Skip to content
Security incident? Call: +48 732 059 711
Cydefen
pl en
UKSC

Are you meeting your UKSC obligations?

We verify full compliance with Polish Cybersecurity Act (UKSC). For critical service operators and digital service providers — we assess readiness for inspection and requirement enforcement.

For whom?

  • Critical service operators (energy, transport, water, healthcare)
  • Digital service providers and SaaS platforms
  • Energy, telecom and transport companies
  • Critical infrastructure support providers
  • Organizations preparing for CSIRT.PL or UOKiK control
What you get

Results

UKSC Classification Assessment

We verify if your services fall under UKSC and which category (critical service operator or digital service provider). If in scope — what obligations apply.

Technical Requirements Audit

We check UKSC implementation: risk management, incidents, business continuity, personnel security, internal audits.

Procedures & Documentation Analysis

We assess security policies, incident reporting procedures, emergency plans, security regulations. We identify documentation gaps.

Non-Compliance Report with Remediation Plan

List of all UKSC violations, their risks to business and critical infrastructure. Concrete steps to full compliance with timeline.

Inspection Preparation Support

We can assist with CSIRT.PL communication and inspection documentation preparation. Knowledge of regulatory inspection practices.

How we work

UKSC Audit in 4 phases

  1. 01

    Legal status & UKSC scope determination

    Analysis of service types, assessment if it falls under UKSC, determination of category (critical / digital services). If subject to UKSC — we proceed.

  2. 02

    Documentation & processes review

    We collect all security procedures, emergency plans, policies, incident logs. Interviews with security responsible personnel.

  3. 03

    UKSC requirements compliance assessment

    Point by point evaluation of requirements: risk management, asset identification, continuity plans, incident response, internal audits.

  4. 04

    Report & implementation strategy

    We deliver report with UKSC requirements, identified non-compliances, remediation plan. Session with management and security team.

FAQ

Frequently asked questions

Does our company have to comply with UKSC?
UKSC applies to critical service operators (energy, water, transport, healthcare) and digital service providers meeting size criteria. Audit helps determine if you are in scope.
What are the consequences of UKSC non-compliance?
Critical operators must report incidents, conduct security audits, implement safeguards. Non-compliance risks administrative fines (up to 3% of revenue for digital service providers).
How often does CSIRT.PL audit?
CSIRT.PL conducts regular compliance checks. Some will be unannounced. High-risk sectors (finance, e-commerce) are inspected more frequently. Many prefer independent audit first.
Can we implement UKSC without external consultants?
Possible, but requires significant knowledge of requirements and security standards. Many operators use independent audit to ensure full readiness.
How long does UKSC audit take?
Small digital service provider: 2–3 weeks. Critical service operator: 4–12 weeks. Depends on service scope and organization size.

Check your UKSC readiness

30-minute consultation about your services and UKSC obligation scope. We advise on steps to full compliance.

Book consultation Back to audits