GFP Legal provides comprehensive legal services for businesses in the implementation of the NIS 2 Directive and the adaptation of their activities to the amendment of the Act on the National Cybersecurity System (KSC). We support entrepreneurs at every stage, from the analysis of obligations and the preparation of documentation to practical organisational measures.
As an experienced law firm, we implement NIS 2 in an orderly and process-oriented manner, ensuring a clear division of responsibilities and consistency of the procedures adopted. Our goal is not only to meet the statutory requirements, but also to achieve lasting compliance with NIS 2, which strengthens the security and stability of the entire enterprise.
Does the implementation of NIS 2 apply to your company?
The obligation to implement NIS 2 applies to a wide range of economic operators in Poland, imposing cybersecurity obligations also on companies that have not been subject to such obligations so far. The criteria to be taken into account when assessing whether the implementation of the NIS 2 Directive will be necessary for your company are:
- company size – NIS 2 implementation primarily concerns medium-sized and large businesses, i.e. companies employing 51 or more people, and smaller companies if their turnover or total annual balance sheet exceeds EUR 10 million, and
- sector in which the company operates – only the sectors specified in the directive, such as:
− production and distribution of chemicals,
− production, processing and distribution of food,
− production of medical devices,
− production of computers, electronic and optical products,
− production of electrical equipment,
− production of motor vehicles, trailers, semi-trailers and other transport equipment, including parts,
− production of machinery and equipment.
Implementation of the NIS 2 Directive for companies – how can we help?
As your law firm, we carry out the implementation of NIS 2 step by step, minimising legal and operational risks. In order to ensure full compliance with NIS 2, we can:
- analyse whether your company is affected by the implementation of the NIS 2 Directive and, if so, what its status is (key entity or important entity),
- assist in registering your company in a special ministerial register of entities covered by the NIS 2 Directive,
- prepare your company organisationally, including in terms of incident handling processes, staff training, etc.
- develop comprehensive NIS 2 documentation, including security policies, risk management procedures and incident response instructions.
It is worth remembering that failure to implement the NIS 2 Directive may result in sanctions from supervisory authorities, which have at their disposal instruments such as high financial penalties imposed on companies, financial penalties imposed directly on managers, or other administrative measures. Therefore, these regulations should not be underestimated.
