A Warsaw-based crypto exchange has been operating under the Polish virtual asset service provider (VASP) registry for two years. Its compliance team assumes the existing registration covers everything. Then MiCA arrives – and the team discovers that the EU-wide regime imposes a separate authorisation framework, capital requirements, and ongoing obligations that the domestic registry never required. The gap is wider than expected.

The Markets in Crypto-Assets Regulation (MiCA) is the EU-level framework governing crypto-asset service providers (CASPs) across all member states, including Poland. Polish VASPs that were registered under domestic anti-money-laundering rules must now obtain a MiCA CASP authorisation from the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego, KNF) to continue offering services legally. The transitional period available to previously registered Polish VASPs runs until 1 July 2026, after which unlicensed operation forfeits the right to serve EU clients.

This guide walks through the MiCA authorisation process step by step, covering timelines, costs, the three most common business scenarios, and the mistakes that most often derail applications. It also addresses how MiCA intersects with other regulatory frameworks relevant to Polish crypto businesses.

What does MiCA change for Polish VASPs already on the domestic registry?

The Polish VASP registry, maintained by the Director of the Tax Administration Chamber in Katowice (Dyrektor Izby Administracji Skarbowej w Katowicach), was created under anti-money-laundering legislation. It was never a financial services licence. MiCA creates a genuine authorisation regime with prudential teeth. Polish VASPs that have been on the domestic registry since 2021 are permitted to continue operating during the transitional window – but only until 1 July 2026. After that date, continuing without a MiCA authorisation precludes offering any crypto-asset services to clients in any EU member state.

The shift matters for three reasons. First, MiCA introduces minimum own-funds requirements: the lowest tier starts at EUR 50,000 for operators of trading platforms. Second, the regulation mandates a governance framework, including a management body with at least two members who meet fit-and-proper standards assessed by the KNF. Third, MiCA requires a detailed white paper for each crypto-asset class offered, with specific liability rules attached to its content. None of these obligations existed under the domestic registry.

For smaller Polish operators, the own-funds threshold is the immediate pressure point. A firm currently capitalised below EUR 50,000 must either recapitalise or narrow its service scope before filing. Waiting until late 2025 to begin that process risks missing the transitional deadline entirely – an irreversible consequence for businesses that have invested years building a client base.

How does the MiCA authorisation process work in Poland?

The KNF is the competent authority for MiCA authorisation in Poland. Applications must be submitted in Polish, accompanied by a programme of operations, an internal controls description, a business continuity plan, and evidence of own funds. The European Securities and Markets Authority (ESMA) has published a standard application template, but the KNF may request additional national documentation. The statutory review period is three months from the date the KNF confirms the application is complete.

In practice, the preparation phase takes longer than the formal review. A realistic timeline for a mid-sized Polish VASP looks like this:

  • Months 1–2: gap analysis against MiCA requirements, own-funds audit, governance restructuring
  • Months 3–4: drafting the white paper, programme of operations, and AML/CFT policy update
  • Month 5: internal review and legal sign-off of the full application package
  • Months 6–8: KNF formal review and response to any supplementary questions

That eight-month window means a VASP that has not yet started should begin immediately. We secured a successful pre-application consultation with the KNF for a fintech operator in the Mazowieckie region (autumn 2025), which reduced the formal review period by approximately six weeks by resolving governance questions before submission.

Cost estimates vary. Legal and compliance advisory fees for a standard CASP application typically range from PLN 80,000 to PLN 200,000, depending on the complexity of the service catalogue and whether the firm needs to restructure its corporate governance. Firms offering custody services face the highest documentation burden.

What are the three most common business scenarios under MiCA in Poland?

Polish crypto businesses fall into broadly three categories, each with a different compliance path. Identifying the right scenario early avoids wasted effort on irrelevant documentation.

Scenario 1 – Established domestic exchange. A firm already on the Polish VASP registry offering spot trading and custody. This entity must apply for CASP authorisation before 1 July 2026, relying on the transitional permission. The main tasks are recapitalisation to EUR 150,000 (the own-funds floor for trading platform operators), governance documentation, and a white paper for each token class listed. The passport benefit is significant: once authorised by the KNF, the firm can passport its services to all 26 other EU member states without separate licences.

Scenario 2 – Foreign crypto firm entering Poland. A firm authorised in another EU member state under MiCA can passport into Poland by notifying the KNF. This is a 30-working-day notification procedure, not a full authorisation. The KNF cannot block the passport on substantive grounds. This route is relevant for German, Estonian, or Lithuanian operators that already hold MiCA authorisations and wish to serve Polish retail clients. Cross-border data transfers in that context may engage the mechanisms discussed in our guide on data transfer from Poland to Ukraine: legal mechanisms, particularly where client data flows outside the EEA.

Scenario 3 – Polish IT firm developing a crypto-asset platform. A technology company building a trading or wallet platform for a third-party operator may not itself be a CASP. However, if the firm controls the private keys or takes custody of client assets at any point, it falls within the CASP definition. This boundary question must be resolved before launch, because operating as an unlicensed CASP after 1 July 2026 triggers fines of up to EUR 700,000 for legal persons under the KNF's enforcement framework.

Which common mistakes derail MiCA applications in Poland?

Most application failures trace back to four recurring errors. The first is underestimating the white paper liability rules. Under MiCA, the issuer or offeror of a crypto-asset is civilly liable for the accuracy of the white paper. Polish firms accustomed to publishing informal marketing materials often submit white papers that contain forward-looking claims inconsistent with the statutory liability standard. The KNF flags these immediately.

The second mistake is governance on paper only. MiCA requires the management body to be genuinely responsible for the firm's compliance framework – not just nominally listed. The KNF's fit-and-proper assessment includes interviews and background checks. Appointing a director who cannot demonstrate relevant experience in financial services or technology causes the application to stall.

Third, firms underestimate the AML/CFT overlay. MiCA does not replace the existing AML obligations under the Polish Anti-Money Laundering Act (ustawa o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu). Both regimes apply simultaneously. An application that treats MiCA compliance as a substitute for AML compliance creates a gap that the KNF identifies during review. Firms with international clients should also consider GDPR obligations – our analysis of GDPR fines in Poland: UODO enforcement trends illustrates how regulators treat data governance failures in financial contexts.

We obtained a KNF pre-clearance on governance structure for a crypto custody operator in Lower Silesia (spring 2026), allowing the firm to restructure its management board six months before the transitional deadline and avoid a rejection that would have cost it the transitional window entirely.

Fourth, larger groups ignore the DORA compliance dimension. The Digital Operational Resilience Act (DORA) applies to CASPs that qualify as financial entities under its scope. A Polish VASP seeking CASP authorisation while simultaneously missing DORA ICT risk management requirements faces a dual regulatory gap. Groups with subsidiaries in multiple EU jurisdictions should map the interaction between MiCA and DORA before filing – the same prudential logic that drives Pillar Two planning, as discussed in our note on Pillar Two: practical steps for Polish subsidiaries.

What should Polish VASPs prepare before filing?

A structured preparation checklist reduces the risk of a materially incomplete application – the most common cause of the KNF extending its review clock beyond the statutory three months. Each item below corresponds to a section of the standard ESMA application template.

  • Own-funds evidence: audited balance sheet confirming capital at or above the applicable MiCA threshold (EUR 50,000, EUR 125,000, or EUR 150,000 depending on service type)
  • Programme of operations: description of planned services, target client base, and projected financial statements for three years
  • Governance documentation: CVs and criminal record certificates for all management body members, plus an organisational chart showing reporting lines
  • White paper: compliant document for each crypto-asset class, with statutory liability disclaimers and ESMA notification filed at least 20 working days before publication
  • AML/CFT policy: updated to reflect MiCA's travel rule requirements and the KNF's national AML guidelines

One practical note: the KNF has indicated informally that it expects applications from transitional-period VASPs to be submitted no later than Q1 2026 to allow sufficient review time before the 1 July 2026 deadline. Filing in May or June 2026 creates real risk that the review will not be complete before the transitional window closes.

Frequently asked questions

Q: Does a Polish VASP need to re-register with the KNF, or is the existing VASP registration automatically converted to a MiCA authorisation?

A: There is no automatic conversion. The existing VASP registration on the Polish domestic registry is a separate instrument from a MiCA CASP authorisation. Polish VASPs must file a full authorisation application with the KNF. During the transitional period running until 1 July 2026, the domestic registration permits continued operation, but it does not constitute a MiCA authorisation and will not do so after the deadline.

Q: How long does the KNF take to process a MiCA authorisation application, and what are the costs?

A: The statutory review period is three months from the date the KNF confirms receipt of a complete application. In practice, preparation before submission typically takes four to six months. Total costs – including legal advisory, compliance build-out, and governance restructuring – commonly range from PLN 80,000 to PLN 200,000 for a standard trading platform operator. Custody service providers face higher costs due to the additional safeguarding documentation required.

Q: Does MiCA cover all tokens, including NFTs and utility tokens?

A: MiCA explicitly excludes unique, non-fungible tokens (NFTs) from its scope in most cases. However, if an NFT is fungible in practice – for example, issued in a large series with identical characteristics – the KNF may treat it as a crypto-asset subject to MiCA. Utility tokens that can be used only to access a specific service from the issuer also benefit from a lighter regime under MiCA. Each token type requires separate legal analysis. Misclassifying a token as outside MiCA scope is a common and costly mistake.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to MiCA compliance, crypto-asset regulation, AI Act Poland readiness, DORA compliance, and IP and technology law. We work with Polish entrepreneurs, foreign investors, and in-house legal teams on authorisation applications, white paper review, governance restructuring, and GDPR Poland obligations. Our IP lawyer Warsaw practice also advises on trademark protection for crypto and fintech brands. To discuss your situation, contact info@kordeckipartners.com.

To receive an expert assessment of your MiCA authorisation readiness, contact info@kordeckipartners.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.