The amendment to the National Cybersecurity System (KSC) introduces new obligations for companies operating as key or important entities in the Polish economy. Contrary to appearances, the implementation deadlines are not “distant” – although penalties may only be imposed after two years, delays can lead to serious operational and legal issues. Therefore, it is worth planning actions carefully over 6, 12, and 24 months and treating the KSC timeline as a practical tool for managing cybersecurity projects within a company.