14:44 7 February 2026
New cybersecurity regulations calculated to cost at least PLN 14 bln
Poland’s amendment to the National Cybersecurity System Act (KSC), implementing the EU’s NIS2 directive, introduces the designation of High-Risk Vendors (HRV). The Minister of Digital Affairs will be able to classify specific ICT products or services as high risk, forcing companies to stop purchasing them and replace existing equipment or software within 4–7 years, without compensation.
Industry groups warn of very high costs. According to the Polish Ethernet Communication Chamber (KIKE), one telecom operator could spend about PLN 4.3 million over five years, while total sector costs may reach PLN 14.4 billion, figures not reflected in the government’s regulatory impact assessment. Most small and medium telecom firms rely heavily on hardware from outside the EU and NATO, raising risks to service continuity.
The law’s scope extends beyond telecoms to 18 sectors, potentially affecting around 42,000 entities, and is now awaiting the president’s decision amid strong controversy.
(wnp.pl)
