Data law is no longer just about GDPR. The European Union’s legislative trend of incorporating data law regulations into comprehensive sectoral regulations: healthcare, financial markets, corporate stock market law, the defense industry, electronic communications, and the phenomenon of fair competition in trade, is resulting in a significant fragmentation of legal sources, the core subject of which is “DATA AND DATA PROTECTION
The interpenetration and interaction of the sources of law in the shape of an atom
The development and dissemination of technology mean that internet users are facing an increasing number of threats. This development also brings with it a growing number of opportunities for those seeking to exploit this development to deceive others. To counteract this threat, particularly against personal data theft and the misuse of property, CERT Polska, a computer security incident response team operating within the Scientific and Academic Computer Network – National Research Institute (NASK PIB), is tasked with this goal. This is primarily achieved through the CERT Warning List. In 2024 alone, 92,600 malicious domains were added to the Warning List, compared to 79,300 the previous year. Approximately one in three reports submitted to CERT results in the website being added to the Warning List (in 2024, the CERT team analyzed over 300,000 reports). In 2024, the websites listed primarily offered fraudulent investments and were domains imitating popular portals to trick potential victims into providing login credentials. According to CERT data, the estimated number of visits to websites blocked by the Warning List reached nearly 72 million in 2024[1], demonstrating that CERT, together with the Warning List, plays an important role in protecting Polish internet users. This article outlines the procedure for adding websites to the Warning List and, consequently, blocking them.
Polish Act on the national cybersecurity certification system
Publication date: August 31, 2025
On August 28, 2025, the Polish Act of June 25, 2025, on the national cybersecurity certification scheme, entered into force, implementing Regulation (EU) 2019/881 of the European Parliament and of the Council of April 17, 2019, on ENISA (the European Union Agency for Cybersecurity) and cybersecurity certification in information and communication technologies and repealing Regulation (EU) No 526/2013 ( Cybersecurity Act ) (OJ L 151, 7.06.2019, p. 15 and OJ L 2025/37, 15.01.2025).
What is CSIRT GOV and what is its legislative environment
The Polish Computer Security Incident Response Team (CSIRT GOV), led by the Head of the Internal Security Agency, serves as the national CSIRT. The CSIRT GOV is responsible for coordinating the response process to computer incidents occurring in the area specified in Article 26, Section 7 of the Act of 5 July 2018 on the National Cybersecurity System.
