Traple Konarski Podrecki & Partners

On 9 August 2024 the Electronic Communications Law was published in the Journal of Laws [1].The new legislation, which will replace the current Telecommunications Law, introduces additional obligations for electronic communications entrepreneurs, a newly defined group of entities previously not covered by the former regulations. In this article, we explain who electronic communications entrepreneurs are and outline the obligations they will now be subject to. Historical background On 9 August 2024, the Electronic Communications Law (hereinafter: ECL), after almost four years of work and consultation, was published in the Journal of Laws. The primary purpose of this legislation is to implement the EU Directive establishing the European Electronic Communications Code [2] (hereinafter: EECC). The ECL replaces the existing Telecommunications Law, which has been the regulatory framework for Poland's telecommunications sector for the past 20 years. The ECL had previously been submitted to the Sejm (lower chamber of the Polish parliament) in December 2022. However, the draft law was withdrawn from consideration due to strong criticism over highly controversial amendments introduced during the final stage of the government’s legislative process [3]. Following the elections in October 2023, work on the draft law resumed, and a revised version of the ECL, which excluded the most contentious changes, was published in February 2024. By the end of May 2024, the updated ECL draft was once again submitted to the Sejm. Since July 2022, proceedings have been ongoing before the Court of Justice of the EU regarding Poland's failure to implement the provisions of the EECC on time. On 14 March 2024, the Court ruled that Poland was in breach of its obligations. The Court imposed a lump sum penalty of €4 million on Poland, along with a daily fine of €50,000 for each day of further non-compliance with the EECC. As a result, the total fines imposed on Poland have already exceeded €10 million. The EECC was adopted and enforced in December 2018, setting a deadline for transposition by Member States set for December 2020. It aimed to establish a legal framework ensuring the freedom to provide electronic communications networks and services while consolidating and updating the existing directives governing the telecommunications market into a single piece of legislation. Who will be covered by the ECL regulations? One of the greatest changes introduced by the ECL is the expansion of its regulatory scope to include "electronic communications entrepreneurs." This term encompasses not only telecommunications entrepreneurs (as defined under the current Telecommunications Law) but also "entities providing a publicly available interpersonal communication service that does not use numbers." The extension of the scope of the subject matter of the regulation is intended to ensure that it adapts to the changing reality in which traditional telecommunications services are increasingly being replaced by modern forms of communication, provided primarily via the Internet. Although the ECL itself does not explicitly define what constitutes an "interpersonal communication service that does not use numbers," the issue is clarified in the EECC. It indicates that these are services that enable interpersonal and interactive exchange of information between a finite (limited) number of people. They include, among other things, email, instant messaging, and online meeting tools that allow participants in such a meeting to communicate directly and bilaterally. Excluded from this definition are services such as VOD platforms, websites, social networks, blogs, and communication tools that are merely supplementary to another service and cannot function independently, such as chat channels in online games. However, this exclusion should be interpreted to a relatively narrow extent. Therefore, determining whether a particular service qualifies as an "interpersonal communication service that does not use numbers" can be challenging. This is because, potentially, the same service (the same technical solution) may be classified differently depending on the manner and context of use. Obligations towards end-users To begin with, it is important to highlight that many of the obligations listed below – either in identical or very similar form – are already present in the Telecommunications Law. Therefore, while not all of these regulations are entirely new to the legal framework, they will now also apply to businesses offering interpersonal communication services that do not use numbers. One of the key sets of responsibilities imposed on all electronic communication entrepreneurs involves specific obligations towards end-users. Their detailed scope will depend on the type of service provided, but as a general rule they include: The obligation to provide consumers, free of charge and on a durable medium, with a range of pre-contractual information and a concise summary of the terms and conditions, even before the contract is signed (Articles 285 et seq. of the ECL); A prohibition against discrimination based on nationality, residence, or domicile, as well as a ban on making a contract conditional upon not entering into an agreement with another supplier (Article 298 ECL); An obligation to publish up-to-date information on its website in a clear, understandable, and machine-readable format, accessible to users with disabilities. This information must include details about the services offered, their key features, pricing, after-sales services, and the standard contract terms (Article 300 ECL); Restrictions on the ability of electronic communications providers to unilaterally amend the terms and conditions of contracts for the provision of electronic communication services (Articles 306 et seq. ECL); An obligation to ensure that users with disabilities have access to services and facilities in a manner equivalent to that provided to the general public, with information about these services published on the provider's website (Article 340 of the ECL); An obligation to obtain prior consent from subscribers before activating any optional debit service (Article 349 ECL); An obligation to address complaints related to electronic communication services or optional debit services (Article 378 ECL). Secrecy of electronic communications and data protection Electronic communication entrepreneurs, along with their partners, will be required to uphold the confidentiality of electronic communications. They must also exercise due diligence in securing telecommunications equipment, public telecommunications networks, and data to prevent the disclosure of confidential electronic communications (Article 387 ECL). In addition, the provider of electronic communication services will have to inform the end-user of, among other things, about: The scope and purpose of processing transmission data and other related data; Possibilities available to influence the scope of this processing; The type of transmission data that will be processed and the duration of processing for the purposes of marketing electronic communication services or offering value-added services (Article 391 ECL). Furthermore, to use the location data, the provider of electronic communication services will have to anonymise the data (Article 392 ECL). In addition to their responsibilities under the GDPR, providers of electronic communication services must implement appropriate technical and organisational measures to safeguard the security of personal data processing. These measures must ensure at a minimum: Access to personal data is granted to a person with an authorisation issued by the data controller; Protection of personal data against accidental or unlawful destruction, loss, alteration, and unauthorised or illegal storage, processing, access, or disclosure; Implementation of a security policy with regard to the processing of personal data (Article 401 ECL). Additionally, providers of electronic communication services will have to keep a record of personal data breaches, including the facts surrounding the breach, its impact and the action taken (Article 405 ECL). Cybersecurity It is also worth noting that even though the ECL provisions do not govern the cybersecurity of electronic communication entrepreneurs and the services they provide, all such entities – regardless of their sizes – will be considered key or important entities under the currently drafted amendment to the Act on the National Cybersecurity System [4] (hereinafter: ANCS), which implements the EU's NIS 2 Directive [5]. Hence, the obligations of electronic communication entrepreneurs in this respect – based on the draft ANCS amendment of April 2024 – will include: Systematic incident risk assessment and management; Technical and organisational measures that are appropriate and proportionate to the assessed risks, considering the state of the art, the costs of implementation, the size of the entity, the likelihood of incidents, and the exposure of the entity to risks; Collecting information on cyber threats and vulnerabilities of the information system used to provide the service; Incident management; Measures to prevent and limit the impact of incidents on the security of the information system used to provide the service; Secure electronic means of communication as part of the national cybersecurity system, taking into account multi-factor authentication. Financial penalties In the event of non-performance or improper performance of most of the obligations described in this article, the President of the Office of Electronic Communications will have the authority to impose a financial penalty on electronic communication entrepreneurs of up to 3% of the revenue generated by the entrepreneur in the preceding calendar year. Entry into force Most of the ECL provisions will enter into force three months after the date of promulgation, i.e. on 10 November 2024. However, the enforcement date for some of the ECL provisions has been stretched out over time and varies from the day after the date of promulgation of the Law up to 12 months after that date. Author: Agnieszka Wachowska, Piotr Nepelski and Piotr Konieczny Footnotes [1] https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240001221/O/D20241221.pdf [2] Directive 2018/1972 of the European Parliament and of the Council (EU) of 11 December 2018 establishing the European Electronic Communications Code [3] These included the extension of tasks and responsibilities for defence, state security and public safety and order to all electronic communication entrepreneurs [4] Draft Law on Amendments to the Act on the National Cybersecurity System and Some Other Acts (available here: https://legislacja.gov.pl/projekt/12384504/katalog/13055207) [5] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148

On 12 July 2024, the Act on Artificial Intelligence (AI Act) was published in the Official Journal of the European Union, as the first EU regulation in this field.Poland is also working on the national law implementing certain provisions of the AI Act and the act implementing the EU DORA regulation, which regulates the engagement of third-party technology providers, including AI-based solutions, by financial entities. In this context, it is important to note the forthcoming developments regarding artificial intelligence systems used for creditworthiness assessment, which are increasingly used by lenders. The new regulations classify credit scoring systems as high-risk AI systems, as referred to in Article 6 of the AI Act and Annex III of the Regulation. The provisions of the AI Act stipulate that lenders performing creditworthiness assessments using AI will be required to comply with a number of obligations under Article 26 of the AI Act, including, among others: use of the AI system in accordance with the instructions, ensuring the adequacy and representativeness of the input data controlled, supervision of the system by a qualified person, and compliance with the disclosure obligation in relation to persons for whom a credit decision will be taken using AI. Moreover, in accordance with Article 27 of the AI Act, with regard to AI systems used to assess creditworthiness, financial institutions will be required to conduct an assessment of the impact of the high-risk AI system on fundamental rights and submit its results to the supervision authority. Financial institutions should also take into account that the use of AI systems does not constitute a violation of the catalogue of prohibited practices referred to in Article 5 of the AI Act. In Poland, work has also begun on the act of law which should clarify certain provisions of the AI Act. As part of the pre-consultation at the Ministry of Digital Affairs, the proposals of social organisations on the establishment of the Polish artificial intelligence authority were presented, resulting in the adoption of a position on the establishment of an Artificial Intelligence Supervision Commission, which is of collegial nature and comprises representatives of other supervision authorities. It should also be mentioned that Poland is in the process of drafting the act amending certain acts in connection with ensuring the operational digital resilience of the financial sector, ensuring the adequate application of the DORA regulation, the provisions of which may also apply to the use of AI systems by financial entities. The draft act provides, among others, for the designation of the Polish Financial Supervision Authority as the supervision authority in the scope of ensuring the operational digital resilience of the financial sector, as well as the amendments to the Act on the National Cyber Security System, including in the area of reporting on major ICT incidents and cyber threats. In accordance with the latest reports, the publication of the next version of the draft act is scheduled in October. Authors: Jan Byrski and Hubert Łączkowski 

The patent claims cover rivaroxabine in the form of rapid-release tablets and only one feature regarding the use of this substance: once a day. Courts in Europe resolve the issue of patent validity inconsistently, although without surprise. In the United Kingdom, on 24 May 2024, the Court of Appeal upheld the decision to invalidate the patent; in Germany, the court issued a preliminary opinion on recognising the validity of the patent. Seven patent invalidation proceedings are pending before the Patent Office of the Republic of Poland (UPRP). Four decisions have been taken in a patent infringement case in Poland so far. In one case, the preliminary injunction was granted first, but its enforcement was nevertheless subsequently suspended by the court itself. In three other cases, the judges of the intellectual property court decided to dismiss the request for security. In articulating the reasons for the decision, Judge Krzysztof Kurosz indicated that there was a high probability (more than 50%) that the patent would be invalidated due to the lack of technical features of the solution and the lack of an inventive level and sufficient disclosure of the invention. The court's conviction that the patent was likely to be invalidated was essential for the applicability of the relevant provisions of the Code of Civil Procedure (kpc) amended in 2023; they now requires courts to take into account the risk of patent invalidation when considering the grant of preliminary injunctions. In the case concerned, the decision actually determines the balance of power in the market. A year and a half remains until the disputed patent expires and it is doubtful whether the patent invalidation case, on which the outcome of the infringement dispute depends, can be resolved during that time. The IP court's line of jurisprudence in the rivaroraxabine dispute and the reasoning in the individual justifications indicate a strong tendency of the court to avoid the grant of preliminary injunctions in the case of rights of questionable quality. This is an important aspect in strategic decision-making by both parties of the pharmaceutical sector. The issue of preliminary injunctions in the case of weak patents, with a relatively short shelf life, under the amended Code of Civil Procedure will certainly be the industry's focus in upcoming disputes. Author: Żaneta Zemła-Pacud

On 12 August 2024, the Government published information regarding a proposal for amendment to the Personal Income Tax Act, the Corporate Income Tax Act and certain other acts. The envisaged amendments include changes to the taxation rules for family foundations. The legislative proposal has not yet been published, but the Deputy Minister of Finance said that the Government’s aim is to tighten tax rules on family foundations to reduce use of these foundations for tax optimization purposes. Consequently, the Government plans to abolish the rule that in general a foundation does not pay tax on its income, but only on benefits paid to its beneficiaries. To that end, the Ministry will propose for instance a 19 % tax on the sale of any assets of a family foundation sold within 15 years of the date on which the foundation purchases them. The tax paid by the family foundation [would] be deductible from the tax due on the payment of benefits to beneficiaries. Income tax is to be imposed on other sources of income of family foundations as well, such as income obtained from the rental of real estate belonging to the family foundation or from shares held in fiscally transparent entities. A solidarity contribution is also to be levied on the beneficiaries of family foundations, and this means that the solidarity contribution calculation base will include benefits paid to the foundations' beneficiaries. The proposed amendment is intended to combat the practice of contributing assets to a family foundation and then quickly selling them. Subsequently, the funds obtained from a transaction of this kind may be used, for example, to purchase shares in a company in order to avoid the tax due if this operation were carried out outside the foundation and then to benefit tax-free (within the family foundation) dividends. The changes may also affect foreign managers of Polish companies who use a family foundation for effective wealth management in Poland and even abroad. In view of the proposals announced by the Ministry of Finance, the Enterprise Council (pl. “Rada Przedsiębiorczości” - a forum of representatives of the nine largest organizations of entrepreneurs and employers in Poland) has appealed to the Minister of Finance to suspend work and conduct real dialogue with entrepreneurs. The Deputy Minister of Finance stipulated that most of the provisions presented in the bill are proposals, “an introduction to the discussion with the parties concerned”. Author: Jan Potyrała

In September 2024, the Council of Ministers presented a legislative proposal to revise the Polish Classification of Activities (PKD),which will come into force at the beginning of 2025. The changes are a response to the need to update the Polish system of classifying business activities in line with EU standards. The proposal envisages replacing the existing 2007 classification system with a new, more detailed system of PKD codes, including an additional, fifth classification level. As a result of these changes, the names of sections, divisions, groups, classes and subclasses of the PKD codes will be modified, to make the system of classification of companies and institutions more precise. This in turn is expected to result in more accurate and updated statistical data, and to help with adaptation to EU regulations on business statistics. Newly established businesses, and any businesses that make changes to their entries in registers such as the CEIDG, KRS or REGON after 1 January 2025, will be required to use the new PKD codes. However, a transition period has been introduced for existing companies. Those that do not plan to make changes to their business after the amendment comes into force will be able to use the 2007 PKD codes for 24 months, i.e. until 31 December 2026. The changes to the PKD require entrepreneurs to prepare accordingly. Entrepreneurs need to determine whether their current PKD codes will change, and adjust their entries in registers to reflect this. It may be necessary to update existing codes or add new codes corresponding to additional areas of activity. Adapting businesses to the new PKD regulations will not only be important for the proper conduct of business. It is also extremely important to check whether the changes might affect reports related to subsidies or state aid granted in the past. Therefore, entrepreneurs should start preparing for these changes now to ensure that compliance with the new regulations proceeds smoothly. TKP constantly monitors the legislative path of legal acts to assist and advise clients as necessary. Author: Mykoła Zembra

Buying a property is always quite a complex process, often requiring an adequate audit, raising funds, identifying tax obligations and participating in long-lasting negotiations.The process is different in case of acquisition of commercial and residential properties. In addition, if real estate in Poland is acquired by foreigners, in the first instance, the obligation to obtain the relevant permit needs to be examined. A foreigner within the meaning of the Act on the Acquisition of Real Estate by Foreigners is: a natural person who does not hold Polish citizenship; a legal entity established abroad; an unincorporated company of persons listed in subparagraphs (1) or (2), established abroad, created in accordance with the legislation of foreign countries; a legal person and an unincorporated commercial company established in the territory of the Republic of Poland, controlled directly or indirectly by persons or companies listed in subparagraphs (1), (2) and (3). In the aforementioned case, a controlled commercial company is understood as a company where foreigners directly or indirectly hold more than 50% of the voting rights at the shareholders' meeting or the general meeting. As a rule, the acquisition of real estate in Poland requires a permit, issued by way of an administrative decision by the Minister of the Interior and Administration. It is obtained by fulfilling certain conditions when purchasing a real estate. These include, for example: absence of threat to internal security or to the health of members of the public; confirmation of the foreigner's links with Poland. The regulations explicitly indicate that a foreigner's links with Poland can be confirmed in the case of an entrepreneur, in particular through performing economic or agricultural activities in Poland. The Act also prescribes the acquisition of real estate by an entrepreneur in a size adequate to the real needs of the business pursued. Notwithstanding the foregoing requirements, the Act provides for very important exceptions, introduced in connection with Poland's accession to the European Union. One of the most important exceptions is a possibility for foreign nationals or entrepreneurs from countries of the European Economic Area and Switzerland to acquire real estate without a permit. Introduction of such an exception means that the authorisation obligation is actually addressed to non-EEA and Swiss economic operators. In the investment practice, foreigners other than those from the EEA and Switzerland, often decide to set up a special purpose vehicle (the so-called SPV) with its registered office in Poland in order to avoid the requirement to obtain a permit. Such a company is treated as a Polish entrepreneur, exempt from the obligation to obtain a permit - regardless of the nationality of the owners or the proportion of their shares. The establishment of a company in Poland obviously requires the fulfilment of certain formal requirements, such as registration with the National Court Register (KRS), obtaining a NIP and REGON number, as well as keeping proper accounts and identifying the beneficial owners. It is worth bearing in mind that the use of such a structure may involve additional costs and the need to comply additionally with the Polish regulations concerning the principles of conducting business activity. Author: Michał Sobolewski

The text discusses two landmark decisions by the Polish Data Protection Authority (DPA) regarding Meta's use of data from two public figures in deepfake advertisements on Facebook and Instagram.These cases highlight the strict enforcement of data protection laws in Poland, particularly in the context of unauthorized data use and the impact on individuals' privacy and reputation. The Polish Data Protection Authority (DPA) recently issued two significant decisions regarding Meta Platforms Ireland Limited's processing of the personal data of two public figures. The cases revolve around the unauthorized use of personal data for displaying deepfake advertisements on the interfaces of Facebook and Instagram. In the first case, the Polish DPA acted following a complaint filed by a well-known businessperson. The complaint involved the unauthorized dissemination of the individual's image in an ad campaign using deepfakes on Meta's platforms, promoting a fictional financial platform. The advertisements falsely attributed statements to the individual, suggesting they endorsed a scheme guaranteeing profits for Polish citizens. These false advertisements posed a major threat to the data subject's reputation, leading to a loss of trust in their professional activities. The Polish DPA found that Meta did not verify the data used in the advertisements, creating a substantial risk to the individual's privacy and professional reputation. Citing the urgency of the situation and the potential for irreparable harm, the Polish DPA applied interim measures under Article 66(1) of the GDPR and Article 70(1)(2) of the Polish Data Protection Act. Meta was ordered to cease displaying the advertisements for three months, limiting their distribution within Poland. Given Meta's jurisdiction, the Irish Data Protection Authority will ultimately handle the case. The second case involved a complaint filed by a public figure, a journalist, whose personal data and image were used in deepfake advertisements, falsely claiming that she had died, been imprisoned, or was subjected to domestic violence. The number of these advertisements was reported to be growing, with daily notifications of new instances being flagged by the data subject. The unauthorized use of her image for displaying deepfake ads not only impacted the journalist's privacy and dignity, but also caused emotional distress to her family and friends. The Polish DPA once again found that Meta had failed to take adequate measures to prevent the misuse of personal data. The Polish DPA also applied  interim measures in this case and ordered Meta to stop displaying deepfake ads containing the journalist’s image for three months. The case is also pending further investigation by the Irish DPA. Author: Mateusz Kupiec

Entrepreneurs have to comply with new EU legislation not later than until 30 December 2024. Soon, many of them will have to realise obligations to reduce deforestation and forest degradation. New EU legislation on deforestation As part of its efforts to combat climate change, the European Union has recognised that deforestation and forest degradation are significant contributors to greenhouse gas emissions. Deforestation and forest degradation are the result of agricultural land expansion, which is linked to the production of certain goods. As one of their largest consumers, the EU has an opportunity to reduce its impact on global deforestation by promoting products and supply chains that do not contribute to forest destruction. To reduce its negative impact on the environment, the Union has introduced a new regulation to combat deforestation. Adopted on 31 May 2023, the Regulation of the European Parliament and of the Council (EU) on deforestation and forest degradation (EUDR) is in force from 29 June 2023. This document repeals and replaces the previous EU Regulation 995/2010. Effective date of the requirements The rules on the dates when the various provisions of the Regulation will come into effect are quite complicated. The Regulation shall enter into force on 29 June 2023 with the proviso that a large part of the provisions, mainly in terms of prohibitions and obligations for entrepreneurs, shall enter into force as of 30 December 2024. The Regulation shall apply to products produced after 29 June 2023 – this applies only to the date of production and not to the date of placing on the market. An exception to the above rules is timber and timber products. If they were produced before 29 December 2023 and placed on the market between 30 December 2024 and 31 December 2027 - the provisions of the previous EU Regulation apply. Conversely, if produced before 29 December 2023 and placed on the market after 30 December 2027 – the provisions of the new EU Regulation apply. Scope of the Regulation The new rules regulate the marketing of products on the European Union market and the export from the EU of products which contain certain commodities (raw materials), as well as products which have been manufactured using or fed with such commodities. The rules apply to all traders/entrepreneurs in the European Union who place on the market, make available on the EU market and export certain products from the Union. The Regulation covers the following categories of goods: cattle, cocoa, coffee, oil palm, rubber, soya and timber. The link between the above goods and products should be considered as broadly as possible. For example: a trader wants to market a chocolate bar. He/she purchases chocolate from his/her supplier, which he/she will use in the production of this bar. In such a situation, it will be necessary for the trader to examine whether the cocoa used in the manufacture of the chocolate comes from legal sources and whether it meets the standards set out in the Regulation. Requirements for entrepreneurs Traders/entrepreneurs who place on the market, make available on the Union market or export from the Union the aforementioned products must demonstrate due diligence and prove that these products: do not contribute to deforestation, have been manufactured in accordance with the regulations in force in the country of manufacture, and are covered by due diligence declarations. All these elements must be met simultaneously. Due diligence system The due diligence system implemented by entrepreneurs shall include: collecting the information, data and documents necessary to comply with the requirements of the Regulation, carrying out a risk assessment for each product, for example taking into account the presence of forests or indigenous communities in the country of production, taking measures to minimise risks, such as conducting independent studies or audits. Companies are required to regularly review and document their risk assessment at least once a year to ensure that products comply with the new regulations. Consequences for non-compliance To enforce the new rules, the Regulation provides for a system of sanctions such as: fines of up to 4% of total annual turnover in the EU, confiscation of goods, confiscation of profits from transactions relating to these products, temporary exclusion from procurement procedures and access to public funding for a maximum of 12 months, temporary ban on the placing on the market or export of products in the event of serious or repeated infringements, a prohibition to use simplified due diligence for serious or repeated infringements. To summarise, the European Union has introduced new rules to reduce deforestation and forest degradation, which are effective from 29 June 2023. However, the key requirements for entrepreneurs will come into force on 30 December 2024. Traders/entrepreneurs will have to demonstrate that their operations do not contribute to deforestation, comply with the laws of the country of production and are covered by a due diligence system. As part of their due diligence system, companies must collect relevant data, assess risks and take preventive action. There are serious sanctions for non-compliance, including financial penalties and trade bans. Author: Michał Sobolewski and  Klaudia Nowak

On 20 September 2024, an amendment to the Polish Act on Copyright and Related Rights (ACRR) entered into force, which implemented the Directive on Copyright and Related Rights in the Digital Single Market (DSM) with a 3-years’ delay. One of the areas of changes is the permitted use in the scope of text and data mining: Text and Data Mining - TDM (Articles 6(1)(22), Articles 262, 263 ACRR). According to ACRR, TDM is the analysis of digital texts and data exclusively with the use of an automated technique in order to generate specific information, such as patterns, trends and correlations. Such techniques include, for example, artificial intelligence systems that learn by analysing digital content or natural language processing tools. Permitted use in the scope of TDM consists of two parts. The first one refers to cultural heritage institutions and some entities in the Higher Education and Science (e.g. universities). For the private sector, the second area is of key importance. Indeed, it is possible to reproduce all works already distributed (e.g. texts on news portals) for TDM purposes, regardless of the type of work or the rightholder. However, the law introduces two restrictions in this scope: any entity authorised to hold economic copyrights in a work may express an objection against TDM; reproduced works cannot be retained forever, but only for such a period as necessary to achieve the TDM objective (certainly until their analysis is completed). Recommendations or industry standards have not yet been developed in the scope of expressing a claim against TDM. The Polish act of law only provides that such a claim should be: clear, adequate to the way of making available the work subject to the claim, in machine-readable format (in accordance with the Act on Open Data and Re-use of Public Sector Information) including metadata not further described for works made available to the public so that anyone can access them at a place and time selected by them. All conditions must be met jointly if they apply to the specific case. Permitted use in the scope of TDM is an unquestionable business opportunity (not only for AI). It allows for the use of Internet resources to acquire knowledge, develop new tools or improve existing ones. However, attention should be paid to the possibility of a disclaimer excluding TDM for a particular work. Future recommendations or standards in this area should be expected which will help in designing appropriate solutions to verify the existence of a claim. Author: Dominik Gabor

On 9 August 2024 the Electronic Communications Law was published in the Journal of Laws [1].The new legislation, which will replace the current Telecommunications Law, introduces additional obligations for electronic communications entrepreneurs, a newly defined group of entities previously not covered by the former regulations. In this article, we explain who electronic communications entrepreneurs are and outline the obligations they will now be subject to. Historical background On 9 August 2024, the Electronic Communications Law (hereinafter: ECL), after almost four years of work and consultation, was published in the Journal of Laws. The primary purpose of this legislation is to implement the EU Directive establishing the European Electronic Communications Code [2] (hereinafter: EECC). The ECL replaces the existing Telecommunications Law, which has been the regulatory framework for Poland's telecommunications sector for the past 20 years. The ECL had previously been submitted to the Sejm (lower chamber of the Polish parliament) in December 2022. However, the draft law was withdrawn from consideration due to strong criticism over highly controversial amendments introduced during the final stage of the government’s legislative process [3]. Following the elections in October 2023, work on the draft law resumed, and a revised version of the ECL, which excluded the most contentious changes, was published in February 2024. By the end of May 2024, the updated ECL draft was once again submitted to the Sejm. Since July 2022, proceedings have been ongoing before the Court of Justice of the EU regarding Poland's failure to implement the provisions of the EECC on time. On 14 March 2024, the Court ruled that Poland was in breach of its obligations. The Court imposed a lump sum penalty of €4 million on Poland, along with a daily fine of €50,000 for each day of further non-compliance with the EECC. As a result, the total fines imposed on Poland have already exceeded €10 million. The EECC was adopted and enforced in December 2018, setting a deadline for transposition by Member States set for December 2020. It aimed to establish a legal framework ensuring the freedom to provide electronic communications networks and services while consolidating and updating the existing directives governing the telecommunications market into a single piece of legislation. Who will be covered by the ECL regulations? One of the greatest changes introduced by the ECL is the expansion of its regulatory scope to include "electronic communications entrepreneurs." This term encompasses not only telecommunications entrepreneurs (as defined under the current Telecommunications Law) but also "entities providing a publicly available interpersonal communication service that does not use numbers." The extension of the scope of the subject matter of the regulation is intended to ensure that it adapts to the changing reality in which traditional telecommunications services are increasingly being replaced by modern forms of communication, provided primarily via the Internet. Although the ECL itself does not explicitly define what constitutes an "interpersonal communication service that does not use numbers," the issue is clarified in the EECC. It indicates that these are services that enable interpersonal and interactive exchange of information between a finite (limited) number of people. They include, among other things, email, instant messaging, and online meeting tools that allow participants in such a meeting to communicate directly and bilaterally. Excluded from this definition are services such as VOD platforms, websites, social networks, blogs, and communication tools that are merely supplementary to another service and cannot function independently, such as chat channels in online games. However, this exclusion should be interpreted to a relatively narrow extent. Therefore, determining whether a particular service qualifies as an "interpersonal communication service that does not use numbers" can be challenging. This is because, potentially, the same service (the same technical solution) may be classified differently depending on the manner and context of use. Obligations towards end-users To begin with, it is important to highlight that many of the obligations listed below – either in identical or very similar form – are already present in the Telecommunications Law. Therefore, while not all of these regulations are entirely new to the legal framework, they will now also apply to businesses offering interpersonal communication services that do not use numbers. One of the key sets of responsibilities imposed on all electronic communication entrepreneurs involves specific obligations towards end-users. Their detailed scope will depend on the type of service provided, but as a general rule they include: The obligation to provide consumers, free of charge and on a durable medium, with a range of pre-contractual information and a concise summary of the terms and conditions, even before the contract is signed (Articles 285 et seq. of the ECL); A prohibition against discrimination based on nationality, residence, or domicile, as well as a ban on making a contract conditional upon not entering into an agreement with another supplier (Article 298 ECL); An obligation to publish up-to-date information on its website in a clear, understandable, and machine-readable format, accessible to users with disabilities. This information must include details about the services offered, their key features, pricing, after-sales services, and the standard contract terms (Article 300 ECL); Restrictions on the ability of electronic communications providers to unilaterally amend the terms and conditions of contracts for the provision of electronic communication services (Articles 306 et seq. ECL); An obligation to ensure that users with disabilities have access to services and facilities in a manner equivalent to that provided to the general public, with information about these services published on the provider's website (Article 340 of the ECL); An obligation to obtain prior consent from subscribers before activating any optional debit service (Article 349 ECL); An obligation to address complaints related to electronic communication services or optional debit services (Article 378 ECL). Secrecy of electronic communications and data protection Electronic communication entrepreneurs, along with their partners, will be required to uphold the confidentiality of electronic communications. They must also exercise due diligence in securing telecommunications equipment, public telecommunications networks, and data to prevent the disclosure of confidential electronic communications (Article 387 ECL). In addition, the provider of electronic communication services will have to inform the end-user of, among other things, about: The scope and purpose of processing transmission data and other related data; Possibilities available to influence the scope of this processing; The type of transmission data that will be processed and the duration of processing for the purposes of marketing electronic communication services or offering value-added services (Article 391 ECL). Furthermore, to use the location data, the provider of electronic communication services will have to anonymise the data (Article 392 ECL). In addition to their responsibilities under the GDPR, providers of electronic communication services must implement appropriate technical and organisational measures to safeguard the security of personal data processing. These measures must ensure at a minimum: Access to personal data is granted to a person with an authorisation issued by the data controller; Protection of personal data against accidental or unlawful destruction, loss, alteration, and unauthorised or illegal storage, processing, access, or disclosure; Implementation of a security policy with regard to the processing of personal data (Article 401 ECL). Additionally, providers of electronic communication services will have to keep a record of personal data breaches, including the facts surrounding the breach, its impact and the action taken (Article 405 ECL). Cybersecurity It is also worth noting that even though the ECL provisions do not govern the cybersecurity of electronic communication entrepreneurs and the services they provide, all such entities – regardless of their sizes – will be considered key or important entities under the currently drafted amendment to the Act on the National Cybersecurity System [4] (hereinafter: ANCS), which implements the EU's NIS 2 Directive [5]. Hence, the obligations of electronic communication entrepreneurs in this respect – based on the draft ANCS amendment of April 2024 – will include: Systematic incident risk assessment and management; Technical and organisational measures that are appropriate and proportionate to the assessed risks, considering the state of the art, the costs of implementation, the size of the entity, the likelihood of incidents, and the exposure of the entity to risks; Collecting information on cyber threats and vulnerabilities of the information system used to provide the service; Incident management; Measures to prevent and limit the impact of incidents on the security of the information system used to provide the service; Secure electronic means of communication as part of the national cybersecurity system, taking into account multi-factor authentication. Financial penalties In the event of non-performance or improper performance of most of the obligations described in this article, the President of the Office of Electronic Communications will have the authority to impose a financial penalty on electronic communication entrepreneurs of up to 3% of the revenue generated by the entrepreneur in the preceding calendar year. Entry into force Most of the ECL provisions will enter into force three months after the date of promulgation, i.e. on 10 November 2024. However, the enforcement date for some of the ECL provisions has been stretched out over time and varies from the day after the date of promulgation of the Law up to 12 months after that date. Author: Agnieszka Wachowska,  Piotr Nepelski and Piotr Konieczny Footnotes [1] https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240001221/O/D20241221.pdf [2] Directive 2018/1972 of the European Parliament and of the Council (EU) of 11 December 2018 establishing the European Electronic Communications Code [3] These included the extension of tasks and responsibilities for defence, state security and public safety and order to all electronic communication entrepreneurs [4] Draft Law on Amendments to the Act on the National Cybersecurity System and Some Other Acts (available here: https://legislacja.gov.pl/projekt/12384504/katalog/13055207) [5] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148

On 12 July 2024, the Act on Artificial Intelligence (AI Act) was published in the Official Journal of the European Union, as the first EU regulation in this field.Poland is also working on the national law implementing certain provisions of the AI Act and the act implementing the EU DORA regulation, which regulates the engagement of third-party technology providers, including AI-based solutions, by financial entities. In this context, it is important to note the forthcoming developments regarding artificial intelligence systems used for creditworthiness assessment, which are increasingly used by lenders. The new regulations classify credit scoring systems as high-risk AI systems, as referred to in Article 6 of the AI Act and Annex III of the Regulation. The provisions of the AI Act stipulate that lenders performing creditworthiness assessments using AI will be required to comply with a number of obligations under Article 26 of the AI Act, including, among others: use of the AI system in accordance with the instructions, ensuring the adequacy and representativeness of the input data controlled, supervision of the system by a qualified person, and compliance with the disclosure obligation in relation to persons for whom a credit decision will be taken using AI. Moreover, in accordance with Article 27 of the AI Act, with regard to AI systems used to assess creditworthiness, financial institutions will be required to conduct an assessment of the impact of the high-risk AI system on fundamental rights and submit its results to the supervision authority. Financial institutions should also take into account that the use of AI systems does not constitute a violation of the catalogue of prohibited practices referred to in Article 5 of the AI Act. In Poland, work has also begun on the act of law which should clarify certain provisions of the AI Act. As part of the pre-consultation at the Ministry of Digital Affairs, the proposals of social organisations on the establishment of the Polish artificial intelligence authority were presented, resulting in the adoption of a position on the establishment of an Artificial Intelligence Supervision Commission, which is of collegial nature and comprises representatives of other supervision authorities. It should also be mentioned that Poland is in the process of drafting the act amending certain acts in connection with ensuring the operational digital resilience of the financial sector, ensuring the adequate application of the DORA regulation, the provisions of which may also apply to the use of AI systems by financial entities. The draft act provides, among others, for the designation of the Polish Financial Supervision Authority as the supervision authority in the scope of ensuring the operational digital resilience of the financial sector, as well as the amendments to the Act on the National Cyber Security System, including in the area of reporting on major ICT incidents and cyber threats. In accordance with the latest reports, the publication of the next version of the draft act is scheduled in October. Author: Jan Byrski and Hubert Łączkowski

The patent claims cover rivaroxabine in the form of rapid-release tablets and only one feature regarding the use of this substance: once a day. Courts in Europe resolve the issue of patent validity inconsistently, although without surprise. In the United Kingdom, on 24 May 2024, the Court of Appeal upheld the decision to invalidate the patent; in Germany, the court issued a preliminary opinion on recognising the validity of the patent. Seven patent invalidation proceedings are pending before the Patent Office of the Republic of Poland (UPRP). Four decisions have been taken in a patent infringement case in Poland so far. In one case, the preliminary injunction was granted first, but its enforcement was nevertheless subsequently suspended by the court itself. In three other cases, the judges of the intellectual property court decided to dismiss the request for security. In articulating the reasons for the decision, Judge Krzysztof Kurosz indicated that there was a high probability (more than 50%) that the patent would be invalidated due to the lack of technical features of the solution and the lack of an inventive level and sufficient disclosure of the invention. The court's conviction that the patent was likely to be invalidated was essential for the applicability of the relevant provisions of the Code of Civil Procedure (kpc) amended in 2023; they now requires courts to take into account the risk of patent invalidation when considering the grant of preliminary injunctions. In the case concerned, the decision actually determines the balance of power in the market. A year and a half remains until the disputed patent expires and it is doubtful whether the patent invalidation case, on which the outcome of the infringement dispute depends, can be resolved during that time. The IP court's line of jurisprudence in the rivaroraxabine dispute and the reasoning in the individual justifications indicate a strong tendency of the court to avoid the grant of preliminary injunctions in the case of rights of questionable quality. This is an important aspect in strategic decision-making by both parties of the pharmaceutical sector. The issue of preliminary injunctions in the case of weak patents, with a relatively short shelf life, under the amended Code of Civil Procedure will certainly be the industry's focus in upcoming disputes. Author: Żaneta Zemła-Pacud

On 12 August 2024, the Government published information regarding a proposal for amendment to the Personal Income Tax Act, the Corporate Income Tax Act and certain other acts. The envisaged amendments include changes to the taxation rules for family foundations. The legislative proposal has not yet been published, but the Deputy Minister of Finance said that the Government’s aim is to tighten tax rules on family foundations to reduce use of these foundations for tax optimization purposes. Consequently, the Government plans to abolish the rule that in general a foundation does not pay tax on its income, but only on benefits paid to its beneficiaries. To that end, the Ministry will propose for instance a 19 % tax on the sale of any assets of a family foundation sold within 15 years of the date on which the foundation purchases them. The tax paid by the family foundation [would] be deductible from the tax due on the payment of benefits to beneficiaries. Income tax is to be imposed on other sources of income of family foundations as well, such as income obtained from the rental of real estate belonging to the family foundation or from shares held in fiscally transparent entities. A solidarity contribution is also to be levied on the beneficiaries of family foundations, and this means that the solidarity contribution calculation base will include benefits paid to the foundations' beneficiaries. The proposed amendment is intended to combat the practice of contributing assets to a family foundation and then quickly selling them. Subsequently, the funds obtained from a transaction of this kind may be used, for example, to purchase shares in a company in order to avoid the tax due if this operation were carried out outside the foundation and then to benefit tax-free (within the family foundation) dividends. The changes may also affect foreign managers of Polish companies who use a family foundation for effective wealth management in Poland and even abroad. In view of the proposals announced by the Ministry of Finance, the Enterprise Council (pl. “Rada Przedsiębiorczości” - a forum of representatives of the nine largest organizations of entrepreneurs and employers in Poland) has appealed to the Minister of Finance to suspend work and conduct real dialogue with entrepreneurs. The Deputy Minister of Finance stipulated that most of the provisions presented in the bill are proposals, “an introduction to the discussion with the parties concerned”. Author: Jan Potyrała

In September 2024, the Council of Ministers presented a legislative proposal to revise the Polish Classification of Activities (PKD), which will come into force at the beginning of 2025. The changes are a response to the need to update the Polish system of classifying business activities in line with EU standards. The proposal envisages replacing the existing 2007 classification system with a new, more detailed system of PKD codes, including an additional, fifth classification level. As a result of these changes, the names of sections, divisions, groups, classes and subclasses of the PKD codes will be modified, to make the system of classification of companies and institutions more precise. This in turn is expected to result in more accurate and updated statistical data, and to help with adaptation to EU regulations on business statistics. Newly established businesses, and any businesses that make changes to their entries in registers such as the CEIDG, KRS or REGON after 1 January 2025, will be required to use the new PKD codes. However, a transition period has been introduced for existing companies. Those that do not plan to make changes to their business after the amendment comes into force will be able to use the 2007 PKD codes for 24 months, i.e. until 31 December 2026. The changes to the PKD require entrepreneurs to prepare accordingly. Entrepreneurs need to determine whether their current PKD codes will change, and adjust their entries in registers to reflect this. It may be necessary to update existing codes or add new codes corresponding to additional areas of activity. Adapting businesses to the new PKD regulations will not only be important for the proper conduct of business. It is also extremely important to check whether the changes might affect reports related to subsidies or state aid granted in the past. Therefore, entrepreneurs should start preparing for these changes now to ensure that compliance with the new regulations proceeds smoothly. TKP constantly monitors the legislative path of legal acts to assist and advise clients as necessary. Author: Mykoła Zembra

Buying a property is always quite a complex process, often requiring an adequate audit, raising funds, identifying tax obligations and participating in long-lasting negotiations. The process is different in case of acquisition of commercial and residential properties. In addition, if real estate in Poland is acquired by foreigners, in the first instance, the obligation to obtain the relevant permit needs to be examined. A foreigner within the meaning of the Act on the Acquisition of Real Estate by Foreigners is: a natural person who does not hold Polish citizenship; a legal entity established abroad; an unincorporated company of persons listed in subparagraphs (1) or (2), established abroad, created in accordance with the legislation of foreign countries; a legal person and an unincorporated commercial company established in the territory of the Republic of Poland, controlled directly or indirectly by persons or companies listed in subparagraphs (1), (2) and (3). In the aforementioned case, a controlled commercial company is understood as a company where foreigners directly or indirectly hold more than 50% of the voting rights at the shareholders' meeting or the general meeting. As a rule, the acquisition of real estate in Poland requires a permit, issued by way of an administrative decision by the Minister of the Interior and Administration. It is obtained by fulfilling certain conditions when purchasing a real estate. These include, for example: absence of threat to internal security or to the health of members of the public; confirmation of the foreigner's links with Poland. The regulations explicitly indicate that a foreigner's links with Poland can be confirmed in the case of an entrepreneur, in particular through performing economic or agricultural activities in Poland. The Act also prescribes the acquisition of real estate by an entrepreneur in a size adequate to the real needs of the business pursued. Notwithstanding the foregoing requirements, the Act provides for very important exceptions, introduced in connection with Poland's accession to the European Union. One of the most important exceptions is a possibility for foreign nationals or entrepreneurs from countries of the European Economic Area and Switzerland to acquire real estate without a permit. Introduction of such an exception means that the authorisation obligation is actually addressed to non-EEA and Swiss economic operators. In the investment practice, foreigners other than those from the EEA and Switzerland, often decide to set up a special purpose vehicle (the so-called SPV) with its registered office in Poland in order to avoid the requirement to obtain a permit. Such a company is treated as a Polish entrepreneur, exempt from the obligation to obtain a permit - regardless of the nationality of the owners or the proportion of their shares. The establishment of a company in Poland obviously requires the fulfilment of certain formal requirements, such as registration with the National Court Register (KRS), obtaining a NIP and REGON number, as well as keeping proper accounts and identifying the beneficial owners. It is worth bearing in mind that the use of such a structure may involve additional costs and the need to comply additionally with the Polish regulations concerning the principles of conducting business activity. Author: Michał Sobolewski

The text discusses two landmark decisions by the Polish Data Protection Authority (DPA) regarding Meta's use of data from two public figures in deepfake advertisements on Facebook and Instagram. These cases highlight the strict enforcement of data protection laws in Poland, particularly in the context of unauthorized data use and the impact on individuals' privacy and reputation. The Polish Data Protection Authority (DPA) recently issued two significant decisions regarding Meta Platforms Ireland Limited's processing of the personal data of two public figures. The cases revolve around the unauthorized use of personal data for displaying deepfake advertisements on the interfaces of Facebook and Instagram. In the first case, the Polish DPA acted following a complaint filed by a well-known businessperson. The complaint involved the unauthorized dissemination of the individual's image in an ad campaign using deepfakes on Meta's platforms, promoting a fictional financial platform. The advertisements falsely attributed statements to the individual, suggesting they endorsed a scheme guaranteeing profits for Polish citizens. These false advertisements posed a major threat to the data subject's reputation, leading to a loss of trust in their professional activities. The Polish DPA found that Meta did not verify the data used in the advertisements, creating a substantial risk to the individual's privacy and professional reputation. Citing the urgency of the situation and the potential for irreparable harm, the Polish DPA applied interim measures under Article 66(1) of the GDPR and Article 70(1)(2) of the Polish Data Protection Act. Meta was ordered to cease displaying the advertisements for three months, limiting their distribution within Poland. Given Meta's jurisdiction, the Irish Data Protection Authority will ultimately handle the case. The second case involved a complaint filed by a public figure, a journalist, whose personal data and image were used in deepfake advertisements, falsely claiming that she had died, been imprisoned, or was subjected to domestic violence. The number of these advertisements was reported to be growing, with daily notifications of new instances being flagged by the data subject. The unauthorized use of her image for displaying deepfake ads not only impacted the journalist's privacy and dignity, but also caused emotional distress to her family and friends. The Polish DPA once again found that Meta had failed to take adequate measures to prevent the misuse of personal data. The Polish DPA also applied  interim measures in this case and ordered Meta to stop displaying deepfake ads containing the journalist’s image for three months. The case is also pending further investigation by the Irish DPA. Author:  Mateusz Kupiec

Entrepreneurs have to comply with new EU legislation not later than until 30 December 2024.Soon, many of them will have to realise obligations to reduce deforestation and forest degradation. New EU legislation on deforestation As part of its efforts to combat climate change, the European Union has recognised that deforestation and forest degradation are significant contributors to greenhouse gas emissions. Deforestation and forest degradation are the result of agricultural land expansion, which is linked to the production of certain goods. As one of their largest consumers, the EU has an opportunity to reduce its impact on global deforestation by promoting products and supply chains that do not contribute to forest destruction. To reduce its negative impact on the environment, the Union has introduced a new regulation to combat deforestation. Adopted on 31 May 2023, the Regulation of the European Parliament and of the Council (EU) on deforestation and forest degradation (EUDR) is in force from 29 June 2023. This document repeals and replaces the previous EU Regulation 995/2010. Effective date of the requirements The rules on the dates when the various provisions of the Regulation will come into effect are quite complicated. The Regulation shall enter into force on 29 June 2023 with the proviso that a large part of the provisions, mainly in terms of prohibitions and obligations for entrepreneurs, shall enter into force as of 30 December 2024. The Regulation shall apply to products produced after 29 June 2023 – this applies only to the date of production and not to the date of placing on the market. An exception to the above rules is timber and timber products. If they were produced before 29 December 2023 and placed on the market between 30 December 2024 and 31 December 2027 - the provisions of the previous EU Regulation apply. Conversely, if produced before 29 December 2023 and placed on the market after 30 December 2027 – the provisions of the new EU Regulation apply. Scope of the Regulation The new rules regulate the marketing of products on the European Union market and the export from the EU of products which contain certain commodities (raw materials), as well as products which have been manufactured using or fed with such commodities. The rules apply to all traders/entrepreneurs in the European Union who place on the market, make available on the EU market and export certain products from the Union. The Regulation covers the following categories of goods: cattle, cocoa, coffee, oil palm, rubber, soya and timber. The link between the above goods and products should be considered as broadly as possible. For example: a trader wants to market a chocolate bar. He/she purchases chocolate from his/her supplier, which he/she will use in the production of this bar. In such a situation, it will be necessary for the trader to examine whether the cocoa used in the manufacture of the chocolate comes from legal sources and whether it meets the standards set out in the Regulation. Requirements for entrepreneurs Traders/entrepreneurs who place on the market, make available on the Union market or export from the Union the aforementioned products must demonstrate due diligence and prove that these products: do not contribute to deforestation, have been manufactured in accordance with the regulations in force in the country of manufacture, and are covered by due diligence declarations. All these elements must be met simultaneously. Due diligence system The due diligence system implemented by entrepreneurs shall include: collecting the information, data and documents necessary to comply with the requirements of the Regulation, carrying out a risk assessment for each product, for example taking into account the presence of forests or indigenous communities in the country of production, taking measures to minimise risks, such as conducting independent studies or audits. Companies are required to regularly review and document their risk assessment at least once a year to ensure that products comply with the new regulations. Consequences for non-compliance To enforce the new rules, the Regulation provides for a system of sanctions such as: fines of up to 4% of total annual turnover in the EU, confiscation of goods, confiscation of profits from transactions relating to these products, temporary exclusion from procurement procedures and access to public funding for a maximum of 12 months, temporary ban on the placing on the market or export of products in the event of serious or repeated infringements, a prohibition to use simplified due diligence for serious or repeated infringements. To summarise, the European Union has introduced new rules to reduce deforestation and forest degradation, which are effective from 29 June 2023. However, the key requirements for entrepreneurs will come into force on 30 December 2024. Traders/entrepreneurs will have to demonstrate that their operations do not contribute to deforestation, comply with the laws of the country of production and are covered by a due diligence system. As part of their due diligence system, companies must collect relevant data, assess risks and take preventive action. There are serious sanctions for non-compliance, including financial penalties and trade bans. Author: Michał Sobolewski and Klaudia Nowak

On 20 September 2024, an amendment to the Polish Act on Copyright and Related Rights (ACRR) entered into force,which implemented the Directive on Copyright and Related Rights in the Digital Single Market (DSM) with a 3-years’ delay. One of the areas of changes is the permitted use in the scope of text and data mining: Text and Data Mining - TDM (Articles 6(1)(22), Articles 262, 263 ACRR). According to ACRR, TDM is the analysis of digital texts and data exclusively with the use of an automated technique in order to generate specific information, such as patterns, trends and correlations. Such techniques include, for example, artificial intelligence systems that learn by analysing digital content or natural language processing tools. Permitted use in the scope of TDM consists of two parts. The first one refers to cultural heritage institutions and some entities in the Higher Education and Science (e.g. universities). For the private sector, the second area is of key importance. Indeed, it is possible to reproduce all works already distributed (e.g. texts on news portals) for TDM purposes, regardless of the type of work or the rightholder. However, the law introduces two restrictions in this scope: any entity authorised to hold economic copyrights in a work may express an objection against TDM; reproduced works cannot be retained forever, but only for such a period as necessary to achieve the TDM objective (certainly until their analysis is completed). Recommendations or industry standards have not yet been developed in the scope of expressing a claim against TDM. The Polish act of law only provides that such a claim should be: clear, adequate to the way of making available the work subject to the claim, in machine-readable format (in accordance with the Act on Open Data and Re-use of Public Sector Information) including metadata not further described for works made available to the public so that anyone can access them at a place and time selected by them. All conditions must be met jointly if they apply to the specific case. Permitted use in the scope of TDM is an unquestionable business opportunity (not only for AI). It allows for the use of Internet resources to acquire knowledge, develop new tools or improve existing ones. However, attention should be paid to the possibility of a disclaimer excluding TDM for a particular work. Future recommendations or standards in this area should be expected which will help in designing appropriate solutions to verify the existence of a claim. Author: Dominik Gabor