In response to increasing cybersecurity threats affecting both critical state systems and modern digital services, the European Union adopted Directive (EU) 2022/2555, known as NIS2, in 2024. This directive aims to enhance the resilience of information systems across vital economic and administrative sectors. It establishes new obligations for EU member states to enforce cybersecurity protocols, which include measures for risk management, technical protective measures, and incident reporting requirements as delineated in Articles 1 and 20-23 of the directive. In Poland, the implementation of NIS2 will be facilitated by an amendment to the National Cybersecurity System Act. The amendment was passed by the Sejm on January 23, 2026, and is currently undergoing Senate procedures, indicating that it should come into force in the coming months. This legislative change is significant as it expands the scope of entities that must comply with the new regulations, impacting various sectors. As the NIS2 directive comes into play in Poland, businesses and entities across affected sectors will need to adapt to comply with the new cybersecurity obligations. This may lead to a shift in how organizations manage and assess cyber risks, ensuring they meet the standards set forth by the directive. Overall, the adoption of these new cybersecurity measures is pivotal for improving the overall cybersecurity posture within the EU and especially in Poland, as it addresses specific vulnerabilities within essential services and critical infrastructure.