Poland: New act on combating abuse in electronic communication
On 25 August 2023, the Act on Combating Abuses in Electronic Communication (CAECA) was published in the Polish Journal of Laws. While the act was enacted in full over a long period, the obligations under the new legislation will apply from 25 September 2023.
The adoption of the Act on Combating Abuse in Electronic Communication is a response to an increasing number of scammers employing telecommunication services for their attacks.
The act identifies four forms of abuse: smishing, CLI spoofing, generating artificial traffic and making unauthorized changes of address information. The task of combating abuses in electronic communication will include:
blocking text messages that qualify as smishing;
blocking text messages purporting to be from a public institution (name of sender);
blocking certain calls or the concealing of caller ID from the end user.
All entities, whose business activities involve the provision of telecommunication networks or telecommunication services are covered by this Act.
Telecommunications operators will also be able to block access to certain listed websites that mislead and fraudulently obtain user data or do harm by disposing of assets.
Other entities will also have new obligations under the new laws. E-mail providers that provide services for 500 000 users or more or for a public entity, will be required to deploy and apply additional mechanisms (SPF, DMARC and DKIM), while firms providing e-mail to public entities will be required to ensure that it has a multi-factor authentication option.
Entities that fail to comply with the new obligations could face an administrative fine of up to 3% of their revenue generated in the previous calendar year. There will also be criminal sanctions for fraudulent abuses in electronic communication.