On paper, registering a trademark or filing a patent looks like a routine administrative step. In practice, Polish tech companies face a layered set of obligations – spanning intellectual property law, the AI Act, DORA, and GDPR – that interact in ways most founders do not anticipate until something goes wrong.

Polish tech companies must protect IP through a combination of trademark registration, copyright documentation, trade secret controls, and software licensing structures. The Urząd Patentowy Rzeczypospolitej Polskiej (Patent Office of the Republic of Poland, UPRP) handles domestic filings, while EU-level protection runs through the European Union Intellectual Property Office (EUIPO). New regulatory layers – including the EU AI Act and DORA – now impose additional documentation requirements that directly affect how IP assets are held and disclosed.

This alert covers three areas: what has changed in the regulatory environment, which companies are affected and at what thresholds, and the immediate steps founders and in-house counsel should take now.

What has changed in the IP and tech regulatory environment?

The past 18 months have produced a significant shift. The EU AI Act entered into force in August 2024, with obligations phasing in through 2026 and 2027. For Polish tech companies building AI-enabled products, this means that training data, model architecture, and output documentation may constitute protectable IP – but also regulated information subject to transparency requirements. Treating these assets purely as trade secrets without a parallel compliance structure creates real legal exposure.

DORA compliance deadlines apply from January 2025 to financial-sector technology providers. Polish fintech and SaaS companies supplying services to banks or insurers now fall within scope of the Komisja Nadzoru Finansowego (Polish Financial Supervision Authority, KNF) oversight framework. Contractual IP clauses in technology agreements must align with DORA's third-party risk requirements. A standard software licence that was adequate in 2023 may now be non-compliant.

GDPR Poland enforcement has also intensified. The Urząd Ochrony Danych Osobowych (Personal Data Protection Office, UODO) issued several decisions in 2024 targeting inadequate data processing agreements. Where personal data forms part of a training dataset or product feature, IP strategy and data protection strategy must be designed together – not in separate workstreams.

Who is affected and what are the thresholds?

The short answer: any Polish tech company with a product, a brand, or a codebase. The practical thresholds vary by instrument. Trademark protection at the EUIPO costs approximately EUR 850 for a single class in one filing – a threshold most early-stage companies can meet within 12 months of launch. Waiting longer forfeits priority and risks third-party registration of the same mark in key markets.

Under the AI Act, high-risk AI system providers face the most demanding documentation obligations. Companies whose systems fall into Annex III categories – including recruitment tools, creditworthiness assessment, and biometric identification – must maintain technical documentation from the date of market placement. There is no revenue threshold. A five-person Warsaw startup deploying a CV-screening tool is subject to the same requirements as a large enterprise.

We secured IP portfolio structuring for a software company in the Mazowieckie region (autumn 2025), where the absence of documented IP ownership between co-founders had blocked a Series A round. Resolving the gap required retroactive assignment agreements and a revised shareholders' agreement – a process that took eight weeks and delayed closing.

For trade secret protection, Polish law implementing the EU Trade Secrets Directive requires that the holder take "reasonable steps" to maintain secrecy. Courts have declined protection where companies lacked written confidentiality policies, access logs, or employee IP assignment clauses. The threshold is not high – but it must be documented. See our detailed analysis of trade secret protection strategies under Polish law for the specific steps required.

What should Polish tech companies do now?

Three actions carry the highest priority. First, audit IP ownership. Every codebase, dataset, and brand element should be traced to a written assignment or work-made-for-hire clause. Freelancer and contractor agreements are the most common gap – Polish copyright law does not automatically transfer rights to the commissioning party without an explicit written clause covering each field of exploitation.

Second, file trademarks before expansion. The Urząd Patentowy (Patent Office) processes national applications within roughly 12 months. EUIPO protection covers all 27 EU member states from a single filing. Companies planning cross-border operations should also review data transfer mechanisms from Poland to Cyprus and other EU jurisdictions, as IP holding structures often interact with data localisation requirements.

Third, align IP documentation with AI Act and DORA obligations. Technical documentation for AI systems should be drafted to serve a dual purpose: satisfying regulatory requirements and establishing IP ownership records. This is not a compliance cost – it is an asset-building exercise. Companies that structure this correctly create a defensible IP portfolio as a byproduct of regulatory compliance.

  • Audit all contractor and freelancer agreements for IP assignment clauses
  • File EUIPO trademark application within 30 days of product launch in any EU market
  • Document trade secret controls: access logs, NDAs, internal policies
  • Map AI system components against AI Act risk categories before Q3 2026 deadlines
  • Review technology contracts for DORA third-party risk alignment

Our team obtained interim injunctive relief protecting source code worth over EUR 1.2m for a Silesia-based SaaS company facing a departing co-founder dispute (spring 2026). The outcome turned on a single IP assignment clause drafted at incorporation. Companies that invest in IP lawyer Warsaw-level structuring at the outset avoid disproportionate costs later. Tax structuring of IP holding entities is a parallel consideration – see our overview of tax advisory services in Poland for IP Box and related regimes.

Every week without documented IP ownership is a week during which a third party can register your trademark, a departing employee can claim co-authorship, or a regulator can find your AI documentation deficient. None of these outcomes is reversible without significant cost and delay.

For a tailored IP protection strategy for your tech company, contact info@kordeckipartners.com.

Frequently asked questions

Q: Does Polish copyright law automatically protect software created by employees?

A: Software created by an employee in the course of employment is owned by the employer under Polish copyright law, provided the work falls within the scope of the employment relationship. However, this default rule does not apply to freelancers or contractors – a written assignment covering each field of exploitation is required. Companies that mix employed and contracted developers frequently have split ownership without realising it.

Q: How long does EUIPO trademark registration take, and what does it cost?

A: A standard EUIPO application takes approximately four to six months if no oppositions are filed. The official fee for one class is EUR 850, with each additional class costing EUR 50 for the second and EUR 150 for each subsequent class. Opposition periods run for three months after publication, so the total timeline to a registered mark is typically six to nine months from filing.

Q: Is the AI Act relevant to a small Polish startup?

A: Yes. The AI Act applies based on the risk category of the system, not the size of the company. A startup deploying a high-risk AI application – such as a recruitment screening tool or a credit assessment model – faces the same documentation and conformity assessment obligations as a large enterprise. The prohibition on certain AI practices (such as real-time biometric surveillance in public spaces) applied from February 2025, regardless of company size.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to IP protection, AI Act compliance, and technology transactions. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.