The Status of Essential Service Operators in the National Cybersecurity System in Poland: Considerations in the Context of European Union Regulations
Purpose: The aim of this publication is to define the role of essential service operators in the cybersecurity system in Poland, as entities essential to the proper functioning of the economy and society and jointly responsible for ensuring national security and the stability of the state. Furthermore, the publication aims to present a description of the legal status of these entities and the basic tasks arising from the provisions of the Act of July 5, 2018, on the National Cybersecurity System. Reference is also made to European Union regulations, which led to the identification of these entities under national law. Design/Methodology/Approach: The research method adopted in this publication is a legal-dogmatic method and a legal-comparative method. Findings: After analyzing current national and EU regulations, the article highlights changes in cybersecurity policy resulting from the entry into force of the new European Union directive – NIS 2. Furthermore, the article identifies the directions of changes in Polish legislation regarding the classification of essential entities that will soon replace essential service operators, which in turn is caused by the need to implement the NIS 2 directive. It was confirmed that the regulations adopted regarding the operation of these entities are consistent with European Union law. Practical implication: Defining the directions of changes in the classification of essential entities that will replace essential service operators and identifying the related potential organizational and financial challenges for many businesses may constitute an important voice in the public debate regarding the proper functioning of the cybersecurity system in Poland and the costs generated by the potential adaptation of this security sphere to EU requirements. Originality/Value: The effects of actual changes in the national cybersecurity system, caused by the need to implement the NIS2 Directive, constitute an interesting research area, and the role of essential service operators in the cybersecurity system is relatively rarely addressed in the literature. The conclusions presented in this area may constitute a valuable contribution to the researched issue and provide potential guidance in the further process of normative shaping of the cybersecurity system in Poland.