By continuing to browse the site, you agree to our use of cookies. Check its details of the Privacy Policy and Cookies.

Accept arrow
Latest blog posts: Legal regulations and GenAI. How to prepare? Legal regulations and GenAI. How to prepare?

Legal regulations and GenAI. How to prepare?

4.3.2025 | LCloud
Udostępnij:

Generative Artificial Intelligence (GenAI) can analyze data and create new content—text, images, code, or music—offering vast opportunities for any organization. However, to effectively deploy GenAI solutions, it is essential to review guidelines and legal regulations right from the planning stage. Doing so helps prevent potential non-compliance issues and ensures adherence to current legislation.

Below, we will explore the key recommendations from Amazon Web Services and then move on to other regulations that support the creation of a GenAI usage policy within your organization.

AWS Recommendations

Implementing any large-scale technology is a complex process, especially in the rapidly evolving field of artificial intelligence. Although each transformation is unique, there are proven methods for effectively deploying GenAI. One is the collection of best practices from Amazon Web Services, known as AWS CAF-AI.

Defining goals and scope

Organizations must clearly determine in which areas they plan to implement Generative AI solutions and the objectives they wish to achieve. Common goals include improving operational efficiency, optimizing processes, reducing the time to introduce new solutions, and increasing customer satisfaction. The most important step is identifying which departments and processes will be covered by the GenAI policy.

Testing and monitoring GenAI systems

Each model and solution should be tested to ensure compliance with the company’s internal standards and applicable regulations. The policy should specify which tools are approved for use and how to monitor their performance after implementation.

Risk management and regulatory compliance

A GenAI policy needs to include a detailed risk management plan aligned with requirements such as GDPR and the AI Act. This plan should consider how to classify GenAI systems by risk level, as well as outline procedures to ensure model transparency and impartiality. Maintaining data protection and preventing discrimination are essential.

Employee training and engagement

For a GenAI implementation to be effective, employees must understand how to use this technology ethically and securely. The policy should include training programs for both managers and technical teams responsible for deploying and maintaining GenAI systems. This promotes a thorough understanding of the benefits and risks associated with GenAI.

Ethical use of GenAI

A critical part of a GenAI policy involves establishing ethical guidelines for using generative AI. This covers transparent communication with customers, ensuring model impartiality, and aligning with the company’s core values. Building trust in GenAI—both for employees and customers—is vital for long-term success.

Data management and GDPR compliance

Deploying Generative AI requires a robust data management strategy. GenAI solutions cannot function effectively without high-quality data, so the policy must include guidelines for data collection, storage, and processing, as well as protocols to ensure data security and quality. As organizations using GenAI handle personal data, adherence to data protection regulations—particularly GDPR—is crucial, especially when training GenAI models.

AWS Cloud Adoption Framework for Artificial Intelligence
AWS Cloud Adoption Framework for Artificial Intelligence

Developing a policy governing the use of Generative AI is extremely important for any organization. Such a policy fosters customer and employee trust through the ethical and transparent use of GenAI capabilities, which in turn enhances business relationships and outcomes. It also supports risk management by reducing the likelihood of legal and operational issues, for example those related to privacy violations or insufficient algorithm transparency.

How does the law respond to GenAI?

The next step involves understanding the legal regulations. Below are some key institutions and legal frameworks.

AI Working Group (GRAI)

Created to promote an environment conducive to AI development in both the public and private sectors in Poland, this open-format group brings together a broad representation of the market. Its objective is to support businesses in safely and effectively deploying AI according to best practices and existing legislation. GRAI also provides guidelines to help firms grasp the standards for ethical and transparent AI use, ensuring compliance with legal requirements. The group’s findings are published on the Polish AI Portal.

EU AI Act

The EU AI Act is the world’s first comprehensive legislative framework regulating artificial intelligence. It goes into partial effect in 2025 and will be fully implemented by 2027. Under the act, AI systems are classified by risk level, with stringent requirements for high-risk systems concerning safety and transparency:

  • Unacceptable risk: Refers to banned AI systems that threaten fundamental rights and safety (e.g., manipulative systems or those using social engineering).
  • High risk: Common in areas like medicine, education, or recruitment, where strict technical and transparency requirements apply.
  • Limited risk: Systems that must meet specified transparency standards (e.g., chatbots that disclose their AI nature to users).
  • Minimal risk: No additional actions required because they pose no significant risk (e.g., spam filters).

In most cases, the providers of high-risk systems bear responsibilities for technical documentation, meaning compliance with the EU AI Act may necessitate hiring compliance experts and conducting regular audits.

It is also worth noting that, apart from EU regulations, other frameworks like the Digital Markets Act, the Digital Services Act, and various industry-specific regulations may apply to GenAI implementations. Staying informed of ongoing legal developments is therefore crucial.

Leverage the expertise of others

Utilizing GenAI solutions requires a solid plan and familiarity with best market practices, including AWS CAF-AI. Drawing on the expertise of specialists and dedicated partners can help organizations understand legal considerations and develop a GenAI policy that ensures security. Should you need support or have any questions, our experts are here to help at kontakt@lcloud.pl

We offer free consultations and will guide you through entering the world of Generative AI.

× I hereby declare that pursuant the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to data processing personal data and on the free movement of such data and repeal Directive 95/46 / EC (GDPR), Law on the Protection of Personal Data of 10 May 2018 and the Act of 18 July 2002 on the provision of electronic services. I agree to the processing of personal data provided by me for marketing purposes, including the purpose of receiving commercial information by electronic company from Lcloud limited liability company to promote its services. The data provided is protected in full in accordance with the Personal Data Protection Act. Lcloud Sp. z o.o. (based in Warsaw, 59 Złota Street) is the administrator of the personal data base. The Publisher has the right to access, change and delete personal data from the Lcloud Sp. z o.o.

Details on the method, purpose and duration of processing are available in Privacy Policy and Cookies