Position on amendments to the National Cyber Security System Act

AmCham Poland has presented its position as part of the public consultations organized by the Ministry of Digital Affairs on amendments to the National Cyber Security System Act. The proposed law introduces changes resulting from the EU’s NIS 2 Directive and new cyber security challenges. Among the main changes are the extension of the cyber security system to new sectors of the economy, new incident notification procedures, and the introduction of mechanisms for designating so-called high-risk vendors. It will affect mostly key service operators and digital service providers. 

While AmCham supports the general direction of the changes proposed in the bill, we have made comments based on the practice of operating U.S. technology companies in Poland. We pointed out the need to keep the Polish law in line with the NIS 2 Directive and regulations in other EU member states to prevent regulatory fragmentation of the common digital market. We also stressed the need to clarify certain statutory obligations and procedures and to maintain the proportionality of statutory enforcement and penalty mechanisms. Our comments also included the exclusion of micro and small entrepreneurs from the scope of the law, who may not be able to cope with the burdens associated with the new obligations, and the introduction of a single point of contact for incident reporting. We also considered the risks associated with the law’s anticipated disclosure of certain information about the operation of entities covered by the bill.

The full AmCham Poland’s position on amendments to the National Cyber Security System Act is available here.