109 2591-2259 / This is an open access article under the CC-BY-SA license https://creativecommons.org/licenses/by-sa/4.0/ DOI: 10.17573/cepar.2024.2.05 1.01 Original scientific article The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice Jowanka Jakubek-Lalik University of Warsaw, Poland j.jakubek@uw.edu.pl https://orcid.org/0000-0002-4365-1423 Received: 7. 10. 2024 Revised: 6. 11. 2024 Accepted: 9. 11. 2024 Published: 27. 11. 2024 ABSTRACT There are many new challenges to the classic approach to decision-making in administrative law. Public authorities are discovering the potential of AI systems to improve the efficiency and accuracy of administrative pro- ceedings. However, automated decision-making (ADM) and AI-supported decision-making create new dilemmas, especially in relation to account- ability, data protection, and general principles of administrative law. The benefits of AI should therefore be assessed together with the associated risks and threats, with adequate means for control and supervision. The use of AI tools is growing also in the Polish public administration, as is interest in simplifying administrative proceedings and automating the issuance of administrative decisions. However, these trends should be carefully monitored, especially from the perspective of citizens’ rights and potential errors that may differ from the classical, non-automated administrative proceedings. Purpose: This article examines the challenges of introducing AI tools into administrative law and proceedings, as well as the need for specific legal remedies. It questions whether the remedies are the same as in traditional administrative proceedings and whether the instruments provided in existing legislation suffice to ensure adequate protection of citizens’ rights? The methodology used includes an analysis of the legislation and poli- cies, desk research on practical examples, and insights from discussion at the EGPA 2024 Conference. The findings focus on the analysis of existing legislation both in terms of its applicability and practical implementation, especially in light of AI use in public administration. The most important aspect is the link between the use of AI tools and the potential need to design new or adapt existing Jakubek-Lalik, J. (2024). The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice. Central European Public Administration Review, 22(2), pp. 109–128 Central European Public Administration Review, Vol. 22, No. 2/2024 110 Jowanka Jakubek-Lalik legal remedies in both imperious and non-imperious domains of public administration, with a special focus on ADM challenges. Practical implications address the new challenges AI poses to decision- making in administrative law. Through practical examples, it also dis- cusses to what extent legal remedies should be tailored to AI tools and how human rights might be affected, necessitating protective measures. These implications are important not only from a legal standpoint, but also for legal practitioners and the public administration as a whole. Originality and value of the article lie in the discussion on the chal- lenges of administrative proceedings and legal remedies in the era of AI. This topic is both highly relevant and timely, as the use of AI will undoubtedly shape the future of public administration proceedings and other activities. Keywords: ADM, administrative law, administrative proceedings, AI, automated decision making, Polish public administration JEL: K400 1 Introduction In recent years, we have observed an unprecedented development of infor- mation and communication technologies, which are increasingly boldly en- tering the space of public and private life. The implementation of AI-based solutions in administration brings with it a number of legal and technological challenges that require in-depth analysis and understanding. The emergence of Artificial Intelligence (AI) has been a major challenge for public administration from the beggining. The changing environment and possibilities created by the development of AI has created many new op- portunities, but also new threats. Public administration might be specifically interested in the potential to use automated decision making (ADMs) and AI- supported administrative decisions – however, the misuse of the new pos- sibilities might create the situation of nouveau ‘détournement de pouvoir’ and substantial threaths to the rights of the parties in administrative proceedings. The AI systems obviously have the potential to improve the efficiency and accuracy of administrative proceedings. What is especially relevant for the public administration bodies is first of all the reduction of mistakes caused by ‘human factor’, improved standardization and simplification of procedures, improved accuracy – especially relating to equality and cohesion, as well as im- proved efficiency. Nevertheless, significant questions arise in relation to who actually takes the decision and who is ultimately accountable for its contents. Another interesting topic is appeal procedure and defining the new standards of administrative proceedings in the context of the AI. As the use of AI tools is growing in public administration, as well as the interest in simplification of the conduct of administrative proceedings, the question arises as to the ex- tent the automated issuance of administrative decisions (ADM) can be used. Central European Public Administration Review, Vol. 22, No. 2/2024 111 The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice The ADM and AI-supported decision making create new dilemmas, especially in relation to accountability, data protection and general principles of admin- istrative law. The tendencies to use AI tools should be carefully monitored es- pecially from the perspective of citizens’ rights, as the potential errors might be different from the classical, non-automated administrative proceedings. As the practice of populist and authoritarian regimes demonstrate, the ad- ministrative measures can be effectively used both to protect and to oppress the citizens. AI seem to provide additional challenges in these aspects, as it increases the efficiency of administrations’ performance – therefore can cre- ate both advantages, as well as serious threats. This article discusses the challenges of AI in the context of Polish regulations and practice. Firstly, the methods and research questions are introduced. Sec- ondly, the findings relating to regulations, policies and practical examples are analysed. Finally, the need for specific legal remedies is discussed, in relation to activities performed in non-imperious and imperious spheres of public ad- ministration activity. 2 Methods This article focuses on achieving its objectives via several methodological tools. The following components outline the research methodology: Analysis of the legislation and policies involves review of existing laws, regula- tions and policies relating to the use of AI in and by public administration in Poland. The analysed laws are from European level (EU law and Council of Europe regulations) and from national level. Also, reports and studies related to the topic, addressing performance and challenges posed by the AI to the public administration are analysed. Desk research on practical examples is aimed to provide the practical exam- ples of the use of AI and ADM by public administration, desk research with focus on information published on public administration websites, reports, expert blogs and newspaper articles have been used. Conclusions from discussion during EGPA 2024 Conference have been tak- en into account as well. The presentation of the initial version of the paper and follow-up discussion during EGPA conference allowed the clarification and adjustment of the text and its conclusions. The feedback received after presenting preliminary findings was incorporated and necessary adjustments to the research paper were made to refine the assessment of challenges and conclusions. 3 Results In this chapter the legal regulations and policies are analysed, as well as their practical implementation and real-life examples of using AI tools by Polish public administration. The important differenciation is between using AI in Central European Public Administration Review, Vol. 22, No. 2/2024 112 Jowanka Jakubek-Lalik non-imperious sphere of activity (like chatbots issuing information) and impe- rious sphere (where administrative decisions are issued). 3.1 Polish Regulations and Practice Poland has not established specific legal acts regulating the operation of arti- ficial intelligence, because - like many other European Union countries - it was anticipating the adoption of EU regulations, i.e. AI Act and the Directive on liability for artificial intelligence. However, this does not mean that the Polish government and government institutions remained passive in the face of the technological revolution based on the development of AI. 3.1.1 European Law Regulations AI regulations in the European Union can be found, among others, in legal acts on cybersecurity and personal data protection. One of the key regulations on AI was Directive of the European Parliament and of the Council (EU) concern- ing measures for a high common level of security of network and information systems across the Union (Directive 2016/1148), the so-called NIS Directive , adopted on 6 July 2016. It was the first European law on cybersecurity. The Directive imposed a number of obligations on the Member States, obliging them, among others, to establish specific institutions and introduce coopera- tion mechanisms. The Directive obliged the Member States to guarantee a minimum level of national capabilities in the field of IT security. Its provisions were to enable the creation of both a centralised system at national level and the division of competences between various entities. The NIS Directive did not directly concern public administration services, unless they were key ser- vices listed therein. However, the document constituted minimum harmoni- sation, and therefore set certain minimum conditions that must be met. It was not intended to limit the ability of the Member States to regulate the is- sue of cybersecurity of public administration. The text of the directive focuses on three pillars: institutions that should be established in the Member States, cooperation at European level and obligations in the field of network and in- formation security.1 In Poland, its provisions were to be implemented by the Act on the National Cybersecurity System of 28 August 2018.2 The next legal act updating the NIS Directive was Directive 2022/2555 (NIS 2) concerning measures for a high common level of cybersecurity across the Union. This Directive, which entered into force in 2023, is an evolution of the regime introduced by the NIS Directive , providing for legal measures to increase the overall level of cybersecurity in the EU. The modernised legal framework aims to keep up with the rapid digitalisation and the changing landscape of cybersecurity threats. By extending the scope of cybersecurity rules to new sectors and entities, it further aims to increase the resilience and 1 https://cyberpolicy.nask.pl/dyrektywa-nis-czy-piersze-zdrowiee-prawo-w-zakresie-cyberbez- pieczenstwa/ 2 Act of 5 July 2018 on the national cybersecurity system, Journal of Laws 2018 item 1560, as amended. Central European Public Administration Review, Vol. 22, No. 2/2024 113 The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice incident response capacity of public and private entities, competent authori- ties and the EU as a whole.3 Entities designated by Member States as operators of essential services in the above sectors are required to take appropriate security measures and notify the competent national authorities in the event of major incidents. In addi- tion, essential digital service providers such as search engines, cloud comput- ing services and online marketplaces will have to comply with the security and notification requirements set out in the Directive.4 Another important regulation concerning AI is the EU Data Act Regulation (Data Act) , adopted by the European Parliament on 9 November 2023.5 The key assumptions of the Data Act are: – Increasing legal certainty for companies and consumers engaged in data generation, by establishing clear rules on the permissible use of data and the associated conditions, while sustaining incentives for data holders to continue investing in high-quality data generation. – Mitigating the abuse of contractual imbalances that impede equitable data sharing. This entails safeguarding enterprises from unjust contractual terms imposed by a party wielding a considerably stronger market position. – Rules enabling public sector bodies to access and use data held by the pri- vate sector for specific public interest purposes. For instance, public sector bodies will be able to request data necessary to help them respond quickly and securely to a public emergency, with minimal burden on businesses. – New rules setting the framework for customers to effectively switch bet- ween different providers of data-processing services to unlock the EU clo- ud market. This will also contribute to an overall framework for efficient data interoperability. 6 Another regulation that could significantly affect the use of AI in public ad- ministration is the Cyber Resilience Act (CRA).7 The regulation is intended to strengthen cybersecurity requirements for safer digital products. As hardware and software are increasingly subject to effective cyberattacks and increasing cybercrime, the regulation aims to minimize security gaps and improve the delivery of security updates, as well as to facilitate the understanding and access of information by users. The most important goals of the regulation are therefore to ensure the proper functioning of the internal market and to create conditions that allow users to take cybersecurity into account when choosing and using products containing digital elements.8 3 https://digital-strategy.ec.europa.eu/pl/policies/nis2-directive 4 https://www.gov.pl/web/cyfryzacja/operatorów-uslug-kluczowych 5 https://www.eu-data-act.com/ 6 https://digital-strategy.ec.europa.eu/en/policies/data-act 7 At the time of writing, the European Cyber Resilience Act has not yet been finalized. 8 https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act Central European Public Administration Review, Vol. 22, No. 2/2024 114 Jowanka Jakubek-Lalik What is also important is the relation of the aforementioned regulations to the provisions of the General Data Protection Regulation (GDPR).9 The legal definition of personal data is broad, so many data collected and used by AI are subject to special protection under the GDPR. Another challenge is the lack of regulations regarding access to or exchange of non-personal data, which lim- its the possibilities of using this type of data in AI systems. This issue is also not resolved by the Regulation of the European Parliament and of the Council on the framework for the free flow of non-personal data in the European Union. In June 2024, The European Union has introduced new legislation on artificial intelligence: The EU AI Act.10 It is the first act to lay the foundations for the complex regulation of AI in the EU. On 1 August 2024, the AI Act entered into force – as the world‘s first comprehensive legal regulation for artificial intel- ligence systems and models. The regulation aims to ensure security, transpar- ency and compliance with European values in the development and use of AI. The act takes the form of a regulation, which means that its provisions apply directly throughout the Union. The Artificial Intelligence Act is the first law of its kind in the world to com- prehensively regulate the AI sector. The regulation is based on a risk-based approach, making the obligations of providers and entities implementing AI models and systems dependent on the potential risk of harm to citizens, societies and economies. The introduction of the AI Act was aimed to be an important step towards responsible and ethical development of technology, provide foundation for innovations, but above all to guarantee security and respect for human rights in the face of rapidly developing technology. An important act relating to privacy, data protection and use of AI by public administration, established long before the GDPR, is the Council of Europe Convention 108.11 The Convention opened for signature on 28 January 1981 and was the first legally binding international instrument in the data protec- tion field. Under this Convention, the parties are required to take the neces- sary steps in their domestic legislation to apply the principles it lays down in order to ensure respect in their territory for the fundamental human rights of all individuals with regard to processing of personal data. Convention 108 lays out legal definitions for the main concepts of data protection law such as: personal data, data controller and processing activity, data subject rights and the idea of privacy as a “take-back control” by individuals over the pro- cessing of their personal data. In addition, principles of data processing such as: lawful, fair, purpose specific, and proportional data processing through privacy by design and by default, compliance, transparency, data security, and risk management were established by this document, reaching an important 9 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 10 The EU AI Act was published in the Official Journal (OJ) of the European Union on 12 July 2024. 11 The Convention for the Protection of Individuals with regard to Automatic Processing of Per- sonal Data (CETS No. 108) Central European Public Administration Review, Vol. 22, No. 2/2024 115 The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice cornerstone to protect privacy and provide for the free flow of personal data (Ragan, 2022). What needs to be noted however, is the fact that the existing regulations, adopted in the area of personal data protection, do not address the systemic challenges linked to automated decision-making. They are focused on the situation of a particular individual and the decision made in their case. Both the provisions adopted in the GDPR and the Convention 108 adopted by the Council of Europe are focused on solutions such as prohibition of automated decision making (limited by a number of exceptions) or providing access to the logic standing behind a particular decision. However, algorithms used in automated decision-making are not subjected to regulations which would in- crease their level of transparency (Mazur, 2021, pp. 271–271). 3.1.2 Polish Law Regulations Given the complexity of this matter, there is no single law on AI in Poland, nor is there any plan to enact any. Currently, the operation of this technology is regulated by four separate groups of regulations concerning cybersecurity, personal data protection, civil liability and intellectual property . The Polish legal system also does not provide for any specific regulations on AI. Individual regulations are contained in many legal acts (including telecom- munications law,12 public procurement law,13 entrepreneurs’ law,14 and, more broadly, tax law, safety regulations, civil law - in particular obligations, includ- ing the relationship between the user and the manufacturer, as well as ad- ministrative law, in particular regarding transport and spatial planning). These regulations do not directly concern AI, but rather contain general regulations applicable to the relationship between entities using these solutions and their manufacturers. In some cases, they can also be used in a subsidiary manner. Of course, the key place in the regulatory system is played by the previous- ly mentioned Act on the National Cybersecurity System of 28 August 2018, which implements the NIS Directive into the Polish legal system. Full imple- mentation of the NIS Directive also required the adoption of two regulations of the Council of Ministers, i.e. on recognizing an incident as serious,15 and on the list of key services and thresholds of significance of the disruptive effect of an incident on the provision of key services.16 The purpose of the Act on the National Cybersecurity System was to develop legal regulations enabling the implementation of the NIS Directive and the creation of an effective IT security system at the national level . This system 12 Act of 16 July 2004 – Telecommunications Law, Journal of Laws 2004 No. 171 item 1800. 13 Act of 11 September 2019 - Public Procurement Law Journal of Laws 2019 item 2019. 14 Act of 6 March 2018 - Entrepreneurs‘ Law, Journal of Laws 2018, item 646. 15 Regulation of the Council of Ministers of 31 October 2018 on the thresholds for recognizing an incident as serious, Journal of Laws 2018 item 2180. 16 Regulation of the Council of Ministers of 11 September 2018 on the list of key services and the significance thresholds of the disruptive effect of an incident on the provision of key ser- vices, Journal of Laws 2018, item 1806. Central European Public Administration Review, Vol. 22, No. 2/2024 116 Jowanka Jakubek-Lalik aims to ensure cybersecurity at the national level, in particular the uninter- rupted provision of key services and digital services, and to achieve an ap- propriately high level of security of IT systems used to provide these services. Cybersecurity System includes key service operators (including those from the energy, transport, health and banking sectors), digital service providers, national level CSIRTs (Computer Security Incident Response Teams), secto- ral cybersecurity teams, entities providing cybersecurity services, competent authorities for cybersecurity matters and a single point of contact for com- munication within the framework of cooperation in the European Union in the field of cybersecurity matters. Key service operators are obliged to imple- ment effective security measures, assess the risk related to cybersecurity and provide information on serious incidents and their handling in cooperation with the national level CSIRT. The above entities are also obliged to appoint a person responsible for the cybersecurity of the services provided, handle and report incidents and share knowledge on cybersecurity. Public administration bodies, as well as telecommunications entrepreneurs and digital service pro- viders, i.e. online trading platforms, cloud computing services and internet search engines, are also included in the national cybersecurity system. The Act defines and regulates the obligations of digital service providers, defines incidents having a significant impact, the tasks of CSIRT NASK, CSIRT GOV and CSIRT MON, identifies the competent authorities and defines their tasks, specifies the procedure for qualifying an entity as a key service operator and its obligations, presents the types of incidents and their handling, defines the entities responsible for receiving reports such as the Sectoral Cybersecurity Team or for creating a legal framework, such as the Single Point of Contact at the Minister of Digital Affairs. As mentioned earlier, the breakthroug moment in EU regulation was the adoption and implementation of AI Act. The work on adapting Polish law to the provisions of the AI Act at the Ministry of Digital Affairs began at the be- ginning of 2024, after the European Parliament approved the new regulation on 13 March 2024, with first consultations announced on 2 April 202417 dur- ing which a preliminary opinion was obtained from AI sector stakeholders on the directions of introducing the Act into the Polish legal system. Due to the regulated matter, key elements of the AI Act shall be introduced gradually. As a rule, the provisions of the Act will apply after 24 months from its promulgation, however, in the case of some provisions, these deadlines are 6, 12 and 36 months, respectively. Already in February 2025, regulations will come into force banning the use of particularly dangerous AI systems throughout the EU. Then, in August 2025, key provisions for AI supervision will enter into force, including the definition of the market surveillance au- thority and the notifying authority, general purpose AI models, as well as those concerning penalties for violations of the Act. The last provisions to enter into force will be those relating to high-risk AI sys- tems and the obligations related to them. They will enter into force in August 17 https://www.gov.pl/web/cyfryzacja/wdrozenie-aktu-o-ai---prekonsultacje Central European Public Administration Review, Vol. 22, No. 2/2024 117 The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice 2026 and, in the case of certain high-risk systems that are part of products subject to separate standards, in August 2027. 3.1.3 AI Development Policy in Poland On December 28, 2020, the Council of Ministers adopted the AI Development Policy in Poland.18 The document sets goals to be achieved in the short term (2023), medium term (2027) and long term. The goals cover the development of Polish society, economy and science in the area of artificial intelligence. Examples of goals established by the Council of Ministers include: – In the short term – increasing demand for AI solutions; – In the medium term – perceiving Poland as a producer of AI systems outsi- de the country; – In the long term, Poland to be situated among the top 25% of economies producing innovative AI solutions. In addition, the AI Development Policy in Poland describes the actions that Poland should take to achieve the above-mentioned goals and to become a beneficiary of the data-based economy, and Poles – a society aware of the need to improve digital knowledge and skills. In connection with the development of AI, the document envisages the estab- lishment of bodies such as: – AI Policy Task Force (operating at the Council of Ministers Committee for Digital Affairs, coordinating the activities of public institutions in the imple- mentation of the AI Policy); – AI Observatory for the Labor Market (monitoring and researching the im- pact of AI on the labor market); – AI Legislative Team (appointed to address legal and ethical challenges su- pporting the implementation of the AI Policy). 3.1.4 Administrative Regulations Relating to Use of AI and ADM One of the most important, if not the most important, function of adminis- trative law is the defense of the individual against abuse of power by state authorities. The fundamental constitutional principle19, according to which public authorities can act only on the basis and within the limits of the law, is to protect citizens and ensure predictability of the actions of the state by limit- ing the possibility of interference with the sphere of their rights and freedoms (Jakubek-Lalik, 2023, April 27). Polish administrative law does not address specifically the use of AI and ADM. In accordance with Polish administrative regulations, administrative decisions are always issued by an authorised official, representing administrative body. An administrative decision is defined as a unilateral legal act of a public ad- 18 Polityka dla rozwoju sztucznej inteligencji w Polsce od roku 2020, Załącznik do uchwały nr 196 Rady Ministrów z dnia 28 grudnia 2020 r. (poz. 23). 19 Art. 7 of Polish Constitution. Central European Public Administration Review, Vol. 22, No. 2/2024 118 Jowanka Jakubek-Lalik ministration body, which comes into effect by submitting a declaration of will by the public administration body (Wróbel, 2012). An administrative decision is a ruling of a public administration body with binding consequences of the applicable norm of administrative law for an individually specified entity and in a specific case (Dawidowicz, 1980, p. 47). In accordance with the provision of art. 109 § 1 of the Code of Administrative Procedure,20 the manifestation of the act of will of the body towards the party may take place by delivering the decision in writing or by means of electronic communication. An excep- tion to the above rule is the oral announcement of the decision, in a situation where the interest of the party speaks in favor of it and the legal provision does not prevent it. Parties may also be notified of decisions by announce- ment or in another manner of public announcement customarily accepted in a given location, if a special provision allows for such a possibility (art. 49 of the Code of Administrative Procedure). Nevertheless, the use AI tools is not totally prohibited. The AI tools can be used to create the design, as well as using the application suggesting the draft con- tent of a decision, however the limitation means that it is always the official who is responsible for the final content. Also, machine learning algorithms can be used as support - provided that decisions are still not made automatically. However, using AI to support administrative decisions can create specific problems and challenges, especially in relation to privacy, data protection, as well as ethical issues, that are not the same as in regular, “old fashioned” ad- ministrative proceedings. For example, processing digital data poses higher risk in terms of cybersecurity, i.e. malicious acts that seek to damage data, steal data, or disrupt digital life in general. Cyber threats include i.a. comput- er viruses, data breaches, Denial of Service (DoS) attacks, and other attack vectors. Using algorithms means also that they are only as impartial as the programs and information provided to create them, as they learn to make decisions based on training data, which can include biased human decisions or reflect historical or social inequities, even if sensitive variables such as gender, race, or sexual orientation are removed (Manyika, Silberg and Presten, 2019). 3.2 Examples of Use of AI Tools by Public Administration in Poland Today, AI is used in various sectors and activities by public administration, such as: a) detection and control of abuse (28%), b) improvement in public levy collection rates (27%), c) personalized citizen services (including virtual assistants, 26%), d) live event and accident tracking and reporting (26%), e) optimization of social spending (25%), f) optimization of tax/fee levels (25%), 20 Law on 14 June 1960 Code of Administrative Procedure, Dz. U. 1960 Nr 30 poz. 168, as amended. Central European Public Administration Review, Vol. 22, No. 2/2024 119 The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice g) improvement in the effectiveness of internal processes (23%), h) security and response to cyber threats (23%) (Kosowska and Zborowska, 2020). Polish administration, therefore, seems to be quite aware of tangible benefits to the state and its citizens by using AI instruments. As explained earlier, the AI allows, among other things, to make quick and accurate decisions, detect abuses and irregularities, and consequently, improve the level of public ser- vices. Artificial intelligence is used, for example, in automated document anal- ysis. Systems specialised in this area can scan the content of letters, compare them with other documents, identify keywords and categorise correspond- ence. The AI tool is able to decide whether, how and by which team a given letter should be further processed (Kosowska and Zborowska, 2020). The artificial intelligence component is currently used by Polish public admin- istration mainly for non-imperious acts. Examples include chatbots and virtual assistants that support citizens in obtaining information and submitting ap- plications. Officials can use tools for quick document analysis in the form of advanced text recognition analysis, recordings, etc. Quick document analysis, generating summaries, historical analysis of previously issued decisions or ap- plicable legal acts and regulations that relate to a given case will definitely speed up the work of officials and contribute to improving the handling of citizens‘ inquiries. AI not only supports analytical processes, but can also help detect abuses, which is already happening, for example, in tax offices, which, thanks to the analysis of tax data, improve fraud detection.21 Artificial intelligence algorithms can be successfully used to automate rou- tine administrative processes, such as considering applications for building permits, issuing environmental decisions, or granting social benefits.22 Some cities are already experimenting with AI technologies to better manage ur- ban traffic, monitor air pollution, or forecast weather threats. The applica- tions of solutions based on AI and advanced analytics can be also found in the area of public finance, healthcare, social welfare, the security sector and the justice system. The most popular use of AI tool are the chatbots providing answers to FAQs. As per May 2023, AI systems were supporting responses to approx. 7,000. calls per month in the ministries23. Concrete examples include i.a. the Virtual Clerk that answers customers’ questions regarding the use of the services of the National Labor Inspectorate, the Central Registration and Information on Business and the National Court Register. Another feature is the Virtual Assistant - a system used to provide a hotline service for entrepreneurs, fu- ture entrepreneurs and others interested in obtaining information about the European Funds for a Modern Economy program. The Ministry of Finance 21 https://www.doradcasamorzadu.pl/6897-korzy%C5%9Bci-i-wyzwania-zwi%C4%85za- ne-z-wdra%C5%BCaniem-technologii-ai-w-administracji-publicznej.html. 22 Some examples of these kinds of decisions from Hungarian administration are explained, see: Bencsik, 2024, pp. 11–23. 23 https://www.rp.pl/urzednicy/art38489011-ai-pomaga-rozwiazywac-sprawy-w-urzedach-zast api-czesc-urzednikow Central European Public Administration Review, Vol. 22, No. 2/2024 120 Jowanka Jakubek-Lalik also uses, among others, chatbot to answer the most frequently asked tax questions.24 Another area where AI solutions are more widely used is healthcare services. The use of AI can have a significant impact on improving the efficiency of the entire healthcare system through a better understanding of the needs of patients and facilities and more effective management of the entire sys- tem. Additionally, AI solutions can improve the efficiency of administrative activities, support doctors in diagnostics and making medical and organiza- tional decisions. For example, algorithms enable more effective assessment of tomographic images in oncology. As a rule, the assessment of tumors that qualify for surgical removal is carried out manually by radiologists. This is a tedious process that can generate many errors and omissions. Advanced AI technologies, including image recognition and deep learning models, pro- vide information on the total volume of the tumor and create its three-di- mensional representation. This allows doctors to more accurately determine whether a life-saving surgery is feasible or whether a different treatment strategy should be chosen.25 Although such solutions are convenient, one must also be aware of the risks they carry. In Poland, there is no regulation on the liability of artificial intel- ligence for potential misleading. Therefore, there is a need for regulations on advice provided using chatbots, which would exclude the liability of the office. These regulations should be easily accessible and understandable to the average user. Also, in the case of using AI tools in healthcare, the account- ability issues should be properly and clearly regulated. 3.3 AI Supported Decision-Making and the Question of ADM As already mentioned, in accordance with Polish administrative law, the ad- ministrative decisions should be always issued by an authorised official. AI tools can only be used to help create its design, as well as using the applica- tion suggesting the draft content of a decision, but it is always the adminis- trative body, represented by authorized official, who is responsible for the final content. And indeed, there is evidence that the Polish administration uses artificial in- telligence in its administrative proceedings. The most valuable advantage of using AI is the increased efficiency when creating various types of documents, especially those that are repeatable or that require performing certain cal- culations and can be automated. By properly adding data, and configuring buttons allows to create a virtual assistant to generate a complete PDF. In such an extensive procedure of automation of calculating e.g. interest rates, amounts of administrative penalties or generating appropriately standard- ized documents, then the question can be asked about the limits of this inter- 24 Ibidem. 25 https://bank.pl/jaka-jest-globalna-i-polska-perspektywa-rozwoju-sztucznej-inteligencji-w-ad ministracji-publicznej/ Central European Public Administration Review, Vol. 22, No. 2/2024 121 The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice vention, and whether not to allow the AI to create a full document, e.g. with personal data like address etc. (Jakubik and Prabucki, 2024). Specific examples of AI used in administrative proceedings are i.a. labor of- fices and organisational units relating to social and family security, where algorithms play an increasing supporting role for the officials in issuing ad- ministrative decisions. The Agency for Restructuring and Modernisation of Agriculture uses artificial intelligence when disbursing EU funds - based on data collected by satellites, the system is able to verify what and where farm- ers applying for EU funds are growing. It also identifies the treatments being performed and determines the vegetation cover. The Ministry of Health also has extensive experience in using artificial intelli- gence models. For example, in the e-Stethoscope pilot program, auscultatory changes in the respiratory system of patients with coronavirus were assessed. The system detected, among other things, wheezing and rales, but also de- termined the heart rate. Another example is the e-Health Center, which uses artificial intelligence to track down abuses in the healthcare system.26 It is therefore clearly visible, that the public administration is increasingly inclined to rely on AI tools as assissting in conducting adiministrative pro- ceedings. It is not surprising, as there are substantial profits in improved accuracy and speeding up of the proceedings. The bottom line, however, remains in the issue of accountability for the administrative decisions and the legal consequences thereof. Here, there is no doubt that the process has to be fully controlled by the responsible official, who acts on behalf of the administrative body. 4 Discussion The new challenges and practice of using AI and elements of ADM in public administration activities, and especially administrative proceedings, leads to the question if there is a need for introducing new, specific legal remedies. Also, if the answer is positive, to what extent these remedies should address different spheres of activities: imperious (like issuing administrative deci- sions, having legally binding effect and consequences in the field of subjec- tive rights) vs non-imperious activities (factual actions, like providing informa- tion i.e. chatbots responding to questions)? First of all, as it was already mentioned, there is no regulation regarding the liability of artificial intelligence for possible misleading. Therefore, when chatbots are being used by public administration authorities to answer the questions of citizens, it is unclear who is accountable for any misinformation and consequences thereof. Therefore, from the public administration per- spective, much needed development is introducing regulations referring to advice provided using chatbots, that would exclude the office’s liability for 26 https://www.rp.pl/samorzad-i-administracja/art38489011-ai-pomaga-rozwiazywac-sprawy -w-urzedach-zastapi-czesc-urzednikow Central European Public Administration Review, Vol. 22, No. 2/2024 122 Jowanka Jakubek-Lalik potential misinformation. These regulations should be easily accessible and understandable to the average user. In relation to the ADM and imperious sphere of activity, the situation is even more complex. As the use of AI might influence directly the legal status of the citizen, the legal remedies need to take that into consideration and provide adequate response. Modernising and improving efficiency of public adminis- tration with the help of artificial intelligence cannot therefore lead to errors, violations of the law, loss of transparency and sacrificing the rights of the par- ties in administrative proceedings. At the first glance, providing specific legal remedies for the administrative actions taken with the assistance of AI seems not to be necessary. The provi- sions on accountability of public administration remain the same – the liability for damages, the criminal and disciplinary offences are still regulated in the same way, and by the same laws. However in this context, it would be advisable also to consider the compli- ance with the principles of administrative law, especially transparency and right to good administration. Public administration bodies are often involved in making decisions and resolving cases in which artificial intelligence could be very useful, bringing significant savings. At the same time, however, the use of administrative power by public authorities using AI, assuming the pos- sibility of unilaterally shaping the situation of entities outside the administra- tion, requires supervision and restrictions expressed in a general way in the principle of legalism. One of the proposals of an instrument that could serve to ensure a balance between supporting innovative development in public administration and limiting the risks associated with the use of AI to decide on the rights and obligations of natural and legal persons could be the requirement for bodies intending to implement AI to conduct an ex ante impact assessment.27 The procedure is being developed in the form of model regulations by a research team established and operating under the auspices of the European Law In- stitute (ELI) (Ziółkowska and Wierzbowski, 2022). It would require the active involvement of a given administration body in the process of creating and testing the solution, so that the body could prepare a report detailing what risks have been identified and how the body (and the described system) is prepared to prevent the risk from materializing or to respond in the event of its occurrence. The preparation of an impact assessment requires the body 27 This topic already provoked some studies and reports in the literature, which describe the potential benefits of using impact assessment when making decisions on the implementation of AI in public administration, e.g.: G. Misuraca, C. van Noordt, AI Watch Artificial Intelligence in Public Services. Overview of the Use and Impact of AI in Public Services in the EU, 2020, https://publications.jrc.ec.europa.eu/repository/handle/JRC120399 (access: 28.09.2024); M. Loi, Automated Decision-Making Systems in the Public Sector. An Impact Assessment Tool for Public Authorities, 2021, https://algorithmwatch.org/en/wp-content/uploads/2021/06/ADMS -in-the-Public-Sector-Impact-Assessment-Tool-AlgorithmWatch-June-2021.pdf; ECP, Artificial Intelligence Impact Assessment, https://ecp.nl/wp-content/uploads/2019/01/Artificial-Intelli- gence-Impact-Assessment-English.pdf; E. Moss et al., Assembling Accountability. Algorithmic Impact Assessment for the Public Interest, 29.06.2021, https://datasociety.net/library/assem bling-accountability-algorithmic-impact-assessment-for-the-public-interest/ Central European Public Administration Review, Vol. 22, No. 2/2024 123 The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice to take into account the benefits and potential disadvantages at a very early stage of work on the system, as well as consequences at every level of devel- opment and functioning of the system. Moreover, it could provide in-depth knowledge about the work of this system, and the appropriate shaping and division of the impact assessment criteria can ensure the universality of the principles of conducting the assessment regardless of the diversity of ad- vancement and mechanisms of system operation. The dissemination of this instrument could also contribute to raising awareness of the general risks as- sociated with artificial intelligence in administration and society (Ziółkowska and Wierzbowski, 2022, pp. 507–509). The examples analysed above also indicate that it is necessary to consider the problems generated by AI tools. Introducing such a system to the public sec- tor involves significant legal challenges, primarily in the context of privacy and personal data protection. The development and implementation of AI systems often require the collec- tion, processing and analysis of large data sets, which poses a risk of violating privacy rights. The requirement to comply with the General Data Protection Regulation (GDPR) and other local regulations on the protection of personal data requires public administration bodies to provide appropriate data pro- tection measures, such as anonymization, pseudonymization and strong secu- rity mechanisms. In addition, the use of AI in administrative decision-making sheds light on the issue of accountability for decisions made with the partici- pation or on the basis of AI recommendations. Issues such as the lack of trans- parency of algorithms (so-called black boxes) and potential biases resulting from training data raise questions about the possibility of human control and correction of decisions, which is fundamental to ensuring justice and compli- ance with the principles of a democracy and the rule of law.28 To meet these challenges, it is necessary to create a comprehensive legal framework for the use of AI in administration, also addressing the effective- ness of legal remedies, which will take into account both the technologi- cal potential and the obligations related to the protection of personal data and the rights of citizens. It will also be important to conduct continuous analyses of the impact of AI technologies on the rights and freedoms of individuals, and to develop ethical standards and best practices for creators and users of AI systems in the public sector. This approach will enable the use of the potential of AI for public administration, while minimizing the risk of legal and ethical violations, as well as increasing citizens‘ trust in new technologies used in the area of public services. Being assured that proper legal guarantees, protection of rights and effective legal remedies are in place, the citizens are more likely to have more confidence in the public administration‘s use of AI tools. 28 https://szkolenia.administracjapubliczna.pl/blog/wykorzystywanie-ai-w-administracji/ Central European Public Administration Review, Vol. 22, No. 2/2024 124 Jowanka Jakubek-Lalik 5 Conclusion The use of AI in public administration is undoubtedly a breakthrough step towards improving and optimizing the services provided, offering promising opportunities to increase operational efficiency, quality of service and inno- vation in decision-making. Through the use of AI, public administration has the opportunity to transform interactions with citizens, improve the flow of information and increase the overall level of efficiency and social satisfaction. At the same time, the implementation of these technologies requires a care- ful balance between technological innovation and legal and ethical risks, especially in the context of protecting personal data and ensuring account- ability and transparency of AI-supported decisions and provision of effective remedies.Therefore the benefits of AI should be assessed together with the risks and threats, as well as with the provision of proper means of control and supervision, and adequate legal remedies. In the case of public administration, the constitutional principle requires it to act only based on the law and within the limits of the law (e.g. responsibility of the official for the issued administrative decision, prohibited use of ADM). However, the changes to the laws are often lagging behind the technical de- velopments and practice of action. Therefore, the use of AI, especially in the imperious sphere of activity, should be transparent, limited to specifically per- mitted situations and with accompanying legal remedies. Indeed, the implementation of artificial intelligence in public administration has enormous potential, but at the same time it brings with it a number of challenges. AI can significantly improve the efficiency and quality of public services, but requires appropriate regulations, such as the AI Act, to ensure its safe and responsible use. It is crucial that public, government and local administration implement AI in a transparent manner, respecting the rights of citizens and ensuring high standards of data protection, as well as providing effective legal remedies in case of any mistakes. In the context of further development and implementation of AI in public administration, a multidisciplinary approach will be crucial, combining knowl- edge from the fields of law, technology, ethics and social sciences. It will allow for the full use of AI‘s potential while minimizing the risk of legal and ethical violations, which is necessary to build a society in which technology serves the public good while respecting individual rights and freedoms. As a result, through conscious and thoughtful implementation of AI technologies, public administration can not only increase its efficiency and quality of services pro- vided, but also strengthen democratic values, promote innovation and con- tribute to the development of a society based on knowledge and trust. Central European Public Administration Review, Vol. 22, No. 2/2024 125 The Challenges of AI in Administrative Law and the Need for Specific Legal Remedies: Analysis of Polish Regulations and Practice References Act of 11 September 2019 - Public Procurement Law Journal of Laws 2019 item 2019. Act of 16 July 2004 – Telecommunications Law, Journal of Laws 2004 No. 171 item 1800. Act of 6 March 2018 - Entrepreneurs‘ Law, Journal of Laws 2018, item 646. Amending Certain Union Legislative Acts — Presidency Compromise Text. (2021). At , accessed 28 August 2024. Artificial Intelligence Act (Regulation (EU) 2024/1689), Official Journal version of 13 June 2024. Bałos, I. (2020). AI i jej wynalazki – studium przypadku, ZNUJ. PPWI, 1. Bencsik, A. (2024). The Opportunities of Digitalisation in Public Administration with a Special Focus on the Use of Artificial Intelligence. Studia Iuridica Lublinensia, 33(2), pp. 11–23. Boć, J. (ed.). (2010). Prawo administracyjne. Kolonia Limited: Wrocław. Brodie, M. (2019). What Is Data Science? Applied Data Science, 1. Bullock, J., Young, M.M. and Wang, Y.F. (2020). Artificial intelligence, bureaucratic form, and discretion in public service. Information Policy, 25(4). Chaba, D. (2024). Selected Aspects Of The Use Of Artificial Intelligence in Public Administration. Roczniki Administracji i Prawa - Annuals of The Administration and Law, 24(1), pp. 235–244. Council of Europe, Algorithms and Human Rights. Study on the Human Rights Dimensions of Automated Data Processing Techniques and Possible Regulatory Implications (2018). At , accessed 3 August 2024. Council of Europe. At , accessed 1 September 2024. Council of European Union, Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) . Dawidowicz, W. (1980). Polskie prawo administracyjne. Warszawa. Directive 2011/92/EU of the European Parliament and of the Council of 13 December 2011 on the assessment of the effects of certain public and private projects on the environment. Official Journal of the European Union from 2012 r. L26/1. Dymek, P. (2024). Akt o sztucznej inteligencji a organy publiczne. At , accessed 30 September 2024. ECP. (2019). Artificial Intelligence Impact Assessment. At , accessed 30 September 2024. European Commission, White Paper on Artificial Intelligence: a European approach to excellence and trust, 19.02.2020, COM (2020) 65 final. Central European Public Administration Review, Vol. 22, No. 2/2024 126 Jowanka Jakubek-Lalik European Law Institute, Artificial Intelligence (AI) and Public Administration — Developing Impact Assessments and Public Participation for Digital Democracy. At , accessed 3 September 2024. Filipchuk, H. (2020). Stosowanie sztucznej inteligencji w instytucjach publicznych. Ubezpieczenia Społeczne. Teoria i Praktyka, 4(147). Filipczyk, B. (2018). Perspektywy zastosowań chatbotów w organizacji. Studia Ekonomiczne. Zeszyty Naukowe Uniwersytetu Ekonomicznego w Katowicach, 368. Fischer, B. (2023). Prawne uwarunkowania wykorzystania danych nieosobowych przez sztuczną inteligencję – zagadnienia podstawowe. In B. Fischer, A. Pązik and M. Świerczyński, eds., Prawo sztucznej inteligencji i nowych technologii, 2. Fundacja Moje Państwo. (2021). Sztuczna inteligencja i automatyczne podejmowanie decyzji w zamówieniach publicznych – wytyczne dla sektora publicznego. Human Rights Watch. (2021). How the EU’s Flawed Artificial Intelligence Regulation Endangers the Social Safety Net: Questions and Answers. At , accessed 12 September 2024. Jakubek-Lalik, J. (2024). Wyzwania prawne i praktyczne Internetu Rzeczy w polskim sektorze publicznym In P. Grzebyk, ed., Nowe technologie a prawo, Scholar, Warszawa 2024 (in print). Jakubek-Lalik, J. (2023). Administrative Law And Human Rights in The Times Of Populism And Democratic Decay – Reflections In The Context Of Central And Eastern Europe. Statul, securitatea şi drepturile omului în era digitală“, conferința științifico-practică internațională, pp. 61 – 72. Jakubik, M. And Prabucki R. (2024). Wykorzystywanie AI w administracji. At , accessed 30 September 2024. Jankowska, M. (2017). Podmiotowość prawna sztucznej inteligencji? In A. Bielska- Brodziak, ed., O czym mówią prawnicy, mówiąc o podmiotowości. Jaśkowska, M. and Wróbel, A. (2012). Komentarz aktualizowany do art. 104 Kodeksu postępowania administracyjnego (Updated commentary to art. 104 of the Code of Administrative Procedure), LEX/el. Kosowska, E. and Zborowska, E. (2020). White Paper IDC, SAS, Jak AI zmienia sektor publiczny (How AI changes the public sector). At , accessed 5 September 2024. Krawczyk, G. (2018). Rozwój rynku operatorów publicznego transportu zbiorowego w Polsce. Kolegium Zarządzania i Finansów. Studia i Prace, 169. Leyen, U. von der (2019). A Union that Strives for More. My Agenda for Europe: Political Guidelines for the Next European Commission 2019–2024 At , accessed 30 September 2024. Lin, H. and Lin, M. (2023). Practitioner’s Guide to Data Science. London. Loi, M. (2021). Automated Decision-Making Systems in the Public Sector. An Impact Assessment Tool for Public Authorities. At , accessed 30 September 2024. MacCarthy, M. and Propp, K. (2021). Machines Learn that Brussels Writes the Rules: The EU’s New AI Regulation, At , accessed 30 September 2024. Manyika, J., Silberg, J. and Presten, B. (2019). What Do We Do About the Biases in AI?, Harvard Business Review. At , accessed 30 September 2024. Mazur, J. (2021). Algorytm jako informacja publiczna w prawie europejskim. Wydawnictwo Uniwersytetu Warszawskiego, Warszawa. Misuraca, G. and Van Noordt, C. (2020). AI Watch – Artificial Intelligence in public services, EUR 30255 EN, Publications Office of the European Union. At , accessed 30 September 2024. Moss, E. et al. (2022). Assembling Accountability. Algorithmic Impact Assessment for the Public Interest, At , accessed 30 September 2024. Niewiadomski, Z. (2010). Pojęcie administracji publicznej. In R. Hauser et al., System Prawa Administracyjnego: Instytucje prawa administracyjnego. Policy for the development of artificial intelligence in Poland from 2020, Annex to Resolution No. 196 of the Council of Ministers of December 28, 2020 (item 23). Ragan, S. (2022). What is “Convention 108”? At , accessed 30 September 2024. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Regulation of the Council of Ministers of 11 September 2018 on the list of key services and the significance thresholds of the disruptive effect of an incident on the provision of key services, Journal of Laws 2018, item 1806. Regulation of the Council of Ministers of 31 October 2018 on the thresholds for recognizing an incident as serious, Journal of Laws 2018 item 2180. Różanowski, K. (2007). Sztuczna inteligencja: rozwój, szanse i zagrożenia. Zeszyty Naukowe WWSI, 2. Rozporządzenie Parlamentu Europejskiego i Rady ustanawiające zharmonizowane przepisy dotyczące sztucznej inteligencji (Akt w sprawie sztucznej inteligencji) i zmieniające niektóre akty ustawodawcze Unii, 21.04.2021, COM (2021) 206 final, 2021/0106(COD). Scherer, M.U. (2016). Regulating Artificial Intelligence Systems: Risks, Challenges, Competencies, and Strategies. Harvard Journal of Law & Technology, 29. Tabakow, M., Korczak, J. and Franczyk, B. (2014). Big Data – definicje, wyzwania i technologie informatyczne. Informatyka Ekonomiczna, 1(31). Taylor, N.P. (2021). Notified Bodies Join Chorus of Criticism of Proposed European AI Regs. At , accessed 30 September 2024. Central European Public Administration Review, Vol. 22, No. 2/2024 128 Jowanka Jakubek-Lalik The Constitution of the Republic of Poland of 2nd April, 1997 as published in Dziennik Ustaw (Journal of Laws) No. 78, item 483. Wójcik, K. (2023). AI pomaga rozwiązywać sprawy w urzędach. Zastąpi część urzędników?, Rzeczpospolita At , accessed 30 September 2024. Wolswinkel J. (2022). Artificial Intelligence and Administrative Law. Comparative Study on Administrative Law and the Use of Artificial Intelligence and other Algorithmic Systems in Administrative Decision-Making in the Member States of the Council of Europe, Council of Europe Report. At , accessed 12 August 2024. Wrzosek, S. (2022). Administracja publiczna jako zjawisko prawne. Studia Prawnicze KUL, 1(89). Ziółkowska, K. and Wierzbowski, M. (2022). Ocena wpływu wykorzystania sztucznej inteligencji w administracji publicznej. Acta Universitatis Wratislaviensis, 4101.