Move supplier assurance off spreadsheets. Private pilot opening soon.→ Join the pilot
SHARDSCybersecuritySupply Chain Assurance · NIS2
Back to the NIS2 overview
NIS2 · Poland

NIS2 in Poland — transposition status and what’s changed

Poland transposed NIS2 through amendments to the Act on the National Cybersecurity System (Krajowy System Cyberbezpieczeństwa, UKSC). The Polish Parliament adopted the amendment in February 2026; the President signed it into law on 19 February 2026, it was published on 2 March 2026, and entered into force on 3 April 2026. The Ministry of Digital Affairs handles entity registration; the supervisory model spreads across the three national CSIRTs — CSIRT NASK, CSIRT GOV, and CSIRT MON — with sector-specific allocation. The Act introduces a single point of reporting via the IT system S46.

National competent authority
Ministry of Digital Affairs

Authoritative source for Poland-specific NIS2 guidance, registration, and incident reporting.

5.0 / Next step

Where are you with NIS2 supplier work in Poland?

Two ways to find out fast — a five-minute self-assessment, or a practitioner-walked exposure picture in two to three weeks.

Take the readiness checkSee the Exposure Assessment

Detailed Poland guide in development — get notified

We’re writing a longer practitioner guide on NIS2 in Poland: thresholds, registration timelines, and what regulators are starting to ask suppliers for. Drop your email and we’ll send it when it lands.

We use your address only for this — no marketing list, no resale.

Back to the NIS2 overviewSee how Supply Chain Assurance helps with NIS2 supplier work