On 7th September 2020 a draft novel to the Cybersecurity Act and Public Procurement Law was published on the website of Governmental Legislation Centre. The draft bill provides some significant changes for foreign investors.
According with the motives to the draft bill “the Polish state does not have any tools to react to attempts to purchase key elements of infrastructure that have not been recognized as critical infrastructure. This poses, in particular in the telecommunications sector, the risk of losing control over infrastructure essential for state security. The second detected deficiency is the inability to directly influence the entities of the national cybersecurity system in the field of security measures. The mechanisms in the act are both preventive (security requirements and supervision over their implementation) and supportive (institutional support for incident response teams and guidelines from competent authorities), but they do not allow for mass actions during an incident - institutions cannot respond to progressive attacks and, for example, order specific behavior to prevent infection. There is also a lack of tools enabling state institutions dealing with security to assess the dependence of entrepreneurs on entities based outside the European Union. Such tools should make it possible to determine whether a supplier is controlled by a foreign government without recourse to an independent court; whether the supplier has a clear ownership structure; and whether the supplier has, in its history, demonstrated ethical corporate conduct and whether it is subject to a legal order that ensures transparency of the company's operations.”.