Bill on high risk suppliers

The subject of this article is the introduction of cybersecurity-related regulations on the providers of infrastructure for the provision of 5G technology services into the Polish legal system. In particular, the implementation of the recommendations of the report prepared by the Network and Information System Cooperation Group entitled Cybersecurity of 5G networks EU Toolbox ofrisk mitigating measures (referred to as the 5G Toolbox). Following the recommendations of the European Commission, Poland has undertaken work on introducing regulations that would implement the provisions of the 5G Toolbox regarding high-risk suppliers. An amendment to the Act on the National Cybersecurity System of 3 July 2023 (‘the Bill’) has been prepared, which includes recommendations of the 5G Toolbox. The article carries out an analysis to answer the question of whether the provisions of the Bill regarding proceedings in the case of the so-called high-risk suppliers are consistent with the Constitution and basic procedural principles, and in particular whether legal guarantees have been provided for participants in the proceedings regarding high-risk suppliers. The research hypothesis is that not all proposed regulations in this area meet the previously indicated requirements. The analysis takes into account the proposed regulations regarding: proceedings concerning recognition of a supplier as a high-risk supplier; application of the provisions of the Code of Administrative Procedure in these proceedings and the content of issued decisions and remedies. Mainly the dogmaticlegal method, as well as the theoretical-legal method, is used.