New draft law on national cyber security system

The Ministry of Digitization has unveiled a draft law on the National Cyber Security System.

The purpose of the law is to implement Directive (EU) 2022/2555 of the European Parliament and of the Council of December 14, 2022, on measures for a high common level of cyber-security within the Union, amending Regulation (EU) No. 910/2014 and Directive (EU) 2018/1972 and repealing Directive (EU) 2016/1148 (Official Journal of the EU L 333, 27.12.2022, p. 80), hereinafter referred to as the “NIS 2 Directive.”

The law aims to strengthen the national ICT security system in light of the changes that have taken place in recent years in the area of cyber threats.

Why is this law crucial to our security?

As the Ministry of Digitization’s announcement reads, the bill serves to implement the goals of Poland’s Cybersecurity Strategy for 2019-2024.

Main objectives of the strategy:

• Increase the level of resilience against cyber threats
• Enhancing information protection in the public, military, and private sectors

The project also implements the strategy’s specific objective, which addresses:

• Development of the national cyber security system through evaluation of cybersecurity legislation
• Ensure supply chain security

What is changing in the National Cyber Security System?

Changes brought about by the NIS 2 Directive and emerging new cyber threats are creating an urgent need to make appropriate changes to the National Cyber Security System.

The changes will also implement the provisions of the 5G Toolbox, the EU’s set of measures for cybersecurity of 5G networks.

Major changes in the bill:

1. Expanding the catalog of actors in the national cyber security system to include new sectors of the economy.
2. Impose obligations for risk management measures on key entities and entities important in cybersecurity, in accordance with NIS Directive 2.
3. Introducing the possibility of reporting incidents by key entities and important entities via the ICT system of the minister responsible for information technology, to the relevant sector CSIRT teams and national-level CSIRTs.
4. Imposition of cybersecurity risk management measures, in accordance with NIS Directive 2;
5. Create sector CSIRT teams to support key and critical players in handling cybersecurity incidents.
6. Strengthening the supervisory powers of cybersecurity authorities.
7. Introducing a National Response Plan for large-scale cybersecurity incidents and emergencies.
8. New administrative fines for non-compliance with statutory obligations by key and important entities.
9. Expanding the powers of the minister in charge of IT, including the ability to legally identify a high-risk provider by decision and implement protective orders to limit the impact of an ongoing critical incident.

How can the new bill protect us from cyberattacks?

The new draft law on the National Cyber Security System, presented by the Ministry of Digitization, aims to strengthen our ICT security in the face of growing cyber threats.

Implementation of the NIS 2 directive and the provisions of the 5G Toolbox will help create a more resilient system, protecting both the public, military and private sectors.

Although it is only a bill, its adoption could significantly increase our protection against cyberattacks, providing better risk management and faster response to incidents.

Want to learn more? Contact our law firm or check out our other blog articles to stay up to date on the latest developments in cybersecurity law.