Which topic would you like to know more about?
What is the legal age of adulthood/ majority in your jurisdiction? Are all persons below this age considered a child/ minor?
According to the Act of 23 April 1964 - the Civil Code (Civil Code), 18 years is the age of majority, and anyone under the age of 18 years is considered a minor/child.
Under the Civil Code, minors aged 13 to 18 years have limited capacity to act. This means that, as a rule, entering into agreements or carrying out unilateral acts by a minor requires the acceptance of a parent. But there are exceptions – one of which applies to the conclusion of agreements concerning minor matters related to everyday life (minor agreements). Minor agreements typically involve everyday transactions of a minor nature and are characterised by low risk and value (e.g. buying newspapers, stationery, food, etc.).
Has the UNCRC been directly incorporated into national law in your jurisdiction?
Yes.
Poland ratified the UNCRC, with reservations, in 1991. Since then, the UNCRC has been part of Polish law and applies directly.
Is there an ombudsperson/ commissioner for children in your jurisdiction?
Yes.
The Ombudsman for Children (Polish: Rzecznik Praw Dziecka) is established by the Act of 6 January 2000 on the Ombudsman for Children.
If there is an ombudsperson/ commissioner for children in your jurisdiction, do they have any responsibility for upholding children’s rights in the digital world or does the relevant regulator have sole competence?
No.
The Ombudsman for Children (Polish: Rzecznik Praw Dziecka) does not have explicit responsibility to uphold children's rights in the digital world. However, such a responsibility can be indirectly derived from their overall duties. The Ombudsman for Children is responsible for protecting various children's rights set out in the Polish Constitution and the UNCRC, including freedom of expression, freedom of association, the right to privacy, leisure, play and culture.
The Ombudsman for Children can, among other things, request the initiation of or participate in civil or administrative proceedings, or request that an authorised prosecutor initiate a pre-trial proceeding in a criminal case. The Ombudsman may consider their participation in a case to be justified in order to protect the rights of the child. Children can report matters to the Ombudsman for Children.
In April 2024, the Ombudsman for Children and the President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych; UODO) signed a cooperation agreement focused on the processing of children's data in the modern world as well as on research and education initiatives related to the protection of children’s privacy. As a result of this agreement, a collaborative campaign entitled ‘More Respect for the Young Image’ (Polish: Więcej szacunku dla młodego wizerunku) was launched to address the issue of the excessive sharing of photos of young people on the internet.
As part of the campaign, the organizers plan to hold a series of webinars for parents, teachers, and professionals to raise awareness about responsible photo-sharing and legal obligations. The Ombudsman for Children published informational material outlining good practices for sharing children's photos and highlighting the risks associated with publishing such images online (available only in Polish).
Although UODO is not primarily responsible for children's rights, it is becoming more active in this area. UODO wishes children to be more involved and knowledgeable about their rights. UODO’s initiatives, such as 'Your Data - Your Business' (Polish: Twoje Dane – Twoja Sprawa) show this. The programme aims to raise students' awareness of their right to privacy and personal data protection. In July 2024, UODO, along with Fundacja Orange (an NGO supporting children in the development of digital competence) issued guidance on protecting children’s images and on children's safety in the digital age (Polish: “Wizerunek Dziecka w Internecie. Publikować czy nie?”; available in Polish only).
Is there any standalone requirement to collect the consent of one or both parents when processing a child’s personal data (irrespective of any other obligations, e.g. the requirement to have a legal basis for processing)?
No.
In addition to Article 8(1) GDPR, a parent’s consent must be obtained before a child's image can be made available, based on the Act of 4 February 1994 on Copyrights Law and Related Rights, unless exceptions apply. The general rule under Article 98 (1) of the Act of 25 February 1964 – the Family and Guardianship Code is that, if both parents have parental authority, then each of them may act independently as their child’s legal representative
At what age can children legally consent to the processing of their own personal data, such that parental permission/ consent is not required?
Article 8(1) GDPR provides that the age of digital consent may be anywhere between 13 and 16 years of age, depending on what age the EU Member State in question has adopted. In Poland, it is 16 years of age.
Are there specific requirements in relation to collection and/or verification of parental consent/ permission concerning the processing of a child’s personal data?
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here.
Article 8(2) GDPR does not set out an approved method for collecting parental consent; however, it does require organisations to “make reasonable efforts” to verify such consent by a holder of parental responsibility over a child, taking into account available technology. No specific method has been endorsed by the President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych).
Are there any particular information or transparency requirements concerning the processing of children’s personal data?
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here.
Article 12(1) GDPR emphasises the particular importance of the requirement for clear and plain language when providing information to children. In July 2024, the President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych; UODO), along with Fundacja Orange (an NGO supporting children in the development of digital competence) issued guidance on protecting children’s images and on children's safety in the digital age (Polish: “Wizerunek dziecka w Internecie. Publikować czy nie?”; available in Polish only). In its guidance, UODO reminds controllers about their obligation to present information in a form that is understandable to children.
UODO recognises the necessity of involving children in actions related to the protection of their personal data, e.g., UODO recommends that, in the case of data breaches that require notifying affected individuals, information about such data breach should be provided to parents and children; the form of communication and the involvement of the child should depend on their age.
Can children directly exercise their rights in relation to their personal data without the involvement of their parents?
Yes.
There are no national-specific laws which specify the age at which children can directly exercise their data subject rights under the GDPR. However, the Act of 23 April 1964 - the Civil Code itself offers arguments in favour of there being certain areas in which children aged 13 can act directly without the involvement of their parents.
The President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych) has not issued any specific guidance regarding children exercising their data subject rights in relation to their personal data. To the best of our knowledge, it is unclear whether there is any unified approach applied in Poland in this respect.
Can children make complaints on their own behalf directly to your national data protection/ privacy regulator(s)?
Yes.
Due to the nature of proceedings run by the President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych; UODO), i.e., that they are administrative proceedings, a child’s capacity to make a complaint on their own behalf will depend on their age and the subject of the complaint.
In the case of children:
- under the age of 13 years, who have no legal capacity, filing a complaint to UODO would require the involvement of the parent acting on the child’s behalf; or
- between the age of 13 and 18 years, who have limited legal capacity, their ability to make a complaint on their own behalf to UODO will depend on whether they were able to undertake the action to which the complaint relates without parental involvement.
Are there any particular requirements/ prohibitions related to:
a. processing specific types of children’s personal data;
b. carrying out specific processing activities involving children’s personal data; and/ or
c. using children’s personal data for specific purposes.
Yes.
There are no national-specific laws in this regard, but requirements come from the decisions, guidelines, and activities of the President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych; UODO), often in collaboration with the Ombudsman for Children (Polish: Rzecznik Praw Dziecka).
a) processing specific types of children’s personal data
There has been a decision concerning the processing of children's biometric data (fingerprints) at the entrance to a school canteen in order to verify payment of the meal fee. The processing in question was based on parental consent.
UODO highlighted the critical importance of securing such data. The decision stressed that processing biometric data is a significant intrusion of privacy, which outweighs the seriousness of the purpose for which the data were processed, and that processing such biometric data was not necessary to achieve the purpose of the processing.
Additionally, UODO noted that any leakage of biometric data would be irreversible, even after the child became an adult. As a result of UODO’s findings, the school was fined PLN 20,000 (approx. €5,000).
The UODO decision was overturned by the administrative court, with the Supreme Administrative Court issuing a final ruling in October 2024.
The Court stated that UODO is not authorized to reject consent as a lawful ground for processing if such consent was given in accordance with the GDPR requirements. The Court further explained that consent to data processing constitutes an agreement between the controller and the data subject by which both parties reach a shared understanding that the processing of certain data in the scope, manner, and duration agreed upon is optimal to achieve their mutually accepted purpose.
b) carrying out specific processing activities involving children’s personal data; and/ or
The list of the kind of processing operations which are subject to the requirement for a data protection impact assessment (DPIA) published by UODO indicates that a DPIA should be carried out with respect to an innovative use or application of technological or organisational solutions, such as interactive toys dedicated for children.
c) using children’s personal data for specific purposes.
In July 2024, UODO, along with Fundacja Orange (an NGO supporting children in the development of digital competence) issued guidance on protecting children’s images and on children's safety in the digital age (Polish: “Wizerunek dziecka w Internecie. Publikować czy nie?”; available in Polish only). In its guidance on protecting children's images online, UODO emphasises that the child’s best interest and protecting their rights and privacy should be at the core of all decisions relating to the processing of children’s images.
The Ombudsman for Children invoked a special Committee on Ethics in Social Research with Children (Polish: Zespół do spraw etyki badań społecznych z udziałem dzieci). It is too early to formulate any particular requirements or prohibitions, but the Committee will develop ethical standards for the conduct of research involving children, including the development of information materials and model consent forms for participating in research. It will also promote solutions developed among the research community and institutions involved in conducting such activities.
The Committee consists of, inter alia, UODO and other data protection practitioners.
Considering its scope of action, as well as its members, the Committee will touch upon processing children’s data in social research.
Additionally, see information on the EU-level requirements here.
Has there been any enforcement action by your national data protection/ privacy regulator(s) concerning the processing of children’s personal data? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
There has been some enforcement action, however, the most significant relates to the processing of children’s biometric data. The President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych; UODO) addressed the issue of processing of children's biometric data (fingerprints) at the entrance to a school canteen in order to verify the payment of the meal fee. The processing in question was based on parental consent.
UODO emphasised the importance of the security of biometric data, as any possible leakage would be irreversible, even after the child reached the age of majority.
UODO found that using biometric data to verify eligibility for school canteen services was an excessive intrusion into the children's privacy, given the seriousness of the purpose for which the data were processed.
As a result of UODO’s findings, the school was fined PLN 20,000 (approx. €5,000).
The UODO decision was overturned by the administrative court, with the Supreme Administrative Court issuing a final ruling in October 2024. The Court stated that UODO is not authorized to reject consent as a lawful ground for processing if such consent was given in accordance with the GDPR requirements. The Court further explained that consent to data processing constitutes an agreement between the controller and the data subject by which both parties reach a shared understanding that the processing of certain data in the scope, manner, and duration agreed upon is optimal to achieve their mutually accepted purpose.
Please note that not all UODO decisions have been published.
Are there specific rules concerning electronic direct marketing to children?
No.
There are national-specific laws regarding electronic marketing, but none specifically applicable to children.
Regardless of whether an electronic direct marketing communication is sent to an adult or a child, the Act of 12 July 2024 – the Electronic Communication Act (ECA) will apply. The ECA transposes the ePrivacy Directive and other legislation into Polish law.
The ECA requires that a subscriber or user must give their consent before they can be sent such e-marketing communication. The consent can be given by making available an electronic address in order to send commercial information. At the same time, such consent should meet the standards required under the GDPR
Are there specific rules concerning the use of adtech tracking technologies, profiling and/or online targeted advertising to children?
Yes.
There are national-specific laws regarding the use of adtech tracking technologies, profiling and/or online targeted advertising, but none specifically applicable to children.
Subject to limited exceptions, the Act of 12 July 2024 – the Electronic Communication Act, the storing of information or the gaining of access to information already stored in the terminal equipment of a subscriber or user requires the subscriber’s or user’s consent. Such consent must be GDPR-standard consent.
Additionally, see information on the EU-level requirements here.
[See also the section on the requirements relating to online/ digital safety for children.]
Are there specific rules concerning online contextual advertising to children?
Yes.
There are no specific rules concerning online contextual advertising to children. To the extent that contextual advertising relies even on minimal processing of children’s data, the GDPR rules will apply to such activities.
Additionally, see information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning advertising to children? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
There has been no enforcement specifically concerning advertising to children by the The President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych; UODO).
However, the sectoral control plan for 2025 published by UODO indicates that UODO will focus on entities that process children’s data (in particular, children’s images when consent from parents or legal guardians is required).
At what age does a person acquire contractual capacity to enter into an agreement to use digital services?
According to the Act of 23 April 1964 - the Civil Code (Civil Code), 18 years is the age of full legal capacity and the age at which a person can enter into all manner of agreements in Poland (including contracts to use digital services).
Apart from full capacity to engage in juridical acts, Poland also recognises limited legal capacity of minors aged 13 to 18. This means that entering into an agreement or the issuing of unilateral declarations by such minors requires the acceptance of a parent. But there are exceptions – one of which applies to the valid conclusion of agreements concerning minor matters related to everyday life (minor agreements).
Minor agreements typically involve everyday transactions of a minor nature and are characterised by low risk and value (e.g. buying newspapers, stationery, food, etc.). Whether an agreement to use digital services can be treated as a minor agreement depends on various factors and requires a case-by-case analysis.
Do consumer protection rules apply to children?
Yes.
Although this is not regulated directly by the legal definition of a “consumer” contained in Article 22(1) of the Act of 23 April 1964 - the Civil Code, guidance provided by the Office of Competition and Consumer Protection (Polish: Urząd Ochrony Konkurencji i Konsumentów) on communication on preschoolers' day stresses that, since children influence the decisions of parents and caregivers, consumer protection rules apply to them.
Additionally, see information on the EU-level requirements here.
Are there any consumer protection rules which are specific to children only?
Yes.
There are no consumer protection rules specific to children only. See information on the EU-level requirements here.
However, certain regulations require advertisements to be adjusted to reflect children’s inexperience, including:
- the Act of 16 April 1993 on Combating Unfair Competition (e.g., advertising exploiting the gullibility and feelings of children),
- the Act of 23 August 2007 on Counteracting Unfair Market Practices (e.g., influencing children to buy advertised products or to persuade their parents to do so),
- the Act of 29 December 1992 on Radio and Television Broadcasting (e.g., product placement in children’s programming),
- the Act of 26 October 1982 on Upbringing in Sobriety and Counteracting Alcoholism (e.g., portraying juveniles in the advertising of alcoholic beverages),
- the Act of 9 November 1995 on Health Protection Against the Effects of Tobacco and Tobacco Products (e.g., advertising and promoting tobacco in schools),
- the Act of 6 September 2001 - Pharmaceutical Law (e.g., advertising medicinal products to children),
- the Act of 19 November 2009 on Gambling Games (e.g. portraying juveniles in the advertising of games of chance).
Aside from the above, the general provisions of the statutes concerning consumers also apply.
Has there been any regulatory enforcement action concerning consumer protection requirements and children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
Although no decisions have been issued by the President of the Office of Competition and Consumer Protection (Polish: Urząd Ochrony Konkurencji i Konsumentów) or the President of the Office of Electronic Communication (Polish: Urząd Komunikacji Elektronicznej) that directly address consumer protection requirements in the context of the use of digital services by children, some decisions concern children indirectly.
They include decisions concerning non-compliant toys (e.g. No DNR-2-45/2024 or No DNR-2-196/2022 No DNR-163/2022), or consumers in general regarding online shopping (e.g. DOZIK-2/2024, DOZIK-16/2022).
Several decisions also concern the inappropriate advertising of products by influencers in a way that may have a greater impact on children (e.g. No. RBG-9/2023, No. RBG-3/2022, No. RBG-10/2022).
Are there any age-related restrictions on when children can legally access online/ digital services?
Yes.
There is no separate national law currently in force in Poland regarding children's access to online/digital services.
However, there are certain products and services that are age-restricted and inaccessible to children irrespective of the distribution channel employed.
Such products and services include:
- alcohol (the age limit is 18 and results from Article 15(1).2 of the Act of 26 October 1982 on Upbringing in Sobriety and Counteracting Alcoholism),
- tobacco products and electronic cigarettes (the age limit is 18 and results from Article 6(1) of the Act of 9 November 1995 on Health Protection Against the Effects of Tobacco and Tobacco Products),
- gambling (the age limit is 18 and results from Article 27(1) of the Act of 19 November 2009 on Gambling Games),
- pornographic content / adult products (the presentation of pornographic content to a minor under the age of 15 constitutes a crime pursuant to Article 200(3) of the Act of 6 June 1997 - the Penal Code).
- energy drinks (the age limit is 18 and results from the Art. 12m(1) (1) of the Act of 11 September 2015 on Public Health).
Access to such products and services is restricted with respect to both offline and online distribution channels.
Further, the Polish Ministry of Digital Affairs initiated a group in April 2024 to enhance children's online safety, with the objective of establishing site-blocking regulations for "harmful content" on the Internet (not yet defined). The group's goal is to create a national regulation in this respect. In the initial meetings, they discussed key definitions, international approaches to child online protection, access restrictions for harmful content and social media for minors, smartphone use rules in schools, and the role of parental control apps. They also considered the shape of future regulations, including their scope, the rights and obligations of entities, and age verification mechanisms.
In December 2024, the Ministry of Digital Affairs presented the key elements of the proposed regulation to protect minors from harmful online content. This includes implementing age verification mechanisms by means of user age declarations and age estimates, requiring electronic service providers to conduct risk analyses, and imposing special obligations on services with pornographic content. A registry of domains containing such content will be established, and telecommunications companies will be mandated to block access to these domains.
The full draft of this regulation is not available yet. Once the draft regulation is published, the public consultations will start (they are planned for the first quarter of 2025).
Are there any specific requirements relating to online/ digital safety for children?
Yes.
There is no national law in Poland currently in force that directly addresses children's online/digital safety. Additionally, see information on the EU-level requirements here.
However, there are regulations that impose prohibitions in this area regarding advertising and media coverage. These prohibitions result from acts that apply to both online and offline distribution channels.
Such prohibitions apply to the following:
- xploiting the gullibility and feelings of children in advertising (Article 16(1) point 3 of the Act of 16 April 1993 on Combating Unfair Competition),
- direct appeals to children to purchase a product in advertising (Article 9(5) of Act of 23 August 2007 on Counteracting Unfair Market Practices),
- product placements in children’s programming (Article 17a(1) point 5 of the Act of 29 December 1992 on Radio and Television Broadcasting (RTVB Act). Please note that the RTVB Act applies to media service providers and video sharing platforms established in the territory of Poland. An entity offering VOD services online may also be subject to the provisions of the RTVB Act, but each case needs to be analysed separately.
- advertising alcohol in media intended for minors (Article 131(1) point 1) of the Act of 26 October 1982 on Upbringing in Sobriety and Counteracting Alcoholism)
- advertising intended for children and youth of tobacco products and electronic cigarettes in media (Article 8(1) point 1) of the Act of 9 November 1995 on Health Protection Against the Effects of Tobacco and Tobacco Products)
- advertising medicinal products directly to children. Such advertising may not contain any element that is directed at children (Article 53(3) of the Act of 6 September 2001 - Pharmaceutical Law).
- advertising gambling services to minors (Article 29b(1) point 1 of the Act of 19 November 2009 on Gambling Games)
Also, Regulation (EU) 2022/2065 (Digital Services Act; DSA) applies in Poland. Under Article 28(2) DSA, providers of online platforms cannot use advertising based on profiling if they are aware, with reasonable certainty, that the recipient of the service is a minor. The draft act implementing the DSA in Poland (Draft Implementing Act) provides for procedural provisions to penalise a failure to comply with this obligation. The Draft Implementing Act is currently at the review phase, and when it will enter info force is not known yet.
Further, the Polish Ministry of Digital Affairs initiated a group in April 2024 to enhance children's online safety, with the objective of establishing site-blocking regulations for "harmful content" on the Internet (not yet defined). The group's goal is to create national regulation in this respect.
In December 2024, the Ministry of Digital Affairs presented the key elements of the proposed regulation to protect minors from harmful online content. This includes implementing age verification mechanisms by means of user age declarations and age estimates, requiring electronic service providers to conduct risk analyses, and imposing special obligations on services with pornographic content. A registry of domains containing such content will be established, and telecommunications companies will be mandated to block access to these domains.
The full draft of this regulation is not available yet. Once the draft regulation is published, the public consultations will start (they are planned for the first quarter of 2025).
Are there specific age verification/ age assurance requirements concerning access to online/ digital services?
Yes.
Although we are not aware of any specific Polish national law or any specific Polish soft law currently in force concerning age verification in the case of access to online/digital services, the need for age verification results from the legal provisions regarding age restrictions on access to certain products and services which are binding with respect to both online and offline distribution channels. Such products and services include, among others, alcohol, cigarettes, gambling and pornography.
Entities offering such products and services online use age verification on their websites. Usually, this is a checkbox asking for age confirmation or a window asking for the date of birth of the user to be provided. In some cases, the entities also ask for a photo of the user’s identity document. Such requests are displayed before the landing page appears or before the service is made available to the user. However, no specific method of age verification is required by any national act at this moment.
Further, the Polish Ministry of Digital Affairs initiated a group in April 2024 to enhance children's online safety, with the objective of establishing site-blocking regulations for "harmful content" on the Internet (not yet defined). The group's goal is to create a national regulation in this respect.
In December 2024, the Ministry of Digital Affairs presented the key elements of the proposed regulation to protect minors from harmful online content. This includes implementing age verification mechanisms by means of user age declarations and age estimates, requiring electronic service providers to conduct risk analyses, and imposing special obligations on services with pornographic content. A registry of domains containing such content will be established, and telecommunications companies will be mandated to block access to these domains.
The full draft of this regulation is not available yet. Once the draft regulation is published, the public consultations will start (they are planned for the first quarter of 2025).
As an aside, there are products and services for the use of which there is no age restriction arising from any law, and yet the providers of these services verify the age of users in the manner described above on a voluntary basis. Such services include, for example, dating applications.
Additionally, see information on the EU-level requirements here.
Are there requirements to implement parental controls and/or facilitate parental involvement in children’s use of digital services?
Yes.
There are no national law requirements beyond those set out in Article 8 GDPR. Further, the Polish Ministry of Digital Affairs initiated a group in April 2024 to enhance children's online safety, with the objective of establishing site-blocking regulations for "harmful content" on the Internet (not yet defined). The group's goal is to create a national regulation in this respect.
In December 2024, the Ministry of Digital Affairs presented the key elements of the proposed regulation to protect minors from harmful online content.
This includes implementing age verification mechanisms by means of user age declarations and age estimates, requiring electronic service providers to conduct risk analyses, and imposing special obligations on services with pornographic content. A registry of domains containing such content will be established, and telecommunications companies will be mandated to block access to these domains.
The full draft of this regulation is not available yet. Once the draft regulation is published, the public consultations will start (they are planned for the first quarter of 2025).
In the previous Parliament, a draft national law aimed at regulating the issue of inappropriate content for children on the Internet (a draft law on the protection of minors against access to inappropriate content on the Internet) was debated. Further progress was discontinued due to the end of the parliamentary term. The draft law would have imposed an obligation on online service providers to provide a tool enabling parents to block children's access to a service containing inappropriate content. It is likely that a similar requirement will be included in the national regulation that the Minister of Digital Affairs is currently working on.
Additionally, see information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning online/ digital safety? In your answer, please include information on the volume, nature and severity of sanctions.
No.
We are not aware of any decisions or any pending proceedings by Polish regulators concerning online/digital safety.
The relevant Polish regulators – the President of the Office of Competition and Consumer Protection (Polish: Urząd Ochrony Konkurencji i Konsumentów) or the President of the Office of Electronic Communication (Polish: Urząd Komunikacji Elektronicznej) – have yet to address this subject, and their statements on the issue of internet safety for children are limited to informal advice addressed to parents, usually on their websites.
Are there any existing requirements relating to children and AI in your jurisdiction?
Yes.
There are no national-specific laws in this regard; the AI Act (Regulation 2024/1689) applies in this context. See EU-level response here.
Are there any upcoming requirements relating to children and AI in your jurisdiction?
Yes.
Currently, there are no specific upcoming requirements concerning children and AI. However, future regulations may be on the horizon, as indicated by the following initiatives in Poland:
- AI Systems Act Proposal (Polish: projekt ustawy o systemach sztucznej inteligencji): This proposed law aims to establish an AI Development and Security Commission (Polish: Komisja Rozwoju i Bezpieczeństwa Sztucznej Inteligencji), which will include a representative from the Ombudsman for Children. The presence of this representative indicates a potential focus on issues concerning children and AI, particularly considering the Commission's roles in education, enhancement of AI knowledge, and the review of AI-related legislation.
- UODO's AI Working Group: UODO has declared it plans to establish a dedicated AI working group, though its specific focus is yet to be determined. Nonetheless, given UODO's ongoing projects concerning children's data protection, it is likely that the group will explore topics related to children and AI, such as safeguarding children's personal data in the evolving technological landscape.
Additionally, see EU-level response here.
Has there been any other regulatory enforcement activity to date relevant to children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
We are not aware of any local decisions or any pending proceedings by any other regulators in Poland concerning children’s use of digital services.
Are there any other existing or upcoming requirements relevant to children’s use of digital services?
Yes.
Currently, Polish law does not impose any requirements regarding the use of digital services by children, but the Polish Ministry of Digital Affairs has begun work on regulating this area by initiating a working group in April 2024 to enhance children's online safety, with the objective of establishing site-blocking regulations for "harmful content" on the Internet (not yet defined). The group's goal is to create a national regulation in this respect.
In December 2024, the Ministry of Digital Affairs presented the key elements of the proposed regulation to protect minors from harmful online content. This includes implementing age verification mechanisms by means of user age declarations and age estimates, requiring electronic service providers to conduct risk analyses, and imposing special obligations on services with pornographic content. A registry of domains containing such content will be established, and telecommunications companies will be mandated to block access to these domains.
The full draft of this regulation is not available yet. Once the draft regulation is published, the public consultations will start (they are planned for the first quarter of 2025).
As an aside, we wish to point out that the European Commission has recently published guidelines on the protection of minors online under the DSA. We can assume that the Polish authorities will follow such guidelines when applying the law.
Additionally, see information on the EU-level requirements here.
