On 12 July 2024, the Act on Artificial Intelligence (AI Act) was published in the Official Journal of the European Union, as the first EU regulation in this field. Poland is also working on the national law implementing certain provisions of the AI Act and the act implementing the EU DORA regulation, which regulates the engagement of third-party technology providers, including AI-based solutions, by financial entities. In this context, it is important to note the forthcoming developments regarding artificial intelligence systems used for creditworthiness assessment, which are increasingly used by lenders.
The new regulations classify credit scoring systems as high-risk AI systems, as referred to in Article 6 of the AI Act and Annex III of the Regulation. The provisions of the AI Act stipulate that lenders performing creditworthiness assessments using AI will be required to comply with a number of obligations under Article 26 of the AI Act, including, among others:
· use of the AI system in accordance with the instructions,
· ensuring the adequacy and representativeness of the input data controlled,
· supervision of the system by a qualified person, and
· compliance with the disclosure obligation in relation to persons for whom a credit decision will be taken using AI.
Moreover, in accordance with Article 27 of the AI Act, with regard to AI systems used to assess creditworthiness, financial institutions will be required to conduct an assessment of the impact of the high-risk AI system on fundamental rights and submit its results to the supervision authority. Financial institutions should also take into account that the use of AI systems does not constitute a violation of the catalogue of prohibited practices referred to in Article 5 of the AI Act.
In Poland, work has also begun on the act of law which should clarify certain provisions of the AI Act. As part of the pre-consultation at the Ministry of Digital Affairs, the proposals of social organisations on the establishment of the Polish artificial intelligence authority were presented, resulting in the adoption of a position on the establishment of an Artificial Intelligence Supervision Commission, which is of collegial nature and comprises representatives of other supervision authorities.
It should also be mentioned that Poland is in the process of drafting the act amending certain acts in connection with ensuring the operational digital resilience of the financial sector, ensuring the adequate application of the DORA regulation, the provisions of which may also apply to the use of AI systems by financial entities. The draft act provides, among others, for the designation of the Polish Financial Supervision Authority as the supervision authority in the scope of ensuring the operational digital resilience of the financial sector, as well as the amendments to the Act on the National Cyber Security System, including in the area of reporting on major ICT incidents and cyber threats. In accordance with the latest reports, the publication of the next version of the draft act is scheduled in October.