8080 - a short story of 4-digit number and EU regulations in pratice 
In Poland, the reporting mechanism via the short number 8080 enables rapid, citizen‑driven identification of smishing and cyber‑fraud attempts. Reporting a malicious message involves simply forwarding the suspicious SMS to 8080, which delivers it directly to CERT Polska for analysis [1].
Upon receipt and confirmation of malicious content, each new SMS pattern is published by CERT and within ~5 minutes, automatically fetched by all cooperating telecom providers, which then block any incoming messages matching it.
The entire system operates under the Act of 5 July 2018 on the National Cybersecurity System [2], which is the Polish implementation of the EU's NIS Directive [3] and tasks CERT with maintaining a registry of malicious SMS patterns and coordinating with telecom operators.
In 2024 alone, 746 new patterns were produced, blocking 1 475 366 fraudulent SMS before they reached users. Citizens filed 354 566 reports, of which 140 659 were classified as malicious [4].
It's difficult for me to assess whether these figures are high or low. The system may still lack sufficient patterns, and the number of blocked messages might be too small relative to the true scale of SMS communication and smishing threats... but hey, it's still better than nothing, isn't it?
Numbers are of course important, but what matters most to me is what I wrote in the second paragraph of this text. Large telecom companies with large legal departments have reached an understanding with a public entity (CERT Polska) and are actively cooperating for the benefit of citizens. That kind of public - private collaboration is very good, because it establishes a real pathway by which the numbers can grow in the future in a sustainable and enforceable way. This is pretty cool.
[1] https://cert.pl/baza-wiedzy/falszywe-smsy/
[2] https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
[3] https://eur-lex.europa.eu/eli/dir/2016/1148/oj/eng
[4] https://cert.pl/uploads/docs/Raport_CP_2024.pdf
Wir als BSI sorgen für Cybersicherheit in Deutschland - das heißt konkret:
Regierungsnetze schützen & Angriffe abwehren
Mehr zu unseren Aufgaben: 
