Introduction of the EU Artificial Intelligence (AI Act) Regulations is a major breakthrough in high-tech regulation in Europe. From 2 February 2025 the first AI Act regulations come into force, the overarching aim of which is to increase security and improve the competence of workers with regard to artificial intelligence systems. The main focus of the EU AI regulations is to increase user security, reduce technological risks and protect fundamental rights, including personal data and personal assets. This comprehensive implementation of the AI Act brings with it a new AI responsibility for entrepreneurs.
For Polish entrepreneurs already using AI-based tools or planning to implement them, this means meeting new legal, technical and organisational obligations. Adapting to the new regulations is the key to avoiding AI Act sanctions and building confidence in the market.
What is the AI Act and who does it apply to in Poland?
AI Act, adopted by the European Union in 2024, enters into force progressively from mid-2025, requiring businesses to start their preparatory activities well in advance. The regulation is based on a risk-based approach, dividing artificial intelligence systems into four main categories. This classification of AI systems is fundamental to understanding the new AI Act requirements.
Categories of AI systems according to the AI Act: How to classify artificial intelligence in your business?
The regulation distinguishes the following categories of artificial intelligence:
- Prohibited AI systems (e.g. behavioural manipulation, so-called social scoring) - their use is strictly prohibited.
- High-risk AI systems (e.g. recruitment, healthcare, critical infrastructure) - require a number of rigorous obligations to be met.
- Limited risk AI systems (e.g. chatbots, recommendation systems) - are subject to more lenient requirements, mainly in terms of transparency.
- Minimum risk AI systems (e.g. smart filters in e-commerce) - have the least regulatory stringency.
AI systems banned and high risk: Consequences for businesses
For companies, this means above all the need for precise classification of their AI systems and meeting the relevant requirements. In the case of high-risk systems Entrepreneurs must maintain detailed technical records, effectively manage AI risks, ensure ongoing Human supervision of AI and regularly carry out AI systems audits. In addition, such schemes must be notified to a public register held by the European Commission.
Transparency and user information on AI: Information obligations of companies
Another important obligation under the AI Act is to AI transparency and proactively inform users about the use of artificial intelligence, particularly when using AI chatbots or AI content generators. Failure to do so may result in civil or administrative liability. In practice, this means developing clear messages for users, indicating unambiguously that they are interacting with an artificial intelligence system. These are key AI information obligations.
AI Act vs RODO: How to process personal data using artificial intelligence?
Artificial intelligence systems often process personal data, including sensitive data (e.g. health, biometrics). In parallel, businesses must comply with the requirements of RODO and AI. It is necessary to establish the correct legal basis for the processing of data, to minimise the collection of data and to apply anonymisation or pseudonymisation. In situations of high risk of violation of the rights of individuals, it is required to carry out a Data Protection Impact Assessment (DPIA) and the implementation of procedures for responding to personal data breaches, as part of a comprehensive management of the AI personal data.
Protecting personal assets in the age of AI: Challenges and responsibilities for businesses
It is also important to safeguard the personal assets of users and third parties that may be compromised by AI, such as the generation of deepfakes or discrimination during recruitment processes. Companies should make analyses of the impact of AI on privacydignity or good name. Even subtle algorithmic biases can lead to serious legal consequences related to breaches of equal treatment. This is another aspect business liability in the context of AI.
Hefty sanctions for AI Act violations: what to avoid and what penalties?
Sanctions for violations of the AI Act are exceptionally high, with fines of up to 35 million euros or 7% annual global turnover, and for violations related to high-risk systems or information obligations, respectively, to 15 million euros or 3% turnover. Responsibility may also extend to company managers, further emphasising the need for rigorous compliance with the new regulations and awareness of the legal implications of the AI Act.
How to prepare your company for the AI Act? Practical steps and readiness audit
Faced with these changes, entrepreneurs should already today implement concrete preparatory measures to ensure the AI compliance. These include:
- AI technology audit - a comprehensive assessment of the systems in place.
- Risk classification of AI systems - to match requirements.
- Adaptation data protection policies and the development of new ones.
- Carrying out AI Act training courses and RODO training for key personnel.
- Establish internal procedures for incident reporting and AI oversight.
AI monitoring and documentation: key to compliance
In addition, companies should actively monitor developments in AI technology and regulatory changes to respond effectively to new challenges. See also: Key changes in Polish law 2025 and Compliance procedures for entrepreneurs. Early implementation of the standards envisaged by the AI Act will allow companies to avoid legal and operational risks and increase the trust of customers and business partners. This attitude can contribute to a company's long-term success and positive perception in the market.
It is worth noting that the use of AI systems in companies will also be the subject of a control by supervisory authoritiessuch as the Data Protection Authority and the European Commission. Therefore, companies should keep detailed records on an ongoing basis and regularly verify the compliance of their systems with applicable regulations, thus avoiding the risk of penalties and reputational consequences.
AI Act legal support: why consult?
You would like to discuss your obligations in the context of compliance with the legislation relating to the entry into force of the AI Act? Give us a call. We will be happy to answer your questions and help you adapt your company to the new regulations.
👉 Get in touch with us!
E-mail: sekretariat@bktkancelaria.pl
Tel: +48 606 608 089
Contact: https://bktkancelaria.pl/kontakt/
