Cybersecurity law in Poland

On August 28th, 2018 new law will enter into force – the act on national cybersecurity system. The act covers inter alia the key-services providers i.e. the entities operation in the energy sector, transportation, banking and finance services and public health. However, the provisions of the will not be applied to the entities which provide the trust services and telecommunication services. 

Digital services 

According to the provisions of the act, there are three main types of cyber services:

  • online trading platform – a service that primarily involves concluding a contracts electronically on such online trading platform of on entrepreneur’s website,
  • internet search engine – a service that allows users to search particular website by entering a specific query or keywords
  • cloud computing service – enabling access to a set of online resources intended to share by users.

Digital services provider

The definition of digital services provider includes legal persons and other special organizational units with legal personality (so called defective legal entities) having registered office or Management Board within the territory of Poland or a representative holding such organizational unit within the territory of Poland that provides digital services.

Duties of digital services providers

The new regulations aimed for imposing an obligation on digital service providers to detect, register, classify and analyse particular event, which may harm the cybersecurity. Such events shall be also disclosed to a competent authority. The digital service provider will also be required to organize the appropriate technical and organizational measures to ensure the cybersecurity of the provided services. These measures have to be comply with current state of knowledge and international standards. 

Contact us on

Michał Dudkowiak


Michał Dudkowiak

Barrister, Managing Partner

Michał Dudkowiak


Rondo ONZ 1
00-124 Warsaw