Laws and regulations governing cybersecurity

In Poland, the law that regulates the Act of 18 July 2002 on the provision of electronic services (Journal Of Laws of 2002 No. 144, item 1204), which greatly limits cases when an ISP can be held liable:

Art. 12. 1. The service provider who provides services by electronic means, including the transmission of data transmitted by the recipient of the service in the telecommunications network or the provision of access to the telecommunications network within the meaning of the Act of 16 July 2004 - Telecommunications Law, shall not be liable for the content of these data, if:

1) is not the initiator of the data transfer;

2) does not select the recipient of the data transfer;

3) does not select or modify the information contained in the message.

2. The exclusion of liability referred to in par. 1 also includes automatic and short-term indirect storage of the transmitted data, if this activity is solely for the purpose of transmitting and the data is not stored longer than normally necessary to effect the transmission.

Art. 13. 1. The person who transmits the data and provides automatic and short-term intermediate storage of this data in order to speed up the re-access to it on the basis of Art. request of another entity:

1) does not modify the data;

2) uses IT techniques recognized and usually used in this type of activity, which define the technical parameters of access to data and updating them, and

3) does not interfere with the use of IT techniques recognized and usually used in this type of activity in the field of collecting information on the use of collected data.

2. The person who, under the conditions referred to in para. 1, will immediately delete the data or prevent access to the stored data, when it obtains the message that the data have been removed from the original transmission source or access to them has been rendered impossible, or where a court or other competent authority has ordered the data to be deleted or prevented from being accessed. Art. 14. 1. No liability for the stored data shall be borne by anyone who, while providing the resources of the ICT system for the purpose of storing data by the service recipient, does not know about the unlawful nature of the data or related activities, and in the event of receiving a government notification or obtaining reliable information about the unlawful nature of the data or related activities will immediately prevent access to this data.

2. The service provider who has received an official notification of the unlawful nature of the stored data provided by the recipient and has prevented access to this data, is not responsible for this recipient for damage resulting from preventing access to this data.

3. The service provider who has obtained credible information about the unlawful nature of the stored data provided by the service recipient and has prevented access to this data, is not liable to this service recipient for damage resulting from preventing access to this data, if he immediately notified the recipient of the intention to prevent access to them.

4. The provisions of para. 1-3 shall not apply if the service provider has taken control of the recipient within the meaning of the provisions on competition and consumer protection.

Art. 15. The entity that provides the services specified in Art. 12-14, is not obliged to check the transferred, stored or made available by him the data referred to in article 1. 12–14