Poland Draft AI Act

Draft Act on AI Systems

Poland's draft law implementing EU AI Act domestically, creating KRiBSI (national AI authority), regulatory sandboxes, and binding opinions mechanism.

Jurisdiction

Poland

Enacted

Pending

Effective

TBD

Enforcement

KRiBSI (Krajowa Rada ds. Inteligencji i Bezpieczeństwa Systemów Informacyjnych) - proposed

Expected passage 2025-2026 for EU AI Act implementation

DataGuidance Poland Overview

Why It Matters

Poland's AI Act implementation with KRiBSI provides binding opinions on whether AI chatbots qualify as high-risk under EU AI Act, creating regulatory clarity pathway.

Recent Developments

Draft under consideration for 2025-2026 passage

At a Glance

Applies to

AI CompanionMental Health AppGeneral Chatbot

Requires

Risk Assessment Transparency

Who Must Comply

AI system providers in Poland (when enacted)
High-risk AI systems under EU AI Act
AI operators seeking regulatory clarity

Obligations fall on:

Safety Provisions

KRiBSI established as national AI authority
Regulatory sandboxes for AI testing
Binding opinions on AI system classification
EU AI Act national implementation
Market surveillance coordination

Compliance & Enforcement

Penalties

EU AI Act penalties (when enacted)

Primary Source

DataGuidance Poland Overview

https://www.dataguidance.com/

View on map

Poland

Focus Areas

Mental health & crisis

Algorithmic accountability

Cite This

APA

Poland. (n.d.). Draft Act on AI Systems.

Related Regulations

Enacted EU

EU CRA

Mandatory cybersecurity requirements for all products with digital elements placed on the EU market, including AI software. Requires security by design, vulnerability handling, incident reporting to ENISA, software bills of materials, and CE marking for market access.

In Effect EU

EU GPAI Code

Voluntary code enabling general-purpose AI model providers to demonstrate compliance with EU AI Act GPAI obligations. Three chapters cover transparency (model documentation), copyright compliance, and safety/security for systemic-risk models. Adherence creates legal presumption of conformity.

In Effect FI

Finland AI Act

Finland's EU AI Act implementation using decentralized supervision model. Traficom serves as single point of contact and coordination authority. Ten market surveillance authorities share enforcement across sectors. New Sanctions Board handles fines over EUR 100,000.

Enacted EU

EU PLD

Modernized product liability framework explicitly covering AI systems and software as products. Shifts burden of proof in complex AI cases, allows disclosure orders for technical documentation, and addresses liability for AI-caused harm including through software updates.

In Effect EU

TCO Regulation

Requires hosting services to remove terrorist content within one hour of receiving a removal order. One of few regulations with real-time moderation mandates.

In Effect EU

EU CSAM Interim

Temporary legal bridge allowing certain communications providers to voluntarily detect/report/remove CSAM, notwithstanding ePrivacy constraints. Extended via 2024/1307 while permanent CSAR negotiated.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.