Cybersecurity—Poland—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—Poland—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—Poland—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in Poland published as part of the Lexology Getting the Deal Through series by Law Business Research (published: November 2020).

Authors: Adwokaci i Radcowie Prawni spółka komandytowa Izabella Żyglicka i Wspólnicy—Michał Korszla; Kamila Spalińska

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

Legislation

On 5 July 2018, Poland implemented Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning the measures for a high common level of security of network and information systems across the Union, by adopting the Act on the National Cybersecurity System of 5 July 2018 into the Polish legal order. The Act entered into force on 28 August 2018 and is the only statutory act devoted solely to the issue of cybersecurity.

The provisions of the Act impose certain obligations on operators of 'essential services' (ie, entities that provide services of key importance for the functioning of the economy and society).

The Polish Ministry of Digitisation has prepared an amendment to the Act on the National Cyber Security System, which is planned to enter into force at the end of 2020. The draft amendment of the Act assumes, among other things: (i) covering telecommunications entrepreneurs with the national cyber security system; (ii) introducing mechanisms for risk assessment of the supplier of

Popular documents