Linklaters Warsaw Head of TMT/IP Szymon Sieniewicz talks about TMT in 2025 in Poland.
CEELM: What is in the pipeline in terms of legislation that you believe will have the most impact on TMT practices in Poland?
Sieniewicz: The regulatory landscape for TMT in Poland is undergoing significant changes, driven by both EU-level legislation and domestic legislative initiatives such as the AI Act. Some of its obligations became applicable already in February 2025, though most obligations will take effect on August 2, 2026.
The new Polish law on AI systems, which aims to align Polish laws with the AI Act, is still in progress. It covers aspects such as the appointment of the national supervisory authority, proceedings before that authority, and certification processes.
Poland is also taking steps toward implementing the EU’s NIS2 Directive, which enhances cybersecurity requirements for critical sectors across the EU. Since the implementation of the NIS1 Directive in 2018, there have been dozens of draft laws amending the Polish Act on the National Cybersecurity System. The law implementing the NIS2 Directive in Poland is expected to reach Parliament by the end of Q1 2025.
Furthermore, since DORA entered into force on January 17, 2025, both the financial sector and ICT service providers need to adapt to enhanced standards in the area of digital operational resilience. In February 2025, the Polish Financial Supervision Authority repealed and revoked several soft laws that previously set the cybersecurity framework for the financial sector in Poland.
The newly adopted Data Act is one of the EU legal acts that are intended to support better use of the potential of the constantly growing amount of data in Europe and to support the creation of a single market for data in the EU. The Data Act will apply from September 12, 2025. Its primary objectives are to ensure fair access to data and its use between individual market participants in the digital economy, stimulate competition in the data market, and increase the availability of data.
There is also ongoing work on the new Polish Data Governance Act, which, among other things, will expand the catalogue of possibilities for public sector data reuse by the private sector. This should lead to the implementation of the EU Data Governance Act. We expect the new law to be adopted in H1 2025.
CEELM: Of the above, which ones are you/your clients most excited about and why?
Sieniewicz: Clients in the TMT sector are particularly excited about the AI Act, as its phased implementation provides opportunities for organizations to leverage artificial intelligence in a safer and more structured manner.
Furthermore, the draft Polish Data Governance Act is receiving attention due to its potential to expand the opportunities for reusing public sector data. Through greater data accessibility, it encourages collaboration between the public and private sectors, potentially leading to innovative data-driven solutions and services.
CEELM: On the flip side, which ones are you/your clients dreading the most and why?
Sieniewicz: Many clients are concerned about the compliance burdens associated with the new EU digital legislation, especially the AI Act and the NIS2 Directive. The implementation of the former will pose many challenges with questions around the interpretation of concepts in the act (e.g., “AI system”, “prohibited AI practices”). The European Commission’s guidelines are expected to be helpful in this area, it is, however, already clear that they do not address all our clients’ doubts and questions. Moreover, there are concerns about data privacy and copyrights. In these areas, we observe continuous developments, particularly by tracking ongoing litigations in the US and EU countries.
The implementation of the NIS2 Directive is causing apprehension among some clients. Although enhancing cybersecurity is essential, the increased compliance requirements pose significant challenges. The necessity for substantial investments in cybersecurity infrastructure and personnel training may lead to increased operational costs. The new cyber laws are expected to affect tens of thousands of Polish businesses. These procedural adjustments, along with the need to establish new supervisory bodies (e.g., overseeing compliance with the AI Act), could lead to uncertainties in compliance and increased administrative burdens.
CEELM: In which sectors relevant to your practice do you expect to see the most work in 2025 in Poland? What do you believe will drive that work?
Sieniewicz: Technology companies (big tech, software houses, gaming studios) will likely see an increase in demand for legal services due to the expected growth of the sector and emerging new regulatory compliance obligations. On the other hand, organizations implementing new technologies, including AI tools, will increasingly seek legal assistance as they begin to leverage these innovations. Additionally, there is a potential for increased tech M&A activity, indicating growing interest from clients investing in technology.
We expect cybersecurity matters to keep TMT lawyers busy this year. The critical sectors (energy, transport, healthcare, etc.) are also poised for an increase in TMT work due to the expected implementation of the NIS2 Directive. This will also affect new sectors such as public electronic communications services, social platforms, wastewater and waste management, etc., while the financial sector will also need to continue with DORA’s implementation.
This article was originally published in Issue 12.1 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.
