200 Companies Register Under New Cybersecurity Law in Poland

Following the recent amendments to the national cybersecurity law (KSC), around 200 companies submitted applications for registration in the KSC registry within two months, as reported by the Ministry of Digital Affairs. The new regulations affect approximately 11,000 private entities.
The amendments to the KSC law came into effect on April 3, primarily dividing entities under the law into critical and important categories while introducing new sectors such as food production and transportation equipment manufacturing.
Entities subject to the amended law must assess whether they meet the criteria for being classified as critical or important, requiring them to self-identify. If they qualify, they must register in the KSC registry by October 3 of this year.
50 Applications Awaiting Verification
Public entities, telecom operators, trust service providers (related to electronic signatures), critical entities, and those previously recognized as key service operators do not need to submit registration applications, as they are automatically registered by the Ministry of Digital Affairs.
According to the ministry, the amended KSC law could apply to approximately 38,000 entities, with around 27,000 being public entities. This indicates that about 11,000 non-public units, which were not previously covered by the law, must now comply. The ministry did not specify how many of these are private companies required to self-identify.
As of May 7, the ministry enabled businesses to apply for registration in the KSC registry. By July 7, around 200 companies had fulfilled this obligation, with over 150 applications approved and nearly 50 awaiting verification.




