Artificial intelligence is increasingly ceasing to be a purely technological topic. It is becoming an organisational, legal and management topic.
This is visible in public administration too.
On 11 June 2026, the Sejm discussed two important threads related to AI. The first concerned the use of artificial intelligence in the Chancellery of the Sejm and work on a strategy and rules for using AI. The second - the safe deployment of AI in public administration. This topic was presented by the director of the AI Safety Research Centre at NASK-PIB, Professor Szymon Łukasik.
On the same day, the Committee on Digital Affairs also discussed the EU Data Union Strategy, one of whose main aims is to increase the availability of high-quality data for the development and deployment of AI.
This is, on the surface, a public-sector topic. In practice, it is very important for companies too.
Because administration is starting to do what every organisation using AI should do: set rules, organise data, build accountability and ensure security.
AI in administration is not a consequence-free experiment
In a company, an AI error can mean a bad proposal, a misguided recommendation, a breach of confidentiality or reputational risk.
In administration, the stakes can be even higher.
AI can support document analysis, case handling, the creation of summaries, information search, the work of officials, communication with citizens or the management of large data sets. In the future it may also appear closer to decision-making processes.
That is why the public sector cannot deploy AI solely on the logic of "the tool is convenient, so let's start using it."
Rules are needed. Accountability is needed. Control over data is needed. Security is needed. There needs to be an awareness that AI can help but cannot replace an institution's responsibility.
The same applies to business.
Rules first, scale later
In many organisations, artificial intelligence appears from the bottom up. Employees test tools, improve their work, speed up text editing, analyse documents, generate images, write emails, prepare presentations.
On the one hand, this is natural. Companies want to be more efficient, and employees look for tools that save time.
On the other hand, without rules chaos arises very quickly.
An organisation may not know which tools are used, what data goes into them, who approved their use, whether the results are verified and whether employees understand the risks.
That is why the lesson from administration is simple: AI has to be put in order before it becomes an invisible layer of everyday work.
The later a company starts, the harder it will be to establish where AI actually operates.
Data is AI's fuel, but also a source of risk
The second important thread from the parliamentary work concerned data. The Committee on Digital Affairs discussed the EU Data Union Strategy, which highlights the importance of data availability for the development of artificial intelligence.
This is very important, because a conversation about AI without a conversation about data is incomplete.
AI needs data, but data in a company is not neutral. It may contain information about clients, employees, candidates, contractors, finances, contracts, strategy, products, complaints or internal processes.
If an organisation doesn't know what data goes into AI tools, it's hard to talk about security. If it doesn't know whether the data is current, correct and approved for use, it's hard to talk about the quality of decisions. If it has no rules about which data may be used and which must not be passed to external tools, it's hard to talk about responsible deployment.
That is exactly why AI governance starts not with choosing the trendiest tool, but with the question: what data do we have, who is responsible for it and in which processes can it be used.
Administration talks about safe deployment. Companies should talk about the same thing
The phrase "safe AI deployment" may sound technical, but in reality it concerns the whole organisation.
Safe deployment is not only cybersecurity. It is also the question of whether employees were trained, whether the company has rules for using AI, whether a register of tools exists, whether someone assessed the risks, whether documentation can be shown and whether a human still controls the processes in which AI is used.
This is especially important in the context of the AI Act. The EU rules are based on a risk-based approach. Not every use of AI will be regulated in the same way, but an organisation should understand where AI occurs and what effects it may have.
In business, this will mean more and more practical questions.
- Does AI only support drafting working content, or does it influence decisions?
- Is the employee using an approved tool or a personal account?
- Does personal or confidential data go into the tool?
- Is the AI output checked by a human?
- Can the company demonstrate that it has taken preparatory steps?
These are not questions for the future. These are questions for now.
AI in a public institution and AI in a company share a common denominator: trust
Public administration must build the trust of citizens. A company must build the trust of clients, employees, partners and regulators.
In both cases, AI can strengthen that trust or weaken it.
If an organisation uses AI in a transparent, responsible and documented way, the technology can speed up work, improve the quality of service and relieve people of repetitive tasks.
But if AI operates without rules, without the board's knowledge, without control over data and without verification of results, it very quickly becomes a source of risk.
The biggest problem is not that AI has appeared.
The problem is that many organisations try to use it without first putting the basics in order.
What should companies do right now?
The first step does not have to be a major transformation project.
It's enough to start with basic order.
A company should check where AI is already used, which tools are in circulation and which departments use them most often. Then it should set basic rules: what data must not be entered into AI tools, which tools are approved, when output requires verification and who is responsible for new uses.
The next step is AI literacy, that is, training employees not in "AI magic" but in the practical rules of using this technology safely. Only on that basis is it worth building an AI policy, a register of tools, a risk assessment and a readiness report.
This approach is far more effective than creating documents that no one understands or applies.
Where does AI TrustCERT help?
AI TrustCERT was designed precisely as practical support for organisations that want to bring order to their use of AI without months-long projects and excess formality.
It helps a company move from scattered AI use to a more conscious operating model: with basic rules, training, acceptances, a register of tools, risk identification and a readiness report.
This matters, because preparing for the AI Act is not only about knowing the rules.
It's about being able to show that the organisation knows how it uses AI, who has been prepared, which rules apply and what actions have been taken.
Public administration is starting to bring order to AI because the stakes are high. Companies should treat this as a signal.
There's no need to wait for an inspection, an audit or a question from a client.
It's better to know in advance where AI operates in the organisation and whether it really is under control.
Summary
The Sejm's work on the use of AI in public administration points to an important direction: artificial intelligence requires rules, data, security and accountability.
The same applies to business.
AI can be enormous support for an organisation, but only when it doesn't operate in chaos. Companies that want to use AI safely should start with simple questions: where do we use AI, what data goes into the tools, who knows the rules and what evidence of preparation do we have?
Because AI under control does not start with technology.
It starts with order in the organisation.
Sources
- iTV Sejm archive: on 11 June 2026 a meeting was held of the standing Subcommittee on artificial intelligence and algorithm transparency, concerning, among other things, AI in the Chancellery of the Sejm and the safe deployment of AI in public administration; a presentation on this was announced with the participation of the director of the AI Safety Research Centre at NASK-PIB.
- Sejm of the Republic of Poland, information on committee work of 11 June 2026: the Committee on Digital Affairs discussed the European Commission's communication "Data Union Strategy - unlocking data for artificial intelligence," highlighting data availability, simplification of the regulatory framework and data sovereignty as priorities.
- Sejm of the Republic of Poland, information on committee work of 11 June 2026: during the meeting it was noted that access to high-quality data is one of the key conditions for the development of artificial intelligence and the data economy.
- Senate of the Republic of Poland: the Act on artificial intelligence systems was referred to the Senate on 11 June 2026, showing the progress of national work on the framework for applying the AI Act in Poland.