Polish Act on the national cyber security system

Adopted by the Polish Parliament on 5 July 2018, the Polish Act on the national cyber security system (Journal of Laws 2018, item 1560) came into force on 28 August this year. The purpose of the Act is to introduce a system enabling detection, prevention and minimisation of the effects of attacks violating the cyber security of the Republic of Poland. Moreover, the act and the regulations surrounding it implement the so-called NIS Directive (Network and Information Security directive) into the Polish legal system, which obliged the EU Member States to adopt a strategy for the security of networks and information and communication systems. In Poland, the National Cyber Security System will be created, which will include the largest entrepreneurs from the selected areas of the economy called key services (banks, energy sector, air and rail carriers, hospitals), digital service providers (DSP), key service providers (KSP) and selected governmental and local government administration units called competent authorities. Computer Security Incident Response Teams (CSIRTs) will be established, to which key service providers and other actors in the national cyber security system will be required to provide information on serious cyber security incidents. The role of CSIRT has been adopted by the Internal Security Agency (CSIRT GOV), the Scientific and Academic Computer Network – National Research Institute (CSIRT NASK) and the Ministry of National Defence (CSIRT MON). In the justification of the draft of this act, the arguments were raised, among others, that the constant and growing influence of information technologies on social and economic development makes the offered services more and more dependent on an effective system ensuring cyber security.