The music of the future – Suno AI and Sora AI: will artificial intelligence be the new generation of music creators?

Artificial intelligence (AI) is changing the way music is created. Tools such as Suno AI and Sora AI allow artists and producers to generate melodies and lyrics and experiment with new sounds. However, the development of this technology raises questions about copyright, intellectual property and ethical aspects of using AI in music.

Are AI-generated songs protected by copyright? Who is the author? What are the consequences of using artificial intelligence in the creative process? In this article, we will look at these issues based on the analysis presented by Anna Adamiak, trainee solicitor and Junior Associate at LBK&P, in ‘Przegląd Radcowski’ and the applicable legal regulations.

ai muzyka

Is AI-generated music protected by copyright?

According to Polish copyright law, for a piece of work to be protected, it must be the result of human creative activity with an individual character (Article 1 of the Act on Copyright and Related Rights). This means that works created exclusively by Suno AI, Sora AI or other generative models cannot be protected by copyright.

Since a machine does not have the ability to express personality or make conscious creative choices, works created without significant human input are considered to be part of the public domain.

Who is the creator of AI-generated works?

The question of authorship of AI-generated works is one of the most important legal challenges. There are three main positions:

  1. User of the AI tool – a person using Suno AI or Sora AI can be considered a co-creator if their contribution to the creative process was significant. However, setting a few parameters or entering a short description does not meet the requirements of copyright law conferring the status of a creator.
  2. Creator of the algorithm – companies developing AI often claim the results of their models. It is also questionable that AI works autonomously and there is no individual human contribution to a specific work.
  3. Lack of an author – In many jurisdictions (e.g. the USA, the UK), AI works are treated as part of the public domain and have no assigned author.

These are the issues analysed by Anna Adamiak in ‘Przegląd Radcowski’, emphasising that current law cannot keep up with the development of generative technology.

Logo SUNO AI

Suno AI – artificial intelligence in the service of music

Suno AI is an advanced AI tool that allows you to generate music in different styles. It analyses huge databases of music and then creates new songs, lyrics and arrangements. It is particularly popular with independent artists and music producers.

Sora AI – the future of composition generation

Sora AI, on the other hand, is an AI platform for the automatic composition of music. Its algorithms allow for the personalisation of sounds, the adaptation of melodies to the user’s preferences and integration with music production software.

The impact of Suno AI and Sora AI on the music industry

AI tools are changing the music industry by offering:

Automation of the composing process – artists can generate unique melodies in seconds.

Lower production costs – AI eliminates the need for expensive producers.

New creative possibilities – AI supports experimentation with unusual styles and harmonies.

LLM czym jest . 

However, the use of AI in music is associated with numerous legal problems:

Risk of plagiarism – models such as Suno AI are trained on huge databases, which can lead to existing songs being unknowingly copied.

Lack of regulation – there is a lack of clear regulations regarding AI, which raises questions about copyright and intellectual property.

Legal regulations regarding AI-generated works

In order to adapt the law to AI technology, new legal initiatives have emerged:

🔹 Generative AI Copyright Disclosure Act (USA) – a 2024 law requiring disclosure of the use of copyrighted works to train AI.

🔹 ZAiKS guidelines (Poland) – clearly state that works generated exclusively by AI are not subject to legal protection.

Both regulations are an attempt to solve the problem of the lack of global standards regarding music created by artificial intelligence.

AGI

Summary

AI in music is revolutionising but also challenging copyright law. Suno AI and Sora AI offer new creative possibilities, but their use raises questions about intellectual property, plagiarism and authorship.

An analysis by Anna Adamiak in ‘Przegląd Radcowski’ shows that current regulations are not keeping up with the development of AI, and that music generated by artificial intelligence does not meet current criteria for legal protection.

What does the future hold? For the time being, artificial intelligence contributes to music, but does not fully replace human artists. However, this may change over the years as technology develops. 🎶

Will AI dominate the music industry? The next few years of technological development and legal regulations will provide the answer.

Sources:

📌 ‘Przegląd Radcowski’ – article by Anna Adamiak ‘Wyzwania dla prawa autorskiego w muzyce’

Data protection violations – what do you need to know?

In today’s digital world, data protection is becoming an increasingly important topic. Every organisation that processes personal data must be prepared for potential data breaches and know how to proceed in such a situation. In this article, we will discuss the most important issues related to personal data breaches in the light of the GDPR based on the publication of the UODO (Polish Data Protection Authority) entitled ‘Guide under the GDPR – obligations of administrators related to personal data breaches v2’.

Poradnik na gruncie RODO

What is a data breach?

A data breach is a security incident that leads to accidental or unlawful:

  • data destruction
  • data loss
  • data modification
  • unauthorised disclosure of data
  • unauthorised access to data

A breach can be both a deliberate action (e.g. a cyber attack) and an accidental event (e.g. losing a data carrier). The key point is that the breach concerns personal data being processed and can have a negative impact on the rights and freedoms of the data subjects.

Why are breaches dangerous?

Data breaches can have serious consequences for data subjects, such as:

  • physical injury
  • property damage (e.g. identity theft, financial fraud)
  • non-pecuniary damage (e.g. damage to reputation, mental stress)

Even seemingly insignificant incidents can have far-reaching consequences. It is therefore important that data controllers respond appropriately to any violations.

dane osobowe

Who is responsible for data protection?

The main responsibility lies with the data controller, i.e. the entity that determines the purposes and means of processing personal data. It is the controller who must implement appropriate technical and organisational measures to ensure data security.

The following also play an important role:

  • Processors – process data on behalf of the controller
  • Data Protection Officers (DPO) – advise and monitor compliance with the GDPR

What are the responsibilities of the controller?

In the context of personal data breaches, the controller has the following responsibilities:

  1. Preventing breaches by implementing appropriate safeguards
  2. Detecting and identifying breaches
  3. Responding to breaches:
  4. Remediation of the breach and minimisation of its effects
  5. Assessment of the risk associated with the breach
  6. Reporting of the breach to the supervisory authority (if there is a risk)
  7. Notification of the data subjects (in case of high risk)
  8. Documentation of the breach

dane osobowe

How can data breaches be prevented?

The key is to implement appropriate technical and organisational measures, such as:

  • Data encryption and pseudonymisation
  • Regular testing and evaluation of the effectiveness of security measures
  • Employee training
  • Incident response procedures
  • Control of data access
  • Data backups

The selection of measures should be based on an analysis of the risks associated with the processing.

How to detect violations?

Administrators should implement monitoring and incident detection systems, such as:

  • Intrusion detection systems (IDS/IPS)
  • Anti-virus software
  • Analysis of system logs
  • Procedures for reporting incidents by employees

It is also important to train staff to recognise potential violations.

dane osobowe

What to do after a breach has been detected?

After a breach has been detected, the controller should:

  1. Take immediate action to contain the breach and minimise its impact
  2. Assess the risk to the rights and freedoms of data subjects
  3. Report the breach to the supervisory authority within 72 hours if there is a risk (unless it can be demonstrated that the risk is unlikely to materialise)
  4. Notify the data subjects if there is a high risk
  5. Document the breach and the measures taken

Reporting breaches to the supervisory authority

The notification to the President of the Personal Data Protection Office should include:

  • A description of the nature of the breach
  • The categories and approximate number of data subjects
  • The possible consequences of the breach
  • The measures taken to remedy the breach
  • The contact details of the Data Protection Officer or other contact point

The notification can be made electronically via a dedicated form or ePUAP.

dane osobowe

Notification of data subjects

In the event of a high risk, the controller must notify the data subjects without undue delay. The notification should:

  • Be written in simple and clear language
  • Describe the nature of the breach
  • Include the contact details of the DPO or other contact point
  • Describe the possible consequences of the breach
  • Describe the measures taken to remedy the breach
  • Include recommendations for individuals to minimise potential negative effects

Notifications can be made directly (e.g. by email) or through a public announcement.

Documenting breaches

The controller must document all violations, regardless of whether they were reported. The documentation should include:

  • The circumstances of the violation
  • Its effects
  • The remedial measures taken
  • The reasoning behind the decision regarding the report/notification
  • The documentation serves as proof of compliance with the GDPR and may be subject to inspection by the supervisory authority.

dane osobowe

Cross-border personal data breaches

A cross-border data breach is an incident that involves the processing of personal data in more than one member state of the European Union. This can be because the controller or processor has organisational units in several EU countries, or when the breach affects data subjects in different member states.

In the case of cross-border data breaches, the incident reporting and management process becomes more complex. Controllers must cooperate with supervisory authorities in different countries and also take into account differences in local regulations and procedures. It is crucial to quickly determine which supervisory authority is the lead authority in a given case and to ensure effective communication between all parties involved. The cross-border nature of the breach can also affect the risk assessment and the way in which data subjects are notified, especially when it is necessary to take into account cultural and linguistic differences in different countries.

Summary

Responding appropriately to personal data breaches is crucial to protecting the rights of data subjects. This requires controllers to:

  • Implement appropriate safeguards
  • Prepare incident response procedures
  • Act quickly in the event of a breach
  • Communicate transparently with the supervisory authority and data subjects

Remember that the main purpose of these measures is to protect the rights and freedoms of individuals, not to avoid penalties. A responsible approach to data protection builds trust and minimises the negative effects of possible violations.

Want to know more?

Read the new guide from the UODO (the Polish Data Protection Authority):

https://uodo.gov.pl/pl/138/3561

Poradnik UODO

What’s new in the guide?

The new version takes into account the latest interpretations of regulations, case law and practical tips that will help administrators make the right decisions in the event of a personal data breach. It includes, among others:

  • updated procedures for responding to breaches (reporting to the President of the Personal Data Protection Office);
  • practical examples and case studies;
  • guidelines on cooperation with the President of the Personal Data Protection Office and other supervisory authorities;
  • key recommendations on risk assessment and breach prevention.

 

MiCA implementation begins – what does it mean for the crypto market in Poland?

MiCA and Polish regulations – who are the new regulations aimed at?

The MiCA (Markets in Crypto-Assets Regulation) regulation introduces uniform rules for the crypto-asset market in the European Union. The new regulations cover both the issuance of tokens and the activities of crypto-asset service providers (CASP).
In practice, this means that entities offering crypto assets to the public or operating trading platforms will have to meet certain licensing and transparency requirements.

krypto

Who is subject to MiCA?

According to MiCA, a crypto-asset service provider is a legal person or company that professionally provides crypto-asset services to clients. To operate legally, each such entity must obtain a CASP licence, which in Poland will be issued by the Polish Financial Supervision Authority (KNF).

The regulation distinguishes 10 categories of cryptoasset-related services. Cryptoasset services are regulated in Article 3(1)(16) of the MiCA, including:

  • providing crypto-asset custody and administration services on behalf of clients;
  • operating a trading platform for crypto-assets;
  • exchanging crypto-assets for cash;
  • exchanging crypto-assets for other crypto-assets;
  • executing orders related to crypto-assets on behalf of clients;

placing crypto-assets;

  • Placing crypto assets;
  • Accepting and forwarding orders related to crypto assets on behalf of clients;
  • Advising on crypto assets;
  • Managing a crypto asset portfolio;
  • Providing crypto asset transfer services on behalf of clients;

Any entity that provides even one of the above services must comply with the new MiCA regulations.

krypto

MiCA and the Polish crypto market – key changes

Until now, the Polish cryptocurrency market has operated in the absence of dedicated sectoral regulations. The only requirement was to be entered in the register of activities in the field of virtual currencies and to comply with the AML Act.
After the MiCA comes into force, the situation will change dramatically:


✅ The Polish Financial Supervision Authority (KNF) will gain full supervisory powers over cryptocurrency exchanges, crypto bureaux de change and custody companies,
✅ Obligation to obtain a CASP licence – operating without a licence will become illegal after a transitional period,
✅ Introduction of capital requirements – 50,000 euros or 125,000 euros or 150,000 euros for crypto-asset service providers.
✅ Necessity to implement risk management, audit and compliance systems.


For Polish companies, this means having to comply with strict requirements or ceasing their operations. It is also possible that market consolidation will accelerate, with smaller entities being taken over by larger companies. 

Is Poland ready for MiCA?

The Polish draft law on the crypto-asset market generally reflects the assumptions of MiCA, adapting the national legal order to the new EU regulations, but potential legislative delays could lead to regulatory chaos.

📌 Transition period – Poland shortened the transition period to the end of June 2025, and therefore had to implement the relevant regulations before 30 December 2024 in order to effectively limit the EU ‘grace period’.
📌 Risk of companies leaving – as it is still not possible to apply for a licence in Poland, cryptocurrency companies may move their operations to other EU countries where the procedures are already being implemented.

krypto

Summary – how to prepare your company for MiCA?

MiCA is a revolution for the crypto market in Poland. Every company operating in this sector should as soon as possible:

✅ Check whether it is subject to MiCA and what licences it will need to obtain,
✅ Prepare to implement organisational and capital requirements,
✅ Monitor legislative progress and adapt to new regulations,
✅ Consider seeking legal assistance in the process of obtaining a CASP licence.

Failure to comply with the new regulations will mean that you will have to either close down or move your business to another EU country.
If you run a company related to the cryptocurrency market, contact us now to prepare for the changes!

 

Contact

Any questions?see phone number+48 663 683 888
see email address

Hey, have you
signed up to our newsletter yet?

    Check how we process your personal data here