The Directive on measures for a high common level of cybersecurity across the Union (NIS2 -2022/2555) entered into force in January 2023. Member States were obligated to implement (adopt and promulgate) the provisions of the Directive into their legal systems by 17 October 2024. On 3 October 2024, Poland published a second version of the draft implementing act, which serves as an amendment to the existing law – the Act on the National Cybersecurity System of 5 July 2018 (hereinafter: the “ANCS”). This legislation currently enacts the first NIS directive, which the NIS 2 Directive superseded. We assume that the Sejm will agree to the proposed amendment by the end of the year, since the official implementation deadline has expired, and this is the second attempt to amend the ANCS.

We have analyzed the proposed amendment and summarized the most important changes. This guide is based on the draft amendment of 3 October 2024. The proposed law sets out mechanisms for effective cooperation between competent authorities in different sectors of the economy and defines new cybersecurity obligations as well as measures to enforce them.

Please find our guide describing NIS2 Implementation here: NIS2 Implementation in Poland – Guide