Poland Tightens Cyber Defenses: Huawei and ZTE Banned

Nawrocki Signs—and Refers to Constitutional Tribunal

On February 19, 2026, President Karol Nawrocki signed the amendment to the National Cybersecurity System (KSC) Act, finalizing a multi-year legislative process. The new regulations implement the EU's NIS2 directive and radically tighten requirements for entities operating in sectors crucial to the functioning of the state. In an unprecedented move, the President simultaneously referred the law to the Constitutional Tribunal, signaling doubts about the compliance of some provisions with the constitution.

"Lex Huawei": Who Loses Access to the Polish Market

The central element of the law is the high-risk supplier (DWR) mechanism. The minister responsible for digitization, after a multi-stage administrative procedure, may recognize a manufacturer of equipment or software as a threat to the fundamental security interests of the state. Although the regulations do not name countries, no one doubts that it primarily concerns companies from China, Russia, and other non-NATO countries.

It is no coincidence that the law has been dubbed "Lex Huawei." The Chinese telecommunications giant has already warned that it will consider arbitration in the event of economic losses. ZTE, the second Chinese network equipment manufacturer, is similarly threatened. Entities listed as key and important entities—a total of tens of thousands of organizations from 18 sectors, from energy and telecommunications to water management and food distribution—will not be able to use products from high-risk suppliers. Existing installations must be replaced within seven years.

Rare Agreement Across the Divide

In the Sejm (Parliament), the law achieved a result that is considered a rarity in the current political climate: 407 MPs voted in favor, with only 10 against. Digital security turned out to be one of the few topics on which the ruling coalition and the opposition speak with one voice.

The law is part of a broader strategy of the Donald Tusk government. The Prime Minister announced 2026 as the "year of Polish acceleration," and the defense budget will reach a record 4.7–4.8 percent of GDP—the highest rate in the entire NATO. Poland treats digital security as an integral part of its defense strategy, not just a separate department of administration.

Business Alarms: Billion-Dollar Costs and Expropriation Allegations

The political triumph comes at a price. Eleven business organizations appealed to the President to send the law back to the Sejm. The main complaint is the financial burden of adaptation: an analysis by the National Chamber of Ethernet Communications, covering 152 companies, estimated the cost of replacing equipment in the telecommunications sector alone at 14.4 billion złoty over five years—an average of 4.3 million złoty per operator. Experts warn of a particular threat to small internet providers and the risk of digital connectivity disappearing in rural areas.

According to entrepreneurs, the forced replacement of functional equipment without compensation is de facto expropriation, violating the constitutional protection of private property. The President, in signing the law, recognized this problem—hence the simultaneous referral of the regulations for constitutional review.

Poland—EU Leader in Cyberattacks

The context of the decision is clear: the Microsoft Digital Defense report indicates Poland as the European Union country most frequently attacked by cybercriminals. In December last year, a serious incident in the power grid almost led to a blackout. Government representatives also cite the attack on the Viasat satellite system during the Russian invasion of Ukraine—as a warning against the vulnerability of critical infrastructure to hostile actions. It was these events that determined the political will to close Polish networks to suppliers considered risky.

New Standard on NATO's Eastern Flank

The final shape of the law depends on the verdict of the Constitutional Tribunal—primarily on the issue of possible compensation for companies forced to replace equipment. In any case, Poland joins the USA, Great Britain, and Australia, which have already excluded Chinese suppliers from key sectors, setting a new standard for digital security. For a country spending almost 5 percent of GDP on defense and having Russia at war as its eastern neighbor—this is a logical completion of the whole.