Where does a KSC project start?

With scope qualification, mapping of critical services, executive accountability review and identification of organizational and technical gaps.

Does POLEGIS also prepare evidence for audits and controls?

Yes. We build not only procedures but also an evidence path: registers, decisions, reports, tests and incident handling confirmations.

Does qualification include suppliers and outsourced ICT services?

Yes. We assess ICT dependencies, outsourcing, contractual accountability and supply chain impact on KSC and NIS2 obligations.

NIS2 KSC DORA RODO ISO NIST

KSC

KSC: scope qualification and implementation roadmap without guesswork

The amended Polish KSC framework published in Dz.U. 2026 item 252 implements NIS2 and expands obligations across more sectors, ICT supply chains and executive accountability. POLEGIS turns that into a clear qualification and action sequence.

Submit data for assessment Book a working session

When this KSC service matters

The service is designed for organizations that need to decide quickly whether they fall under KSC directly, as an essential or important entity, or indirectly through critical business and ICT relationships.

Companies from regulated sectors, critical infrastructure and essential services.
Organizations serving operators, public entities and companies with cybersecurity obligations.
Boards that need a clear answer on accountability and exposure, not just a list of legal provisions.

What POLEGIS does in practice

Determine entity qualification and identify critical services.
Map UKSC/NIS2 obligations into governance, roles, risk, incidents, continuity and ICT supply chain controls.
Design a prioritized remediation plan for management, IT, compliance and operations.
Build the evidence package needed for control, audit and incident reporting.

The result is not a shelf document, but an operational sequence of actions, owners and dates.

Executive and compliance outcome

A clear answer whether and to what extent the organization falls within KSC scope.
A map of obligations and accountability assigned to real business functions.
An implementation plan split into management decisions, process work and technical safeguards.
A structured evidence chain supporting inspections, audits and incident reporting.

Frequently asked questions

Do we need a completed questionnaire and all procedures before the project starts?
No. We start with qualification and an accelerated gap picture to define the right work order.

Does the service cover formal and organizational aspects as well?
Yes. We translate regulation into operating practice, not just into technical checklists.

Can this work continue into NIS2 implementation and EURAEGIS?
Yes. We treat KSC as part of a wider governance and evidence model that can then be maintained in EURAEGIS.

Contact

Send us a message

Use the form below to contact POLEGIS. You can provide e-mail, phone, or both.

Scope: KSC, NIS2, DORA, GDPR, digital resilience

Mode: consultation, implementation, audit readiness

Support: SME, public sector, critical and essential entities

Full name *

Company

E-mail

Phone

Message *

This form is used to handle business inquiries regarding POLEGIS services. Describe the case and provide at least one contact channel.

If you provide an e-mail address or phone number, enable consent for the matching communication channel.

I confirm that the form concerns a business inquiry and that the submitted contact data is accurate. I confirm that I have read the personal data processing notice related to handling this inquiry. I agree to be contacted electronically at the provided e-mail address. I agree to be contacted by phone at the provided number.

Data processing notice

The data controller is POLEGIS Sp. z o.o., Milenijna 43 / 2, 03-130 Warszawa, Polska. Contact regarding this form: biuro@polegis.pl.

We process the data to answer the inquiry, conduct correspondence, and prepare an offer or working discussion.
The legal basis is taking steps at the request of the contacting person and the controller’s legitimate interest in handling business relations.
We retain the data for the duration of the case and for the period necessary to secure potential claims and demonstrate the course of contact.
You have the right to access, rectify, erase, restrict processing, object, and file a complaint with the competent supervisory authority.