The Senate adopted an amendment to the act on the KSC. Gawkowski: I am optimistic about the president's signature
2026-01-28 17:19
publication
2026-01-28 17:19
The amendment to the Act on the National Cybersecurity System (KSC) and some other acts was consulted with the President – said Krzysztof Gawkowski, Deputy Prime Minister and Minister of Digitization in an interview with PAP. He added that he was therefore “positive” about the president's signature.
On Wednesday, the Senate adopted an amendment to the Act on the National Cybersecurity System (KSC) and certain other acts. The amendment will now go to the president's desk.
Deputy Prime Minister Gawkowski, asked by PAP what the Ministry of Digital Affairs plans if President Karol Nawrocki vetoes the amendment to the act, replied that he “will not speculate.”
– I believe that it was a great success that the act was adopted in parliament with a clear majority of votes; that MPs from both the coalition and the opposition voted for it. During the parliamentary proceedings, PiS amendments were adopted. During consultations with the president, we agreed on those elements that were important from the perspective of the Presidential Palace, so I am optimistic, said Gawkowski.
He assessed that the amendment to the KSC Act “goes beyond the political parameter.” – It is simply about state security in cyberspace – he noted.
The Senate adopted the amendment without amendments, despite 19 comments submitted by the legislative office of the Senate Chancellery. The amendments were mainly of an editorial and more detailed nature. When asked why Deputy Minister of Digital Affairs Paweł Olszewski did not recommend the adoption of these amendments at the Senate Infrastructure Committee, Gawkowski pointed out that work in parliament on the amendment lasted several weeks, and a total of 6 years on the project.
– We worked on the bill for two years in this government, and four years in the previous one. Saying today that we need to introduce amendments in the final stage, which – in my impression – are usually of a lobbying nature, is not the path to good law, but to ensuring that various groups can gain as much interest as possible – said the Deputy Prime Minister.
The amendment to the Act on the national cybersecurity system is intended to implement the EU NIS 2 directive on cybersecurity and Toolbox 5G, i.e. the EU document on 5G network security, in Poland. The NIS 2 directive replaced the previous division into operators of essential services and digital service providers into “key entities” and “important entities”. It also introduced new sectors covered by cybersecurity obligations.
The new regulations provide for the extension of the competences of the minister responsible for computerization – including: it will be able to identify a high-risk supplier. Such a decision can be made according to technical and non-technical criteria, after consultations with the prosecutor's office, the social side and the cybersecurity college. The supplier will be able to appeal against the decision to an administrative court. High-risk vendor equipment will need to be withdrawn from the systems of key and important entities within 4 to 7 years.
The amendment provides that companies from key and important sectors (i.e. energy, health, banking, production, water supply) will have a number of new obligations related to cybersecurity. It will be mandatory, among others: implementing an information security management system, ensuring the security of the supply chain of ICT products, services and processes (ICT – PAP) and regularly assessing the risk of incidents.
During the parliamentary proceedings, amendments were adopted clarifying selected solutions of the project. One of them introduces the obligation for the president's representative to participate in government work on the resolution of the Council of Ministers on the National Plan for responding to large-scale incidents and crisis situations in cybersecurity. This document will define the objectives and mode of managing incidents and crisis situations in cyberspace.
During Tuesday's meeting of the Infrastructure Committee, the legislative office of the Senate Chancellery submitted 19 amendments to the amendment to the KSC Act. They were not recommended by the committee. Paweł Olszewski, deputy minister of digitization, who was present at the meeting, argued that the deadline for implementing NIS 2 passed two years ago and appealed to senators to proceed with the amendment as quickly as possible.
The previous version of the KSC Act comes from 2018 and does not contain any provisions implementing the EU NIS 2 directive. The deadline for its implementation into the national legal order expired on October 18, 2024 (PAP)
mbl/drag/
