T: +48 22 375 40 40
ul. Czerniakowska 87A
T: +48 22 375 40 40
ul. Lubicz 42
T: +48 22 375 40 40
ul. Uniwersytecka 20
B2RLAW 2020. All rights reserved.
European response to cyberwar. NIS-2 – an opportunity for increased levels of cyber security?
More than two months ago, on 13 July, after a political agreement was reached between the European Parliament and EU Member States, the European Parliament’s Committee on Industry, Research, Telecommunications and Energy approved a draft directive on measures for a high common level of cyber security within the Union, repealing Directive (EU) 2016/1148, the so-called NIS2 Directive. We are currently waiting for its approval by the European Parliament and then by the Council, after which the new law will be published in the Official Journal, and 20 days later the directive will enter into force. For Member States, this moment will mark the start of a 21-month period for the implementation of the directive in national legal orders. In Poland, this will be done by adopting a new (or amending an already existing) relevant law on cyber security.
Find more about our Media & Technology Practice here. The rest of the article below.
The differences between NIS and NIS2
The main differences between the first – still in force – cyber security directive, i.e. network and information security (NIS), and NIS2 concerns ‘obliged entities’; the technical and organisational measures to be implemented and the reporting of incidents and threats. In all the areas mentioned in NIS2, the scope is broadened compared to the provisions of the NIS Directive.
In the NIS2 Directive, ‘obliged entities’ have been divided into two categories: key entities, which includes, inter alia, cloud computing service providers, data centre service providers, content delivery network service providers; and relevant entities, which includes, inter alia, search engine providers, trading platform providers, social network providers and courier service providers. Obligations have been placed on both categories to prepare and implement appropriate cyber security procedures and measures, and to report incidents as well as cyber threats that may result in a significant incident to the relevant authorities.
NIS2 introduces stricter supervisory measures for national authorities, as well as stricter enforcement requirements, and aims to harmonise sanction regimes across Member States. The responsibility for ensuring cyber security will also be placed on those who manage the entities obliged by the directive.
Regulation at an EU level seems to be a necessary step
The regulation, at an EU level, of such a crucial issue as cyber security – especially today – seems to be a necessary step. However, as is usually the case with EU regulations, there is a risk that introducing such a law will be more of a burden (especially in terms of implementing additional measures, creating documentation, etc.) for those subject to it, rather than a real tool to defend the rights that formed the basis for the rationale of its enactment. This risk has been experienced, for example, in respect to the General Data Protection Regulation (RODO), which has translated very little into actual protection of personal data, but rather into the production of documents and the inundation of data subjects with quite often incomprehensible information.
NIS2 wants to increase the level of cyber security, using two tools primarily – the need for entities subject to its provisions to create appropriate documentation and procedures, and the reporting obligation (both of incidents and cyber threats) imposed on these entities. Used in the right way, these tools can achieve the intended purpose of the regulations introduced, but under certain conditions.
Human beings – the weakest link
First of all, it must be taken into account that the weakest link in the area of cyber security in any organisation is the human being. Machines follow all instructions without discussing them, humans are guided by many different factors when making a decision (e.g. whether or not to share information with someone). And this decision is not always in line with what is provided for in his or her procedures. In addition, a person is easily manipulated, especially when so much information about them is publicly available in the internet space.
Thus, in order for an organisation’s documentation, created under the NIS2 requirements of dealing with given cyber security situations and the measures taken to increase the level of cyber security, to be effective and applicable, those who will be required to comply with them need to understand why and for what purpose the various rules are put in place. They should also be aware of the consequences of not complying with them in various cases. It is therefore of the utmost importance that these persons are well and practically trained, and that they are involved in the creation of the rules to which they would then be subject. For these rules must reflect and fit in as much as possible with the actual functioning of the organisation to date. It is pointless to create artificial obligations that will not have a chance to exist in the current state of the organisation. Of course, to the extent that the actual state of the organisation does not correspond at all to the requirements of the directive, it is necessary to adapt the status quo to its provisions (and not vice versa), but this action requires prudence and time in order to be respected at all by those operating within the organisation.
Undoubtedly, it will be more effective to introduce the obligations that NIS2 imposes in an evolutionary manner than to implement them in the short time between the enactment and the entry into force of the Polish law transposing NIS2. Given that the purpose of the enactment of the Directive is ultimately to harmonise the legal orders of Member States, it may be assumed that national legislation will not deviate significantly from its provisions and already now start the process of implementing the new rules on their basis.
Equally important will be the practice of application of the Directive’s provisions by the obliged entities. Practice developed at the outset will then be replicated. This places a heavy responsibility on the largest entities subject to the Directive’s provisions, which will initially be the focus of attention for the other smaller players within the markets covered by cyber security requirements. Prudent, rational and informed implementation of the obligations under NIS2 seems likely to achieve the expected goal of increasing the level of cyber security across the European Union, which is worth the effort and commitment of the obliged entities.
Attorney-at-Law, Counsel at B2RLaw
Media & Technology, Cybersecurity, Intellectual Property
B2RLaw’s experts contribute to the The Legal 500: White Collar Crime Country Comparative Guide
B2RLaw’s experts, Senior Partner Bartłomiej Jankowski, Counsel Anna Grochowska – Wasilewska and Junior Associate Kinga Karaszewska were invited to contribute to the Polish chapter of The Legal 500: White Collar Crime Country Comparative Guide.
The Legal 500’s Country Comparative Guides are produced in association with the world’s leading lawyers and give the in-house community a practical overview of the laws and regulations in key jurisdictions, for specific practice areas.
Each country chapter is written by a renowned firm in an easy to use Q&A format. The Hot Topic articles provide analysis of current trends and developments within particular practice areas, giving Legal 500’s readership, made up of GC’s, In-House Counsel and Senior Executives, a deeper understanding of pressing issues within the specified sector.
The aim of The White Collar Crime Country Comparative Guide is to provide its readers with a pragmatic overview of the white collar crime laws and regulations across a variety of jurisdictions. This country-specific Q&A provides an overview of White Collar Crime laws and regulations applicable in Poland.
Read the full report here.
Do tax authorities abuse the law by initiating penal fiscal proceedings?
As indicated by the case law of the Supreme Administrative Court (hereinafter as the “SAC”), the answer to this question is, unfortunately, sometimes positive.
Tax authorities often initiate penal fiscal proceedings not because they have evidence justifying analysis of a given act from the point of view of the penal fiscal code, but only in order to suspend the limitation period of a tax liability.
Pursuant to Article 70 (6) (1) of the Tax Ordinance Act (hereinafter as the “TO”), the limitation period of a tax liability does not commence, and a commenced one is suspended, on the day of initiating proceedings in a case concerning a tax crime or tax offence, on which the taxpayer was notified, if the suspicion of a crime or an offence is connected with failure to fulfil the liability.
This practice of the tax authorities has been considered unacceptable by the SAC and has been identified as an abuse of the law.
As indicated by the SAC, if Article 70 (1) (6) of the TO did not exist, the tax authorities would not initiate penal-fiscal proceedings.
Therefore, the SAC decided that it could control the legitimacy of suspension of the limitation period. Otherwise, the objectives of this institution would be violated. Instead, this would result in an instrumental use of the TO’s regulation contrary to the principle of a democratic state of law.
Verification of the initiation of penal fiscal proceedings by administrative courts is a controversial issue. It is argued that such scope of control does not fall within the remit of the administrative courts. However, the SCA stated that it may perform such control in view of Article 121 of the TO, which expresses the principle of acting in confidence to the tax authorities. Therefore, Article 70 (6) (1) of the TO cannot be the basis for suspending the limitation period in connection with each initiation of penal fiscal proceedings, if the initiation of these proceedings exceeded the principle of confidence in the tax authorities. This is to be indicated by the factual circumstances of the tax case in question. Moreover, the ASC pointed out that a taxpayer pursuing his/her rights also relates to the possibility of effectively raising a charge of limitation of tax liability. For that reason, the legitimacy of the initiation of penal fiscal proceedings and, consequently, the correctness of the suspension of the limitation period for the tax liability must be verified. It should be noted that if a tax liability is subject to a limitation period, the tax proceedings are discontinued, according to Article 208 (1) of the TO.
Such an approach by the administrative courts is undoubtedly advantageous for the taxpayer, particularly in the situation of an unjustified initiation of penal fiscal proceedings against him/her. The courts’ new approach will undoubtedly be an important weapon in the fight against the initiation of such proceedings. Perhaps it will also be a precedent breaking the formalistic approach of the administrative courts.
Marcin Malinowski, advocate
Jakub Przybyliński, trainee advocate
 SAC’s judgement of 30 July 2020, Case No. I FSK 42/20.
SAC’s judgement of 30 July 2020, Case No. I FSK 128/20.
A fine and an administrative penalty at the same time: does this constitute a double punishment for the same thing?
One of the principles of criminal law is that for one crime, an offender can only be sentenced once, for example, to a fine. However, in practice, it is often the case that in addition to a fine, a convicted person is also subject to another type of financial penalty. What is the reason for this?
An example of this can be the imposition of both a criminal fine and an administrative penalty under the Fiscal Penal Code and other legislation. For explanatory purposes, we refer to the Gambling Act. The Supreme Administrative Court indicated that there are no obstacles for the legislator to simultaneously establish a financial administrative penalty and a criminal fine in criminal and fiscal proceedings based on the same facts for the act of arranging a game without a license on slot machines outside a casino. Such a decision was possible because conducting gambling without a permit or license, or violating this permit or license, is prohibited under both the Fiscal Penal Code and the Gambling Act.
Interestingly, this decision was made regarding a person who did not own the gaming equipment or install it on his premises, but only rented out the part of the premises where the gaming machine was placed. The Supreme Administrative Court decided that the owner of the premises was actively involved in conducting the prohibited activity noting that if it were not for the lessor, it would not have been possible to conduct such activity in this place.
As the jurisprudence indicates, the “double” punishment of the same person for the same act, as in the above example, only seemingly violates the prohibition of double criminality. This is due to the different functions of criminal and administrative responsibility. It is emphasized that the purpose of an administrative penalty is principally to recover undue benefits, while the purpose of penalties imposed on the basis of the Fiscal Penal Code is primarily to pay for breaking the law. According to the Constitutional Court, the concurrent punishment of a fine and an administrative penalty has been found to be consistent with the Constitution.
However, it should be remembered that any imposition of penalties on an entity must meet the requirements of proportionality. The determination of whether a penalty is proportionate depends on the individual circumstances of a case. In cases conducted on the basis of the Fiscal Penal Code and the Gambling Act, the complexity is exacerbated by the need to also apply the provisions of EU law. This is, however, the subject for another article.
How to limit your potential liability to the tax authorities. A closer look at the anti-avoidance clause.
Everyone must comply with their responsibilities and public duties, including the payment of taxes, as specified by Article 84 of the Constitution. Poland has relatively strong measures to enforce compliance with tax obligations, and an example of this is the so-called anti-avoidance clause. This considers whether a legal or factual act was carried out in order to obtain a tax advantage and determines the amount of tax liability in accordance with the real nature of an act and not in accordance with what the taxpayer declared or demonstrated, regardless of other consequences, such as the possibility of initiating penal and fiscal proceedings.
However, the legal possibilities of the State are not unlimited and it is worth noting an existing limitation stemming from the statute, according to which, the anti-avoidance clause does not, in principle, apply to an entity which has obtained a protective tax ruling, to the extent covered by the ruling, until the effective date of the revocation or amendment of a protective ruling. It should be noted that there is a difference between a protective tax ruling and an individual tax interpretation because, in the case of individual interpretations, it is not possible for the authority to conclude that there are no grounds for applying the tax avoidance clause, and, furthermore, no interpretations appear to be issued regarding elements of the facts or future events which are reasonably foreseeable to be the subject of a decision under the anti-avoidance clause. An application for a protective tax ruling may relate not only to a planned action, but also to actions already initiated or carried out.
In order to avoid any negative consequences or potential disputes with the tax administration, any application should be submitted as early as possible. It is important to note that, despite the requirement to describe in detail all the circumstances of the act to be assessed, the interested party does not have to indicate the tax consequences, including financial benefits, resulting from the act covered by the application. The Supreme Administrative Court has also expressed such a position in one of its judgments.
One should be aware that merely submitting an application for a protective tax ruling does not prevent verification activities, tax inspections, tax proceedings or customs tax inspections being carried out. This instrument is not, however, particularly popular: by the end of 2019, only 9 decisions on protective rulings had been issued, three of which were negative, and the small number of entities which have used this instrument is probably due to the amount of the fee for an application for a protective ruling, which is PLN 20,000. Nevertheless, it is worthwhile considering this method of protection in specific cases.
Is the completion of a customs and tax inspection the end of challenges for taxpayers, or just the beginning?
It is a truism to say that any inspection of the correctness of a business’s actions is an unusual event from its perspective and raises numerous doubts as to its legitimacy.
The constant changes in the law have also affected this area over the years, as customs and tax inspection was introduced into the legal order in 2016.
The completion of a customs and tax inspection does not always mean the end of proceedings because the consequence of such an inspection may be the initiation of tax proceedings, which, in turn, often end with a decision creating a legal issue for the taxpayer.
As a rule, after a customs and tax inspection is completed, the result is drawn up and delivered to the subject, and if the authorities find no irregularities, the delivery of the result is the end the procedure, after which, the subject is entitled to submit a correction of their previously submitted tax return. Making a correction after 14 days from the delivery of the result does not cause legal effects, so it is assumed to be late.
This, however, is not the end, because, even though the tax return has been corrected, tax proceedings may be initiated against the subject. The inspecting authority may simply disregard the correction and it may also conclude that, due to the submitted correction, there are grounds for determining further tax liability. However, taxpayers often do not want to file corrections because they do not agree with the authority, and filing a correction may oblige them to pay additional tax. Thus, the result of an inspection can lead to the initiation of tax proceedings.
But what if the subject of such an inspection does not agree with it?
Unfortunately, the only possibility is to file a corrected tax return. As the process results from the judgment of the Provincial Administrative Court in Rzeszów of 10 September 2019, the result of the inspection does not shape the rights and obligations of the subject, so it cannot be considered a decision. Consequently, the subject is not entitled to lodge an appeal against an inspection result. A subject is only entitled to lodge an appeal against the decision issued in the tax proceedings which will be initiated if no correction is made.
The above is only an example of the many issues related to customs and tax inspections and the description presented is not exhaustive.
European Challenges in Advertising CBD: Poland
As has been previously detailed in this space, as more Europeans embrace cannabidiol (CBD), significant opportunities are arising for producers and retailers to build continent-wide brands. Doing so effectively will require a nuanced understanding of the differences between the continental market’s eight generally established regional markets, and creating products (and messaging strategies) which are sufficiently well aligned to meet the needs of the fastest-growing consumer groups.
By George Havaris and Malwina Niczke-Chmura, B2R Law (special to New Frontier Data)
CBD products as such feature a high CBD content as opposed to any amount of Δ9-THC content (delta-9-tetrahydrocannabinol and tetrahydrocannabinoleic acid), which cannot exceed 0.20% on a dry-weight basis.
Hemp-derived products for centuries held a significant position in nutrition and traditional medicine. In contemporary times, they for decades lost their popularity due to restrictive drug policy, but for several years now interest in the nutritional, useful and medicinal properties of such products have increased and, consequently, their value in the global cannabis market is growing.
In the food industry, including the dietary supplements market, there is a wide range of CBD products available. In Poland (where B2R Law is based and practices), while there is no legislation that specifically regulates trading or advertising such products, entities operating in the space are not entirely at liberty to operate at will. A general rule of advertising is that it must not mislead the customer or unduly influence his/her decision to buy a good or service. Otherwise, such conduct would be an act of unfair competition which, in some cases, may rise to the level of a criminal offense.
Under European Union (EU) law, labeling, presentation, and advertising cannot attribute characteristics and properties to food that it does not possess. A message that states, suggests, or implies a link between good health and a particular food product (or its ingredients) is called a health claim.
To prevent consumers from being misled, restrictions prohibit the use of health claims about ingredients for which no nutritional/medicinal efficacy has been confirmed (or for which no unequivocal scientific position exists). Pursuant to EU regulations, health claims are forbidden if (a) the European Commission (EC) did not grant permission to use them (in accordance with Regulation 1924/2006), and (b) they do not appear on the list of permitted health claims. The list of permitted statements includes content about the nutrients contained in seeds, hemp oil, and their preparation (Regulation 432/2012); therefore, the provisions allow consumers to be informed about the products’ health benefits.
In the case of CBD, it appears that no applications have yet been made to authorize health claims regarding any benefits of cannabidiol. Subsequently, many CBD products may be advertising illegally.
Legal uncertainty also impacts certain CBD products classified as food, in the context of regulations pertaining to novel food. Products derived from plants or parts of plants of Cannabis sativa L. (such as seeds, seed oil, hemp seed flour, defatted hemp seeds, etc., have a documented history of consumption in the EU before 15 May 1997. It likewise follows that either the hemp-fiber component or an intermediate product obtained from the plant (which naturally contains inherent levels of CBD) are not subject to restrictions on novel foods.
However, CBD in any other form (i.e.,  CBD obtained from higher hemp concentrations than naturally occurring in the plant,  CBD from plants other than hemp, or  synthetic CBD) qualify as novel foods and thus must be authorized by the EC to be food ingredients. Placing such products on the market as foodstuffs first requires that the procedures set out in Regulation (EU) 2015/2283 on novel foods are followed. If the process is positive, the EC authorizes the availability of novel foods on the EU market (with the EU list duly updated).
Producers of CBD products are advised to exercise caution in preparing their products for market. Beyond the commonly significant expense of an advertising budget, unexpected legal issues may arise. Additionally, producers ought to be mindful of how even a properly structured advertising message can be blocked, as often happens across the most popular advertising media, including Facebook and Google ads.
For a more comprehensive review of regional EU consumer tastes, download New Frontier Data’s EU CBD Consumer Report: 2019 Overview; download the full report here to gain deeper insight into Europe’s expansively emerging consumer markets.
Can a penalty fee for the early termination of a lease agreement be classified as a tax-deductible cost?
A Company, which was leasing service premises under a lease agreement concluded for a definite period, decided to terminate the lease early because it was unprofitable. This could have happened to anyone, especially during the coronavirus epidemic.
When the parties terminated the lease agreement, they agreed that the company would pay a lump-sum penalty fee to the lessor.
On 29 December 2015, the Director of the Tax Chamber in Warsaw, acting on behalf of the Minister of Finance, issued an individual interpretation for the company, No. IPPB3/4510-833/15-2/DP, in which he considered the position of the company regarding the possibility of including the fee paid for the early termination of the lease agreement as a tax deductible cost.
The Company filed a complaint against this interpretation of the tax law with the Provincial Administrative Court in Warsaw (WSA), which, in its judgment, annulled the contested individual interpretation and ruled that Article 15 (1) of the CIT Act obliges it to take into account the whole context of the taxpayer’s economic activity, as it is only from this perspective that it can be assessed whether the expenditure was incurred for the described purposes or not.
It is important to note that the intention of the taxpayer to reduce losses and not only to increase the profits generated by a certain part of company’s activity justifies the view that the expense is deductible.
Losses reduce income and therefore, reducing or eliminating a loss leads to increased income. Incidentally, this view is apt and can be used in a number of issues in disputes with the tax authorities.
The Head of the National Revenue Administration submitted a cassation appeal against the verdict of the Provincial Administrative Court in Warsaw, which was dismissed by the Supreme Administrative Court.
The Supreme Administrative Court shared the position of the Provincial Administrative Court in Warsaw, stating that, if the termination of a lease agreement and the payment of a fee on that account creates a more favourable situation for the taxpayer resulting in an increase in income, then such action should be considered economically justified and the expense incurred for the additional fee is related to maintaining or securing the source of income.
The Director of the National Tax Information Office shared the taxpayer’s argument that the company, by paying the lessor a fee for the early termination of the lease agreement, sought to preserve and secure its sources of income, and the main purpose of the transaction was to improve its financial standing as continuing to lease the service premises under the existing agreement proved to be unprofitable.
To sum up, a fee paid for the early termination of a lease agreement may be classified as a tax deductible cost if the circumstances of the case and the taxpayer’s motivation indicate that the purpose of the action taken was to secure and preserve sources of income pursuant to Article 15 (1) of the CIT Act.
It is important to properly document these circumstances and to implement certain ways of demonstrating such circumstances.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.