A Kraków-based distributor of industrial components receives a routine order from a long-standing client. Before processing payment, a compliance officer runs a quick check. The counterparty's parent company appears on the EU's consolidated list of sanctioned entities. The transaction freezes. The distributor faces a choice: proceed and risk criminal liability, or halt operations and breach a commercial contract worth hundreds of thousands of euros.
EU sanctions regulations are directly applicable in Poland without any implementing act. Polish businesses must screen counterparties, freeze assets of designated persons, and report to the General Inspector of Financial Information (GIIF) within prescribed deadlines. Breaches carry criminal penalties of up to 10 years' imprisonment under Polish criminal law, alongside administrative fines. The obligation applies to every transaction, not only those in regulated sectors.
This guide explains the EU sanctions framework as it applies to Polish businesses – step by step. It covers the screening process, the three most common business scenarios, the compliance mistakes that lead to enforcement, and the questions clients ask most frequently. Deadlines and cost thresholds are identified at each stage.
How does the EU sanctions framework operate in Poland?
EU sanctions regulations take effect in Poland on the day of their publication in the Official Journal of the European Union. No separate Polish statute is required to make them binding. The National Court Register (KRS) does not flag sanctioned shareholders, so businesses must run independent checks. The Ministry of Finance and the GIIF serve as the primary supervisory authorities for sanctions enforcement in Poland.
The EU maintains a consolidated list of designated persons and entities. The list is updated without advance notice – sometimes multiple times within a single week. A counterparty that was clean on Monday may be designated by Thursday. Polish businesses that process payments or deliver goods after a designation are exposed to liability regardless of whether they were aware of the change.
The core obligations fall into three categories. First, asset freezing: any funds or economic resources belonging to a designated person must be frozen immediately upon designation. Second, the prohibition on making funds available: no new payments, loans, or transfers may flow to a designated person or entity. Third, reporting: any frozen assets or known violations must be reported to the GIIF within a statutory deadline – generally without delay and in practice within 24 hours of discovery.
- Screen counterparties against the EU consolidated list before each transaction
- Freeze assets immediately upon discovering a designation
- Report to the GIIF – do not wait for instructions
- Document every screening step with a timestamp
- Re-screen on contract renewal or change of beneficial ownership
The Polish Financial Supervision Authority (KNF) oversees sanctions compliance in the financial sector. Outside finance, the GIIF coordinates with the Central Anti-Corruption Bureau (CBA) and prosecutorial authorities. Enforcement has intensified since 2022. Businesses that relied on annual or quarterly screening cycles have found themselves exposed when designations occurred between checks.
What are the main compliance steps and timelines?
A sound compliance process runs in four phases: identification, screening, decision, and reporting. Each phase has a defined output and, where applicable, a statutory deadline. The entire cycle – from transaction initiation to compliance sign-off – should take no longer than one business day for standard transactions. Complex cases involving beneficial ownership chains may require up to 72 hours.
Phase one is counterparty identification. Collect the full legal name, registered address, and – critically – the ultimate beneficial owner (UBO) of every new counterparty. Polish law requires UBO disclosure through the Central Register of Beneficial Owners (CRBR). Cross-reference the CRBR entry against the EU consolidated list. Discrepancies in spelling or transliteration of names from Cyrillic or Arabic scripts are a common source of false negatives.
We secured a reversal of sanctions-related asset freeze proceedings for a manufacturing client in the Mazowieckie region (autumn 2025). The freeze had been triggered by a transliteration mismatch between the EU list and the counterparty's KRS registration. Early intervention – within 48 hours of the freeze – allowed the client to unblock funds exceeding PLN 800,000 before irreversible commercial damage occurred.
Phase two is screening. Use the EU's own search tool (the consolidated list is available on the European Commission's website) and supplement it with a commercial screening platform. Manual screening is acceptable for businesses with fewer than 50 transactions per month. Above that threshold, automated screening with daily list updates is the practical minimum.
Phase three is the decision point. If a match is confirmed, freeze immediately. Do not process the transaction while seeking legal advice. The freezing obligation is not discretionary. Seek legal advice in parallel – not as a precondition to freezing. If the match is a false positive, document the analysis in writing and retain it for at least five years.
Phase four is reporting. Confirmed matches must be reported to the GIIF. The report must identify the designated person, describe the frozen assets, and state the legal basis. Failure to report is itself a criminal offence under Polish anti-money laundering legislation, carrying penalties of up to PLN 1,000,000 in administrative fines for institutional failures.
Which business scenarios carry the highest risk?
Three scenarios generate the majority of sanctions breaches in Poland. Each involves a different entry point for exposure. Understanding the pattern helps businesses allocate compliance resources proportionately rather than treating every transaction identically.
Scenario one: the manufacturing exporter. A Polish manufacturer sells machinery to a distributor in a third country. The distributor is not on the EU list. However, the distributor's ultimate parent – two layers up the ownership chain – is a designated entity. The manufacturer is prohibited from making funds available to any entity owned or controlled by a designated person. Ownership above 50% triggers the prohibition automatically. Control through other means (board appointments, veto rights) also suffices. The manufacturer needs to trace the full ownership chain, not just the immediate counterparty.
Scenario two: the IT service provider. A Warsaw-based software company provides cloud hosting to a client whose beneficial owner becomes designated mid-contract. The company must suspend the service immediately – even though the contract predates the designation. No grandfathering applies. The company may apply to the GIIF for a licence to continue providing services in limited circumstances (for example, to wind down operations in an orderly manner), but the application does not suspend the prohibition. Processing fees for licences are modest, but the review period can extend to 30 business days.
Our team obtained interim measures protecting contract rights worth over EUR 2m for a technology client in Lower Silesia (spring 2025). The client's counterparty had been designated mid-contract, and the client faced competing obligations – the sanctions freeze on one side, a contractual penalty clause on the other. Early court intervention established a legal shield before the penalty clause activated.
Scenario three: the foreign investor's Polish subsidiary. A German group's Polish subsidiary holds a bank account used for intra-group transfers. The German parent has a minority shareholder who becomes designated. The Polish bank freezes the subsidiary's account under its own compliance protocols. The subsidiary must demonstrate – in writing, to the bank and to the GIIF – that the designated shareholder does not own or control the German parent above the relevant threshold. This requires legal analysis of the ownership structure and a formal opinion, typically delivered within five to seven business days. For related reading on cross-border disputes arising from such situations, see our guide on dispute resolution for Ukraine companies doing business in Poland.
What mistakes lead to enforcement action?
Enforcement by Polish authorities follows a recognisable pattern. The same mistakes appear repeatedly across sectors. Identifying them in advance is the most cost-effective form of compliance investment. Remediation after a breach is significantly more expensive than prevention – legal fees alone in a criminal sanctions investigation can exceed PLN 200,000 before the case reaches a court.
The first and most frequent mistake is screening only the direct counterparty. EU sanctions regulations extend the prohibition to entities owned or controlled by designated persons. A business that screens only the legal entity it contracts with – and ignores the UBO chain – has incomplete compliance. The GIIF and prosecutorial authorities do not accept "we checked the name on the invoice" as a defence.
The second mistake is treating sanctions compliance as a one-time exercise. Designations are added and, occasionally, removed throughout the year. A counterparty screened at contract signing must be re-screened at each payment milestone and at contract renewal. Businesses in the trading sector with high transaction volumes should implement automated daily rescreening.
The third mistake is delaying the freeze while seeking internal approval. The obligation to freeze is triggered by the designation, not by a board resolution or legal opinion. Every hour of delay after discovery increases criminal exposure. Internal escalation procedures must be designed so that the compliance officer can freeze unilaterally, with notification to management immediately after. For businesses navigating financial distress alongside sanctions exposure, the interaction with restructuring procedures is addressed in our analysis of simplified arrangement proceedings.
The fourth mistake – less obvious but equally serious – is failing to document false positives. When a screening match turns out to be a different person with a similar name, businesses often simply proceed with the transaction and make no record of the analysis. If the GIIF later audits the company, the absence of documentation is treated as evidence that no screening was performed at all. A written false-positive memo, timestamped and signed, is the minimum required record. For enforcement proceedings that cross borders, including recognition of foreign judgments in Polish courts, our step-by-step guide on enforcing a Luxembourg judgment in Poland provides relevant procedural context.
For businesses that are themselves parties to disputes arising from sanctions-related contract suspensions, the path to litigation Warsaw courts or arbitration Poland proceedings requires careful preparation. The sanctions freeze does not extinguish contractual obligations – it creates a force majeure-adjacent situation that must be pleaded correctly to avoid liability.
To discuss how your company's specific sanctions exposure should be assessed – before enforcement action precludes orderly remediation – contact info@kordeckipartners.com.
If your business has processed a transaction involving a counterparty now under review, or if a bank has frozen accounts citing sanctions compliance, our dispute lawyer team will conduct a rapid legal assessment, identify your reporting obligations, and represent you before the GIIF or in court: info@kordeckipartners.com.
Frequently asked questions
Q: Does EU sanctions compliance apply to Polish SMEs, or only to banks and large corporates?
A: EU sanctions regulations apply to every natural and legal person in Poland, regardless of size or sector. A sole trader selling goods online is bound by the same asset-freezing and reporting obligations as a major bank. The GIIF has issued guidance confirming that no sector exemption exists. The practical difference is that smaller businesses are less likely to have automated screening tools – which increases, rather than reduces, their risk of inadvertent breach.
Q: How long does it take to obtain a licence from the GIIF to continue a frozen transaction?
A: The standard review period for a GIIF licence application is up to 30 business days from submission of a complete application. In urgent cases involving humanitarian considerations, the GIIF may act faster, but no statutory fast-track procedure exists. During the review period, the prohibition remains in full force. Businesses should budget for at least six weeks of operational disruption when planning a licence application, and should seek legal advice before submitting to avoid rejection on procedural grounds.
Q: Is it a common misconception that a contract signed before a designation provides legal protection?
A: Yes – this is one of the most frequent misunderstandings in sanctions compliance. EU sanctions regulations contain no grandfathering provision for pre-existing contracts. The moment a counterparty is designated, all obligations under any contract with that party are subject to the freeze and prohibition on making funds available. The only route to continued performance is a GIIF licence. Businesses that proceed under pre-existing contracts without a licence face the same criminal exposure as those entering new contracts with designated persons.
KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to sanctions compliance, commercial litigation, and arbitration. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.