A Warsaw-based software house discovers that a former senior developer has joined a direct competitor – and taken with him the firm's proprietary algorithm, client database, and pricing model. The company has no formal trade secret policy. Its employment contracts contain a generic confidentiality clause written in 2018. The non-disclosure agreements with contractors were never updated after Poland transposed the EU Trade Secrets Directive. That combination of gaps turns a recoverable breach into a multi-year litigation battle with an uncertain outcome.
Polish law protects trade secrets under the Act on Combating Unfair Competition (ustawa o zwalczaniu nieuczciwej konkurencji, UZNK), which was amended in 2018 to implement the EU Trade Secrets Directive (2016/943). A secret qualifies for protection when it has commercial value, is not generally known, and has been subjected to reasonable steps to maintain its confidentiality. Failure to document those steps forfeits the statutory protection entirely, leaving the injured party without a civil or criminal remedy.
This guide walks through the four stages of a sound trade secret programme: identifying and classifying assets, building the contractual and procedural shield, responding to a breach, and managing cross-border exposure. Each stage includes timelines, cost indicators, and the specific mistakes that cause Polish courts to deny relief. Three business scenarios – a manufacturing firm, a technology company, and a foreign investor entering Poland – illustrate how the framework applies in practice.
What qualifies as a trade secret under Polish law?
Polish law defines a trade secret as any technical, technological, organisational, or other information with commercial value that is not publicly known and that the holder has subjected to reasonable confidentiality measures. All three conditions must be met simultaneously. Missing even one disqualifies the information from statutory protection under the UZNK.
The commercial value requirement is broader than it first appears. It covers not only formulas and source code but also customer lists, supplier terms, pricing strategies, and internal processes. A manufacturing client in the Silesia region discovered in autumn 2024 that its production scheduling methodology – never patented, never formally classified – qualified as a trade secret once counsel documented its competitive advantage and the steps taken to restrict access.
The "reasonable steps" element is where most Polish companies fall short. Courts have denied protection where access controls existed in IT systems but were not mirrored in employment contracts or internal policies. The National Court Register (KRS) records show that many Polish limited liability companies (spółki z ograniczoną odpowiedzialnością) simply adopt boilerplate articles of association with no reference to IP governance. That silence is costly in litigation.
Relevant assets to classify include:
- Source code, algorithms, and technical documentation
- Customer and prospect databases with commercial terms
- Financial models, pricing matrices, and margin structures
- Manufacturing processes and quality-control protocols
- Unreleased product roadmaps and R&D results
Classification should be documented in a written inventory, reviewed at least annually, and approved by a board resolution. That single step creates an evidentiary record that Polish courts treat as strong evidence of "reasonable steps." Without it, the owner of even genuinely valuable information may be left arguing its case from a weak position.
How should a company build its contractual and procedural shield?
The contractual layer is the backbone of any trade secret programme. Under Polish employment law, confidentiality obligations bind employees during the employment relationship even without a written clause – but post-termination protection requires an explicit non-compete agreement with compensation. That compensation must be at least 25% of the employee's prior remuneration for each month of the restriction period. Omitting this figure renders the clause unenforceable.
Employment contracts should therefore contain three distinct provisions: a confidentiality clause defining the scope of protected information by category, a post-termination non-compete clause with the statutory compensation, and a clause assigning all IP created during employment to the employer. The last element is particularly important for software developers, where the Prawo autorskie (Copyright Act) provides default rules that may leave economic rights with the employee unless expressly transferred.
We secured interim injunctive relief protecting a client's technology platform worth over EUR 3m for a Mazowieckie-based IT company (spring 2025). The decisive factor was a complete contractual package – NDA, IP assignment, and a documented access-control policy – that allowed the court to identify the protected perimeter within hours of the application being filed.
For contractors and B2B partners, the framework differs. Contractors are not bound by the Labour Code's default confidentiality rules. A standalone non-disclosure agreement (NDA) is mandatory. That NDA should specify: the definition of confidential information, permitted use, duration (typically three to five years post-project), return or destruction of materials, and a liquidated damages clause. Polish courts enforce liquidated damages clauses in commercial contracts without requiring proof of actual loss, making them a powerful deterrent.
Procedural measures must match the contractual ones. Access controls – role-based permissions, audit logs, clean-desk policies – should be documented in an internal regulation (regulamin). Employees should acknowledge receipt of the regulation in writing. The Office for Personal Data Protection (UODO) has noted that access logs for systems containing personal data also serve GDPR Poland compliance purposes, so a single governance document can serve both functions. That dual utility reduces compliance costs significantly.
For a practical checklist, prepare the following before any enforcement action:
- Written asset inventory with classification levels
- Signed employment contracts with all three clauses
- Signed NDAs with every contractor and partner
- IT access-control policy acknowledged by all users
- Board resolution approving the trade secret programme
To receive an expert assessment of your contractual framework, contact info@kordeckipartners.com.
What steps should a company take when a breach occurs?
Speed is decisive. Polish civil procedure allows a court to grant interim measures – including an injunction prohibiting use of the secret and an order to preserve evidence – within 72 hours of an application in urgent cases. That window closes quickly: once the misappropriated information has been disclosed to third parties or published, the court may decline interim relief on the grounds that the secret has lost its confidential character. Personal liability of the infringer does not disappear, but the injunctive remedy does.
The first 48 hours after discovery should follow a fixed sequence. Preserve all digital evidence before any confrontation with the suspected infringer. Engage forensic IT specialists to image relevant devices and systems. Notify legal counsel to prepare the interim measures application simultaneously. Do not send a cease-and-desist letter before the evidence is secured – a premature letter may prompt deletion of data.
The interim measures application is filed with the district court (sąd okręgowy) at the respondent's domicile or place of business. The applicant must demonstrate a plausible claim and a legal interest in obtaining interim relief. Court fee for interim measures in IP disputes is currently PLN 300 for monetary claims up to PLN 20,000, with higher fees for larger claims. A security deposit may be required if the court finds that the risk of harm to the respondent is significant.
Criminal proceedings run parallel to civil ones. Deliberate disclosure of a trade secret is a criminal offence under Polish law, punishable by a fine, restriction of liberty, or imprisonment of up to two years. Where the perpetrator acted for the purpose of causing significant damage, the maximum sentence rises to three years. Filing a criminal complaint with the police or the District Prosecutor's Office (Prokuratura Okręgowa) creates investigative pressure and may compel disclosure of evidence that civil courts cannot easily order.
The UZNK also provides a civil claim for damages, disgorgement of profits, and publication of a corrective statement. Damages can be calculated either as actual loss or as a licence fee that the infringer would have paid for authorised use. The licence-fee method is often preferable when proving actual loss is difficult. Courts have accepted this measure in cases involving misappropriation of software and customer databases.
For disputes that escalate to full proceedings, the timeline from filing to first-instance judgment in the Warsaw Regional Court (Sąd Okręgowy w Warszawie) averages 18 to 24 months for IP cases. Appeals to the Court of Appeal add another 12 to 18 months. Arbitration before the Court of Arbitration at the Polish Chamber of Commerce (Sąd Arbitrażowy przy KIG) can reduce that timeline to 9 to 12 months where both parties have agreed to an arbitration clause.
For a tailored strategy on enforcement proceedings, reach out to info@kordeckipartners.com.
How do cross-border and technology factors affect trade secret strategies?
Cross-border exposure adds a layer of complexity that domestic policies alone cannot address. A trade secret that travels across borders – through a cloud platform, a multinational contractor, or a foreign subsidiary – must be protected under the law of each jurisdiction where it may be used or disclosed. The EU Trade Secrets Directive harmonised the substantive standard across member states, but procedural rules, limitation periods, and remedies vary significantly.
For foreign investors entering Poland, the starting point is recognising that Polish law applies to any trade secret misappropriation that occurs on Polish territory, regardless of the parties' nationality. A German investor's Polish subsidiary is fully subject to the UZNK. Internal group policies drafted under German or English law do not automatically satisfy the "reasonable steps" requirement under Polish law unless they have been localised – translated, acknowledged by Polish employees, and implemented through Polish-law employment contracts.
Technology companies face an additional layer of exposure under the AI Act Poland framework. Where a trade secret is embedded in an AI model deployed in Poland, the technical documentation required by the AI Act may partially overlap with the secret itself. Structuring that documentation to satisfy regulatory requirements without disclosing the protected core is a task that requires coordination between IP counsel and compliance teams. Similarly, DORA compliance for financial-sector entities requires detailed documentation of IT systems that may contain trade secrets – those documents must be handled under strict access controls to avoid inadvertent disclosure.
GDPR Poland adds a further dimension for secrets that involve personal data. Customer databases and employee records are simultaneously trade secrets and personal data. A data breach notification to UODO may trigger disclosure obligations that conflict with the company's interest in maintaining confidentiality. Counsel must advise on how to fulfil the notification duty without unnecessarily expanding the circle of persons who learn the content of the secret.
For technology companies with Swedish or Nordic ties operating in Poland, the interaction between Polish UZNK rules and Nordic IP frameworks raises specific questions about which law governs a misappropriation claim. Our analysis of IP protection strategy for Swedish tech companies in Poland addresses those choice-of-law questions in detail. For the mechanics of cross-border data flows that may carry trade secrets, see our guide on data transfer from Poland to Switzerland: legal mechanisms. Where a dispute escalates, our disputes practice in Poland covers both civil enforcement and arbitration strategies.
Three business scenarios illustrate the cross-border dimension. A manufacturing company in Silesia with a German parent must ensure its Polish production documentation is classified under both German group policy and Polish UZNK standards – the two frameworks use different terminology for the same concept. A Warsaw IT company licensing software to clients in multiple EU jurisdictions should include a governing-law clause specifying Polish law for any misappropriation claim arising in Poland, even if the main contract is governed by English law. A foreign investor acquiring a Polish target should conduct IP due diligence that specifically maps which information qualifies as a trade secret, whether reasonable steps have been taken, and whether any prior employees or contractors may assert competing claims.
Frequently asked questions
Q: How long does a company have to bring a civil claim for trade secret misappropriation under Polish law?
A: The limitation period under the Act on Combating Unfair Competition is three years from the date on which the injured party learned of the misappropriation and identified the infringer. An absolute limitation period of ten years runs from the date of the infringing act, regardless of the claimant's knowledge. It is important not to confuse these two periods: many companies discover a breach years after it occurred, and by then the three-year period may already be running.
Q: Does a trademark registration substitute for trade secret protection?
A: No. A trademark protects a sign that distinguishes goods or services in the market. Trade secret protection covers the underlying information – the formula, the process, the database – that may or may not be associated with a brand. The two instruments are complementary, not interchangeable. A company with a registered trademark but no trade secret programme has no protection for its proprietary know-how the moment a competitor independently discovers or misappropriates it.
Q: What does it cost to implement a basic trade secret programme in Poland?
A: A foundational programme – asset inventory, updated employment contracts, contractor NDAs, and an internal access-control regulation – typically requires 20 to 40 hours of legal work, depending on the company's size and the complexity of its IP portfolio. For a company with up to 50 employees and a single product line, that translates to a one-time investment that is substantially lower than the cost of a single day of litigation. Annual review and maintenance requires significantly less time.
KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to IP protection, technology regulation, and trade secret enforcement. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.