On September 26, 2025, the Polish lower house (Sejm) passed the draft "Crypto-Assets Market Act" (referred to as the "Act") with a vote of 230 to 196. Although the Act still requires review by the upper house (Senate), presidential signature, and will take effect 14 days after publication (except for Article 70, which regarding internet domain blocking, registration records, and access restrictions will take effect 4 months after publication), this legislative milestone marks a new phase in the country's crypto regulatory system.

This Act not only serves as the "comprehensive crypto regulation framework" for Poland but also aligns closely with the EU's MiCA unified framework: during the legislative process, the Act underwent approximately 3-4 rounds of review and 45 amendments (including fine-tuning of licensing boundaries and penalty standards), ensuring a smooth transition from the loose era of "anti-money laundering registration" to the orderly track of "comprehensive licensing regulation."

For crypto practitioners intending to engage in crypto trading, token issuance, custody, or payment settlement in Poland, this means that regulatory oversight is about to shine brightly—future operations must be licensed, or else they risk penalties or being forced to exit.

Regulatory Targets and Scope: All "Crypto Players" Are Included

The regulatory targets defined by the Act are highly consistent with MiCA. This legislative effort in Poland does not redefine regulatory boundaries but fully incorporates the regulatory targets and business scope established in MiCA into domestic law. The specific regulatory targets include:

1. Crypto asset service providers, covering the following areas:

• Operation of crypto asset trading platforms;
• Wallet custody and asset custody services;
• Payment and settlement-related services;
• Other derivative businesses involving crypto assets.

1. Token issuers: including "asset-backed token issuers" and "electronic money token issuers."

2. Foreign crypto asset service providers: Institutions from other EU member states can provide cross-border services in Poland through the "passport mechanism" under MiCA Article 63.

In summary, as long as you operate or provide any form of crypto asset services within Poland, regardless of where your company is registered, you must either obtain a license or exit.

Licensed vs. Unlicensed: Regulation Enters the "License Required to Operate" Era

The Act implements a typical licensing system for crypto asset businesses. Only institutions authorized by the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego, KNF) and holding a Crypto Asset Service Provider License (CASP License) can operate legally.

• Licensed Entities

Can conduct approved business within Poland or for Polish users. After obtaining a license, institutions must continuously fulfill compliance obligations (including regular reporting, internal audits, capital adequacy, risk control, etc.).

• Unlicensed Entities

Those providing crypto services without a license will face hefty fines or criminal penalties. The Act explicitly lists multiple illegal scenarios and penalty standards (see below).

Basic Requirements and Operating Costs for Licensed Entities: Capital Requirements, Compliance Framework, and Increased Operational Costs

This is the core part of the entire Act and the most noteworthy aspect. The regulatory logic is clear: to obtain a license, you must have funds, systems, and capabilities.

(1) Capital Requirements:

The Act states that CASPs must "have sufficient funds," which not only sets a minimum threshold for the registered capital of licensed entities but also includes comprehensive capital strength considerations such as liquidity management, risk reserve allocation, and customer asset isolation protection, to ensure compliance and solvency during market fluctuations and risk events.

Currently, Poland has not issued secondary regulations regarding minimum registered capital, so MiCA's standards remain the primary reference. Below are the minimum registered capital requirements based on the different service types provided by CASPs in MiCA:

In addition to the required paid-in capital, regulatory authorities require CASPs to maintain "continuously sufficient capital." If funds become insufficient due to business fluctuations or market losses, they must be replenished promptly.

(2) Regulatory Costs and Compliance Expenditures: Operating "Compliance" Means Ongoing Investment

1. The Act specifies the cost-sharing and fee structure for regulating the crypto asset market, detailing how Token Issuers and CASPs will finance the regulatory framework:

• License and assessment fees: Fees vary by license or assessment type, with a cap of €4,500;
• Information document approval: Approval document: €3,000; modification document: €1,000;
• Annual license maintenance and regulatory fees for CASPs: Based on the average total revenue of the past 3 years, the fee range is €500 - 0.4% of average annual revenue;
• Annual license maintenance and regulatory fees for Token Issuers: The fee range is €500 - the product of the arithmetic average of financial liabilities arising from asset-linked tokens or electronic money tokens and a rate not exceeding 0.5%.

1. In addition to the costs of regulating the crypto asset market, licensed entities must also incur the following expenses during operations:

• Regular financial and compliance audit expenses;
• External legal advisory and technical compliance costs;
• KYC system, risk monitoring, and AML technology platform construction costs.

Compliance and Risk Management Focus for Licensed Entities

Licensed institutions must still ensure compliance and risk management during operations, for which the Act proposes multi-layered risk control and compliance requirements.

(1) Governance Structure and Compliance Framework: Must Operate "Like Financial Institutions"

The Act requires CASPs to establish a complete governance and compliance system, including:

• Establishing independent compliance, risk control, and internal audit departments;
• Management must possess professional qualifications and have no adverse records;
• Establishing risk identification, internal control, and abnormal reporting systems;
• Formulating professional confidentiality systems and clarifying technical standards;
• Strictly implementing anti-money laundering (AML) and customer identification (KYC) requirements.

In particular, Article 22 emphasizes: each institution must formulate internal regulations to refine the technical standards for "professional confidentiality and information protection." These standards are not limited to the company level but also include technical details such as system security, data access, information encryption, and internal transmission mechanisms.

The specific details of these technical standards will not all be written into the main text of the Act but will be gradually issued and enforced by the KNF through "secondary regulations." These secondary regulations will uniformly standardize reporting content, operational details, technical compliance standards, cybersecurity standards, and regulatory interfaces, ensuring consistency in execution across all institutions. This means that licensed institutions must closely monitor the supporting guidelines, rules, and implementation standards released by the KNF in addition to the text of the Act itself, or they may face the risk of "formal compliance but substantive violations."

(2) Information Disclosure and Regulatory Reporting Obligations

CASPs must regularly disclose the following to the KNF:

• Financial status and risk structure;
• Reserves, trading volume, liquidity indicators;
• System operation and security status;
• Compliance control, governance changes, significant transactions, etc.

Any event that may affect the safety of customer assets or market stability must be reported immediately, along with explanations of the response measures. Regulatory authorities may also publicly disclose penalty decisions to ensure transparency and market accountability.

(3) Risk Management System

Licensed entities must establish a comprehensive system covering market risk, operational risk, and liquidity risk. Requirements include:

• Regular stress testing;
• Establishing an abnormal transaction monitoring system;
• Implementing customer segmentation and high-risk account identification mechanisms.

(4) Investor Protection and Information Transparency

In terms of investor protection and information disclosure, the Act imposes higher requirements on licensed entities:

• Fully disclose crypto asset risks;
• Conduct suitability assessments for retail customers;
• Establish customer asset isolation and compensation mechanisms;
• Set up complaint handling and dispute resolution channels.

Regulators hope to rebuild investor trust and market security through institutional development.

(5) Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT)

In line with EU standards, CASPs must implement:

• Full-process KYC certification;
• Monitoring and reporting of suspicious transactions;
• Enhanced scrutiny of high-risk customers;
• Automated traceability mechanisms.

Violations may not only result in fines but could also lead to license revocation.

(6) Compliance Audits and Reporting Mechanisms

Licensed institutions must:

• Regularly undergo external independent audits;
• Submit annual compliance and risk reports;
• Report significant governance, equity, and business structure changes to the KNF for approval in advance.

Specific unified templates and deadline requirements will be stipulated in future operational secondary regulations issued by the KNF.

Prohibited Actions and Criminal Liability

In addition to clearly defined compliance requirements and regulatory frameworks, the Polish Crypto Assets Act also strictly delineates the behavioral boundaries for practitioners, explicitly listing illegal and non-compliant actions to avoid in market operations. Additionally, the Act establishes criminal liability clauses, imposing a "high-pressure line" on illegal activities in the crypto asset field, ensuring market transparency and order through severe penalties.

(1) Prohibited Actions and Penalties (Including Unlicensed Entities)

1. Licensed Entities

2. Unlicensed Entities

(2) Criminal Liability

Below are the main criminal offenses and penalties defined in the Act:

Transition Period and Implementation Timeline: Existing Enterprises Must Smoothly "Transition"

To help the market transition smoothly and avoid operational interruptions, the Act establishes a transition period for existing crypto asset service providers (VASPs): VASPs currently registered under anti-money laundering regulations can continue to operate in compliance with existing rules until July 1, 2026, but must gradually upgrade to the new standards until obtaining CASP authorization or the deadline. Below are the specific requirements for the transition period outlined in the Act, and market participants should also pay attention to the effective date of the secondary regulations accompanying the Act.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。