The Obligations of Public Entities

Abstract

The author presents the structure and principles which the Polish legislature imposes on public entities in the field of cybersecurity. The analysed regulations cover government authorities, state control authorities, law enforcement authorities, courts (both common and special), local government units and their associations (including metropolitan unions), budgetary units and Budget establishments, executive agencies, budgetary institutions, the Social Insurance Institution (ZUS) and managed funds, the Agricultural Social Insurance Fund (KRUS) and the funds managed by its President, the National Health Found, public universities, and the Polish Academy of Sciences. In addition to these public finance entities, special cybersecurity obligations have been imposed on research institutes, the National Bank of Poland, Bank Gospodarstwa Krajowego (BGK), Office of Technical Inspection (UDT), the Polish Air Navigation Services Agency (PENSA), Polish Centre for Accreditation (PCA), the National Fund for Environmental Protection and Water Management (NFEPandWM) and the provincial funds, as well as municipal companies. Despite differences in the form of activity (including possession or absence of legal personality), it is commonly agreed that the analysed regulations treat public entities as public administration authorities, at least in the functional sense, as evidenced by the indication that the obligations of public entities should be carried out within the framework of public tasks.