Controversial bill (once again) at the finish line

• Cybersecurity is still perceived as a cost, not an investment in security and economic development, say the guests of the "Digital Security of the State" panel at EEC 2025 .
• Experts point to the need for urgent updating of the law. The amendment to the Act on the National Cybersecurity System is of key importance.
• This, however, is still controversial. Among other things, it concerns the issue of excluding high-risk suppliers from critical infrastructure.

Poland (and the EU) is facing the need to redefine its approach to cybersecurity through better regulations, partnership-based cooperation between the public and private sectors, and a change of approach to this area – from a cost to a strategic investment in the future – these are the conclusions from the discussions in the “Digital Security of the State” session during the EEC 2025 in Katowice.

Controversial bill at the finish line (again)

The announced amendment to the act on the National Cybersecurity System (KSC) was at the center of the conversation, which – as announced by Łukasz Wojewoda from the Ministry of Digital Affairs – is to leave the government stage of work by the end of the second quarter of 2025. These are the hopes of the ministry, but – as the official admitted – a lot can still change at the stage of legislative work. When should we expect the act to be ready and signed by the president? That is unknown.

Particularly controversial is the issue of identifying high-risk suppliers whose products may be excluded from the development of key services.

Meanwhile, regulations are needed because - as the panelists argued - despite many attempts at regulation, there is still a lack of coherent, mandatory standards and certification of devices used, for example, in critical infrastructure. - We do not control suppliers, there is no transparency of origin - said Maciej Wyczesany, President of the Management Board and CEO of Apator SA.

The panelists unanimously pointed to the growing scale of threats, especially after the outbreak of the war in Ukraine, and the need to adapt regulations to the new digital reality. Attention was drawn to the excessive detail of public tenders and the need to treat cybersecurity not as a cost, but as a strategic investment.

The issue of ineffective cooperation between sectors and the need for greater transparency and stability of the law also came up repeatedly. Experts emphasized that without a real partnership between public administration and business, it will be difficult to build an effective system resistant to digital threats.

Cybersecurity as an Engine of Economic Development

The conclusion from the debate was the need for urgent, systemic changes – not only regulatory, but also mental and organizational, which will allow cybersecurity to be treated as a pillar of the development and security of the state.

- The regulations that guide our actions in the EU cannot be the only focus of our actions in the cyber area. We need to expand our capabilities. We need to start seeing cybersecurity as an engine of economic development - said Joanna Świątkowska, Deputy Secretary General of the European Cybersecurity Organisation (ECSO).

Paweł Nogowicz, CEO of Evercom, pointed out that the regulations lack coherence. - Some areas are overregulated, others are completely ignored - he said.

The common denominator of all statements is the belief that the current approach to cybersecurity in Poland (and more broadly – ​​in the EU) requires serious updating and making it more realistic in the face of contemporary threats.