The Evolution of Cybersecurity Regulation in the European Union Law and Its Implementation in Poland
Grażyna Maria SzporUniwersytet Kardynała Stefana Wyszyńskiego w Warszawie , Polska
The 2013 European Union Cybersecurity Strategy, the 2016 Directive, and the 2019 Regulation mark the next steps in strengthening the protection of cybersecurity by European Union bodies, linked to changes in member states’ laws. The rapid increase in threats, referred to as the “cyberpandemic”, requires prompt adaptation of legal instruments to new needs, but at the same time complicates ensuring consistency of multi-level regulation. The analysis of changes in the legal status in Poland shows that this concerns terminology, subject matter scope and the structure of cyber security systems. In order to reduce difficulties, it is worth considering introducing immediate amendments to those provisions in force which were negatively assessed during works on drafting new acts. Such a conclusion is prompted by the evolution of the definition of cybersecurity, which, according to the 2019 Regulation as well as the draft amendments to the Polish Act on National Cyber Security System and the draft of the new Directive, is to be understood as activities necessary to protect networks and information systems, users of such systems and other persons against cyber threats such as any potential circumstance, event or action that may cause damage, disruption or otherwise adversely affect networks and information systems. Another example is the maintenance of the distinction between key service operators and digital service providers in the 2019 EU Regulation and the 2021 draft amendment to the Polish law, although the 2020 NIS 2 directive draft recognizes that it has become irrelevant and replaces it with a distinction between essential and relevant entities. Also, other changes currently proposed are justified by the blurring of the boundaries between virtual and real space.
Słowa kluczowe:cybersecurity, cyberspace, legislation, NIS Directive, ENISA
Banasiński, Cezary, and Marcin Rojszczak, eds. Cyberbezpieczeństwo. Warsaw: Wolters Kluwer, 2020.
Baumgarten, Ansgar, and Christian Calliess. “Cybersecurity in the EU the Example of the Financial Sector: A Legal Perspective.” German Law Journal 21, no. 6 (2020): 1149–1179.
Besiekierska, Agnieszka, ed. Ustawa o krajowym systemie cyberbezpieczeństwa. Komentarz. Warsaw: C.H. Beck, 2019.
Corcoran, Brian. “A Comparative Study of Domestic Laws Constraining Private Sector Active Defense Measures in Cyberspace.” Harvard National Security Journal 11, no. 1 (2020): 1–ix.
Czaplicki, Kamil, Agnieszka Gryszczyńska, and Grażyna Szpor, eds. Ustawa o krajowym systemie cyberbezpieczeństwa. Komentarz. Warsaw: Wolters Kluwer Polska, 2019.
Gryszczyńska, Agnieszka, and Grażyna Szpor, eds. Internet. Cyberpandemia. Warsaw: C.H. Beck, 2020.
Kitler, Waldemar, Joanna Taczkowska-Olszewska, and Filip Radoniewicz, eds. Ustawa o krajowym systemie cyberbezpieczeństwa. Komentarz. Warsaw: C.H. Beck, 2019.
Kosseff, Jeff. “Hamiltonian Cybersecurity.” Wake Forest Law Review 54, no. 1 (2019): 155–206.
Singh, H. P., and Tareq S. Alshammari. “An Institutional Theory Perspective on Developing a Cyber Security Legal Framework: A Case of Saudi Arabia.” Wake Forest Law Review 11, no. 3 (2020): 637–650.
Szpor, Grażyna. “Nowelizacja siatki pojęciowej cyberbezpieczeństwa.” Monitor Prawniczy 22 (2020): 1189–1192.
Roguski, Przemysław. “Przesłanki przypisania cyberoperacji państwu.” In Internet. Cyberpandemia, edited by Agnieszka Gryszczyńska and Grażyna Szpor, 91–101. Warsaw: C.H. Beck, 2020.
Worona, Joanna. Cyberprzestrzeń a prawo międzynarodowe. Status quo i perspektywy. Warsaw: Wolters Kluwer Polska, 2020.