2026-01-25 10:00
publication
2026-01-25 10:00
The draft amendment to the KSC resembled a “speeding snowball” from the very beginning. Political regulations on high-risk suppliers (HRV – High Risk Vendors) have been added to the technical implementation of the EU directive over the years. Today, this strategy is taking revenge on the project authors – writes “Dziennik Gazeta Prawna”.
We are witnessing a paradox rare in legislation. As if to defy the domestic legislative process, three days ago the European Commission published a proposal for a new regulation, the so-called Cybersecurity Act 2.0 (CSA2). This document calls into question the sense of many solutions that the Polish designer is still trying to push through – we read in “DGP”.
According to “Dziennik Gazeta Prawna”, The Polish draft law on the National Cybersecurity System (KSC) regarding high-risk suppliers is essentially a “carpet” solution. Supplier risk assessment is dangerously politicized – the key decision is made individually by the Minister of Digitization, which allows for a lot of discretion.
Meanwhile The Union proposes a multi-stage mechanism coordinated at the level of the entire Community. First, it assesses the risk of electronic components in supply chains. Only on this basis are specific suppliers or product categories identified. Brussels says it straight: not every network switch in every company is a threat to the security of the Union – we read in “DGP”.
The Polish amendment to the KSC extends the risk of forced infrastructure replacement to tens of thousands of entities. The definition of “key entity” and “important entity” combined with HRV regulations means that theoretically any water company, hospital or manufacturing plant could be forced to remove equipment if it comes from a supplier deemed risky. The EU believes that the restrictions should apply only to what is actually critical for critical infrastructure of cross-border importance.
The conclusion is simple: if CSA2 enters into force as a regulation, Polish regulations on high-risk suppliers will become dead and pointless at the time of their adoption, and in many places simply contrary to the superior law. This opens the way to mass claims for damages against the State Treasury from companies forced to replace equipment on the basis of defective law – writes the daily. (PAP)
jszt/ lm/
