Polish Senate navigates contentious cybersecurity legislation amid EU compliance concerns.
Senate Legislative Bureau Raises Concerns
During a meeting of the infrastructure committee, the Legislative Bureau of the Senate pointed out that given the wide and multifaceted scope of changes introduced by the amendment to the law on the national cybersecurity system, the appropriate solution would be to prepare a new law instead of an amendment.
The bureau also noted that the provisions of the law cannot refer to unspecified separate provisions, shifting the burden on the recipient to determine what provisions the legislators are referring to. In one place in the law, there was also an incorrect reference to the criminal code.
Ministry Insists Law is Thoroughly Reviewed
Deputy Minister of Digitization Paweł Olszewski stated that work on the law has been ongoing for 5 years and thousands of lawyers have dissected it into its components. He emphasized that since 2024, when there was a change in parliamentary majority, work has accelerated again.
Olszewski mentioned that the project went through the legal departments of practically all ministries, the Standing Committee of the Council of Ministers, the Government Legislation Center and the Legal Commission, as well as the legislative bureau of the Sejm at several stages. He noted that they committed to an annual review of the law during its development.
Senator Pushes for Amendments
Senator Wiesław Dobkowski submitted a motion to accept the amendments of the legislative bureau, while Vice-Chairman of the committee Ryszard Świlski motioned to accept the law without amendments. Dobkowski again submitted amendments presented by the legislative bureau during the plenary session, causing the law to return to the infrastructure committee.
Law Passed Despite Concerns
The infrastructure committee met again and voted to accept the law without amendments, and in this form, the Senate adopted it. All this happened within one day.
Vice-Chairman Justifies Decision
Senator Świlski explained that the information presented by the legislative bureau did not have a fundamental and substantive character regarding the provisions of the law, but related to various other provisions of law, which from the perspective of the Senate’s legislative bureau were inappropriate.
Świlski justified his motion by saying that the law is very necessary, considering recent hacker attacks on power plants and the general increase in cyber threats. He reminded that Poland should have been implementing the NIS2 directive for two years already.
EU Fines Loom as Impetus
Deputy Minister Olszewski confirmed that the European Commission has initiated a procedure to impose fines on Poland, which could amount to 2 billion złoty for not implementing NIS2. Świlski stated that considering the European Commission is working on the Cybersecurity Act 2.0, the provisions mentioned by the Legislative Bureau can be addressed during the next amendment of the law.