji - Portal Gov.pl

<strong>Projekt badawczy miał na celu zdiagnozowanie poziomu wiedzy, postaw oraz potrzeb przedsiębiorstw, w kontekście piaskownic regulacyjnych, rozwijanych w związku z wdrażaniem regulacji AI Act</strong>.

✓ OfficialNational Strategygov.pl ↗
Law / Act

Bill amending Act on Providing Services by Electronic Means and certain other acts implementing Digital Services Act in Poland

On 9 January 2026, the President of Poland vetoed the Bill amending the Act on Providing Services by Electronic Means and certain other acts implementing the Digital Services Act. As a result of the veto, the Bill did not enter into force and the national statutory framework for enforcing the Digital Services Act in Poland was not established through this legislation. The veto halted the legislative process unless overridden by the House of Representatives under constitutional procedures.

Content Moderationprezydent.pl ↗
National Strategy

Policy for the Development of Artificial Intelligence in Poland from 2020 (Polityka dla rozwoju sztucznej inteligencji w Polsce od roku 2020) – Polityka rozwoju sztucznej inteligencji w Polsce na lata 2019–2027

AI law in Poland: The Policy for the Development of Artificial Intelligence in Poland from 2020 (Polityka AI 2019–2027) is a national strategy adopted by the Council of Ministers that sets short-, medium- and long-term objectives to build Poland’s AI ecosystem, align with EU/OECD ethical standards, support business and research, and promote public-sector use of AI while protecting human dignity and fundamental rights. It defines six strategic pillars (AI and society; AI and innovative firms; AI and science; AI and education; international cooperation; AI and the public sector) together with tools such as data sharing, GovCloud, digital sandboxes and governance structures to coordinate implementation....

✓ OfficialNational Strategyisap.sejm.gov.pl ↗
Law / Act

Draft Act on Artificial Intelligence Systems (Projekt ustawy o systemach sztucznej inteligencji)

AI law in Poland: The Draft Act on Artificial Intelligence Systems is a Polish government bill designed to implement and complement the EU AI Regulation (Regulation (EU) 2024/1689) at the national level. It creates a national supervisory architecture (including a proposed Commission for AI Development and Safety), sets conformity, registration and market surveillance rules for AI systems, and aligns enforcement and sanctions with the EU framework while adding national procedural and institutional detail....

✓ OfficialNational Strategylegislacja.rcl.gov.pl ↗
National Strategy

Assumptions to AI Strategy in Poland (Proposition for an AI Strategy; Plan of activities of the Ministry of Digital Affairs)

AI law in Poland: In November 2018 the Polish Ministry of Digital Affairs (Ministerstwo Cyfryzacji) published &#x27;Założenia do strategii AI w Polsce. Plan działań Ministerstwa Cyfryzacji&#x27; — a non-binding national proposition that sets assumptions, objectives and a first two-year action plan for developing the national AI ecosystem. The document outlines governance, priorities (data economy, R&amp;D funding, education, ethics and law), pilot projects, and coordination with EU initiatives....

✓ OfficialNational Strategygov.pl ↗