MiCA CASP License in Poland

Poland’s Crypto Licensing Position in 2026

Poland is the largest crypto market in Central and Eastern Europe and one of the highest by adoption in the EU, with roughly 1,300 entities entered in its legacy register of virtual currency activities.^[1] Yet it is the EU member state furthest behind on MiCA. As of June 2026, the KNF cannot accept MiCA CASP applications because the national implementing law, the Crypto-Asset Market Act, is not in force. Two versions were vetoed by the President, in December 2025 and February 2026, and a third reached the President in May 2026.^[2]

There is a working route to the Polish market today, and Jagelski & Partners, through its partner network, delivers it end-to-end: authorise in an EU member state with a live MiCA regime, then passport into Poland under MiCA Article 65. That covers the full path: entity, authorisation, banking, and ongoing compliance, with the Polish market served from day one. This page sets out the Polish regime as it stands and as it is set to take shape under the Crypto-Asset Market Act, and where the Act is not yet in force it says so plainly. The MiCA framework itself, capital tiers, conduct rules, DORA, and the Travel Rule, applies directly across the EU and will govern Polish CASPs once the KNF opens for authorisation.

Largest CEE Market, Delayed Regulator

Poland’s commercial weight is genuine: a population near 38 million, a large domestic exchange sector, and a deep developer base. The contradiction is regulatory. The legacy register of virtual currency activities, maintained by the Tax Administration Chamber in Katowice, was a light-touch AML registration, not a MiCA-grade licence.^[3] The substantive MiCA authorisation that would replace it depends entirely on the Crypto-Asset Market Act, which remains the single point of failure in Poland’s transition.

Why the Act Stalled

The delay is political rather than technical. The government’s bill designating the KNF as competent authority and setting supervisory fees, sanctions, and transitional rules cleared the Sejm but was vetoed twice by President Karol Nawrocki, who argued the regime was over-restrictive and over-empowered the KNF.^[2] A third government draft passed the Sejm in May 2026 and was sent for signature, with a competing presidential bill still before the Sejm, but at the time of writing the Act had not entered into force. The result is an EU member state with no designated competent authority for CASP authorisation under MiCA.

The Working Route to the Polish Market

While no domestic CASP procedure exists, the Polish market remains fully reachable, and that route is one we deliver end-to-end. The MiCA passport under Article 65 lets a CASP authorised in any EU or EEA member state notify its home regulator and provide services into Poland without separate Polish authorisation.^[4] Operators targeting the Polish market authorise in a jurisdiction with an operational regime, such as the Czech Republic, Estonia, or Lithuania, and passport in. We build the licensed entity, run the authorisation, arrange banking, and stand up ongoing compliance, with Article 65 access into Poland from the outset. Polish-resident firms on the legacy register have a clear path too: re-authorise abroad and passport back in, or relocate the business, ahead of the 1 July 2026 deadline.

International Standing

Poland is not on any FATF list and has never been grey- or black-listed; its AML framework is assessed by MONEYVAL, the Council of Europe’s FATF-style regional body. The reputational risk is not listing but the prospect of being the only EU state unable to authorise CASPs at the end of the transitional period, covered in full under International Standing below.

Regulatory Framework

Poland regulates crypto-asset service providers under the EU’s Markets in Crypto-Assets Regulation (MiCA), Regulation (EU) 2023/1114,^[6] which applies directly as an EU Regulation. MiCA, however, requires each member state to designate a national competent authority and to set supervisory fees, sanctions, and transitional rules in domestic law. Poland’s instrument for this is the Crypto-Asset Market Act (ustawa o rynku kryptoaktywów), which designates the KNF as competent authority. As of June 2026, that Act is not yet in force, so no Polish authority can authorise CASPs.^[2] See the consolidated category page for the MiCA framework: requirements and timeline →

Competent-Authority Structure

Under the Crypto-Asset Market Act, the KNF (Komisja Nadzoru Finansowego) becomes the single competent authority for MiCA in Poland: authorisation, prudential supervision, governance, and conduct-of-business oversight.^[7] AML/CFT supervision is separate. Poland’s financial intelligence unit is the General Inspector of Financial Information (GIIF, Generalny Inspektor Informacji Finansowej), and the legacy register of virtual currency activities is administered by the Director of the Tax Administration Chamber in Katowice on behalf of the Minister of Finance. Until the Act takes effect, the KNF’s MiCA competence does not exist in law.

Regulatory History

Poland’s crypto regulation began as an AML registration regime. The register of virtual currency activities (rejestr działalności w zakresie walut wirtualnych) was introduced under the AML Act implementing AMLD5 and opened on November 2021, administered by the Tax Administration Chamber in Katowice.^[3] Entry was a notification-and-fit-and-proper process, not a substantive licence: there was no minimum capital and no MiCA-style prudential review. The register grew to roughly 1,300 entities, making Poland one of the EU’s largest crypto jurisdictions by entity count.

MiCA became applicable to CASPs on 30 December 2024. From that date, the Tax Administration Chamber stopped accepting new entries to the register, since the register was being superseded by MiCA.^[3] Poland chose the maximum transitional window: existing register entrants may continue to 1 July 2026 under MiCA Article 143(3).

The national implementing Crypto-Asset Market Act has been the obstacle. Successive government drafts were vetoed by the President in December 2025 and February 2026; a third government version, adopted by the Council of Ministers on 8 May 2026, passed the Sejm on 15 May 2026 (241 votes to 200), cleared the Senate without amendment on 21 May 2026, and was transmitted to the President on 22 May 2026 for signature within the 21-day constitutional window; a competing presidential bill remained before the Sejm.^[2] As of June 2026 the Act had not been signed or promulgated, so it was not yet in force; once promulgated, the main provisions take effect 14 days after publication in the Journal of Laws (Dziennik Ustaw).^[20]

Recent Regulatory Developments

Dates below track the Crypto-Asset Market Act and the EU-level transitional position; legislative status should be re-checked at deploy.

• May 2026: Third government draft of the Crypto-Asset Market Act passed the Sejm (15 May) and cleared the Senate; transmitted to the President for signature on 22 May.^[2]
• April 2026: ESMA issued a statement confirming the 1 July 2026 end of MiCA transitional periods applies EU-wide regardless of national implementation status.^[5]
• February 2026: President Nawrocki vetoed the second version of the Act.^[2]
• December 2025: President vetoed the first version of the Act; the bill returned to the Sejm.^[2]
• December 2024: MiCA applicable to CASPs; Tax Administration Chamber in Katowice closed the virtual-currency register to new entries.^[3]
• November 2021: Register of virtual currency activities opened under Poland’s AML Act (AMLD5 implementation).^[3]

Regulatory Overlap

EMI/PSD2 overlap: CASPs that issue or handle E-Money Tokens (EMTs) trigger EMD2/PSD2 requirements. The EBA confirmed (June 2025) that custody and transfer of EMTs can constitute payment services, so EMT-related services can require dual authorisation (MiCA + PSD2).^[8]

MiFID II overlap: Crypto-assets that confer equity-like rights or are negotiable on capital markets are classified as transferable securities under MiFID II, not MiCA. ESMA’s technology-neutral guidelines (applicable 3 June 2025) establish a substance-over-form classification test.^[9]

AML supervision overlap: Even before the MiCA regime opens, register entrants remain subject to Poland’s AML Act, GIIF reporting, and the EU Transfer of Funds Regulation Recast. These obligations do not lapse on 1 July 2026; what lapses is the legal basis to provide the underlying crypto-asset services.

The 1 July 2026 Transitional Deadline

Poland applied the maximum MiCA transitional window. Entities entered in the register of virtual currency activities before 30 December 2024 may continue providing crypto-asset services until 1 July 2026, or until a CASP application is decided, whichever is earlier, under MiCA Article 143(3).^[1] The problem is structural: Poland cannot decide a CASP application, because the KNF has no operational authorisation procedure. So for most Polish operators the transitional period simply expires.

Key Deadlines

Why Poland Cannot Issue Authorisations

MiCA Article 93 requires each member state to designate a national competent authority for CASPs. Poland has not done so in law, because designation happens through the Crypto-Asset Market Act, which is not in force.^[2] Without a designated authority, the KNF has no statutory basis to receive applications, run completeness checks, or grant authorisations. The legacy register cannot substitute: it is an AML registration administered by a tax body, not a MiCA prudential licence. The result is that, uniquely in the EU, Polish-domiciled operators have had no domestic route to a MiCA CASP authorisation throughout the transitional period.

The Legacy Register

The register of virtual currency activities is maintained by the Minister of Finance, with functions performed by the Director of the Tax Administration Chamber in Katowice (Dyrektor Izby Administracji Skarbowej w Katowicach).^[3] It listed roughly 1,300 active entities. Registration required fit-and-proper directors and an AML programme, but no minimum capital, no MiCA-style own-funds test, and no substantive prudential review. New entries have not been accepted since 30 December 2024. Existing entries confer the transitional right to operate only until 1 July 2026.

Consequences for Unlicensed Operations

From 1 July 2026, providing crypto-asset services to EU clients without a MiCA authorisation carries:

• Breach of EU law: unauthorised provision is prohibited directly under MiCA from the end of the transitional period, independent of Polish implementation (ESMA, 17 April 2026)^[5]
• National criminal penalties under the draft Crypto-Asset Market Act: a fine of up to PLN 20 million or imprisonment for up to 8 years for providing crypto-asset services in breach of MiCA^[2]
• MiCA administrative penalties under Article 111: fines up to €5,000,000 or a percentage of annual turnover, once a Polish competent authority can enforce them
• Wind-down expectation: ESMA expects unauthorised providers to have operational wind-down plans ready before the deadline, implemented without undue harm to clients^[5]

The Practical Routes

Before 1 July 2026, register entrants have three realistic options, set out under Poland’s Position above: authorise in another EU or EEA member state and passport into Poland under MiCA Article 65, relocate the business and client base to that state, or execute an orderly wind-down. Waiting for Poland is not a fourth option: even if the Act enters into force, a fresh KNF authorisation will take months that the transitional period does not allow.

License Types and Activities Covered

MiCA defines 10 crypto-asset services grouped into 3 classes that determine capital requirements. These classes are set by the regulation itself and will apply in Poland once the KNF regime opens, with no national service categories added. The classification determines the minimum own-funds requirement under MiCA Annex IV: €50,000 for Class 1, €125,000 for Class 2, and €150,000 for Class 3.

Covered Activities

What Does NOT Require CASP Authorisation

Services provided in a fully decentralised manner without any intermediary fall outside MiCA’s scope (Recital 22). Unique, non-fungible tokens (NFTs) are excluded unless issued in large series, collections, or fractionalised forms. Crypto-assets that qualify as financial instruments under MiFID II are regulated under existing securities law, not MiCA. Central bank digital currencies (CBDCs), deposits, insurance products, pension products, and securitisation positions are excluded.

DAO, DeFi, and Regulatory Perimeter

MiCA does not explicitly cover decentralised autonomous organisations (DAOs) or DeFi protocols. ESMA has stated that decentralisation exists on a spectrum rather than as a binary classification. Partially decentralised services: such as DEXs with upgrade keys, admin-controlled smart contracts, or governance tokens concentrated among a small group, remain within MiCA’s scope if an identifiable intermediary exists. The KNF has not yet published jurisdiction-specific MiCA guidance on DAOs, DeFi, or decentralised exchanges, in part because the regime is not operational.^[9] Operators with hybrid models authorising elsewhere in the EU should seek pre-application engagement with their chosen home regulator.

NFT Classification

NFTs that are unique and non-fungible are excluded from MiCA under Article 2(3). The exclusion ceases to apply when: NFTs are issued as part of a large series or collection (suggesting fungibility), NFTs are fractionalised into interchangeable units, or the NFT functions as a payment or investment instrument regardless of its label. The classification is substance-based: labelling a token as “NFT” does not determine its regulatory treatment.

Tokenised securities and RWA

MiCA Article 2(4) excludes crypto-assets that qualify as financial instruments. A tokenised security (a tokenised share, bond, or fund unit) is regulated under MiFID II, the Prospectus Regulation, and the EU DLT Pilot Regime (Regulation (EU) 2022/858), supervised in Poland by the KNF, not under MiCA. ESMA’s Guidelines on the qualification of crypto-assets as financial instruments set the boundary. The honest implication for tokenised real-world assets (RWA): a Polish MiCA CASP authorisation does not cover tokenised securities, which follow the MiFID securities regime instead. Where the structure is a tokenised fund unit rather than a security, see our fund licensing guide; we scope each route through the regime that actually governs it.

Requirements

Once Poland’s regime opens, a MiCA CASP authorisation will require a Polish corporate entity, minimum own-funds of €50,000–€150,000 by service class under MiCA Annex IV, a real place of business, fit-and-proper management, and a full compliance documentation suite. These are the EU-wide MiCA requirements; the table below sets them out, flagging where Polish-specific detail depends on the Crypto-Asset Market Act and its implementing regulations, which were not yet in force as of June 2026.

The standard Polish vehicle for a regulated financial business is a spółka z ograniczoną odpowiedzialnością (sp. z o.o., a private limited company) or, for larger operations, a spółka akcyjna (S.A., a joint-stock company). MiCA does not mandate a specific entity form; it requires a legal person with a registered office and effective management in the authorising member state.

Fit-and-Proper Assessment

MiCA requires the competent authority to assess directors, senior managers, qualifying shareholders, and key function holders against fit-and-proper criteria: professional qualifications and experience, reputation and integrity (criminal background, regulatory history), financial soundness, and the collective knowledge of the management body. Across operational MiCA jurisdictions, the most common failure point has been inability to demonstrate the legitimate origin of owners’ capital. Polish-domiciled applicants will face the same test, but only once a competent authority exists to apply it.

Local Presence and Substance

MiCA requires genuine substance in the authorising state: a registered office, effective management located there, and an organisational structure that allows the competent authority to supervise the entity. A letterbox arrangement with management outsourced to another jurisdiction does not satisfy this. For Poland specifically, the Crypto-Asset Market Act and KNF guidance will set the operational detail, but the underlying MiCA substance test is fixed and is the same one applied by every EU regulator that is currently authorising CASPs.

AML/CFT and Travel Rule

Poland’s AML framework is governed by the Act on Counteracting Money Laundering and Terrorist Financing of 1 March 2018, supervised by the GIIF.^[10] The EU’s Transfer of Funds Regulation Recast (Regulation (EU) 2023/1113) applies directly. There is no de minimis threshold for CASP-to-CASP transfers: full originator and beneficiary information must accompany every crypto transfer regardless of amount. The €1,000 threshold applies only to transfers involving self-hosted wallets: above it, the CASP must verify that the individual owns or controls the unhosted address.^[11]

Sanctions screening must cover EU sanctions lists (mandatory) and UN sanctions lists (implemented via EU legislation). OFAC screening is not legally mandatory in Poland but is strongly recommended given extraterritorial reach and correspondent banking expectations. Suspicious transaction reports are filed to the GIIF. These AML obligations bind register entrants now and will bind Polish CASPs once authorised.

Authorisation Process

There is no operational CASP authorisation process in Poland as of June 2026: the KNF cannot receive or decide applications until the Crypto-Asset Market Act is in force. The process below is therefore the standard MiCA authorisation pathway as it runs in member states with live regimes, which is the route operators targeting the Polish market actually use. It is also the template the KNF will follow once it opens, because the substantive criteria are set by MiCA, not by national law.

Where the application is filed: in the chosen home member state, through that regulator’s electronic portal, in that state’s required language. Once the Crypto-Asset Market Act is in force, Polish applications will be filed with the KNF; until then, applicants file with an operational EU regulator and rely on MiCA passporting for Polish market access.

Required Documents

MiCA CASP documentation requirements follow MiCA Article 62 and Commission Delegated Regulation (EU) 2025/305, which standardise the application form and supporting annexes across the EU.^[12] Once the Crypto-Asset Market Act is in force, the KNF will publish the Polish application form and any national annexes; the substantive content below is set by the regulation and applies whichever member state authorises the entity.

Corporate Documents

Certificate of incorporation from the relevant company register (in Poland, the National Court Register, Krajowy Rejestr Sądowy). Articles of association. Shareholder register. Proof of minimum own-funds capital deposit (bank statement). LEI (Legal Entity Identifier). Proof of registered office address.

Personal Documents (All Directors, Officers, and Qualifying Shareholders)

Valid government-issued photo identification (passport or national ID). Curriculum vitae (CV) with detailed professional history. Criminal record certificates from each country of residence in the past 10 years. Declaration of good repute and absence of pending proceedings. Evidence of professional qualifications, skills, and experience relevant to the role. For qualifying shareholders (10%+): detailed source-of-funds and source-of-wealth documentation, the most scrutinised element in MiCA applications.

Compliance Documentation

The compliance documentation suite is the most heavily scrutinised component of any MiCA CASP application. Each document must be bespoke, reflecting the applicant’s specific business model, risk profile, and operational structure: generic templates adapted from other jurisdictions are a common cause of delay and rejection. The accordion below summarises the core documents required under MiCA and the implementing RTS.

Business Plan and Financial Projections

Programme of operations per MiCA Article 62(2)(d): description of all crypto-asset services to be provided, target markets, client profile, marketing strategy. Three-year financial projections including revenue model, cost base, capital adequacy forecasts, and break-even analysis. Description of the governance structure and internal control mechanisms.

Technology and Operational Documentation

IT architecture documentation. Cybersecurity policy and penetration test reports. Hot/cold wallet management and key management procedures (for custody service providers). Business continuity plan and disaster recovery procedures. Third-party ICT provider register (DORA requirement). Incident response plan for major ICT incidents.

Fees and Costs

Poland’s own KNF CASP fees are not yet fixed: the application fee and annual supervisory contribution sit in the Crypto-Asset Market Act and its secondary legislation, which were not in force as of June 2026. The cost profile below is therefore the typical Year 1 cost of a MiCA CASP authorisation obtained through an operational EU regime, which is the route Polish-market operators use today. The capital, documentation, personnel, and ICT components are MiCA-driven and broadly comparable across member states; only the government-fee line varies materially by jurisdiction.

Total Cost Summary

Note: figures are indicative of a MiCA CASP authorisation via an operational EU regime, not Polish KNF pricing, which is pending. The minimum own-funds capital (€50,000–€150,000) must be maintained as permanent equity and is not consumed during operations. The ongoing own-funds obligation is the higher of the permanent minimum or 25% of the preceding year’s fixed overheads. KNF-specific CASP application and supervisory fees were not published as of June 2026, pending the Crypto-Asset Market Act and its fee regulations entering into force.

Timeline

The 4–8 month timeline is for a MiCA authorisation obtained through an operational EU regime; complex applications can extend to 9–12 months. Measured against the 1 July 2026 transitional deadline, that span is why a fresh KNF authorisation could not complete in time even if the regime opened mid-2026.

Taxation

Poland applies a standard corporate income tax (CIT) rate of 19%, with a reduced 9% rate for small taxpayers whose prior-year sales revenue did not exceed the PLN equivalent of €2 million (the 9% rate does not apply to capital-gains income).^[13] Individuals are taxed at a flat 19% on crypto gains (declared on form PIT-38), realised only when crypto is exchanged for fiat or used to pay for goods. Crypto-asset exchange is VAT-exempt under the CJEU Hedqvist ruling.

Tax Considerations

Polish corporate crypto income falls into the separate capital-gains basket for CIT purposes, which means losses in that basket cannot offset operating income. For individuals, only crypto-to-fiat disposals and payments for goods or services are taxable; crypto-to-crypto exchanges are not taxed at the point of swap. Poland operates an estonian-style lump-sum corporate regime (CIT estoński) that defers tax until distribution, which some holding structures use, though its interaction with a regulated CASP’s capital obligations needs case-specific analysis.

DAC8 / CARF Reporting

Poland has transposed the DAC8 Directive (Council Directive (EU) 2023/2226), which obliges crypto-asset service providers to report user transaction data to the Polish tax administration (KAS).^[14] The Polish implementing act, amending the rules on the exchange of tax information with other countries, was signed by the President on 11 March 2026 and takes effect 14 days after publication.^[21] Reportable-data collection covers 2026 data, with the first automatic information exchanges due in 2027. DAC8 transposition runs on the EU timetable, independently of Poland’s stalled MiCA implementation, which is why crypto tax-reporting obligations are advancing while CASP authorisation is not.

Pillar Two (Global Minimum Tax)

Poland transposed the EU Pillar Two Directive (the OECD Global Minimum Tax), with top-up taxation in force from 1 January 2025.^[13] The 15% minimum applies to multinational and large domestic groups with consolidated revenue exceeding €750 million, a threshold unlikely to affect standalone Poland-domiciled CASPs.

Ongoing Compliance

A MiCA CASP authorisation creates a permanent compliance infrastructure obligation. The authorisation is indefinite (no renewal), but the competent authority conducts ongoing supervision through annual reporting, periodic inspections, and real-time incident reporting. These obligations are MiCA-driven and apply identically to a Polish CASP once the regime opens and to a CASP authorised in another member state passporting into Poland. Annual ongoing compliance costs range from roughly €55,000 for a minimal Class 1 operation to €170,000+ for a full-service Class 3 exchange.

Annual Reporting Obligations

CASPs must submit financial statements, capital-adequacy reports, and activity reports to their competent authority, with annual audited financial statements mandatory. They must also meet AML/CFT reporting to the national financial intelligence unit (in Poland, the GIIF). DAC8 reporting to the tax administration begins with reportable-data collection from 1 January 2026 and first exchanges in 2027.

Supervision Fees

MiCA authorisation is indefinite: there is no renewal fee. Instead, CASPs pay an annual supervisory contribution set by the competent authority. For Poland, the KNF’s contribution will be set by the Crypto-Asset Market Act and secondary legislation, which were not in force as of June 2026.

Regulatory Inspections

Competent authorities conduct both scheduled and unscheduled supervisory inspections, with thematic reviews focused on AML/CFT compliance, client-asset segregation, cybersecurity, and governance. AML supervision is typically exercised separately by the national FIU, so an entity can face inspections from both the prudential regulator and the AML authority.

Enforcement

MiCA enforcement powers available to the competent authority include:

• Administrative fines up to €5,000,000 or a percentage of annual turnover for CASPs (MiCA Article 111)
• Fines for natural persons (directors, officers) up to the limits set in national law
• Public statements naming the entity and the nature of the breach
• Withdrawal of authorisation
• Temporary prohibition on management functions
• Suspension or limitation of services

In Poland, the draft Crypto-Asset Market Act adds national criminal sanctions of up to PLN 20 million or imprisonment for up to 8 years for providing crypto-asset services in breach of MiCA.^[2]

Advertising and Promotion Rules

MiCA’s marketing communications regime (Articles 7, 29, 53, and 66) applies directly to all CASPs.^[6] All marketing must be fair, clear, and not misleading, and must include a disclaimer that the competent authority has not approved it. CASPs are accountable for third-party promotional content, including influencer and social media marketing. Google requires valid CASP authorisation for crypto advertising within the EU from April 2025, which is itself a practical barrier for Polish operators without a MiCA authorisation.

ICT Risk Management & Operational Resilience

The Digital Operational Resilience Act (DORA, Regulation (EU) 2022/2554) applies to all CASPs authorised under MiCA.^[15] DORA has been applicable since 17 January 2025 and, as an EU regulation, binds directly regardless of the state of Poland’s national crypto legislation. The enforcement authority is the competent authority of the state that authorises the CASP. Non-compliance carries penalties of up to 2% of total annual worldwide turnover or €1,000,000 for individuals.

Incident Reporting

Major ICT-related incidents must be reported to the competent authority within strict deadlines:

Digital Resilience Testing

All CASPs must conduct general resilience testing under DORA Articles 24–25, including vulnerability assessments and penetration testing. Threat-led penetration testing (TLPT) under Articles 26–27 applies only to entities identified by the competent authority as significant, at least every 3 years. Microenterprises are explicitly excluded from TLPT. Most smaller and mid-size CASPs will not be designated for TLPT but must still conduct general testing.

Third-Party ICT Risk

CASPs must maintain a register of all ICT third-party service providers, including cloud providers, blockchain infrastructure providers, and custody technology vendors. Contractual arrangements must include audit rights, termination provisions, and data localisation specifications.

Wallet and Key Management

CASPs providing custody services must implement segregated hot/cold wallet architectures, multi-signature authorisation for material transactions, key generation in secure environments, and documented key backup and recovery procedures.

Banking

Banking access for crypto-asset businesses connected to Poland is shaped by two factors: the general caution of European banks toward the sector, and the specific problem that a Polish-domiciled operator relying on the legacy register has no MiCA authorisation to present. As that register loses effect on 1 July 2026, banks are increasingly unwilling to maintain accounts for entities without a clear path to MiCA authorisation.

For an entity authorising elsewhere in the EU, the practical structure is two-tier: an EMI account for day-to-day operational flows and a credit-institution account for client-fund safeguarding under MiCA Article 70. Credit-institution accounts are the harder of the two to obtain and typically take 2–4 months, so banking conversations should begin during application preparation rather than after authorisation.

Banking access is a binding constraint, not an afterthought: a crypto authorisation without functioning banking is of little practical use. Operators evaluating EU jurisdictions should treat the depth of the local banking and EMI ecosystem as a selection criterion in its own right, with the safeguarding account in place before the legacy register lapses. Banking for licensed crypto operators →

FATF Status & International Standing

Poland does not appear on any FATF list. It is absent from both the FATF list of Jurisdictions under Increased Monitoring (the “grey list”) and the list of High-Risk Jurisdictions subject to a Call for Action (the “black list”), and has never been listed under either. As an EU member state, Poland is also outside the scope of the EU list of high-risk third countries, which by definition covers non-EU jurisdictions only.

Poland’s anti-money-laundering framework is assessed by MONEYVAL, the Council of Europe’s FATF-style regional body, rather than by the FATF directly.^[16] Poland’s AML legislation, the Act on Counteracting Money Laundering and Terrorist Financing of 1 March 2018, transposed AMLD5 and underpins both the legacy register and the GIIF’s supervisory role. Poland’s standing on these measures is not the reputational risk; the risk is being the only EU member state unable to authorise CASPs at the end of the transitional period.

That gap is itself a supervisory concern at EU level. ESMA’s statement of 17 April 2026 made clear that the 1 July 2026 deadline is not contingent on national implementation, and that competent authorities are expected to ensure orderly wind-downs of unauthorised providers.^[5] For Poland, with roughly 1,300 register entrants and no domestic authorisation route, this creates the prospect of a large cohort losing the legal basis to operate simultaneously.

MiCA Passporting and EU Market Access

MiCA passporting is the mechanism that lets operators serve the Polish market despite the absence of a Polish authorisation. Under Article 65, a CASP authorised in any EU or EEA member state notifies its home regulator of its intention to provide cross-border services or establish a branch in other states. The home regulator communicates the notification to host NCAs (including the KNF) and ESMA. No separate authorisation, additional capital, or waiting period is required from the host country.^[6]

Both routes are covered: freedom to provide services (cross-border without establishment) and right of establishment (opening a branch). Host NCAs cannot block either route except in extraordinary circumstances.^[4]

The MiCA passport extends across the full EEA. EEA jurisdictions Iceland, Liechtenstein and Norway sit inside the MiCA passport via EEA Joint Committee Decision No 41/2025 of 20 February 2025 (with supplementary RTS via JCD 138/2025 of 13 June 2025); three non-EU/non-EEA jurisdictions in geographical Europe sit outside the passport regime and require local authorisation for local clients: the United Kingdom, Switzerland, and Gibraltar.^[17]

Article 61 reverse solicitation is a narrow, third-country-only exception and is not a route for serving the Polish market: an EU-authorised CASP serving Polish clients does so under Article 65 passporting, not reverse solicitation. The ESMA Guidelines on reverse solicitation (26 February 2025) are framed for non-EU operators serving EU clients on a strictly unsolicited basis, with any further same-type marketing confined to the context of the original transaction. See the dedicated reverse solicitation guide for the third-country compliance pattern.^[18]

The ESMA Interim MiCA Register has been operational since 30 December 2024, published as CSV files updated weekly and listing CASPs authorised across the EU.^[19] No Polish-authorised CASP appears on it.

Advantages and Limitations

Poland’s appeal is its market: large, crypto-literate, and underserved. Its limitations as a licensing base are, for now, decisive: there is no operational CASP regime, and the transitional clock is expiring. The honest summary is that Poland is a market to serve, not yet a jurisdiction to license in.

• ✓ Largest CEE crypto market. A population near 38 million with high adoption and roughly 1,300 register entrants makes Poland a high-value target market for passported CASPs.
• ✓ Reachable today via passporting. A CASP authorised in another EU state can serve Polish clients under MiCA Article 65 with no separate Polish authorisation, so the market is accessible despite the legislative impasse.
• ✓ Settled, moderate tax regime. Tax law is unaffected by the licensing delay: 19% CIT, 9% for small taxpayers, and a flat 19% individual rate on crypto-to-fiat gains.
• ✓ Deep talent and developer base. Poland has one of the EU’s largest pools of software and fintech engineers, attractive for building the operating entity even when it is licensed elsewhere.
• ✓ Clean international standing. Poland is not FATF-listed and has never been grey- or black-listed.
• ✓ MiCA framework already known. Once the regime opens, the substantive rules (capital, conduct, DORA) are the EU-standard ones, so applicants can prepare against a known target.
• × No operational CASP regime. The KNF cannot accept applications because the Crypto-Asset Market Act is not in force. Mitigation: Authorise in an EU member state with a live regime and passport into Poland.
• × Expiring transitional clock. Legacy register rights end on 1 July 2026, with no Polish route to a MiCA authorisation in time. Mitigation: Begin re-authorisation abroad now; a MiCA application takes 4–8 months.
• × Legislative uncertainty. Two vetoes show the outcome is not assured even with a third bill before the President. Mitigation: Do not make business continuity contingent on Polish enactment; treat passporting as the base case.
• × Severe penalties for unlicensed activity. The draft Act provides for fines up to PLN 20 million or up to 8 years’ imprisonment, on top of MiCA’s breach of EU law after the deadline. Mitigation: Ensure authorised status or an orderly wind-down before 1 July 2026.
• × Banking tightening for register-only entities. Banks are wary of crypto firms lacking a MiCA authorisation. Mitigation: Pair re-authorisation abroad with a credit-institution safeguarding account in the authorising state.

How Poland Compares

Because Poland cannot currently authorise CASPs, the meaningful comparison is not Poland versus its peers but where a Poland-focused operator should authorise instead. The natural CEE alternatives are the Czech Republic and Estonia, both with operational MiCA regimes, with Lithuania as a Baltic peer and Germany as the large-economy option. Each offers the Article 65 passport back into Poland.

Compare every crypto jurisdiction side by side →

The key difference is: Poland is the only column without a usable timeline, cost, or passport, because its regime is not operational. For a Poland-focused operator, the Czech Republic is the closest functional substitute: a live CNB regime applying MiCA capital minimums directly, at competitive cost, in the same CEE market and timezone. Estonia adds the 0% retained-profit tax advantage for growth-stage reinvestment, and Lithuania offers a deep EMI ecosystem. Germany suits operators prioritising market weight and BaFin standing over speed and cost.

Jagelski & Partners provides end-to-end crypto licensing support in the Czech Republic, Estonia, and Latvia: company formation, licence application, banking introductions, and post-licensing compliance, all with Article 65 passporting into Poland. See the full Czech Republic CASP licensing guide →

Not sure which column is you? Ask Emma. She compares these jurisdictions in seconds, in your language.

Common Mistakes With the Polish Position

The most damaging errors around Poland are not application errors, because no application can be filed. They are planning errors: misreading the deadline, over-relying on the Polish legislative timeline, and treating the legacy register as if it were a licence. The failure patterns below recur among operators caught by the transition.

• Assuming the 1 July 2026 deadline depends on Polish law. Planning around a hoped-for national extension is the single most common and most costly mistake: the deadline is fixed by MiCA, not by the pace of the Crypto-Asset Market Act.
• Treating the legacy register as a MiCA licence. The register confers only a transitional right to operate and cannot be converted into a CASP authorisation.
• Waiting for the KNF to open before acting. Operators who wait lose continuity; on the MiCA timeline, re-authorisation abroad must begin well in advance.
• Underestimating banking fallout. Banks increasingly decline crypto firms that hold only a register entry with no MiCA path. Leaving banking until after the deadline risks losing operational accounts at the worst moment.
• Ignoring the wind-down obligation. ESMA expects unauthorised providers to have operational wind-down plans ready before the deadline. Operators that neither re-authorise nor wind down in an orderly way face enforcement and the draft Act’s criminal penalties.
• Conflating Polish tax with Polish licensing. Poland’s tax regime is settled and competitive, which can mislead. A favourable tax position does not create a licensing route: the two are governed by entirely separate instruments.

Frequently Asked Questions

References