Poland: Opened Consultation on National Cybersecurity System Act

On 24 April 2024, the Poland Ministry of Digital Affairs published a draft of an Amendment to the Act on the National Cybersecurity System, and opened a consultation on it. The Act incorporates a requirement for an information security management system, and implements the NIS2 directive (EU) 2022/2555. Besides entities from the energy, transport, health, and banking sector, the Act would broaden the scope of entities considered key and important to also include organisations from sectors such as the production, manufacturing and distribution of chemicals, or food production, processing and distribution, as key operators. Those operators must take effective security measures, assess cybersecurity risks, and report serious incidents. The reporting scheme is strictly defined, and requires immediate reporting of incidents (with specific deadlines depending on the sector and type of incident). The consultation closes on 24 May 2024.