Tweet

Poland’s digital infrastructure is deeply intertwined with technologies developed by American corporations. While this reliance has enabled rapid modernisation, experts warn it also creates structural vulnerabilities for public administration, data governance, and long-term technological sovereignty.

Author: Adam Radoliński

From productivity software and cloud infrastructure to cutting-edge artificial intelligence platforms, technologies developed and controlled in the United States permeate virtually every layer of Poland’s digital ecosystem. This reliance on American solutions is not incidental; it is structurally embedded within the operational frameworks of Polish public administration. Yet the magnitude and systemic nature of this dependence have become an increasingly prominent source of concern.

The reliance spans the full digital stack - from citizen-facing services and educational platforms to the foundational layers of backend architecture. The most visible and emblematic expression is the near-total dominance of the Microsoft Office suite in both public administration and the education system.

Piotr Mieczkowski, a representative of the Polish Chamber of Commerce for Electronics and Telecommunications, observes that in practice Microsoft Office is treated in schools and government institutions as the only viable office software solution.

This assessment is reinforced by findings from the Instrat Foundation’s report “Seemingly Open Tenders,” which examined public procurement procedures. The report identifies systemic irregularities, concluding that a substantial majority of tender documents explicitly referenced “Microsoft” or “Office” by name - an approach that effectively narrows competition and illustrates the depth of institutional dependence.

From Office software to cloud infrastructure

The problem, however, extends far beyond software installed on individual office workstations. As Mieczkowski notes, what initially concerned locally deployed applications has evolved into structural dependence on cloud-based environments. The migration from on-premises installations to cloud architecture introduced services such as OneDrive, while the broader platform was transformed into Office 365. In practical terms, this means that many Polish public institutions now operate core elements of their administrative and data infrastructure on Microsoft Azure.

This shift has not plateaued at cloud storage and collaboration services. Microsoft is progressively embedding artificial intelligence into its ecosystem through Copilot, integrating generative AI directly into everyday productivity tools. As a consequence, the entire office technology stack -ranging from document creation and data storage to workflow automation and interdepartmental collaboration - is being consolidated within a cloud-native environment increasingly intertwined with AI-driven functionalities.

Piotr Konieczny of Niebezpiecznik.pl frames the issue in even broader systemic terms. In his assessment, American corporations exert overwhelming influence over globally deployed IT solutions. Even products marketed by non-U.S. firms frequently depend, at the infrastructural or architectural level, on American hardware, software, or cloud services. He argues that it is difficult to identify a government institution or strategically significant enterprise - whether in Poland or elsewhere - that does not rely, directly or indirectly, on technologies developed or controlled in the United States.

Data governance and security concerns

Regarding the storage of government data, the Ministry of Digital Affairs asserts that Polish public administration operates under clearly defined security protocols. In its official response, the Ministry emphasises that all data processed by public institutions is formally classified and handled in accordance with binding regulations in Poland and the European Union. Depending on the assigned classification level, the state applies different processing models. These include infrastructure owned and operated by state institutions within Poland, data centers located in EU Member States, and cloud solutions that comply fully with European legal requirements. Notwithstanding these assurances, concerns about the security of public-sector data persist.

Mieczkowski notes that access to certain artificial intelligence functionalities on tablets was recently blocked in the European Parliament due to the transmission of data beyond EU borders. In his assessment, this illustrates a structural vulnerability associated with Microsoft solutions: the placement of sensitive governmental data within systems controlled by a U.S.-based corporation. He underscores that Polish public administration relies extensively on Microsoft tools for document storage, internal communication via Teams, and remote meetings. Additionally, the absence of centralised infrastructure governance - given that individual ministries manage their own IT environments - results in institutional fragmentation and limits comprehensive oversight of the system as a whole.

The Ministry acknowledges the structural complexity of the issue and has initiated measures intended to mitigate the risks, although their scope remains limited. It emphasises that reducing reliance on technologies originating from a single country constitutes a highly complex and multidimensional challenge, one that cannot be resolved through a single intervention or within a short time horizon. This dependency permeates the entire technological stack - from semiconductors and server hardware to operating systems and application-layer services deployed on end-user devices.

A representative example is the National e-Invoice System (KSeF), which underpins Poland’s electronic invoicing framework. Mieczkowski explains that the system’s server infrastructure is physically located in Radom and operates primarily on IBM servers, supplemented to a lesser extent by Huawei hardware. The Ministry of Finance constructed this dedicated server facility years ago to serve its own operational needs. However, even this domestically located infrastructure relies on proprietary management and orchestration systems, thereby extending the chain of technological dependence beyond the hardware layer.

In the networking segment, foreign vendor dominance is described as nearly comprehensive. Polish public administration deploys solutions from Cisco, Palo Alto Networks, Check Point, and Fortinet across critical infrastructure environments. According to Mieczkowski, Cisco holds a particularly entrenched position, with equipment embedded in virtually all major telecommunications networks, including state-controlled operators such as Exatel, as well as specialised governmental networks operated by the Ministry of the Interior and within the PL112 emergency communication system. He further observes that Cisco’s role extends beyond technology supply, noting the company’s visible engagement in policy-oriented events that shape cybersecurity discourse in Poland - especially initiatives advocating the exclusion of Chinese vendors from strategic infrastructure.

Government efforts to reduce dependence

Nevertheless, the Digital Ministry maintains that corrective action is underway. It is currently developing model contractual clauses governing the acquisition, development, deployment, maintenance, and further evolution of artificial intelligence systems by public administration entities. The explicit objective is to strengthen state leverage over data governance and supply-chain transparency at the procurement stage, embedding control mechanisms directly into contractual frameworks.

To expand domestic computational capacity, the Ministry supports the development of so-called “AI Factories” in Poznań and Kraków - infrastructure hubs designed to provide high-performance computing resources for public-sector and research applications. These priorities are codified in the Digital Strategic Plan for Poland until 2035 and the Artificial Intelligence Policy for Poland until 2030, both of which identify the reduction of technological dependence on imports from outside Poland and Europe as a strategic objective.

In parallel, the administration is backing the development of a national large language model under the PLLuM project - a Polish Large Language Model built on open-source foundations. Now operating under the name AI HUB, the initiative seeks to enable AI deployment within Polish public administration without requiring the transfer of sensitive data into digital ecosystems beyond sovereign control. Mieczkowski emphasises the significance of involving two domestic scientific institutions - Cyfronet AGH and the Poznań Supercomputing and Networking Center - as anchors of technical expertise and infrastructure capacity.

Yet a structural paradox remains. The computational backbone required for advanced AI workloads continues to depend on American-controlled technology. Polish AI systems rely on NVIDIA GPUs which, although fabricated in Taiwan by TSMC, remain subject to the strategic and export control framework of a U.S.-based manufacturer.

As Mieczkowski concludes, each state - and more precisely, each public institution or private entity - should undertake an in-depth, autonomous assessment of both risk exposure and cost implications. On that basis, it should make a deliberate decision aligned with its specific risk tolerance, budgetary constraints, and the sensitivity classification of the data it processes or is legally obligated to safeguard. In Poland’s case, such an assessment should lead to a clear recognition that the current status quo - characterised by profound dependence on digital technologies supplied by American corporations - entails structural risks to national security, political sovereignty, and long-term economic autonomy. Altering this trajectory cannot rest on declaratory policy alone. It requires sustained, coordinated, and strategically coherent action across all layers of governance and society - political leadership, public administration, and the broader civic and economic ecosystem.

The project is co-financed by the governments of Czechia, Hungary, Poland and Slovakia through Visegrad Grants from the International Visegrad Fund. The mission of the fund is to advance ideas for sustainable regional cooperation in Central Europe.