More than 70 per cent of Polish public administration units are already using cloud solutions, according to the latest report on the state of cloud computing implementations in the public sector. Local authorities are more open in this respect than central administration, which is still rather cautious about the cloud. However, there are some worrying conclusions from the report regarding the quality and awareness of implementations: the vast majority of public institutions using the cloud rely on the services of a single provider, which raises concerns about vendor lock-in, i.e. dependence on a single technology partner. Moreover, experts point to the lack of long-term cloud strategies in administrations.
The report was prepared jointly by experts from the Cyfrowa Polska Association and Andersen Tax & Legal law firm. – We analysed in detail the criteria for selecting suppliers by public administration bodies and the cost structure of storing data in the cloud. All this was done to diagnose the current level of cloudisation of the Polish public administration and to identify the most important challenges standing in the way of implementing cloud technology in the public sector , says Mikołaj Śniatała, an expert at Andersen Tax & Legal law firm.
According to the report, although the scale of technology adoption in public institutions is growing, serious gaps in planning, security and management of cloud environments in these units are visible. Cyfrowa Polska’s experts point to a widespread lack of a transparent cloud implementation strategy – the majority of administration units do not plan migration, do not analyse risks, nor do they research new solutions. Nor do they plan to change providers or diversify services. According to experts, this lack of strategy limits the flexibility and resilience of the system. – Digitisation of the public sector in Poland, despite visible progress, still too often boils down to individual implementations of cloud services. Such activities, although valuable in themselves, are not part of a coherent strategy. As a result, there is no holistic approach to monitoring costs and measuring the effectiveness of implemented solutions, which significantly hinders the assessment of their real impact, says Michał Kanownik, President of Cyfrowa Polska.
Vendor lock-in a real threat
One of the most important findings of the report is the scale of the Polish administration’s dependence on a single provider. 78% of all units using the cloud use solutions from only one company. This indicates the risk of so-called vendor lock-in, i.e. a permanent relationship with one technological entity. What is more, as many as 7 out of 10 institutions, when selecting cloud services, are guided by existing licence agreements and not by an assessment of security, innovation or cost-effectiveness.
Meanwhile, according to the experts’ assessment in the report, in the case of cloud services it is essential to ensure that there is no dependence on a single provider. – In particular, it is important that the contractual terms defining the rights and obligations of both contractual parties include the procedure for migration and exit from the cloud, believes Michał Kanownik.
The issue of cyber security is also extremely important, the report highlights. Only 7% of public entities surveyed by Cyfrowa Polska and Andersen Tax & Legal considered security as the main criterion for choosing a cloud service provider. This may raise legitimate concerns – especially in the context of storing sensitive data processed by public institutions.
Untapped potential of national solutions
Experts who participated in the preparation of the study also point to the underutilised potential of homegrown cloud solutions, especially the limitations of projects such as the Government Cloud Computing (RCO) or the Cloud Service Assurance System (ZUCH). According to the report, their low adoption by government entities is due to a lack of trust, institutional illegibility, poor technical offerings and lack of implementation support. In practice, the public sector does not see ZUCH as a viable alternative to global providers.
– The observation of the abnormally low popularity of these providers is also confirmed by the Supreme Chamber of Control, which, in its post-audit statement of 16 March 2025, indicated that between 2020 and 2022, there were only nine entities in the ZUCH database that became active in the system, adds Mikołaj Śniatała of Andersen Tax & Legal.
Poland in the cloud, or Cloud-First policy
According to Michał Kanownik, the solution to some of these problems could be the introduction of a Cloud-First policy in Poland, encouraging administration to prioritise the use of cloud solutions with a clear definition of principles, standards and requirements for suppliers. – Such a policy would set the directions of development, increase the predictability of IT projects in administration and facilitate cooperation with the technology sector, the president of Cyfrowa Polska points out.
As part of the promotion of the Cloud-First policy, the government would issue recommendations on the use of the cloud. According to experts from Cyfrowa Polska, defining the rules and conditions that will have to be met by service providers would streamline the acquisition of cloud solutions by government entities. Public entities and external providers would have to know the boundary conditions and requirements for the products and services to be implemented. At the same time, IT teams within the administration would be able to plan and develop future solutions effectively and in advance, the report explained.
– The study we have just published shows a lack of a coherent strategy, a low level of attention to security and a lack of diversification of providers in the field of cloud solutions. This is why, together with experts from various backgrounds, we are calling for the development of a coherent national cloud development policy, increased competence in administration and the creation of conditions for greater competition on the cloud computing services market, concludes Michał Kanownik.
Responses to questions concerning, among other things, the type of data stored in the cloud, the administration’s preferred providers, factors influencing their choice and the cost of using cloud services were collected from 82 public administrations between January and May 2025.
