- This project is an overregulation. Even better, it could be defined as over-implementation, a phenomenon commonly known as gold plating since it’s a procedure that the European directive NIS2 doesn’t acknowledge, and one that will affect ICT equipment (Information and Communication Technology) or service providers as well as communication and informational software – says Professor Maciej Rogalski, market expert during a debate titled “Project of the Act on the National Cybersecurity System – Necessity or Gold Plating? Who and How Much Will Pay for It?” that took place at the PAP Press Center. – According to the NIS2 directive, these criteria were to be applied only to the suppliers of critical 5G infrastructure and concern telecommunication infrastructure and six key sectors. The Act applies these criteria to all generations of radio networks, allowing the exclusion of suppliers from eighteen sectors. Yet, none of the published EU projects cover so many areas of the economy and do not introduce political criteria of origin.
A project of the Act on the National Security System, published a month ago prepared by the Ministry of Digitalization, causes significant concern. Under the guise of “cybersecurity” a high-risk supplier procedure has been introduced, which is an overregulation in relation to the EU directive NIS2, even though the aim of the amendment was only to adjust the general requirements of the EU directive NIS2 to the specifics of the Polish situation.
Karol Skupień, President of the National Chamber of Ethernet Communication (KIKE), invited to the discussion about the threats arising from the project of the Act, Piotr Podgórski, vice-president of the Federation of Entrepreneurs and Employers, Entrepreneurs.pl and Krzysztof Dzięgielewski, Skynet Ltd., All experts obligated in harsh criticism towards the overregulation, while expressing hope that the legislator will hear their voice of reason.
- The fact that there should be eighteen key sectors means that more enterprises will have to meet the directive’s requirements, which entail high costs and can pose a threat to their existence. I would advise against creating problems – argues professor Maciej Rogalski.
- The criteria are unclear, non-technical, opaque, and as a consequence, there will be a loss of competitiveness of Polish firms. Entrepreneurs are not opposed to regulations necessary for cybersecurity, but such regulations as proposed by the minister of digitalization hit their security and assurance of existence – warns Piotr Podgórski, from Entrepreneurs.pl.
According to a study on the use of equipment from suppliers originating outside the European Union or the North Atlantic Treaty Organization in the telecommunications sector, conducted in October 2024 by KIKE, 100% of the respondents indicated that in building telecommunications networks, small and medium-sized Polish telecommunications operators, in the majority, use devices from manufacturers originating from Asia. The estimated value of telecommunications infrastructure using equipment and/or software from suppliers outside the EU and NATO is, on average, 3.3 million PLN per operator.
- Network design is one of the longest processes in our industry – says Krzysztof Dzięgielewski, representing the Polish communication operator Skynet Ltd. – To compete with the larger ones we have to be better, faster and have a secure network. Designing business expenditures we did not take into account costs that we would have to incur as a result of over-regulation. Many industry entrepreneurs may be on the verge of bankruptcy, many are holding back on investments.
- Is the interest of American magnates placed higher than the security of the Polish entrepreneur? – asks Karol Skupień, president of KIKE. – The provisions of the Act give the minister of digitalization the ability to make political decisions, not based on technical knowledge. What if we start removing good devices and replacing them with worse ones, spending in the telecommunications sector alone, amounts in the order of 6 billion PLN and more. This Act is one big fraud so that politicians can decide who should profit and who shouldn’t.
Source: https://managerplus.pl/eksperci-ostrzegaja-nadregulacja-w-ustawie-o-cyberbezpieczenstwie-moze-zniszczyc-polskie-firmy-24108
