A Czech parent company operating a Polish subsidiary faces a compliance architecture that spans two legal systems simultaneously. Polish law imposes its own whistleblower protection rules, AML obligations, and ESG reporting requirements – none of which are automatically satisfied by a Czech-law compliance programme already in place at group level. The gap between what the parent assumes is covered and what Polish regulators actually require is where liability concentrates.

Czech Republic subsidiaries operating in Poland must build a standalone compliance programme that meets Polish statutory thresholds – including whistleblower channel obligations for entities with 50 or more employees, AML registration duties for designated obliged institutions, and CSRD Poland reporting timelines beginning in financial year 2025 for large entities. Failure to localise the group programme exposes the Polish subsidiary's management board to personal liability and regulatory sanctions. The compliance gap cannot be closed by a group policy alone – Polish law requires documented, locally implemented procedures.

This alert covers three areas: what has changed in Polish compliance law, which Czech-owned subsidiaries are affected by specific thresholds, and what actions management boards must take now. The structure follows the ALERT format – change, scope, response – with concrete deadlines attached to each item.

What has changed in Polish compliance requirements?

Poland implemented the EU Whistleblowing Directive through the Act on the Protection of Whistleblowers, which entered into force in September 2024. The law requires every private-sector employer with 50 or more employees to establish an internal reporting channel, appoint a responsible person, and publish a reporting procedure. Entities with fewer than 50 employees in certain regulated sectors – including financial services and AML-obliged institutions – face the same obligation regardless of headcount. Non-compliance carries fines and personal liability for management board members.

On the AML front, the Ustawa o przeciwdziałaniu praniu pieniędzy i finansowaniu terroryzmu (Act on Counteracting Money Laundering and Terrorism Financing, AML Act) imposes customer due diligence, beneficial ownership registration with the Central Register of Beneficial Owners (Centralny Rejestr Beneficjentów Rzeczywistych, CRBR), and transaction monitoring obligations on a defined list of obliged institutions. Czech-owned subsidiaries operating in financial intermediation, real estate, or accounting services in Poland fall within this list automatically. The General Inspector of Financial Information (Generalny Inspektor Informacji Finansowej, GIIF) supervises compliance and may impose administrative fines reaching PLN 1,000,000 per violation.

ESG reporting obligations are expanding under CSRD Poland timelines. Large entities – defined as exceeding two of three thresholds (250 employees, EUR 40m net turnover, EUR 20m balance sheet total) – must report for financial year 2025, with the first sustainability report due in 2026. Czech parent companies that consolidate a large Polish subsidiary into their group accounts face dual reporting exposure: Czech statutory obligations and Polish standalone requirements where the subsidiary qualifies independently.

The National Court Register (Krajowy Rejestr Sądowy, KRS) and the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego, KNF) have both increased scrutiny of compliance documentation submitted by foreign-owned entities since mid-2024. A compliance programme that exists only in Czech language at group level will not satisfy KRS or KNF documentary requirements.

Which Czech subsidiaries are affected and what must they do now?

Scope depends on three thresholds. First, headcount: any Polish subsidiary with 50 or more employees must have a functioning whistleblower channel operational now – the September 2024 deadline has already passed. Second, sector: subsidiaries in AML-obliged sectors must have a documented AML internal procedure, a compliance officer designation, and CRBR registration reflecting the current beneficial ownership structure. Third, size: subsidiaries qualifying as large entities under CSRD Poland criteria must begin collecting sustainability data for FY2025 immediately, since the reporting window opens in early 2026.

We assisted a Czech manufacturing group's Mazowieckie subsidiary in closing a compliance gap across all three areas in autumn 2025. The subsidiary had a group-level code of conduct translated into Polish but lacked a standalone whistleblower procedure, had not updated its CRBR entry following a group restructuring, and had no ESG data collection process in place. Remediation required eight weeks and covered policy drafting, CRBR amendment, and a data gap analysis against ESRS standards.

Immediate action items for management boards of Czech-owned Polish subsidiaries:

  • Audit the existing group compliance programme against Polish statutory requirements – not just translation, but substantive localisation
  • Verify the CRBR entry reflects the current beneficial ownership chain, including any Czech parent restructurings in the past 12 months
  • Establish or audit the internal whistleblower reporting channel if headcount reaches or exceeds 50 employees
  • Determine whether the subsidiary qualifies as a large entity under CSRD thresholds and begin FY2025 data collection
  • Designate a named compliance officer in Poland – group-level designation in Prague does not satisfy Polish law

For subsidiaries involved in employee relocation between the two countries, compliance obligations intersect with employment law. The global mobility framework for Czech employees relocating to Poland affects which employment law obligations apply and, consequently, which whistleblower channel those employees must be able to access. Getting the employment structure wrong invalidates the whistleblower procedure for a segment of the workforce.

Czech subsidiaries with supply chain exposure should also review their ESG due diligence obligations. The Corporate Sustainability Due Diligence Directive (CSDDD) will impose supply chain obligations on large entities from 2027 onward. Starting the ESG due diligence process for Polish supply chains now avoids a compressed remediation timeline later. Entities that have already built a whistleblower compliance infrastructure find the supply chain due diligence process significantly faster to implement.

The compliance architecture for a Czech subsidiary in Poland is not a one-time project. It requires annual review cycles, CRBR update monitoring, and integration with group reporting. Subsidiaries that treat it as a checkbox exercise – rather than a live programme – accumulate regulatory risk that surfaces during KNF inspections or GIIF audits, often at the worst possible moment for the parent group.

For context on how similar compliance structures are designed for subsidiaries from other jurisdictions, the compliance programme framework for Ukrainian subsidiaries in Poland illustrates the localisation methodology that applies across all foreign-owned entities operating under Polish law.

Specific situations require specific assessment. If your Czech subsidiary has undergone a restructuring, crossed a headcount threshold, or has not reviewed its Polish compliance documentation since 2023, the risk of an undetected gap is material. To receive an expert assessment of your subsidiary's compliance status, contact info@kordeckipartners.com.

Frequently asked questions

Q: Does a group-level compliance programme approved by the Czech parent satisfy Polish law?

A: No. Polish law requires locally implemented procedures in Polish language, with a designated responsible person based in Poland. A group policy – even one translated into Polish – does not satisfy the whistleblower channel requirement, the AML internal procedure obligation, or CSRD reporting requirements. Each must be implemented as a standalone Polish-law document with named individuals responsible for its operation.

Q: What is the deadline for establishing a whistleblower channel, and what happens if it is missed?

A: The deadline for private-sector employers with 50 or more employees was September 2024. That deadline has passed. Entities that have not yet implemented a compliant channel are already in breach. Management board members may face personal fines. The channel must include a documented reporting procedure, a confidentiality mechanism, and a follow-up obligation within three months of receiving a report.

Q: Is CSRD reporting required for a Polish subsidiary if the Czech parent already reports at group level?

A: It depends on whether the Polish subsidiary qualifies independently as a large entity. If it exceeds two of the three size thresholds – 250 employees, EUR 40m turnover, EUR 20m balance sheet – it may face standalone reporting obligations even where the parent consolidates it. The exemption for subsidiaries included in a parent's consolidated sustainability report has conditions that must be verified against the specific group structure. A compliance lawyer Warsaw-side review is advisable before assuming the exemption applies.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to ESG compliance, whistleblower programme design, AML advisory, and CSRD reporting. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.