Crypto license in Poland

Benefits of the Poland crypto license

Poland’s crypto licensing regime offers several advantages for crypto companies:

• Fast and efficient process. Poland is known for quick licensing turnaround – a well-prepared CASP application can be approved in a matter of a couple of months. The country’s historical registration system was extremely fast (14 days to register a VASP) with minimal bureaucracy. Even under MiCA, the application fee (~€4.5k) is modest and the process is streamlined relative to some larger EU states. There are no exorbitant government fees, and while a new annual levy of 0.4% on revenue applies, initial costs remain competitive for startups.
• One license covers all services. Unlike some jurisdictions that used to have separate permissions for exchange vs. custody, etc., Poland (in line with MiCA) now issues a single CASP license covering all authorized crypto-asset services. This “all-in-one” approach means an operator can start with one business line (say, a crypto exchange) and later expand into others (custodial wallet, crypto payments, investment products) under the same license, without needing new approvals. The Polish license effectively future-proofs a startup’s ability to add new crypto offerings as the market evolves.
• EU market access and credibility. A Polish crypto license is recognized across the entire EU single market, granting access to 450+ million consumers under the passporting regime. Being regulated in an EU jurisdiction signals compliance with high standards (AML, consumer protection, transparency), which enhances trust among European banks, payment providers, and customers. Operating with an EU-authorized license (as opposed to an offshore or unregulated status) often makes it easier to establish partnerships and banking relationships. Poland’s reputation as a stable, EU-compliant jurisdiction adds credibility to licensed businesses.
• Large domestic market and talent pool. Unlike smaller jurisdictions, Poland itself offers a sizable home market and workforce. With ~38 million population and a tech-savvy demographic, there are over 2.5 million crypto users in Poland (~6.3% of the population). The country has a growing fintech and blockchain community, and a highly educated talent pool (dozens of universities offer blockchain-related courses). Setting up in Poland gives crypto startups access to this robust local ecosystem, which can be valuable for hiring, partnerships, and early user adoption, in addition to EU-wide expansion.
• Favorable tax and business climate. Poland’s corporate tax rate is a flat 19%, which is moderate by EU standards (and new/small companies can benefit from a 9% reduced rate). There are no special turnover taxes on crypto services, and crypto trading revenues are generally exempt from VAT across the EU (crypto exchanges are treated as financial services, VAT-exempt per EU court rulings). The regulatory framework is clear and transparent – while compliance is strict, rules are well-defined, reducing uncertainty. Poland’s economy is strong and the government has shown support for fintech innovation, providing a stable environment for crypto ventures.
• Robust, evolving regulation. Poland was quick to adopt the latest EU crypto rules, making its regime up-to-date and comprehensive. The new Crypto-Assets Market Act (2025) implementing MiCA in Poland is considered one of the most detailed frameworks in the EU, giving businesses clarity on licensing procedures and regulatory expectations. This robust oversight (now under KNF) provides a stable operating environment with clear guidance, which is often preferable to the uncertainty of under-regulated jurisdictions. Being in a jurisdiction that actively follows EU guidelines (e.g. on cybersecurity, operational resilience, etc.) means fewer regulatory surprises in the long run.

Disadvantages of the Poland crypto license

There are also some drawbacks to consider in Poland’s regime:

• Regulatory burden and costs. The MiCA-based framework – and Poland’s implementation of it – imposes strict compliance requirements that can be onerous for smaller operators. Applicants must commit significant capital (€50k–€150k own funds) and establish full AML/KYC programs, internal controls, and local governance. Ongoing compliance entails regular reporting, audits, and maintaining qualified staff, which add to operational costs. Additionally, Poland introduced a 0.4% of revenue annual supervisory fee, a relatively high levy that could erode profit margins for firms with large volumes. These obligations mean running a licensed crypto business in Poland comes with substantial overhead (though similar burdens would apply in any rigorous jurisdiction).
• Banking and financial support challenges. Despite Poland’s crypto-friendly regulations, many traditional Polish banks have been hesitant to service crypto businesses. Firms may encounter difficulties opening bank accounts or face strict limits and enhanced due diligence. While workarounds exist (such as using EU-based fintech banks or electronic money institutions that are crypto-friendly), the banking friction adds complexity. By contrast, some smaller EU jurisdictions have niche banks more openly welcoming crypto clients. This means a Polish crypto startup might need extra effort to establish reliable fiat banking relationships, a vital aspect of operations.
• Limited recognition outside EU. A Poland CASP license, like any EU crypto license, is not a free pass globally. Major non-EU markets (USA, UK, China, etc.) do not accept an EU crypto license for local operations – they require their own licensing or registration. Thus, a Polish-licensed crypto company must geofence and avoid offering services in those jurisdictions, or pursue additional local licenses if expansion is desired. In effect, the Polish license grants excellent access across the EU and many friendly countries, but it does not eliminate the need to comply with separate regulations in non-EU markets. This limitation is not unique to Poland, but it does cap the global reach unless further licensing is obtained.
• Transitional and regulatory change period. Poland is in the midst of transitioning from its old registration regime to the new MiCA regime (2024–2025). This change, while ultimately positive, can create short-term complexity. Existing companies that were on the simple register will need to undergo a full license application by 2025–26, meaning extra paperwork and possible business adjustments. New entrants in early 2025 faced uncertainty while Polish legislation was still being finalized. Although the new law has now been passed, the period of regulatory change could pose timing challenges or temporary confusion. Startups must stay abreast of the latest rules and ensure they migrate to the CASP license by the deadline, or risk business interruption.
• Higher competition (and scrutiny). Since Poland became a popular base for crypto firms (over 1,800 registered VASPs by late 2024), the market has many operators. This means competition for local talent, banking, and customers can be high. The KNF and authorities will also be supervising a large number of entities, which could mean closer scrutiny and stricter enforcement to manage risks. Companies might find that while Poland is welcoming, it’s also very diligent in inspections and enforcement of rules (e.g. hefty fines for AML violations up to 5–10% of turnover or €1M). This level of oversight, while good for the ecosystem’s integrity, means there is little leniency for startups learning the ropes.

Types of Poland crypto licenses

Under the current framework, Poland does not issue multiple “levels” of crypto licenses beyond what is defined in MiCA (there is a unified CASP authorization for service providers). Historically, Poland did not have distinct license categories like some countries did; instead, it had a single register of virtual currency activities under the AML law. Any company engaging in virtual currency exchange or custody had to register as a virtual asset service provider (VASP) with the GIIF, and that registration covered both exchange services and wallet/custody services. There were no separate licenses for “exchange operator” versus “wallet provider” – one registration entry sufficed for all allowed virtual currency services.

From 2025 onward, with MiCA in effect, Poland is moving to a full Crypto-Asset Service Provider (CASP) license system. In practice, every crypto operator will apply for a CASP license from the KNF, regardless of whether their business is an exchange, custodian, broker, or other service – it’s a single license that encompasses all those activities. MiCA does delineate classes of service (e.g. Class 1 covers advice/portfolio management, Class 2 adds exchange and custody, Class 3 adds operating a trading platform, each with different capital requirements), but these are not separate licenses per se, just different scopes under the one CASP authorization.

Importantly, Poland does not use any third-party or “master license” arrangements for crypto. All licenses are granted directly by the state authority (KNF). Under the old regime, companies dealt directly with the Ministry of Finance/GIIF for registration, and under the new regime they deal directly with KNF for licensing. There is no white-label, franchise, or umbrella licensing in Poland’s crypto sector – each provider must obtain its own approval from the regulator.

Requirements for obtaining a Poland crypto license

Prospective crypto service providers in Poland must meet a range of strict requirements to obtain the CASP license. Key conditions include (but are not limited to):

• Corporate structure & capital. The applicant must establish a Polish legal entity (usually a spółka z o.o. – a limited liability company) to be the license holder. The company must have a certain minimum share capital fully contributed: under MiCA this ranges from €50,000 to €150,000 depending on the services offered. For example, a crypto exchange or custodial wallet provider needs €125k in equity capital, while an operator of a trading platform needs €150k. This capital must be the firm’s own funds (not borrowed) and is typically shown via bank statements or audited financials. (Notably, Poland’s basic company law minimum capital is only 5,000 PLN (~€1,200), but to get the license you must inject the higher amount required by MiCA.) The funds usually need to be deposited in a Polish/EU bank account and kept as a reserve to ensure solvency.
• Local presence and personnel. Poland (and MiCA) mandate real substance in the EU. The company must have a registered office in Poland and at least one director who is resident in the EU. Key management roles must be filled with qualified individuals. In particular, a Chief Compliance Officer/AML Officer is required – someone responsible for anti-money laundering and KYC compliance on a day-to-day basis. The company should also appoint a qualified executive director (CEO or equivalent) to run the business, who ideally is based in Poland or at least frequently present. These roles can be combined in smaller startups (e.g. one person might be both director and AML officer if qualified), but regulators will scrutinize that the persons have the necessary time and expertise. The physical office in Poland must be more than a P.O. box – regulators expect an actual operations or at least a contact point for the business. Additionally, a functional EU bank account is needed not just for capital, but to facilitate customer fiat flows (showing that the business can integrate with the traditional financial system).
• Fit-and-proper vetting. All owners (beneficial shareholders), directors, and senior managers will undergo thorough background checks. Polish law requires no criminal record for individuals in charge – an applicant must produce police clearance certificates showing that directors and beneficial owners have not been convicted of fraud, financial crimes, money laundering, terrorism financing, or other serious offenses. This extends to corporate owners as well: if the applying company is owned by another entity, that entity’s controlling persons must also have clean records. Furthermore, there is a professional qualification requirement: persons directing the crypto business must have relevant knowledge or experience in crypto or finance. This can be demonstrated by having completed specialized training or courses on cryptocurrency law/operations, or by having at least one year of prior work experience in the crypto field. Documentation (certificates, reference letters) must be provided to prove these credentials. The KNF will also evaluate the overall reputation and financial soundness of major shareholders – typically anyone owning 10% or more of the company is subject to review.
• Business plan and documentation. A detailed business plan and a suite of internal policies must be prepared for the application. The business plan should describe the planned services, target markets, revenue model, organizational structure, and financial projections for at least 2 years. Required documents include the company’s constitutional documents (articles of association, KRS company registration extract), proof of capital (e.g. a bank statement showing the paid-in capital), and comprehensive internal procedures. These procedures cover AML/CFT policies, customer onboarding/KYC processes, risk management policies, IT security policies, custody of assets procedures (if applicable), complaint handling procedures, and more. Essentially, the applicant must show in writing how it will operate safely and in compliance – including how it will safeguard client assets, handle private keys if managing wallets, deal with cybersecurity, and ensure business continuity. Any partnerships or key service providers should be identified (for instance, if you’ll use a third-party custodian or compliance software, that should be noted). The documentation needs to be presented in Polish (with translations as needed) and in accordance with templates or guidelines provided by the KNF.
• Technical infrastructure and IT compliance. Applicants must demonstrate a secure and robust technical setup for their crypto platform. This means showing that the IT systems (trading engine, wallet infrastructure, databases, etc.) meet modern security standards – for example, encryption of sensitive data, secure key management, DDOS protection, etc. Poland will be subject to the EU’s new Digital Operational Resilience Act (DORA) rules starting in January 2025, which means higher expectations for risk management in ICT systems. Companies should be prepared to conduct risk assessments and have incident response plans for cyber threats. Additionally, compliance with the EU NIS2 Directive on network security is expected (e.g. use of firewalls, access controls, regular security audits). The IT infrastructure is generally expected to be located in a stable jurisdiction (preferably in Poland or elsewhere in the EU for data protection reasons). Regulators may not explicitly require local servers, but data residency and security will be scrutinized. Demonstrating a strong technology governance (perhaps by hiring experienced IT security personnel or outsourcing to reputable providers) will strengthen the application.
• AML/KYC and risk controls. A Poland crypto license application must heavily emphasize anti-money laundering (AML) controls. The applicant needs to have a written AML/CFT program that meets EU standards (as set out in Poland’s AML Act and 5AMLD/6AMLD directives). This includes procedures for customer due diligence (KYC – Know Your Customer), ongoing monitoring of transactions, identifying politically exposed persons (PEPs), screening against sanctions lists, and reporting suspicious activities. Polish law requires that crypto businesses identify and assess money laundering risks in their operations and have internal controls to mitigate them. The company must designate an AML Compliance Officer (as mentioned) who will be responsible for filing reports to the GIIF (Poland’s financial intelligence unit) whenever there are red-flag transactions. Training programs for staff in AML, record-keeping systems (to keep transaction and customer data for at least 10 years), and an internal audit function or independent audit arrangements for AML compliance are also expected. In short, the firm must be “regulation-ready” – showing that from day one of operations it will comply with all AML/CFT obligations. Any weaknesses in this area are a common cause of license denial or delays.
• Application submission to authorities. Once all documents are in order, the company submits the license application to the KNF (Polish Financial Supervision Authority), which is the competent authority for CASP licensing. The application is usually filed electronically through the KNF’s portal or by hard copy, and the €4,500 application fee is paid at this stage. The KNF will review the submission for completeness and may circulate it to other bodies like the National Bank of Poland or the GIIF for their input on specific areas (e.g. AML). If the application is incomplete or documents are missing, the KNF will request additional information (which can pause the approval clock). Once the application is formally accepted as complete, the KNF aims to make a decision within a few months. During this time, expect questions or clarification requests from the regulator – for example, they might ask for more details on your IT security, or request changes to an internal policy. It’s important to respond promptly to any regulator queries to keep the process on track. After a successful review, the KNF will issue a decision granting the CASP license, at which point the company can commence the approved crypto activities. (If the decision is negative, they will provide reasons, and the applicant has rights to appeal or reapply after fixing the issues.)

Costs & taxes

When planning to obtain a crypto license in Poland, one should budget for several cost components:

• State and regulatory fees. Poland historically did not charge heavy state fees for crypto registration (the old VASP registration cost was only 616 PLN, about €130). Under the new MiCA regime, there is an application fee of €4,500 payable to the KNF upon applying for the CASP license. Additionally, Poland has introduced an annual supervisory fee for licensed CASPs – set at 0.4% of annual revenue of the crypto business. This fee (effectively a regulatory levy) is paid yearly to fund oversight activities. For small startups, 0.4% may be a few hundred to a few thousand euros (there may be a minimum threshold around €750), but for larger exchanges, it can become a significant expense. Notably, this percentage-based fee is higher than in some other EU countries (it was a point of contention in Poland’s legislation). Aside from these, there is no separate “license issuance” tax – once you pay the application and annual fees, you won’t face other government charges specifically for the crypto license.
• Share capital. A major “cost” is the minimum capital requirement, which ranges from €50k to €150k depending on the scope of services. This money isn’t a fee paid to anyone; it remains the company’s capital, but it must be available (usually in a Polish bank account) and cannot be just an IOU or crypto asset – it should be in cash or high-quality liquid assets. In practice, this means founders must allocate that amount of money to the company’s account and keep it as a buffer. It’s essentially “tied-up” funds for the duration of the license (regulators expect the firm’s equity capital not to drop below the required minimum). While these funds can be used for operating expenses if needed, falling below the threshold could jeopardize the license, so the money is effectively locked as a safety reserve.
• Corporate and other taxes. Poland’s corporate tax rate is 19% on net profits (with a possibility of 9% for small firms in their initial years). This is a straightforward income tax on profits similar to many jurisdictions. There is no special crypto transaction tax or turnover tax – crypto trading revenues are taxed as corporate income. Importantly, within the EU, cryptocurrency exchanges and related financial services are treated as VAT-exempt (following an EU Court of Justice ruling in 2015), which means Polish crypto companies do not charge VAT on trading fees or similar services (this is akin to how stock brokerage fees are exempt from VAT). This is beneficial as it avoids an extra 23% tax on services that would otherwise apply. If the company distributes profits as dividends, standard Polish dividend withholding tax (generally 19%) may apply unless reduced by a tax treaty or EU directive. Poland’s overall tax regime is considered moderate – not a zero-tax haven by any means, but relatively predictable and not overly burdensome for a regulated business.
• Compliance and professional services. Aside from official fees, a substantial cost comes from professional services and compliance infrastructure. Most foreign entrepreneurs hire local legal consultants to assist with the license application, given the complexity of MiCA and Polish regulations. Legal and advisory fees can range widely (several thousand euros for a basic package to help prepare documents, up to €20k+ for full turn-key licensing support). Budget should also include accounting and auditing services – a crypto company will need accountants to maintain books and potentially an auditor for annual financial statements. Many startups also invest in compliance tools (for example, KYC verification software, transaction monitoring systems) and cybersecurity measures (secure hosting, DDoS protection, etc.), which can be significant ongoing costs. Don’t forget staff costs: employing a local compliance officer or director might require a salary or stipend. These expenses can add up to tens of thousands of euros per year, depending on the size of operations. For instance, independent audits, if required, might cost €5k–€10k annually; a compliance officer’s salary in Poland could be €20k–€40k/year; and IT/security solutions could be another few thousand.
• Total first-year budget. Combining the above, a rough first-year budget for obtaining and launching under a Poland crypto license might be: €50k–€150k in share capital (not spent but set aside), ~€4.5k application fee, possibly €750+ in first-year supervisory fee, legal/consulting fees perhaps €10k–€30k (depending on how much external help is used), and initial setup costs for IT and compliance (maybe €10k or more for systems and policies). In addition, there will be ongoing operating costs (staff, rent, etc.). It wouldn’t be unusual for a startup to invest on the order of €50,000+ in actual expenses in the first year (excluding the capital lock-up) to get fully licensed and operational. Naturally these figures can vary widely with the scale of the project – a small advisory-focused startup might spend much less, whereas an exchange aiming to launch big may invest significantly more. The key is that Poland, while cheaper than some places like UK or France, still requires a substantial initial investment to meet all regulatory and setup requirements.

Ongoing maintenance of your crypto license

After obtaining a crypto license in Poland, a company must maintain strict compliance and fulfill ongoing obligations to keep the license in good standing:

• Regulatory reporting. Licensed CASPs in Poland will be subject to periodic reporting requirements to both the KNF and the FIU (GIIF). Under current rules, quarterly reports must be submitted to GIIF with statistical data about the VASP’s activities (number of customers, transaction volumes, etc.), due within 15–18 days after each quarter ends. Additionally, annual financial statements must be filed, and possibly regulatory reports to the KNF on the firm’s financial condition and compliance (the exact reporting forms will be defined by KNF under MiCA). It’s wise to maintain a compliance calendar to track all submission deadlines (quarterly AML reports, annual audit reports, any ad-hoc notifications, etc.).
• AML/KYC obligations. The obligation to enforce robust AML/CFT measures doesn’t stop at licensing – it’s an ongoing responsibility. The company must continuously verify customer identities, monitor transactions for suspicious patterns, and keep customer and transaction records for at least 10 years. Any suspicious transaction that might indicate money laundering or terrorist financing must be immediately reported to the GIIF (in practice, via an online STR/SAR filing system, within 2 days or sooner). CASPs also need to implement the EU’s “travel rule” for crypto transfers (Regulation (EU) 2023/1113), meaning they have to include originator/beneficiary information with crypto transfers and possibly report certain transfers above thresholds. Regular sanctions screening is required to ensure no dealings with prohibited persons or countries. Polish authorities may conduct inspections or request information to ensure compliance – for example, GIIF can inspect a crypto company’s AML procedures and records. Failing to meet AML duties can result in heavy penalties or even license suspension, so this is a critical area of ongoing effort.
• Audits and security assessments. Licensed crypto companies in Poland are expected to undergo periodic audits and evaluations. Financially, if the company reaches a certain size, an annual financial audit by an independent auditor might be mandatory (Polish law requires audits for companies over certain size thresholds or public interest entities). Even if not mandatory, having audited financials can bolster credibility. On the compliance side, many firms commission independent AML audits or IT security audits annually to ensure they are meeting all obligations – this can identify issues before the regulators do. The regulator (KNF) has the authority to request external reviews or additional reports; for instance, KNF could ask for a report on the effectiveness of the firm’s cybersecurity, or require a penetration test of systems under DORA’s resilience framework. Additionally, CASPs will need to conduct business continuity and disaster recovery tests as part of operational resilience. While Poland may not explicitly list all these in law, EU-level guidelines (from ESMA/EBA) will influence expectations. Staying proactive by auditing your own compliance program each year is recommended to avoid nasty surprises.
• Change management and notifications. Any significant changes in the licensed business must be communicated to the authorities, and in some cases pre-approved. This includes changes in ownership structure (e.g. if a new investor is buying 10% or more of the company, KNF approval is likely required), changes in directors or key personnel (the appointment of a new board member or compliance officer usually must be vetted for fit-and-proper criteria), and changes in the scope of services offered. If, for example, a company licensed for exchange services wants to add a new service like operating a trading platform, it may need a variation of permission from the KNF. Even changes like rebranding the platform name or launching a new website might need notification. The license essentially ties the company to the conditions under which it was granted, so any material deviation from that (new products, major shifts in business model) should be discussed with the regulator. Failing to notify changes can be a ground for enforcement action. Practically, maintaining an open line of communication with KNF and seeking advice when in doubt is part of good governance for a licensed entity.
• Consumer protection and conduct. Although crypto-assets aren’t traditional financial instruments, MiCA introduces certain conduct requirements to protect users. A licensed CASP in Poland must ensure transparent disclosure to customers – clear terms and conditions, fee information, and risk warnings for crypto trading. They must also have a complaints handling procedure so that retail customers can raise issues and have them addressed in a timely manner. Client funds and assets should be safeguarded: for instance, if holding crypto on behalf of clients, those assets should be segregated and protected (not used for company purposes), and proper custody measures (like multi-signature wallets, cold storage for the bulk of holdings, insurance if available, etc.) should be in place. While Poland might not have a formal investor compensation scheme for crypto, the spirit of consumer protection is that licensed firms should minimize the risk of loss or misuse of client assets. Advertising rules also apply – marketing communications must not be misleading (and MiCA has specific rules about promotions and requiring certain disclaimers for crypto offers). Overall, a Polish CASP must conduct its business honestly, fairly, and professionally in the best interests of its clients, aligning with general EU financial consumer protection principles.

Failure to adhere to ongoing obligations can lead to sanctions. Polish regulators have the power to impose administrative fines, issue public warnings, or even revoke the license if a company is found in serious or persistent breach of its duties. Thus, maintaining a strong compliance culture after licensing is just as important as obtaining the license.

Suspension or revocation of a Poland crypto license

The KNF can suspend or revoke a crypto license in Poland for significant violations or risks. Grounds for such action typically include: major AML/CFT compliance failures (e.g. the company is found to be willfully violating AML laws or has facilitated money laundering), providing false information to regulators during application or supervision, loss of the required capital (e.g. the firm’s own funds drop below the minimum threshold and are not replenished), insolvency or bankruptcy of the company, or operating beyond the permitted scope of the license. If a CASP is found to be engaging in fraudulent activities or mismanaging customer assets, authorities will act decisively to protect consumers and the market’s integrity. License may also be revoked for breach of ESMA technical standards or failure to maintain ICT operational resilience (DORA).

In practice, the KNF would likely first issue warnings or orders for corrective action for less severe issues. For example, if an inspection finds deficiencies in KYC procedures, the company might be ordered to fix them by a deadline. However, in cases of acute risk – say a crypto operator is suspected of aiding criminal transactions – regulators can immediately suspend the license, effectively freezing the business, while investigating. Suspension means the company must cease providing services for a period (possibly until issues are remedied or the case is resolved). If the problems are not resolved or are too severe, a full revocation (license withdrawal) can follow, which terminates the firm’s authority to operate and results in removal from the public register of licensed entities.

Poland’s law provides for penalties such as publicizing the entity’s name and offenses on the regulator’s website (a reputational penalty), administrative fines that can be quite steep (up to twice the benefit gained or up to €1,000,000 if the benefit is indeterminable for certain infringements), and even bans on individuals serving in managerial roles for up to 5 years in the financial sector. In extreme cases involving criminal misconduct (for instance, knowingly facilitating money laundering or failing to report suspicious activity), individuals can face criminal charges – Polish law stipulates that failure to report certain financial crimes by a responsible person can lead to imprisonment from 3 months to 5 years.

Updates to Poland crypto licensing (2024–2025)

Poland’s crypto regulatory landscape has been rapidly evolving in 2023–2025 to keep pace with European developments:

• MiCA adoption. At the EU level, the Markets in Crypto-Assets Regulation (MiCA, Regulation (EU) 2023/1114) was adopted in 2023 and became largely applicable as of 30 Dec 2024. MiCA provides a unified regulatory framework for crypto-assets across Europe. Poland, like all member states, must implement certain national measures to make MiCA work (such as designating regulators and establishing penalties). In late 2025, Poland passed the Act on the Crypto-Assets Market, a comprehensive 100+ page law to implement MiCA nationally. This Act defines the role and powers of the KNF as the supervisory authority, lays out the detailed procedures for obtaining a CASP license in Poland, and sets forth administrative and criminal sanctions for non-compliance. The passage of this law (adopted by the Sejm on 26 Sept 2025) was a key step toward fully integrating MiCA into Polish law. As MiCA is directly applicable, technically from Jan 2025 any new crypto service provider in Poland must be licensed under MiCA, but due to the lack of national law Poland had a short gap where new licenses couldn’t be processed. Now, with the Act in place, Poland’s legal framework is MiCA-ready going into 2025 and beyond.
• Transitional regime for existing companies. Recognizing that many companies were operating under the old registration system, Poland’s new law provides a transition period. Originally, draft proposals required VASPs to apply for a CASP license within 3 months of the law to keep operating, but the final Act removed that short deadline. Instead, it now states that any company already entered in the virtual currency register can continue its business under the old rules until 1 July 2026 (or until they receive a CASP license or are refused one, if earlier). In other words, there is a blanket permission to keep operating through mid-2026 for those who were registered, giving them time to transition. By that date, however, all crypto firms in Poland will need to have obtained the full CASP authorization or cease activities. Notably, the Register of Virtual Currencies (the old AML register) will eventually be phased out – it’s expected to be effectively closed once MiCA licensing takes over (one source indicated it would be dissolved around Q4 2025 as the new regime ramps up). For new market entrants (not previously registered), there is no transition – since MiCA’s applicability, any new crypto business must get a license before starting operations.
• Stricter substance and AML standards. The period of 2024–2025 has also seen Poland increasing the bar for crypto operators in terms of local substance and compliance. The new rules reinforce the requirement of having an AML Officer in Poland – a person at management level responsible for overseeing the AML/CFT program. There is also emphasis on the “fit and proper” standards for directors: guidance (including ESMA’s recommendations) makes clear that CASP directors in Poland must have demonstrable experience in finance or crypto and be actively involved (residing in the EU and not just figureheads). Poland continues to follow updates in EU AML laws: for instance, by 2024 the EU was working on a new AML Regulation and the so-called AMLA (Anti-Money Laundering Authority) at the EU level, which will further tighten controls – Polish crypto firms will have to comply with those as they roll out. Additionally, Poland has implemented the EU’s Travel Rule for crypto transfers (Regulation (EU) 2023/1113, effective from 2024) which requires CASPs to collect and transfer sender/recipient information for crypto transactions over certain thresholds, similar to bank wire requirements. All these mean that the compliance workload for crypto businesses in Poland is growing – it’s becoming closer to the level of oversight seen in traditional financial institutions. CASPs must demonstrate real economic presence (substance): office, staff, local management and operational capacity in Poland.
• Supervisory fees and investor protection measures. As noted, Poland introduced a 0.4% of revenue supervisory fee for CASPs, which took effect with the new Act in 2025. This is one of the highest such fees in the EU and has raised concerns that it might drive some business to other jurisdictions. Whether this fee might be adjusted in the future remains to be seen, but as of 2025 it’s a unique aspect of Poland’s crypto regime. On the investor protection front, Poland’s law empowers the KNF with new tools, such as maintaining a “blacklist” of banned domains – websites of entities offering crypto services without the required license can be blocked in Poland. This measure is intended to protect consumers from unlicensed offshore exchanges or scams, though it has stirred debate about potential overreach. The KNF has also launched public warnings and communications to educate consumers (for example, clarifying that registration under old rules was not the same as having a regulated license). Going forward, we can expect Poland to continue updating its regulations in line with EU developments – for instance, any changes coming from ESMA’s technical standards under MiCA, or new EU laws (like those on decentralized finance or NFTs if they arise) would be incorporated.
• Transparency and public registers. Under MiCA, ESMA will maintain a central register of all licensed CASPs in Europe, and national authorities like KNF will feed into this. Poland has moved towards greater transparency by making the list of registered VASPs public (the Ministry of Finance maintains an online register of virtual currency firms). Once CASP licenses are issued, KNF will likely publish the list of authorized companies on its website (similar to how it lists banks or payment institutions). This public register allows anyone (investors, banks, partners) to verify if a crypto company is duly licensed in Poland. The push for transparency also means CASPs may be required to disclose certain information publicly – e.g. possibly the name of their compliance officer, or certain policies – to increase trust. Poland’s approach is to bring crypto into the mainstream financial oversight framework, which includes public accountability.

Who issues Poland crypto licenses?

In Poland, crypto licenses are issued by government regulatory authorities, not by any private or self-regulatory entity. Historically (pre-MiCA), crypto businesses in Poland did not require a financial license per se; instead they registered with the Ministry of Finance (specifically with the General Inspector of Financial Information, GIIF) as virtual currency service providers. This registration was essentially an AML compliance formality and was maintained by the Director of a Tax Administration Chamber under the Ministry’s authority. Importantly, being on that register was not equivalent to a full license – it wasn’t a permit granted after detailed review, but rather a notification-based inclusion (GIIF explicitly noted that the register was of a “record-keeping nature” and did not imply any warranty or prudential supervision). GIIF could inspect compliance with AML rules, but it did not “regulate” the business activity as a financial supervisor.

Under the new MiCA-based system, the Polish Financial Supervision Authority (KNF) becomes the main licensing authority. The KNF is Poland’s financial regulator (which already supervises banks, insurers, payment institutions, etc.), and it has now been empowered to authorize and oversee CASPs (Crypto-Asset Service Providers) as well. All applications for a crypto license in Poland must be submitted to the KNF, and the KNF grants the license after evaluating the application. There is no concept of an existing licensee “extending” their license to others (no umbrella licensing). Each legal entity that wants to operate a crypto service must go through its own authorization process with the KNF.

In practical terms, if you’re launching a crypto exchange in Poland, you register a company and then apply to KNF for the CASP license. If approved, KNF will list your company as an authorized CASP in Poland (and this info will also be shared with ESMA for the EU-wide register). The license is tied to your company – it isn’t something you can rent or use via another firm. Some service providers may offer packaged solutions (e.g. acquiring an already registered company or assisting with the process), but ultimately the license is issued by the state, not by consultants or banks.

To clarify using the old vs new terminology: previously one might speak of a “Poland crypto license” colloquially, but legally it was just a registration entry. Going forward, a Poland CASP license truly means a license authorized by the KNF under the MiCA framework. The KNF will coordinate with European bodies (like ESMA and EBA) in supervision, but it remains the point of contact for licensing in Poland. No other Polish agency issues crypto licenses (though the Ministry of Finance/GIIF continues to be involved in AML oversight). For entrepreneurs, this means dealing with a single regulator for licensing – the KNF – which can be advantageous for clear communication and guidance.

Why the Poland crypto license is attractive for startups

For entrepreneurs and crypto startups, Poland offers a compelling combination of factors that make it an attractive entry point into the regulated EU crypto market:

• Moderate costs and transparent setup. Compared to many Western European countries, Poland’s barriers to entry are lower. The official fees are reasonable (a few thousand euros, not tens of thousands). Moreover, company incorporation in Poland is fast – one can establish a new LLC (sp. z o.o.) within days using electronic filings. In the old regime, registration took only 2 weeks, and under the new regime, licensing is expected to be relatively efficient (authorities aim for ~3–6 months for decisions, which is brisk in the licensing world). This means a well-prepared startup can go from idea to a fully licensed EU-operating company in a matter of a few months, which is a huge advantage in the fast-moving crypto industry.
• Single-scope license, flexibility to expand. Poland’s CASP license (like the MiCA license generally) is broad, allowing startups to pivot or expand their service offerings without needing multiple licenses. For example, a team might start with a simple crypto-fiat exchange service. As they grow, they might want to add a custodial wallet service, an NFT marketplace, or a crypto lending feature. In Poland, all these fall under the same CASP umbrella as long as the company’s internal controls and capital scale to the new activity. You don’t have to apply for a brand-new license to introduce a new crypto service – often it’s just a matter of notifying the KNF of the expanded activities (or at most a license variation, not starting from scratch). This flexibility is ideal for startups, which often iterate their product. It allows innovation under one regulatory roof, rather than fragmented licenses for each new idea.
• EU passporting and large market access. By getting licensed in Poland, a startup gains immediate access to the entire EU market of 27 countries. This is crucial – it means you can onboard customers from France, Germany, Italy, etc. without additional national permissions. For a startup, that scale is key to achieving growth and network effects. Additionally, Poland itself is the largest economy in Central & Eastern Europe, and adjacent to major markets like Germany. Setting up in Poland situates a startup in a region with millions of potential users and a growing crypto user base. The strategic location bridging Western and Eastern Europe can be beneficial for outreach and partnerships. Essentially, Poland can be a launchpad: you establish operations there, prove your model, and you’re automatically able to expand services across the EU (subject to simple notification to the KNF/ESMA). This beats having to navigate 27 different regulatory regimes.
• Credibility for investors and partners. Being regulated under an EU license in Poland provides legitimacy that can reassure both investors and business partners. Institutional investors or venture capital are more likely to invest in a crypto startup that is operating legally and transparently under EU rules than in an unlicensed entity. Likewise, other businesses (like payment processors, liquidity providers, even potential corporate clients) will conduct due diligence – seeing that the startup is licensed in Poland (and listed on the official register) can significantly increase trust. It signals that the team is serious about compliance and long-term operation. Since Poland’s regulator KNF is known and respected, having their approval is almost like a quality stamp. In contrast, being based in an unregulated environment could raise red flags. Thus, a Polish license can open doors to banking services, partnerships, and customer acquisition that might be closed to unregulated players.
• Supportive ecosystem and resources. Poland has a growing fintech and blockchain startup scene. There are numerous service providers (law firms, consulting companies, tech developers) with specific crypto expertise in Poland, given the large number of registered entities already. The government and regulator have shown engagement with the industry – for instance, KNF has had a “Innovation Hub” in the past to assist fintech/crypto firms with regulatory queries. The presence of many crypto companies (Poland had over 1,800 registered VASPs as of 2024) means there is a community and knowledge base to tap into. Networking opportunities, industry events, and talent with crypto experience are more available in Poland than in many places. Additionally, Poland’s general business environment offers high-quality infrastructure (fast internet, modern office spaces in cities like Warsaw and Kraków) at relatively low cost. Operating costs (salaries, rent) in Poland are considerably lower than in hubs like London or Berlin, which is advantageous for startups burning through initial funding.

Official Sources & Primary Legislation (KNF / GIIF / MiCA)

Primary Acts

• Regulation (EU) 2023/1114 (Markets in Crypto-Assets, MiCA) — full text
• Regulation (EU) 2023/1114 (MiCA) — PDF version
• Regulation (EU) 2023/1113 — Transfer of Funds and Certain Crypto-Assets (EU Travel Rule) — full text
• Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing (consolidated text, PDF, Polish)
• Act on the Crypto-Assets Market (Poland, 2025) — implementing MiCA at national level

KNF — Polish Financial Supervision Authority (Licensing Authority)

• Official KNF website
• FinTech & Innovation Hub — KNF support for CASPs and fintechs
• Crypto-Assets (MiCA) section — KNF supervisory information
• Public registers of supervised entities (to include CASPs under MiCA)
• Public warnings — unlicensed entities list

GIIF — General Inspector of Financial Information (AML/FIU Authority)

• GIIF main page — Financial Intelligence Unit of Poland
• Communication No. 77 (2023) — Status of Virtual Currency Operators
• Money Laundering Prevention — guidance and forms
• Register of Virtual Currency Activities (legacy VASP register)

EU Supervisory Registers & Guidelines (ESMA / EBA)

• ESMA MiCA overview — supervisory framework and technical standards
• ESMA Databases & Registers — includes future EU-wide CASP register
• EBA statements on MiCA & Travel Rule implementation
• European Commission — Markets in Crypto-Assets portal