It is reported that Portugal’s legal environment encourages foreign investment. Portuguese law prohibits any discrimination between investments on the basis of nationality, and most foreign investments are not regulated.

Portugal’s foreign direct investment screening mechanism is mainly found in Decree-Law No. 138/2014. The legislation provides for screening in connection to strategic assets in sensitive industry sectors such as energy, transport, and telecommunications. The mechanism establishes both an ex-post opposition screening regime and the possibility for any interested party to request previous confirmation from the Portuguese government. The authorities responsible for foreign direct investment screening in Portugal are the respective Ministries responsible for the energy, transport and communication sectors and the Portuguese Council of Ministers. The Portuguese FDI screening mechanism is triggered if (i) the transaction results, directly or indirectly, in the acquisition of direct or indirect control over strategic assets; and (ii) the person(s) acquiring such control are third-country nationals, i.e. they are domiciled in or their statutory headquarters or effective place of business is in a non-EU or EEA country. It is reported that although Portugal has not yet activated its investment screening mechanism, the government has indicated that an inter-institutional working group of the Ministry of Economy, the Ministry of Foreign Affairs and European Affairs will be reactivated to align the Portuguese investment screening law with the EU directive and deliver concrete results.

The official language of proceedings before the Portuguese Industrial Property Office (INPI) is Portuguese. However, the application may initially be filed in English. A Portuguese translation thereof must be submitted within one month of the corresponding notification from the Office, provided that an additional fee is paid. Moreover, it is reported that different activities within the application procedure have to be assisted by an intellectual property agent, such as the submission of specific translations (see Art. 83 Decree-Law No. 110/2018).

According to the Polish Committee for Standardisation (Polski Komitet Normalizacyjny – PKN), to become a member of a Technical Committee (KT), Project Committee (KZ), or Technical Subcommittee (PK), an entity must (i) meet the requirements set forth in Article 23.2 of the Standardisation Act of September 2002; (ii) operate and be registered in the Republic of Poland; and (iii) possess expertise in the thematic scope of the KT, KZ, or PK they wish to join. Membership in these committees is voluntary and free of charge. As specified in Art. 23.2 of the Standardisation Act, a technical committee is composed of specialists appointed by government administration bodies, economic entities, employers' associations, consumer organisations, professional and scientific-technical organisations, higher education institutions, scientific organisations, and PKN employees. The composition must ensure the representativeness of all stakeholders in a given subject, considering the needs of the national economy.

The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Act of 30th May 2014 on Consumer's Rights.

Poland has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Poland has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Poland has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Poland implemented the GDPR in 2018 through the Act of 10 May 2018 on the Protection of Personal Data.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned.
Under Art. 47 of the Electronic Communications Law, telecommunications providers are obliged to store certain types of user data for 12 months, including user identity, date and time and the type of connection.

Under Art. 43 of the Electronic Communications Law, telecommunications providers must grant access to stored data to "authorised entities" including police and secret services without a court order.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The Civil Code and the Act on Providing Services by Electronic Means transpose Directive 2000/31/EC. Chapter 3 of the Act, as amended in November 2024, sets out liability exemptions for intermediary service providers. Under Arts. 12–14, providers acting as “mere conduits” for data transmission are not liable for the content they carry if they do not initiate the transmission, choose the recipient, or alter the information. Similar exemptions apply to those performing temporary caching to improve efficiency, as long as they do not modify the data and remove or block access once they become aware of its removal by the source or receive an official order. Hosting providers are also exempt from liability when unaware of unlawful content and must act swiftly to remove it once notified, while informing the user if removal is based on “reliable knowledge.”
In addition, Art. 422 of the Civil Code, are interpreted in a way that shields service providers from liability for user content and behaviour.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The Civil Code and the Act on Providing Services by Electronic Means transpose Directive 2000/31/EC. Chapter 3 of the Act, as amended in November 2024, sets out liability exemptions for intermediary service providers. Under Arts. 12–14, providers acting as “mere conduits” for data transmission are not liable for the content they carry if they do not initiate the transmission, choose the recipient, or alter the information. Similar exemptions apply to those performing temporary caching to improve efficiency, as long as they do not modify the data and remove or block access once they become aware of its removal by the source or receive an official order. Hosting providers are also exempt from liability when unaware of unlawful content and must act swiftly to remove it once notified, while informing the user if removal is based on “reliable knowledge.”
In addition, Art. 422 of the Civil Code, are interpreted in a way that shields service providers from liability for user content and behaviour.

Poland maintains an identity verification requirement for SIM card registration, first introduced by the Act of 10 June 2016 on Anti-terrorism Measures (Dz.U. 2016 poz. 904). Under Art. 43 of that Act, which amended the Act of 16 July 2004 on Telecommunications Law, a new Art. 60b was inserted, requiring individuals purchasing prepaid SIM cards to provide identifying information to the telecommunications provider, typically a national identity card for Polish citizens or a passport for foreign nationals, in order to activate the service. Although the Telecommunications Law has since been repealed and replaced by the Electronic Communications Law (Prawo komunikacji elektronicznej, Dz.U. 2024 poz. 1221), the identity requirement remains in force under Art. 296 of the new law.

Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters), under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms. Graduated exemptions are expected to be put in place for new providers active in the EU for less than three years with a turnover under EUR 10 million, and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
To implement Directive 2019/790 on Copyright in the Digital Single Market, the government adopted the Act of 26 July 2024 Amending the Act on Copyright and Related Rights, the Act on the Protection of Databases and the Act on Collective Management of Copyright and Related Rights, therefore making online content-sharing service providers partially liable for copyright violations on their platforms.