Public institutions that deploy high-risk AI carry legal duties toward citizens. K0NSULT helps public-sector deployers meet those duties with evidence — not slideware — and runs a live, public source of truth for the Polish institutional landscape.
When a public body uses a high-risk AI system, it acts as a deployer and inherits specific obligations. The two that most often get missed:
Use per instructions, ensure human oversight, monitor operation, keep logs, inform affected persons where required, and cooperate with authorities.
Public-sector deployers (and providers of essential public services) must assess the impact on fundamental rights before putting a high-risk system into use.
People interacting with AI, or exposed to AI-generated content, must be told. Deadline in scope: 2 Aug 2026.
This page is guidance, not legal advice. Every obligation above maps to a verifiable control in the K0NSULT Trust Center.
Templates and a guided assessment for Art. 27, tied to the specific use case and the citizens affected.
Each obligation mapped to a status: met / partial / gap — the claim never exceeds the proof.
Continuous, public status instead of a point-in-time audit that ages the day it is signed.
Trust Center: security, GDPR, DPA, retention, incident response — one place, so InfoSec asks once.
For Polish public administration we run a dedicated public program: K0-CST. It maintains a live, verifiable record of AI-Act / NIS2 / KSC readiness across institutions, with a strict rule:
Public-sector engagement, FRIA, or a readiness review — start here.