New law on the National Cybersecurity Certification System takes effect
On 28 August 2025, the Act on the National Cybersecurity Certification System enters into force, introduced as a response to the growing losses caused by the spread of cybercrime. What should ICT providers know?
Purpose of the Act
The new regulations aim to strengthen the resilience of public administration and private sector information systems, as well as to improve the prevention of and response to cybersecurity incidents.
System structure
Key participants in the system include the Minister for Digital Affairs, the Polish Centre for Accreditation (PCA), certification bodies, and ICT providers, who may submit their products, services, or processes for conformity assessment under certification schemes.
Voluntary certification
Certification of ICT products, services, and processes is voluntary. The system does not impose obligations on entities that do not participate, nor does it create barriers to market entry.
Benefits
Certification is designed to give ICT providers access to solutions that meet the highest security standards, thereby increasing customer trust and reducing the risk of losses linked to cybercrime.
The role of the Polish Centre for Accreditation
The PCA oversees certification bodies and the accreditation process for ICT providers, while the Minister for Digital Affairs is responsible for issuing certificates with the highest level of trust.
This post was prepared as part of the 76th edition of FinTech Insider. A graphic version is available on our LinkedIn profile and Knowledge Base.
