EC may suspend KPO if Poland unable to implement National Cybersecurity System

Poland is under pressure to pass the National Cybersecurity System Act (KSC), a key milestone in the EU-funded National Recovery Plan (KPO). The European Commission (EC) regularly questions its progress, warning that failure to implement the law could result in suspended payments. Marcin Wysocki, Deputy Director at the Ministry of Digital Affairs, confirms that the bill should be adopted by the government in early July. The law is crucial for countering threats like sabotage and terrorism and will heavily impact both public institutions and businesses.
Delays stem from inter-ministerial disputes over cybersecurity bonuses and funding. One issue is who should receive bonuses from the Cybersecurity Fund—firefighters or other critical infrastructure staff. Another is the controversial inclusion of “high-risk suppliers,” such as Huawei, which some want excluded based on political grounds. However, Wysocki insists these non-technical criteria are justified and aligned with EU practices.
The Ministry is also preparing cloud standards and a “data embassy” law. Despite resistance, Wysocki believes the KSC Act will pass by year’s end, noting that 21 EU countries already use similar frameworks. The bill’s passage is essential to avoid EU sanctions and ensure national cybersecurity resilience.
(wnp.pl)