Category: News

Digitization of the tax system – what exactly is KSeF?

The National e-Invoice System (KSeF) is a platform developed by the Ministry of Finance that enables the issuance, transmission, and receipt of electronic invoices in a structured format. It is part of the digitization of the Polish tax system and represents a significant change in the way invoices are issued. Instead of sending documents in PDF or paper form, all invoices are sent to a single, central system. This makes it easier for the tax authorities to control and analyze data, and gives companies the opportunity to automate and simplify their accounting processes. KSeF has been operating on a voluntary basis since January 2022, but it will only become mandatory in 2026.

How KSeF works

KSeF enables the issuance of structured invoices in XML format using integrated financial and accounting software. The issuer receives an official confirmation of receipt (UPO). The recipient of the invoice gains access to it by authenticating themselves in KSeF or by providing specific data relating to the invoice (so-called anonymous access).

Mandatory introduction of KSeF by entrepreneurs

In accordance with the amendment to the Act, the introduction of the mandatory KSeF system has been divided into three stages depending on the size of the entrepreneur:

1) from February 1, 2026, for large taxpayers (with a sales value for 2024 exceeding PLN 200 million including tax);

2) from April 1, 2026, for other entrepreneurs, except for micro-entrepreneurs whose monthly sales do not exceed PLN 10,000 gross;

3) From January 1, 2027, also for micro-entrepreneurs whose monthly sales do not exceed PLN 10,000 gross.

Exemptions – will all paper invoices disappear from circulation?

It is worth noting that, according to the announcements of the Ministry of Finance, the obligation to issue invoices in the National e-Invoice System will ultimately apply to all entrepreneurs, regardless of their turnover.

At the same time, the legislator provides for certain exemptions from the obligation to use KSeF, which will be excluded:

1) consumer invoices (so-called B2C);

2) tickets that are considered invoices, including receipts on toll motorways,

3) invoices issued under OSS (One Stop Shop) and IOSS (Import One Stop Shop).

Amendments to the VAT Act

The amendment modifies, among others, Articles 106na and 106nb of the VAT Act and introduces a new catalog of sanctions related to non-compliance with the obligation to issue invoices via KSeF. Under the new provisions, invoices will only be considered issued once they have been sent to the system and an identification number has been obtained from KSeF. In practice, this means that it will be necessary to have infrastructure enabling communication with the Ministry of Finance’s system. Importantly, invoices issued outside KSeF will not be considered valid, which may lead to serious tax consequences, including denial of the right to deduct input tax or the application of administrative sanctions.

Tax consequences of using KSeF

In addition to obligations, the system also offers certain benefits, including from a tax perspective. Faster VAT refunds (up to 40 days) are provided for taxpayers using the system, as well as greater certainty of turnover thanks to a centralized invoice register. On the other hand, failure to comply with the new regulations may lead to the risk of accounting errors, bottlenecks in the invoicing process, and even administrative penalties.

Implementation – how to prepare for the obligation to use KSeF?

The implementation of KSeF should be preceded by an internal audit of document circulation processes, IT systems, and responsibility for the fulfillment of tax obligations. It is also crucial to properly regulate relations with contractors, in particular with regard to the moment of delivery of an invoice, which in the case of KSeF will depend on the date of making the document available in the system, and not, as has been the case to date, on the physical delivery of the document to the other party.

Summary

The adopted amendment to the VAT Act determines the mandatory implementation of the National e-Invoice System (KSeF) within precisely defined deadlines, starting from February 2026.

Although this change has the potential to simplify and digitize accounting processes, it also imposes a number of new obligations on businesses, both in terms of technical adaptation of systems and the introduction of internal procedures compliant with the regulations. It is worth bearing in mind that failure to prepare for the mandatory KSeF may result in serious tax consequences, including the loss of the right to deduct VAT or the imposition of administrative sanctions. Businesses should therefore start implementation activities now, including auditing their invoicing processes and updating their internal documentation and contracts with contractors.

The Pay Transparency Directive is causing increasing concern among both employees and employers. There are high hopes for this regulation, but the new provisions also raise numerous questions and doubts. In our study, we present the key changes, new obligations imposed on employers, and information on the next stages of implementation of the Pay Transparency Directive.

The Pay Transparency Directive (EU) 2023/970 aims to strengthen the principle of equal pay between women and men. It imposes a number of obligations on employers, both in terms of job advertisements and employee access to information on remuneration.

The amendment to the Labor Code resulting from the obligation to implement the directive will enter into force six months after its publication, i.e. on December 24, 2025. At this stage, the legislator has not yet introduced all the mechanisms resulting from the directive into the Polish legal system – Poland has until June 2026 to do so.

Notwithstanding the above, despite the six-month waiting period for the amendment to the Labor Code to enter into force and the time for implementation of the remaining provisions of Directive 2023/970, employers should already start preparing for the implementation of the new obligations.

Who will be covered by the new provisions?

The amendment applies to both public and private sector employers, regardless of the number of employees or the size of the company.

The provisions will cover all employees hired under an employment contract. As a rule, the new regulation will not apply to persons employed under civil law contracts (e.g., contract of mandate, contract for specific work). However, it should be noted that the Court of Justice of the European Union has emphasized in its case law that the classification of a person as a “service provider” under national law does not preclude that person from being considered an “employee” within the meaning of EU law if that person’s independence is fictitious and serves only to conceal the true employment relationship. The Polish Supreme Court has expressed a similar opinion on this issue in numerous rulings concerning the fictitious nature of civil law relationships.

What does this mean for entrepreneurs?

The amendment resulting from the need to implement the EU directive aims to eliminate gender-based pay discrimination. To achieve this, the above-mentioned legal acts introduce a number of solutions to increase the transparency of remuneration rules and enable their effective enforcement.

The amendments to the Labor Code currently focus exclusively on the recruitment stage—under the new regulation, job applicants will have the right to receive information from their future employer about the initial salary or salary range and, where applicable, information about the relevant provisions of the employer’s remuneration regulations or collective agreement applicable to the position in question.

Such information must be provided in a manner that allows for informed and transparent negotiations on remuneration – in the job advertisement, before the interview (if there is no recruitment for the position or if the above information is not provided in the job advertisement) or before the employment relationship is established (if there was no recruitment and if no details were provided in the job advertisement or before the interview). However, the employer may not require an applicant to provide information during the recruitment process on the amount of remuneration in their current employment relationship (if any) or in previous employment relationships.

This means that such criteria, whether in the form of remuneration policies, provisions of remuneration regulations or collective agreements, must be developed by employers in relation to the employment structure in a given workplace.

New information obligations for employers regarding remuneration – in perspective

Ultimately, the directive will impose further obligations on employers to ensure that employees have access to information on the remuneration system.

In order to enable employees to enforce their right to equal remuneration, employers will be required, among other things, to:

• provide employees with easy access to the criteria used to determine the remuneration of employees, its levels and the rules for pay increases,
• providing employees with written information on their individual pay levels and average pay levels broken down by gender for categories of employees performing the same work as the employee or work of equal value to their work,
• mandatory regular reporting of data on gender pay gaps – Employers with at least 250 employees will be required to provide detailed information on the pay gap annually, including both average and median differences in basic pay and variable components; smaller companies with 100 to 249 employees will submit such reports every three years.

The directive also prohibits employers from preventing employees from disclosing information about their pay – this means that any new confidentiality agreements, as well as existing ones, cannot include clauses obliging employees to keep their pay confidential.

What next?

The new regulations on pay transparency and equality are a significant challenge for employers, both in terms of legal compliance and HR management practices. Although the deadline for implementing the remaining EU regulations is not until June 2026, it is worth starting to prepare the relevant processes and documentation now.

If you need support in implementing the requirements of the directive or want to make sure that your organization is ready for the changes, please contact our team. We provide assistance in identifying risks and preparing and implementing appropriate procedures and documents in accordance with the new regulations.

Author: Martyna Kulikowska, legal advisor

Electronisation of procedures and registration of contracts

All applications for work permits must be submitted exclusively electronically via the praca.gov.pl portal. In addition, employers will be required to send copies of employment contracts concluded with foreigners to the relevant authorities. Failure to provide such documentation may result in a fine of between PLN 1,000 and PLN 3,000.

New obligations when concluding employment contracts with foreigners

Contracts with foreigners drawn up exclusively in a foreign language must have a certified translation into Polish and be kept for the entire period of employment and two years after its termination. Bilingual contracts do not require translation. In addition, if a foreigner has a work permit or a declaration of entrusting work, the contract must be sent to the relevant authority before the start of work, via an ICT system.

Tighter controls and sanctions

Control authorities, such as the National Labour Inspectorate and the Border Guard, will gain new powers, including the ability to carry out unannounced checks on the legality of employment. Penalties for illegally employing foreigners will range from PLN 3,000 to PLN 50,000 for each illegally employed worker.

New grounds for refusing to issue a permit

The provincial governor will be obliged to refuse to issue a work permit if he finds that the company was established or operates mainly for the purpose of facilitating the entry of foreigners into the territory of Poland. This applies in particular to entities that do not conduct actual economic activity, but only derive profits from intermediation in the legalisation of residence.

Restrictions on outsourcing of services

The new regulations introduce restrictions on the outsourcing of services. The office will refuse to issue work permits if the circumstances of the case indicate that the foreigner will be employed by an entity that is not a temporary employment agency and the work will be performed for another entity.

Changes in labour market tests

The obligation to conduct a labour market test has been abolished in most cases. However, in the event of a deterioration in the labour market situation, the competent state authorities will be able to draw up lists of professions in which the issuance of work permits to foreigners will be restricted.

Summary

The new regulations introduce a number of obligations and tighten sanctions for employers hiring foreigners. It is important for entrepreneurs to adapt their procedures to the new requirements in order to avoid potential penalties and ensure the legality of employment.

 

Authors: attorney Katarzyna Bączyk, trainee lawyer Hubert Roszyk

As of June 28, 2025, the Law of April 26, 2024 on Ensuring that Business Entities Meet the Accessibility Requirements for Certain Products and Services (hereinafter: the “Accessibility Law“) enters into force

The provisions of the Accessibility Act implement Directive 2019/882 of the European Parliament and the Council (EU), known as the European Accessibility Act (EAA), into Polish law. The purpose of the new regulations is to facilitate access to various types of products and services for the widest possible range of people, by removing potential barriers to access. Businesses will be required to apply so-called uniform accessibility standards –  both products and digital services. This means that companies will have to design websites, mobile applications, ATMs, payment terminals or e-books so that they are readable, intuitive and accessible also to people with all kinds of disabilities.

---

Who is affected by the Accessibility Act?

The regulations of the Accessibility Act are applicable to distributors, importers, manufacturers, authorized representatives (i.e., persons or companies that have been authorized to operate in the EU on behalf of the manufacturer) and service providers.

Excluded from the obligation to apply this law, however, are micro-entrepreneurs, i.e. entrepreneurs who, in at least one year of the last two fiscal years, met the following conditions together: they employed an average of less than 10 employees per year and achieved an annual net turnover from sales of goods, products and services not exceeding the PLN equivalent of EUR 2 million.

The regulations being introduced are of particular importance in the context of the websites of companies offering digital services (which fall under the scope of the Accessibility Law).  Under the Accessibility Law’s regulations, entities that conduct online business – especially in the field of e-commerce – are required to adapt their websites to the new requirements.

“Four Pillars” accessibility.

To meet accessibility requirements, businesses should consider the following criteria set forth in the Accessibility Law:

• perception,
• functionality,
• comprehensibility,

What changes will businesses have to make?

Given the accessibility criteria indicated above, entrepreneurs will be required to, among other things:

• Ensure the accessibility of websites and mobile applications by adding functionality that makes it easier to read content using more than just the sense of sight,
• customization of user interfaces -by adding features such as alternative text, keyboard operation or the ability to change contrast,
• Ensure that messages are clear and understandable to users,
• Introduce flexibility in user interactions.

Functional criteria – flexibility in meeting requirements.

The Accessibility Act also provides for so-called functional criteria that can be used instead of standard requirements, as long as they provide an equivalent or higher level of accessibility for audiences with special needs. These concern, for example, the ability to use products and services without the sense of sight/hearing, to operate them without speech or high precision of movement, and to avoid stimuli that can trigger epileptic attacks.

Deviations from the adaptation of the website to accessibility requirements.

The Accessibility Law provides for the possibility of easing obligations so as not to disproportionately burden entrepreneurs.

Under the provisions of the Accessibility Act, statutory accessibility requirements apply only to the extent that compliance with them does not require a fundamental change in the basic characteristics of the product or service and does not impose a disproportionate burden on the operator.

Penalties for entrepreneurs for failing to meet accessibility requirements.

Businesses that fail to bring their services, including websites, into compliance with the accessibility requirements of the law risk fines. According to the Law on accessibility, a fine can be imposed on a service provider (such as a website owner) in the case of:

1. Failure to meet accessibility requirements: If a service provider fails to ensure that the services offered meet the accessibility requirements of the law, it may be fined.

1. Failure to submit required documentation or information: A service provider who fails to provide the required documentation or information regarding accessibility, or provides false or misleading information, is also subject to a penalty.

The penalty is imposed by the Chairman of the Board of Directors of PFRON or the relevant market supervisory authority, based on an administrative decision. The amount of the penalty depends on the severity of the violation, the number of people affected by the non-compliance and the scale of the failure to meet accessibility requirements.

According to the Law on Accessibility, the penalty may be up to ten times the average monthly salary in the national economy for the previous year, as announced by the President of the Central Statistical Office, but may not exceed 10% of the turnover achieved by the entrepreneur in the year preceding the imposition of the penalty.

If the penalty is not paid on time, enforcement shall be carried out in accordance with the provisions of the Administrative Enforcement Procedure.

In addition, consumers have the right to complain about the lack of availability of a product or service. Failure to handle a complaint in accordance with the procedure set forth in the Accessibility Law may constitute an additional breach of duty by the trader.

***

In summary, the new regulations impose significant obligations on businesses related to the digital accessibility of products and services. While they require technical and organizational adjustments, in the long run they benefit all users – creating a more open, transparent and friendly digital environment.

Accordingly, entrepreneurs should conduct an accessibility audit to identify areas for improvement and implement appropriate solutions in compliance with the Accessibility Law. As we have indicated, compliance with the statutory requirements should especially be verified by entrepreneurs who offer e-commerce services and operate their own websites.

We encourage you to take advantage of our law firm’s advice on adapting your products and services to the requirements under the new Accessibility Act. We offer comprehensive legal support and practical implementation guidance to help you meet your statutory obligations, minimize the risk of sanctions and build your image as a socially responsible company. We will also point you to detailed guidelines and practical advice on how to adapt the websites you run to the statutory accessibility requirements.

The law firm recognized for the eighth time in a row in Legal 500 – Construction

We are proud to announce that our firm has been recognized for the eighth consecutive year in the international Legal 500 ranking in the Construction category. This is not only an honor for us but, above all, a confirmation that our commitment, expertise, and client-focused approach consistently deliver real results.

Legal 500 is one of the most renowned legal rankings in the world. Each year, it highlights the top legal teams and experts, basing its assessments on independent market research, including feedback from clients and industry peers. We are especially pleased that our continued presence in this ranking has been sustained for eight straight years – in a field as demanding and dynamic as construction law.

The Strength of Our Team

This success would not have been possible without our team – a group of dedicated and experienced attorneys and legal advisors for whom this profession is not just a job, but a true passion. We work side by side on complex infrastructure projects, major commercial investments, and disputes at the intersection of civil law, administrative law, and public procurement.

We believe that the true value of legal advice lies not only in the knowledge of regulations but in the ability to apply them practically – always with the client’s best interest in mind.

Trust That Inspires

We would like to extend our sincere thanks to our clients – for the trust that drives us to continuously grow and for the opportunity to collaborate on ambitious and often groundbreaking projects. Your trust enables us to build long-lasting relationships based on partnership, transparency, and a shared goal.

Each new recognition in the Legal 500 ranking is a commitment for us to continue delivering top-tier legal services.

Looking Ahead

Construction law is a rapidly evolving field, and with that, client expectations are also rising. In response to these needs, we are constantly expanding our services and investing in the development of our team – without ever losing sight of what matters most: a personalized approach to every case.

Thank you for being with us.

The law firm obtained a favorable ruling from the Court of Appeals in Warsaw: Alior Bank is liable for the sale of risky investment certificates

We are proud to announce our latest achievement! JLSW Law Firm has obtained a final judgment confirming the responsibility of Alior Bank S.A. for the distribution of products related to W Investments – Selective Investments FIZAN funds.

The court agreed with the arguments presented by legal advisors Joanna Zemojtel and Lidia Mallek of JLSW Law Firm, finding that the investment product distributed by the bank was not tailored to customers’ needs. In addition, the process of selling it was contrary to their interests and violated regulations governing financial markets. In the lawsuit, we pointed out numerous irregularities, pointing to both the provisions of the Financial Instruments Trading Act and its implementing acts.

The court of first instance indicated in the justification that Alior Bank, when offering investment certificates, failed to exercise due diligence in protecting the interests of its customers. The improper performance of the obligation on the part of Alior Bank consisted, among other things, in failing to carry out an adequacy text with the customer, which did not lead the customer to the obvious conclusion to abandon the purchase of the certificates, which would have been the case if the customer had known about the risks involved.

The court accepted our argumentation, in which we emphasized that the customers’ intention was to purchase instruments with no risk of capital loss. The bank had an obligation to carry out adequate verification of the customers’ knowledge and experience to enable them to make an informed investment decision. The bank’s actions were aimed solely at selling a product that did not meet customers’ needs, and the information provided by the bank was incomplete and misleading.

Presenting the certificates as a “safe” and lucrative investment that resembled a deposit was an unreliable act by Alior Bank. The bank acted in haste, failing to provide adequate information about the nature of the product and its risks. Customers were presented with the product as safe, even though in reality it involved a serious risk of capital loss.

As a result, the court held the bank liable for damages resulting from the realization of investment risks that customers did not accept. The damage suffered by the customers was the funds allocated for the purchase of the certificates minus the amount received by the customer in connection with the redemption of the certificates. Thus, the customer recovered all the funds invested in the certificates, plus interest.

The decision of the court of first instance was confirmed by the Court of Appeals in Warsaw, overwhelmingly dismissing the appeal filed by Alior Bank.

We congratulate the customers on their success and thank them for their trust!

Open salaries as a European standard

Unlike in many EU member states, in Poland the topic of salaries is still taboo. Both customary and legal means of disseminating salary information have still not been adopted. This can be particularly troublesome at the stage of seeking employment, when a candidate tries to find offers that meet his or her requirements, while salary information appears only at a distant stage of recruitment. Various organizations’ compensation policies are often non-transparent or arbitrary, and for cultural reasons it is rarely possible to have a conversation between employees themselves on the subject.

The principle of salary transparency and the employer’s information obligations

The drafters call for the addition of §²¹ to Article 10 of the Labor Code, according to which “Remuneration, as well as its level, shall be public during the employment relationship, as well as before its establishment”. At the same time, the draft envisages providing employees, in proposed Article^{101 of the Code} , with the right to request information from the employer regarding their individual level of remuneration and average levels of remuneration, broken down by gender for categories of employees performing the same work as them or work of equal value. Importantly, it is postulated that the introduced provisions on salary disclosure should also apply to employment relationships established on grounds other than those listed in Article 2 of the Labor Code (employment contract, appointment, election, appointment or cooperative employment contract).

Information on wages before the employment relationship is established

The draft regulation stipulates that when publishing a job offer, the employer will be required to include the amount of the proposed salary level indicating its minimum and maximum amount. Thus, the employer will be obliged to provide, the so-called “forks” and not a specific amount. Such a redaction of the provision seems to give room for abuse, for example, by indicating very extensive amounts of minimum and maximum remuneration, even taking into account that, according to the drafters, this information is to be “based on objective, gender-neutral criteria – provided for a given position”.

How will the proposed changes affect employers?

The obligations imposed on employers would be enforced by expanding the catalog of offenses against employee rights from Article 281 of the Labor Code. Offenses subject to a fine of between PLN 1,000 and PLN 30,000, according to the draft, could include:

1. failure to provide employees with information regarding their individual salary levels and average salary levels,
2. failure to publish information during recruitment about the amount of the proposed salary level with an indication of its minimum and maximum amount,
3. hiring an employee at a salary lower than that provided in the published information on the employee’s employability for the job.

In addition to the aforementioned, other information obligations are to be imposed on employers, which, however, the drafters have not decided to secure with a fine sanction. Among other things, they are to be obliged to provide employees with access to the criteria that are used to determine employees’ salary levels and salary progression, as well as to inform employees, once a year, of their right to receive information regarding their individual salary levels and average salary levels.

Justification of the draft law-is non-transparency of salaries discriminatory?

In the justification for the changes outlined above, the drafters point out that the lack of information about the proposed salary in job offers hits in particular “the groups of employees most vulnerable to unequal and discriminatory treatment: young workers and women”, arguing that this is due to the lack of experience of those entering the labor market, through which they could verify the attractiveness and fairness of job offers. The draft’s authors also draw attention to the differences in earnings between men and women providing work in the same positions – information on salaries, on the other hand, would be expected to eliminate the phenomenon of wage discrimination.

Summary of changes

The proposed changes seem to touch on an important problem noted in the labor market. The proposed bill aims to bring salary disclosure standards in line with European standards. If the proposed changes come into force, they will certainly improve the situation of employees. At the same time, the new legislation will introduce further obligations for employers, which may prove burdensome for them.

The draft law under discussion was referred to the first reading at the session of the Sejm on January 7, 2025, so the legislative process is only at an early stage.

Microsoft Clarity is a powerful analytics tool that offers free insight into user behavior on websites. However, behind the free analytics is the possibility of legal risks. What are the risks and how to avoid them? Read on before you implement Clarity on your site.

---

Who is the data controller?

Microsoft within Clarity assumes the role of an independent data controller rather than a processor, which is unusual in that, in large part, Clarity generates the relevant reports for the benefit of the entity using Clarity solutions on its website. This means that your site’s user data is shared with Microsoft for Microsoft’s own purposes, including service improvement, user profiling or advertising efforts in exchange for free site analytics. In practice, if one were to disregard the issues of obtaining consent from users of a website using Clarity’s analytics, this could be comparable to a situation in which your marketing agency offers you free services in exchange for access to your customer database and the ability to use it for its own purposes. This raises a question in terms of compliance with the RODO.

Scope of data use

Microsoft has the right to use your personal data in accordance with its own privacy policy. This includes, among other things, creating user profiles for advertising purposes. Such a broad scope of personal data processing, which may conflict with the principles of data minimization and purposeful processing under the RODO.

Obligation to obtain consent

The provisions of the RODO require that consent for data processing be: informed, voluntary, specific and given before processing begins. Messages that suggest consent by implication (“By using our site, you agree…”) do not meet these requirements.

Microsoft shifts the responsibility for obtaining user consent to the owners of sites using Clarity. According to the Microsoft Clarity Terms of Use (https://clarity.microsoft.com/terms): “You will obtain consent consistent with applicable Data Protection Law… . Administrators must therefore take care of:

• consent to the installation of cookies related to Clarity,
• consent to the processing of data for the purpose of “recording” user sessions, if the legitimate interest of the data controller, i.e. the website owner, does not apply.
• consent to the transfer of data to Microsoft for broad purposes, including marketing.

Failure to comply with these obligations could result in the owner of a website using Microsoft Clarity, in the least optimistic scenario, being subject to an administrative fine under the provisions of the RODO.

Traps in suggested content from Microsoft

One of the key issues related to the use of Microsoft Clarity is sample wording (so-called “sample wording”) suggested by Microsoft to meet information requirements and obtain user consents.

Microsoft provides ready-made sample wording for inclusion in privacy policies and as messages on websites, among others:

Sample website message:

“We improve our products and advertising by using Microsoft Clarity to see how you use our website. By using our site, you agree that we and Microsoft can collect and use this data. Our privacy statement has more details.”

A sample entry for the privacy policy:

“We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.”

While such templates may seem helpful, they are potentially contrary to the provisions of the DPA because of:

• Lack of active and informed user consent:

The proposed message suggests that use of the site implies consent to data processing, which is inconsistent with the requirements of RODO and the Electronic Communications Law. Consent must be given actively, such as by clicking “I accept” in the relevant message.

• Unclear relationship between the data controller and Microsoft:

The templates proposed by Microsoft do not clearly indicate its role as an independent data controller. This can mislead users into suggesting that Microsoft is merely acting on behalf of the site administrator.

How to avoid the pitfalls?

Site administrators using Microsoft Clarity should:

• Adjust messages to comply with legal requirements:

Cookies and privacy policy messages must comply with EU regulations, clearly explain the purpose of data processing, and allow active user choice.

• Avoid designs that suggest consent by implication:

Phrases like “By using our site, you agree…” are unacceptable. Consent must be explicit and voluntary.

• Carefully explain Microsoft’s role as an independent administrator:

Make it clear that the data is transferred to Microsoft, which processes it in accordance with its privacy policy.

• Update the privacy policy transparently:

The policy should include details of data processing in connection with the use of Microsoft Clarity, including a description of the technology (heatmaps, session replay) and a link to Microsoft’s privacy policy.

Failure to provide the above information may result in a violation of the information obligation under the RODO.

Recommendations for users

To minimize legal risks, you should:

• Precisely define the scope of user consents, avoid combining them.
• Take advantage of the masking feature in Microsoft Clarity to anonymize personal data (e.g., fields in forms).
• Regularly review compliance of practices with data protection regulations.
• Work with a lawyer to prepare appropriate disclosure clauses and consents.

The use of Microsoft Clarity, while attractive from an analytics perspective, comes with significant legal risks. Data controllers should be aware of the risks and take appropriate steps to protect user privacy and avoid potential sanctions.

If you have questions about the processing of personal data in Microsoft Clarity, or need support in preparing the content of a privacy policy for your website, or are wondering whether you are processing data in compliance with the DPA in the course of running your website, please contact our team of data protection specialists.

The Law on the Protection of Whistleblowers will enter into force three months after its publication in the Official Gazette, i.e. on 25 September 2024, except for the provisions on external reporting, which will not take effect until 25 December 2024. What is worth knowing about this law before it enters into force?

 

Who is a whistleblower?
Under the Whistleblower Protection Act, a whistleblower is an individual who reports or publicly discloses information about a violation of the law obtained in a work-related context. A whistleblower can be: an employee, a temporary employee, a person providing work on the basis of a contract other than an employment contract, an entrepreneur, a proxy, a shareholder or a partner, a member of a body of a legal person or an organisational unit without legal personality, a volunteer, an intern, an apprentice, a soldier and a member of other uniformed services such as the Police or the Internal Security Agency.

 

What irregularities can a whistleblower report?
As set out in the Whistleblower Protection Act, a whistleblower may report irregularities consisting of a violation of the law through an unlawful act or omission or aimed at circumventing the law, relating to areas such as: corruption, public procurement, financial services, products and markets, anti-money laundering and terrorist financing, product safety and compliance, transport safety, environmental protection, radiological and nuclear safety, food and feed safety, animal health and welfare, public health, consumer protection, privacy and personal data protection, security of information and communication networks and systems, financial interests of the State Treasury of the Republic of Poland, of a local self-government unit and of the European Union, the internal market of the European Union, including public law principles of competition and state aid and taxation of legal persons, and, in addition, constitutional freedoms and rights of a human being and a citizen – occurring in relations of an individual with public authorities and not related to other areas. In addition, this catalogue may be extended to include violations relating to internal company regulations or ethical standards that have been established by the entity in question. This may include, for example, regulations relating to labour law issues, which, to a certain extent, reflect regulations contained, inter alia, in the Labour Code. However, this is optional and, therefore, the introduction of the possibility of reporting in this respect is optional and depends solely on the will of the entrepreneur.

 

Why was labour law excluded from the Act?
The amendments made during the legislative process to the Act by the Senate and adopted by the Sejm arouse a lot of emotion, because before the Senate presented its position, the catalogue of areas in which one could report irregularities and count on being protected under the above-mentioned Act included 18 items. The deleted item that is not included in the whistleblower protection law passed on 14 June 2024 by the Sejm is ‘labour law’. The votes on this procedure are divided. Some parliamentarians considered the inclusion of labour law as pointless, as the Labour Inspectorate is responsible for monitoring compliance with labour law. In addition, these people emphasised that the Law on the Protection of Whistleblowers, in order to fulfil its task, i.e. to implement Directive (EU) 2019/1927, does not need to include violations concerning labour law. On the other hand, in the opinion of the opponents of the amendment made, the Law on the Protection of Whistleblowers could, in its previous wording, not only help employees to exercise the rights to which they are entitled without fear of losing their jobs or other retaliation from employers, but also help entrepreneurs who, thanks to the strengthened protection of whistleblowers, would get rid of competition in the market that acts contrary to the letter of the law.

 

Who is affected by the implemented regulations?
The Law on the Protection of Whistleblowers implies the need to create whistleblowing channels that would allow the fulfilment of the obligations under the Law. This obligation applies to legal entities for which, as at 1 January or 1 July of a given year, at least 50 persons are gainfully employed. The number of such persons includes full-time employees or persons performing work for remuneration on a basis other than employment, if the enterprises do not employ other persons for such work, regardless of the basis of employment. However, the threshold of 50 persons does not apply to legal entities carrying out activities in the fields of financial services, products and markets and anti-money laundering and terrorist financing, transport safety and environmental protection covered by the European Union acts listed in Parts I.B and II of the Annex to Directive 2019/1937. Failure to establish notification channels by entities meeting the aforementioned criteria entails the risk of being fined.