Poland sets out digital priorities for the next six months

Poland, which took over the EU Council Presidency on 1 January 2025, has a clear focus on cybersecurity, AI governance and implementation in its six-month programme. This overall strategy is designed to strengthen the EU's digital defences and foster innovation.

Digital Networks Act

The Polish Presidency aims to orchestrate a directional debate on the forthcoming Digital Networks Act (DNA), a legislative initiative in the telecoms sector aimed at building digital networks infrastructure and of the future and meeting the connectivity needs of the future.  This forthcoming Act is expected to be published around December 2025.

AI strategy

Central to Poland's digital agenda is the EU’s AI strategy. In this context, the AI Act will apply gradually, with the prohibited practices ban applying from 2 February 2025, the provisions on General Purpose AI models applying from August 2025 and many other provisions applying from August 2026 onwards.

Dariusz Standerski, Poland's Deputy Minister for Digitalisation, has emphasised the importance of strategic investments alongside regulation of AI. Moreover, the Deputy Minister is not convinced about the need for the proposed AI Liability Directive, an EU legislative initiative aimed at harmonising national procedures related to damage claims involving AI. Mr Standerski maintains that the existing civil codes and legal systems within EU Member States are equipped to address liability issues, thereby negating the need for such a directive.

Workplace automation and protection

Under the Polish Presidency, the Council of the EU will explore solutions for protecting people and their work in the age of increasing innovation and automation. These discussions will focus on legislative initiatives concerning the use of AI in the workplace, teleworking and the right to disconnect. These initiatives align with the implementation of the EU Strategic Framework on Health and Safety at Work 2021-2027, highlighting the importance of worker protection in the digital age.

Cybersecurity priorities

Poland plans to focus on several cybersecurity initiatives during the next six months. The Presidency plans to adopt by the second quarter of 2025 a progress report on the EU Cybersecurity Act which forms the basis for the EU's cyber certification schemes. This review may lead to significant reforms of the law. An action plan on cybersecurity within the healthcare sector is also due within the first few months of 2025, as flagged by European Commission President Ursula von der Leyen in her 2024-2029 Political Guidelines.

An update to the European Commission's 2017 cyber blueprint is in the works, with Poland playing a role in shaping the revisions. The updated blueprint, which is set to outline how the EU responds to large-scale incidents, will aim for a uniform model for incident response and reporting.

Regarding the NIS2 (Network and Information Security) Directive, the EU's critical infrastructure cybersecurity law, five countries - Belgium, Italy, Croatia, Lithuania and Greece – have fully implemented it into national legislation to date. Other countries, including Germany, Czechia, Latvia and Romania, have partially done so. By 17 April 2025, all EU Member States are required to provide a list of "essential and important" organisations under NIS2.

Additionally, DORA (Digital Operational Resilience Act), which aims to strengthen the IT security of financial entities, will apply as of 17 January 2025.

Outlook

In summary, industry stakeholders should expect the Council Presidency to focus on the implementation of already-adopted digital files during the first half of 2025. This is partly due to timing, since the new College of Commissioners, which took office on 1 December 2024, is likely to require some time to establish its work programme before proposing any new legislative initiatives. The Presidency of the Council rotates every six months, so Poland's term will be followed by Denmark in the second half of 2025 and Cyprus in the first half of 2026.