Legal Landscapes: Poland – TMT

Xawery Konarski

Attorney-at-law, Senior Partner, Co-Managing Partner, Traple Konarski Podrecki & Partners


1. What is the current legal landscape for TMT in Poland?

Poland’s TMT sector is governed by a mix of national legislation and EU regulations. Key areas include:

1) Data Protection

  • GDPR enforcement remains a top priority. The Polish Data Protection Authority (UODO) is actively issuing fines for non-compliance.
  • Companies are expected to implement strong data governance frameworks and demonstrate accountability through internal audits and DPIAs.

2) Digital Markets & Competition

  • Poland implemented the EU Digital Markets Act (DMA) and Digital Services Act (DSA), focusing on gatekeepers and platform transparency.
  • The Polish Competition Authority (UOKiK) is increasingly monitoring online platforms and tech mergers.

3) Cybersecurity

  • The Act on the National Cybersecurity System is being updated in line with the EU’s NIS2 Directive, with enhanced obligations for digital service providers.
  • Sectors such as telecom, finance, and energy face stricter reporting and infrastructure requirements.

4) Artificial Intelligence Regulation

  • Poland is preparing for the application of the EU AI Act (expected to start rolling out by mid-2026). Local companies are already assessing AI risk classifications and preparing governance frameworks.

5) Intellectual Property & Media

  • Digital copyright enforcement under the EU Copyright Directive is increasing.
  • Media regulation is closely watched due to political and regulatory scrutiny of public broadcasting.

2. What three essential pieces of advice would you give to clients involved in TMT matters in Poland?

1) Prioritize Proactive GPDR/e-Privacy Compliance

  • Conduct data protection impact assessments (DPIAs), update cookie policies, and ensure GDPR-aligned vendor contracts.
  • Map out obligations under DMA/DSA if operating online platforms.

2) Prepare for AI Regulation

  • Begin classifying AI systems under risk levels (minimal, limited, high, unacceptable).
  • Establish AI governance policies and internal audits to future-proof against upcoming regulations.

3) Monitor Evolving Cybersecurity Obligations

  • Assess whether your business falls under critical or essential entities under NIS2.
  • Update incident response plans, conduct cybersecurity audits, and consider obtaining cyber insurance.

3. What are the greatest threats and opportunities in TMT law in Poland over the next 12 months?

Threats:

  • Increased regulatory scrutiny from UODO and UOKiK, particularly in data processing and competition matters.
  • Cybersecurity vulnerabilities as companies struggle to meet NIS2 compliance deadlines.
  • Legal uncertainty around AI and machine learning applications pending full AI Act implementation.

Opportunities:

  • Poland’s growing IT and AI ecosystem benefits from EU funding and a strong talent pool.
  • Cloud and data center expansion offers growth in digital infrastructure.
  • Regulatory tech (RegTech) solutions will help firms manage complex compliance requirements efficiently.

4. How do you ensure high client satisfaction levels are maintained by your TMT practice?

Leading Polish TMT legal practices prioritize:

  • Responsiveness and clarity: Fast turnaround, plain-language advice, and regular updates.
  • Tech-enabled services: Client portals, automated compliance tools, and contract lifecycle management systems.
  • Sector knowledge: Regular briefings on law-tech developments, tailored to industries like gaming, e-commerce, and fintech.
  • KPIs and feedback loops: Measuring satisfaction through surveys and client interviews; using Net Promoter Scores (NPS) and response-time metrics.

5. What technological advancements are reshaping TMT law in Poland and how can clients benefit from them?

a. Generative AI and LLMs

  • Legal services are being reshaped by generative AI for document review, legal research, and compliance automation.
  • Clients can use AI for internal knowledge management and risk analysis—provided data governance is in place.

b. 5G and IoT

  • Telecom law is adapting to support nationwide 5G rollout, with implications for smart cities, autonomous vehicles, and industrial IoT.
  • Clients can benefit from faster services but must prepare for new liability and data protection challenges.

c. Blockchain and Smart Contracts

  • Though still emerging, use in fintech and supply chain solutions is increasing.
  • Regulatory clarity is slowly improving through EU’s MiCA (Markets in Crypto-Assets) Regulation.

d. RegTech Tools

  • Businesses can automate compliance with GDPR, DSA, and AML requirements using specialized tools, improving accuracy and reducing costs.


Key Takeaways from Video


Full transcript