Tech En

New Technology Law in 2025 – what will the new year bring

14 January 2025 | Knowledge, News, The Right Focus

The new year of 2025 will see a number of important changes in new technology law. These range from AI and data regulations, through cyber security to the financial sector and digital services. We list the most important dates and look at upcoming regulations that will change the technological legal landscape.

Artificial intelligence

It’s impossible to discuss new technologies without mentioning artificial intelligence. Last year brought the adoption of the EU AI Act, and although its full entry into force is staggered over several years, regulations on prohibited AI practices, as well as the so-called AI Literacy obligation will take effect as early as on 2 February 2025.

In practice, this will mean banning AI solutions that generate unacceptable risk, and formalizing requirements for the competence of those involved in the operation and use of AI systems.

In addition, by the intended date of 2 May 2025, the European Commission should have published its AI Codes of Conduct, thereby systematizing desirable practices in this field.

2 August 2025 is another important date, as this is when regulations on general-purpose artificial intelligence systems and penalties and supervisory bodies will take effect.

Domestic legislators, on the other hand, have scheduled passing the draft act implementing the AI Act to Parliament between the first and second quarter of 2025.

Data

As announced, a draft Data Governance Act will be passed in the first half of 2025, which, among other things, will expand the catalogue of possibilities for the reuse of public sector data by the private sector. This is a result of the implementation of the provisions of the EU’s Data Governance Act.

In addition, the provisions of the Data Act, an EU regulation seeking to increase access to and use of data by market participants, will take effect on 12 September 2025. This should realistically free up competition in this field. The regulations will apply to both personal and non-personal data.

Cyber security

Despite the fact that NIS2, the EU’s cyber security directive, should have been applied by October 2024, many EU countries, including Poland, are struggling to adopt it.

In Poland the work on the implementation was intensive at the end of last year, but it is still unclear whether the latest published version will make it to the parliamentary stage without further amendments. Nevertheless, according to conservative forecasts, a draft amendment to the National Cyber Security System Act is expected to finally reach Parliament in the first quarter of 2025.

As a result, entities classified as within critical and important sectors will have to adapt their internal policies and procedures to the enhanced cyber security requirements, and according to the latest published version of the draft, will have 6 months to do so from the effective date of the amendment. In addition, by 1 April 2025, they will have to self-identify and submit a corresponding application for registration.

Financial sector

As early as from 17 January 2025, the Digital Operational Resilience Act will become applicable, with the need for both the financial sector and ICT service providers to comply with enhanced and harmonized standards in the area of operational digital resilience.

Therefore, as announced in December, the Polish Financial Supervision Authority (KNF) also plans to repeal and revoke a number of soft law acts that have so far set the cyber security framework for the financial sector. These include the Cloud Communiqué and Recommendation D as well as the Guidelines on the Management of Information Technology and ICT Environment Security.

From 30 December 2024, the Markets in Crypto-Assets Regulation (MiCA), has been in full effect. By establishing a harmonized legal framework, the transparency, security and integrity of cryptocurrency markets in the European Union will increase. However, this requires the adoption of relevant legislation implementing MiCA into the Polish legal system, which is unfortunately delayed. Nevertheless, the Polish cryptoasset market draft act is forecast to be completed in 2025.

In addition, negotiations of the Council of the European Union on a common position on the payment services regulatory package, including the PSD3 Directive and the Payment Services Regulation, are expected to continue in the first quarter of 2025.

In addition, the adoption of the Financial Data Access Framework Regulation (FiDA), which deals with so-called Open Finance, i.e. services that allow users to easily and securely access their financial data, is projected to be completed in the third quarter of 2025.

Digital services

Although the DSA, i.e. the EU’s Digital Services Act, already began to be fully effective at the beginning of last year, work on the Polish draft implementing the regulation is still ongoing.

In line with this, a draft amendment to the Act on the Provision of Services by Electronic Means should be submitted to Parliament for consideration in the first quarter of 2025.

This will mainly concern procedural changes and the designation of bodies responsible for supervising digital service providers’ compliance with the new regulation.

Any questions? Contact us

Latest Knowledge

Banking in 2026: technology, regulation and the new market landscape

The year 2026 will see the banking sector undergo its most dynamic transformation in a decade. The trends identified in Accenture’s Top Banking Trends FY26 report suggest that the sector is entering a phase in which technology and regulation will be inseparable, driving all aspects of change. However, it is regulation that determines the boundaries, pace and manner of implementation for new solutions. We take a look at what else the experts are focusing on.

The new National Cybersecurity System

The amendment to the Act on the National Cybersecurity System (UKSC) is one of the most significant regulatory reforms in recent years. Its main objective is to align Polish law with Directive (EU) 2022/2555 of the European Parliament and of the Council. The directive, also known as NIS2, substantially raises digital security requirements across the Union. The Polish Act on the National Cybersecurity System has undergone a thorough overhaul, covering more organisations (with estimates suggesting nearly 40,000 entities), introducing more demanding obligations, statutory personal liability for management board members, and even more stringent rules for imposing financial penalties. In the case of the most serious violations, these penalties can reach 100 million PLN.

‘Made in Europe’ is no longer just a slogan. It is becoming law

Until recently, ‘Made in Europe’ was just a label. While it was useful for marketing purposes, it lacked any hard, normative content. This may soon change. On 4 March, the European Commission published a proposal for the Industrial Accelerator Act, stipulating that, from 2027 onwards, the Union origin of components will be a prerequisite for participating in renewable energy auctions, accessing public funding, and for being eligible to participate in public procurement procedures. The slogan ‘Buy European’ could become a concrete instrument for supporting local production and controlling foreign investment.

Non-obvious cases of transferring an establishment to a new employer

The transfer of all or part of an establishment (zakład pracy) is a special concept in labour law relating to changes in ownership. Put simply, it is the automatic transfer of all the rights and obligations of the employer from one entity to another, without the need for any additional actions or consents from the parties involved. However, this must be preceded by the fulfilment of a range of informing obligations by both the new and former employers. Let’s take a look at what the process should involve.

Protecting yourself against tax risks in the deposit-return system

The deposit-return system has been in place since October 2025, raising significant tax concerns from the outset. Although the regulations came into force, it was unclear for a long time how to apply them in practice. Some of the regulations needed clarification, some solutions were missing and the published explanations did not cover all the key issues. Consequently, the market began to develop its own operating standards.

Banking sector overview | Banking today and tomorrow | March 2026

On 12 February 2026, the Court of Justice of the European Union (CJEU) issued a judgment concerning the use of the WIBOR index in loan agreements. The CJEU judges confirmed that, in consumer cases, courts cannot examine the correctness of the WIBOR calculation. The banks had correctly informed their clients about the reference rate in accordance with national and EU law.

The issue of the National Labour Inspectorate reform has resurfaced

A new draft law proposing changes to the way the National Labour Inspectorate operates has been submitted to the Sejm. During its first reading on 25 February, the draft was not rejected and was therefore referred to the Social Policy and Family Committee for further consideration. Despite the concerns and controversies raised so far, including by businesses, the legislature continues to pursue the thorough modernisation of Poland’s employment model, which involves increased supervision of the labour market and curbing the abuse of civil law contracts. In this article, we will take a look at the proposals included in the new draft and explain what they mean for businesses.

Contact us:

Natalia Kotłowska-Wochna

Natalia Kotłowska-Wochna

Attorney-at-Law / New Tech, IP, Trade & Logistics Practice Group / Head of New Tech M&A

+48 606 689 185

n.kotlowska@kochanski.pl