Poland AI Watchdog Moves Forward as Draft Bill Aligns National Rules With EU AI Act

Poland AI Watchdog to Oversee Inspections, Fines, and Market Controls

Poland’s parliamentary Committee on Digitalization, Innovation and Modern Technologies has adopted a draft artificial intelligence regulatory bill (a national draft AI law) designed to bring national rules in line with the EU AI Act. According to TVP World, the committee completed its work after introducing 20 amendments to the proposal.

The bill would establish the Commission for the Development and Security of Artificial Intelligence, known as KRiBSI, as Poland’s national AI oversight body and potential AI market surveillance authority. The commission would be able to inspect companies, verify whether AI-based systems comply with applicable rules, impose penalties, and order non-compliant systems to be withdrawn from the market.

The move reflects the broader implementation path set by the European Commission’s AI Act framework, which describes the regulation as a risk-based legal framework for AI developers and deployers. For organizations operating in Europe, the practical challenge is now shifting from understanding legal text to proving that AI systems can withstand inspection, documentation review, and market surveillance - especially where security controls, audit trails, and risk evidence underpin market access.

High-Risk AI Systems Face Permit and Testing Requirements

Under the Polish proposal, the Poland AI watchdog would issue permits for high-risk AI systems, including those used in education, critical infrastructure, employment, and migration management. These categories closely mirror areas identified under the EU’s risk-based approach, where AI can affect safety, access to services, employment opportunities, and fundamental rights.

The draft bill also introduces regulatory sandboxes, allowing companies to test AI solutions in controlled conditions before wider deployment. This is significant for enterprises seeking to balance innovation with evidence-based assurance and responsible artificial intelligence development. Sandboxes can help teams validate controls, clarify responsibilities, and prepare documentation before systems are exposed to broader operational or regulatory scrutiny.

Governance Readiness Becomes a Board-Level Priority

The proposed Commission would include representatives from several existing regulators, including authorities responsible for competition and consumer protection, electronic communications, financial supervision, broadcasting, intellectual property, medicinal products, cybersecurity, and accreditation. This cross-regulatory structure signals that AI oversight is becoming an enterprise-wide issue rather than a narrow technology matter - and that close coordination will be expected to avoid duplicative work and overlapping investigations.

In practice, this model also raises questions about how exclusive competences will be delineated between the new AI authority and specialist bodies. For example, data protection matters may still involve the data privacy watchdog - the Polish DPA (UODO / Urzad Ochrony Danych Osobowych)—operating under the EU data protection framework (GDPR). For regulated firms, aligning AI compliance with privacy-by-design, records of processing, and incident response becomes part of a single governance and assurance story.

The bill would also allow Poland’s digital affairs ministry to finance AI research and development using national and EU funds. In parallel, the ministry would notify conformity-assessment bodies under EU procedures, while accreditation matters would be handled by the Polish Centre for Accreditation. These steps fit broader national policy initiatives seen across EU member states national AI strategies, including the use of funding and standards to steer the European AI landscape (and the wider AI worldwide ecosystem) toward accountable deployment.

For businesses, this makes AI governance a practical requirement for market access and trust. Organizations deploying AI in regulated or high-impact environments will need clear inventories, model documentation, risk controls, monitoring processes, and evidence that decision-making remains transparent and accountable - supported by a comprehensive methodology that can be explained to regulators and auditors.

The NIST AI Risk Management Framework provides a useful reference point for organizations seeking to manage AI risks to individuals, organizations, and society. While voluntary and non-European, it reflects the same operational direction now visible in Europe: AI systems must be mapped, measured, managed, and governed throughout their lifecycle.

Enforcement Moves From Brussels to Member States

The Poland AI watchdog proposal shows how EU-level requirements are being translated into national enforcement capacity - an “on-the-ground” integrated supervisory approach that complements Brussels-level coordination. With AI Act provisions being phased in through 2027, companies should expect closer attention to high-risk classification, regulatory reporting, post-market monitoring, and conformity assessment readiness, as well as links to adjacent national compliance tracks such as the Poland cybersecurity draft and sectoral supervisory expectations.

For AI suppliers, deployers, and product teams, the message is increasingly clear: compliance will depend not only on policy statements, but on verifiable systems of control. As national authorities prepare inspection and enforcement mechanisms, organizations that build trust, transparency, and accountability into AI operations will be better positioned for the next phase of European artificial intelligence regulation.