{"id":64006,"date":"2025-10-14T10:00:45","date_gmt":"2025-10-14T08:00:45","guid":{"rendered":"https:\/\/bpcc.org.pl\/?p=64006"},"modified":"2025-10-19T16:36:40","modified_gmt":"2025-10-19T14:36:40","slug":"healthtech-growth-in-poland-legal-barriers-and-opportunities-for-driving-innovation","status":"publish","type":"post","link":"https:\/\/dev2.bpcc.org.pl\/pl\/healthtech-growth-in-poland-legal-barriers-and-opportunities-for-driving-innovation\/","title":{"rendered":"HealthTech growth in Poland: legal barriers and opportunities for driving innovation"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"64006\" class=\"elementor elementor-64006\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7d296c46 elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7d296c46\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-custom\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-5962b214\" data-id=\"5962b214\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-10422d7 elementor-widget elementor-widget-text-editor\" data-id=\"10422d7\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.14.0 - 26-06-2023 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-64009\" src=\"https:\/\/bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-300x300.jpg\" alt=\"\" width=\"200\" height=\"200\" srcset=\"https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-300x300.jpg 300w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-1024x1024.jpg 1024w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-150x150.jpg 150w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-768x768.jpg 768w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-500x500.jpg 500w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-1536x1536.jpg 1536w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-2048x2048.jpg 2048w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-1080x1080.jpg 1080w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-440x440.jpg 440w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-24x24.jpg 24w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-48x48.jpg 48w, https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2025\/09\/8-96x96.jpg 96w\" sizes=\"auto, (max-width: 200px) 100vw, 200px\" \/><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-4a28e8bd\" data-id=\"4a28e8bd\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-29e9dbdb elementor-widget elementor-widget-text-editor\" data-id=\"29e9dbdb\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>By Marcelina S\u0142ugocka, attorney-at-law, TMT\/IP, Addleshaw Goddard<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-3be6a3db\" data-id=\"3be6a3db\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4b466800 elementor-absolute elementor-widget elementor-widget-image\" data-id=\"4b466800\" data-element_type=\"widget\" data-settings=\"{&quot;_position&quot;:&quot;absolute&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.14.0 - 26-06-2023 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/elementor\/thumbs\/AG_addlershaw-goddart_pole-rqcvwuyqpfutpxcwdaad5165malncvbl5rcvfhm51c.png\" title=\"AG_addlershaw-goddart_pole\" alt=\"AG_addlershaw-goddart_pole\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8c5bb69 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8c5bb69\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-45193c9\" data-id=\"45193c9\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-973cae9 elementor-widget elementor-widget-text-editor\" data-id=\"973cae9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>\u00a0<\/p><p>Poland\u2019s health tech market is expanding rapidly, in line with global trends. Worldwide, digital health is projected to surpass $300 billion by 2025, growing at a compound annual growth rate of 16\u201322%. With its large patient base and accelerating digitalisation, Poland is well-positioned to capture a meaningful share of this growth.<\/p><p>At the same time, health tech \u2013 or more broadly, digital health \u2013 is a highly regulated market. Data protection laws, medical device regulations, telemedicine standards, AI governance, and cybersecurity frameworks collectively shape the pathway of health tech innovations to patients. These regulations are a double-edged sword: while they build trust and market confidence, they also impose compliance costs and delays.<\/p><p><strong>Data privacy<br \/><\/strong>Digital health systems handle sensitive personal data, making compliance with data privacy laws fundamental. The EU General Data Protection Regulation (GDPR) applies and treats health information as a special category requiring strict safeguards, while Polish health regulations add another layer.<\/p><p>Health tech companies, as controllers, must implement robust security programmes, including:<\/p><ul style=\"margin-top: -20px;\"><li><strong>Privacy by design<\/strong>: Collect only what is necessary, pseudonymise data where possible, and encrypt data both at rest and in transit<\/li><li><strong>Documented risk assessments<\/strong>: Conduct data protection impact assessments (DPIAs) where processing poses high risks<\/li><li><strong>Incident response plans<\/strong>: Have comprehensive plans in place to address data breaches<\/li><\/ul><p>These measures are part of a broader commitment to GDPR compliance, which also includes ongoing staff training, implementing appropriate technical and organisational safeguards, and ensuring individuals&#8217; rights are respected.<\/p><p>While compliance requires effort, it can also become an asset. A controller that demonstrates GDPR-compliant patient protection will inspire greater confidence from hospitals, insurers, and users than one that cuts corners. Moreover, compliance mitigates exposure to significant regulatory fines, which can reach up to \u20ac20 million or 4% of annual global turnover.<\/p><p><strong>When software becomes a medical product<br \/><\/strong>Medical device regulations can pose hurdles but also enhance product credibility. In the EU, the Medical Device Regulation (MDR) treats software intended for diagnosis, monitoring, or therapy as a medical device subject to conformity rules. All medical devices must be classified by risk (Class I for low risk to Class III for high risk) and, following a successful conformity assessment, carry a CE mark to be legally placed on the EU market.<\/p><p>In practice, this means many health tech apps and platforms require official certification. For instance, a mobile app that provides general wellness tips may qualify as a low-risk Class I device (which the developer can self-certify), whereas a machine-learning system that analyses X-rays or adjusts insulin doses would be Class IIa or IIb, requiring review by a notified body for approval.<\/p><p>In Poland, the Office for Registration of Medicinal Products, Medical Devices and Biocidal Products enforces these rules, and every medical device must be registered locally. The Polish Medical Devices Act also introduced mandatory online registries for device distributors and professional users, with penalties and other consequences for non-compliance. Although these procedures add time and expense to bringing a product to market, they also signal quality and reliability.<\/p><p><strong>Cybersecurity<br \/><\/strong>Cybersecurity is a growing focus in health tech. Poland\u2019s 2018 Cybersecurity Act, which implemented the EU\u2019s original NIS Directive, required many health networks to adopt cybersecurity risk-management measures and report significant incidents to national authorities. The new NIS2 Directive expands this framework, and Poland is currently in the process of transposing it into national law. Multiple draft versions of the legislation are in circulation, but the new rules will extend cyber risk-management and reporting duties to a broader range of sectors. It is likely that the updated framework will cover more digital service providers and selected tech companies, potentially encompassing many health tech enterprises. In short, the rules on cybersecurity in Poland are about to tighten.<\/p><p>Health tech firms should prioritise cybersecurity now, rather than later. Key measures include:<\/p><ul style=\"margin-top: -20px;\"><li>Encrypting patient data<\/li><li>Conducting regular security audits<\/li><li>Patching systems promptly<\/li><li>Establishing a clear incident-response plan<\/li><\/ul><p>Health tech companies that can demonstrate strong cyber hygiene will have an edge with hospitals and investors, who are increasingly aware of the damage ransomware attacks can cause. In effect, legal compliance can become a competitive advantage \u2013 cybersecurity measures can serve as a selling point, showcasing a product\u2019s trustworthiness in an age of hacking and data theft.<\/p><p><strong>AI in Health Tech<br \/><\/strong>The regulatory environment for artificial intelligence (AI) in health tech is evolving rapidly. The EU AI Act is the first comprehensive legal framework for artificial intelligence worldwide. It aims to ensure the safe development and use of AI systems while fostering trustworthy AI in Europe.<\/p><p>The EU AI Act introduces a risk-based framework, classifying AI tools from prohibited to minimal-risk. Solutions used for diagnosis, triage, or clinical decision support generally fall into the high-risk category, meaning they must meet rigorous requirements both before and after market entry. Companies need to focus on:<\/p><ul style=\"margin-top: -20px;\"><li>Lifecycle risk management with ongoing monitoring and timely updates<\/li><li>High-quality, representative training data to minimise bias<\/li><li>Comprehensive bias testing and validation<\/li><li>Effective human oversight to ensure accountability and safety<\/li><\/ul><p>When AI systems are used for medical purposes \u2013 such as diagnosis or treatment \u2013 they must comply with both the AI Act and the MDR, creating a dual regulatory track with overlapping obligations. By proactively integrating these compliance measures, health tech businesses can reduce regulatory risk and signal their commitment to quality and safety.<\/p><p><strong>Conclusion<br \/><\/strong>Poland offers fertile ground for digital health innovation, but success requires legal savviness. Regulations on data protection, device safety, cybersecurity, and reimbursement can pose genuine hurdles, potentially slowing a project if overlooked. At the same time, these rules build market trust \u2013 a secure and compliant product is more likely to gain acceptance.<\/p><p>Savvy companies will integrate compliance into their product strategy from the outset. By planning ahead, health tech businesses can turn Poland\u2019s regulatory framework into a competitive advantage. While these investments require time and money, they enhance trust, improve procurement opportunities, and increase valuation, transforming compliance into a growth enabler.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>By Marcelina S\u0142ugocka, attorney-at-law, TMT\/IP, Addleshaw Goddard Poland\u2019s health tech market is expanding rapidly, in line with global trends. Worldwide, digital health is projected to surpass $300 billion by 2025, growing at a compound annual growth rate of 16\u201322%. With its large patient base and accelerating digitalisation, Poland is well-positioned to capture a meaningful share [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":29128,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[76],"tags":[],"ppma_author":[585],"class_list":["post-64006","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-contact-magazine","author-addleshaw-goddard-ag","et-has-post-format-content","et_post_format-et-post-format-standard"],"acf":[],"authors":[{"term_id":585,"user_id":0,"is_guest":1,"slug":"addleshaw-goddard-ag","display_name":"Addleshaw Goddard (AG)","avatar_url":{"url":"https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2024\/12\/AG_addlershaw-goddart_pole.png","url2x":"https:\/\/dev2.bpcc.org.pl\/wp-content\/uploads\/2024\/12\/AG_addlershaw-goddart_pole.png"},"first_name":"Addleshaw Goddard (AG)","last_name":"","user_url":"","description":""}],"_links":{"self":[{"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/posts\/64006","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/comments?post=64006"}],"version-history":[{"count":25,"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/posts\/64006\/revisions"}],"predecessor-version":[{"id":65540,"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/posts\/64006\/revisions\/65540"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/media\/29128"}],"wp:attachment":[{"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/media?parent=64006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/categories?post=64006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/tags?post=64006"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/dev2.bpcc.org.pl\/pl\/wp-json\/wp\/v2\/ppma_author?post=64006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}