The AI Act has been published – thus, its entry into force is approaching rapidly. As a rule, the entire set of provisions will become applicable on 2 August 2026. However, some regulations, in particular the provisions establishing prohibited practices in the field of artificial intelligence, will come into force earlier – as of 2 February 2025. This is a good moment to reflect on the issue of implementing the AI Act in Poland and the challenges associated with it, especially since more and more information is emerging regarding legislative work being carried out to ensure the implementation of the AI Act in Poland and, more broadly, to create a safe and effective ecosystem of artificial intelligence in Poland.

Ensuring the application of the AI Act in Poland 

The AI Act, as a regulation, will be directly applicable in all EU Member States. Therefore, there is no need to implement the provisions of the AI Act into the Polish legal order. Nevertheless, it will still be necessary to introduce provisions that will enable the effective application of this regulation in Poland.

The Polish legislator will have to resolve all so-called national options provided for by the AI Act, as well as establish a supervisory system.

When implementing EU legal regulations, the Polish legislator often also decides to introduce additional regulations, going beyond the scope established by the EU legal act. Personally, however, I take the view that, from a regulatory perspective, the implementation of the AI Act should be minimal in nature. The AI Act itself establishes a great number of obligations and requirements. Therefore, there is no need to introduce additional requirements that may negatively affect Poland’s competitiveness in this regard. What may possibly deserve additional attention from the legislator, beyond the scope of the AI Act itself, is the issue of support for entrepreneurs and, more broadly, support for the development of AI in Poland (e.g., through the planned AI fund).

It should also be remembered that the AI Act will affect existing sectoral regulations, particularly those regulating the broadly understood financial market. During the legislative process, particular attention should therefore be paid to maintaining proper consistency between the existing sectoral legal provisions and the content of the AI Act itself. As a member of GRAI (the Working Group on Artificial Intelligence operating at the Ministry of Digital Affairs), I personally intend, on behalf of Macura Law Firm, to support the Ministry of Digital Affairs precisely in these aspects of the legislative work on the said Act.

The Act implementing the AI Act

We already know that the Ministry of Digital Affairs is conducting legislative work to ensure the proper application of the AI Act. At the Standing Subcommittee on Artificial Intelligence and Algorithmic Transparency, which was held on 24 July 2024, Minister Dariusz Standerski presented the perspective on the implementation of the AI Act in connection with the publication of the act in the Official Journal of the European Union.

Thanks to this, we learned many details about the plans of the Ministry of Digital Affairs in this regard. In particular, we know that there was originally a plan to prepare a preliminary act concerning only prohibited systems. However, the Ministry of Digital Affairs received confirmation from the European Commission that the entry into force of the provisions on prohibited practices does not require intervention by national legislators, as these provisions may be applied directly. This gives more time to prepare a broader legal act, while legislative actions will, according to the announcement, be carried out in two stages.

The first act intended to implement the AI Act should be adopted by the end of July 2025 and will include in particular:

• the establishment of a completely new supervisory authority, in line with previously communicated assumptions;
• the designation of the President of the Personal Data Protection Office (PUODO) as an additional supervisory authority within the scope of personal data protection;
• the indication of the notifying authority, which is to be the Polish Centre for Accreditation;
• the introduction of procedures regarding penalties provided for by the AI Act, whereby these provisions will include the identification of appropriate criteria for the amount of penalties, as well as an appropriate appeal procedure – a complaint to the court.

Subsequently, as part of the second stage, the Ministry of Digital Affairs plans to adopt a second act (or possibly amend the first act). In this respect, legislative work will focus on:

• the introduction of provisions and procedures concerning other AI systems;
• the regulation of the issue of regulatory sandboxes;
• the establishment of complaint mechanisms.

It should be noted that the final assessment of the above legislative work will only be possible after the presentation of specific drafts of legal acts.

Nevertheless, the adopted assumptions and the presented plan seem rational, and the position of the Ministry of Digital Affairs and its approach to the discussed legislative work in this area gives hope for the development and adoption of regulations that are both substantively sound and economically well thought out.

Of course, we are still at an early stage of work on the above act, and its final form, or even the adopted assumptions, will likely undergo modifications. We will also still have to wait for the draft text of the act itself. According to the information presented, the draft of the first act should be submitted for inter-ministerial consultation this year.

Supervisory authority for AI – the Artificial Intelligence Supervision Commission

A key issue related to ensuring the effective application of the AI Regulation in Poland is also the establishment of appropriate supervision as provided for in the AI Act.

According to announcements from the Ministry of Digital Affairs, the establishment of a completely new supervisory authority – the Artificial Intelligence Supervision Commission (KNSI) – is planned. This announcement was reaffirmed during the aforementioned parliamentary subcommittee.

At the same time, in accordance with the presented assumptions, it is known that the new authority is to be guaranteed a strong political position.

According to the initial proposal, the chairperson of the supervisory authority would be appointed by the Prime Minister. The composition of the authority would, however, be diverse, so that not only representatives of the ministry, but also representatives of appropriate offices (sectoral authorities), would be included.

Key in this respect will be cooperation with, for example, the President of the Personal Data Protection Office, who will also serve as an additional supervisory authority within the scope of personal data protection.

In my opinion, the decision to establish a new national authority that will properly and fairly supervise the application and implementation of the AI Act is correct. It should be noted that none of the currently established supervisory authorities in Poland is truly prepared to act as a supervisory authority in the field of artificial intelligence. Nor is it realistically possible for any of the currently existing supervisory authorities to be able to efficiently and properly adapt in the future to perform this function.

In the media, there had previously been information about the potential designation of the President of the Personal Data Protection Office (PUODO) to perform the role of the authority in the field of artificial intelligence. However, this candidacy was not optimal, which was confirmed by the results of public consultations conducted by the Ministry of Digital Affairs. First and foremost, it should be noted that this authority is currently overloaded, which results from systemic problems and a very broad scope of tasks entrusted to it in the field of personal data protection supervision. Admittedly, problems related to artificial intelligence often touch upon issues of privacy and personal data protection. Nevertheless, these issues constitute only a fragment of the challenges associated with AI. The potential designation of the Personal Data Protection Office as the supervisory authority under the AI Act would therefore raise concerns about this authority’s excessive focus on privacy and data protection aspects. Supervisory activity focused on privacy would be a natural direction of action for the said office, consistent with its knowledge and experience. This could result in insufficient involvement in other areas requiring attention from the AI supervisory authority.

At the same time, the key role of PUODO has been recognised and duly taken into account. Thus, in accordance with the assumptions, this authority will serve as an additional supervisory body within the scope of personal data protection. Additionally, appropriate coordination and cooperation are to be ensured between the new supervisory authority and existing sectoral supervisory authorities such as PUODO.

As regards other supervisory authorities established in the Polish legal system, none of them could effectively perform the role of a supervisory authority under the AI Act. These are sectoral supervisory bodies specialised in specific, specialised tasks unrelated to artificial intelligence.

It is also beyond doubt that the establishment of a new authority specialised in the area of artificial intelligence may constitute a significant step towards building a safe yet effective ecosystem for the development of AI in Poland.

Such a specialised authority may more easily attract experts (which is necessary to perform the assigned tasks) and will more easily gain the appropriate authority in the area over which it will exercise supervision. As the Ministry of Digital Affairs rightly notes, in the case of the need to extend the scope of activity or supervisory powers concerning AI, this can be done more efficiently on the basis of a new, specialised supervisory authority, namely the KNSI.

It therefore appears that the decision taken by the Ministry of Digital Affairs to establish a new, specialised supervisory authority under the AI Act is correct. At the same time, according to information provided by the Ministry of Digital Affairs, the Financial Supervision Authority could serve as a positive model when establishing the new regulatory authority under the AI Act. In this context, however, it would be advisable to pay attention not only to the positive experiences related to the establishment and operation of the KNF, but also to the problems often signalled by the market, e.g. regarding communication with the market or market support.

Summary

The official publication of the AI Act therefore constitutes a key step towards the adoption of appropriate regulations for AI systems. At the national level, we are awaiting the adoption of the discussed act ensuring the application of the AI Act and the effective establishment of the supervisory authority over AI.

We must also not forget that the legislative work to ensure the effective application of the AI Act is not the only action being taken to build a safe and effective AI ecosystem in Poland.

It is worth remembering that key actions to ensure the application of the AI Act are being taken not only at the national level.

We already know that the first meeting of the AI Board has taken place, which intends to place strong emphasis on:

• the implementation of so-called regulatory sandboxes;
• ensuring consistent application of the AI Act in the EU;
• and support for entrepreneurs.

Both at national and European level, we therefore still face many challenges to ensure the smooth and effective entry into force of the AI Act.