{"id":71744,"date":"2026-02-25T11:03:02","date_gmt":"2026-02-25T10:03:02","guid":{"rendered":"https:\/\/raczkowski.eu\/en\/?p=71744"},"modified":"2026-02-26T15:07:01","modified_gmt":"2026-02-26T14:07:01","slug":"new-cybersecurity-obligations-for-companies","status":"publish","type":"post","link":"https:\/\/raczkowski.eu\/en\/new-cybersecurity-obligations-for-companies\/","title":{"rendered":"New Cybersecurity Obligations for Companies"},"content":{"rendered":"<p>The act implementing the EU\u2019s NIS2 Directive in Poland has been signed by the President and will enter into force one month after publication. Once effective, cybersecurity obligations will apply to a significantly broader group of entities than under the existing Act on the National Cybersecurity System.<\/p>\n<p><strong>Key Changes<\/strong><\/p>\n<ul>\n<li>expanded scope (essential and important entities),<\/li>\n<li>obligation to implement an Information Security Management System (ISMS),<\/li>\n<li>incident reporting within 24 \/ 72 hours,<\/li>\n<li>increased management liability,<\/li>\n<li>mandatory training for all management board members,<\/li>\n<li>audits (for essential entities),<\/li>\n<li>real administrative sanctions.<\/li>\n<\/ul>\n<p><strong>What Is an ISMS?<\/strong><\/p>\n<p>An ISMS is a systematic approach to managing information security and business continuity, covering all information systems used in processes affecting the provision of services. All systems used in the conduct of business must be protected.<\/p>\n<p><strong>What Does an ISMS Cover?<\/strong><\/p>\n<p>In particular:<\/p>\n<ul>\n<li><strong>Risk management<\/strong> \u2013 systematic risk assessment, identification, analysis and evaluation of risks, decisions on risk treatment, documentation of the process.<\/li>\n<li><strong>Security policies<\/strong> \u2013 risk assessment policy, information systems security policy, thematic policies (e.g. access control, backup, cryptography).<\/li>\n<li><strong>Physical security<\/strong> \u2013 access control to premises, infrastructure protection.<\/li>\n<li><strong>ICT supply chain<\/strong> \u2013 supplier assessment, hardware and software security, technological dependencies.<\/li>\n<li><strong>Monitoring<\/strong> \u2013 continuous monitoring, logging enabling the reconstruction of events, accountability.<\/li>\n<li><strong>Cyber hygiene<\/strong> \u2013 software updates, vulnerability management, secure communication measures.<\/li>\n<\/ul>\n<p><strong>What Does Implementation Mean in Practice?<\/strong><\/p>\n<ul>\n<li>identifying services provided (broadly understood, including production),<\/li>\n<li>mapping processes supporting those services,<\/li>\n<li>identifying the information systems used in those processes,<\/li>\n<li>conducting risk assessments,<\/li>\n<li>implementing appropriate measures,<\/li>\n<li>documenting the system,<\/li>\n<li>ensuring management oversight.<\/li>\n<\/ul>\n<p><strong>Who Is Covered?<\/strong><\/p>\n<p>The new regulations will apply to more than 18 sectors of the economy and potentially tens of thousands of entities. Many medium-sized companies that were previously outside the scope of the National Cybersecurity System will fall within the cybersecurity regime for the first time.<\/p>\n<p>Find more articles in <a href=\"https:\/\/raczkowski.eu\/en\/pro-hr-february-2026-2\/\">PRO HR February 2026<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The act implementing the EU\u2019s NIS2 Directive in Poland has been signed by the President and will enter into force one month after publication. Once effective, cybersecurity obligations will apply to a significantly broader group of entities than under the existing Act on the National Cybersecurity System. Key Changes expanded scope (essential and important entities), [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[87],"class_list":["post-71744","post","type-post","status-publish","format-standard","hentry","category-bez-kategorii","tag-dominika-dorre-kolasa"],"acf":[],"_links":{"self":[{"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/posts\/71744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/comments?post=71744"}],"version-history":[{"count":7,"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/posts\/71744\/revisions"}],"predecessor-version":[{"id":71799,"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/posts\/71744\/revisions\/71799"}],"wp:attachment":[{"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/media?parent=71744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/categories?post=71744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/raczkowski.eu\/en\/wp-json\/wp\/v2\/tags?post=71744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}