The Evolution of Cybersecurity Regulation in the European Union Law and Its Implementation in Poland

Thumbnail Image
Files
Szpor_Grazyna_The_Evolution_of_Cybersecurity_Regulation_in_the_European_Union_Law_and_Its_Implementation_in_Poland.pdf(92.93 KB)

Date
2021
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Wydawnictwo KUL
Abstract
The 2013 European Union Cybersecurity Strategy, the 2016 Directive, and the 2019 Regulation mark the next steps in strengthening the protection of cybersecurity by European Union bodies, linked to changes in member states’ laws. The rapid increase in threats, referred to as the “cyberpandemic”, requires prompt adaptation of legal instruments to new needs, but at the same time complicates ensuring consistency of multi-level regulation. The analysis of changes in the legal status in Poland shows that this concerns terminology, subject matter scope and the structure of cyber security systems. In order to reduce difficulties, it is worth considering introducing immediate amendments to those provisions in force which were negatively assessed during works on drafting new acts. Such a conclusion is prompted by the evolution of the definition of cybersecurity, which, according to the 2019 Regulation as well as the draft amendments to the Polish Act on National Cyber Security System and the draft of the new Directive, is to be understood as activities necessary to protect networks and information systems, users of such systems and other persons against cyber threats such as any potential circumstance, event or action that may cause damage, disruption or otherwise adversely affect networks and information systems. Another example is the maintenance of the distinction between key service operators and digital service providers in the 2019 EU Regulation and the 2021 draft amendment to the Polish law, although the 2020 NIS 2 directive draft recognizes that it has become irrelevant and replaces it with a distinction between essential and relevant entities. Also, other changes currently proposed are justified by the blurring of the boundaries between virtual and real space.
Description
Keywords
cybersecurity, cyberspace, legislation, NIS Directive, ENISA
Citation
"Review of European and Comparative Law", 2021, T. 46, nr 3, s. 219-235
URI
http://hdl.handle.net/20.500.12153/2227
ISBN
Creative Commons License
http://creativecommons.org/licenses/by-nc-nd/3.0/pl/
Collections
Review of European and Comparative Law, 2021, Vol. 46, No 3