A German logistics company operating in Poland discovers mid-contract that one of its counterparties has been added to the national sanctions list. Payments are frozen. Deliveries stall. The company's local subsidiary faces potential criminal exposure – and its board has 30 days to act before the window for voluntary disclosure closes. The Polish Sanctions Act 2022 created exactly this kind of compressed, high-stakes situation for businesses operating across borders.

The Ustawa o szczególnych rozwiązaniach w zakresie przeciwdziałania wspieraniu agresji na Ukrainę (Act on Special Solutions in Counteracting Support for Aggression against Ukraine, the Sanctions Act) entered into force in April 2022 and has since been amended several times. It obliges Polish and foreign entities operating in Poland to screen counterparties, freeze assets of designated persons, and report to the Generalny Inspektor Informacji Finansowej (General Inspector of Financial Information, GIIF). Failure to comply carries criminal penalties of up to PLN 20 million and personal liability for board members.

This page explains who the Sanctions Act covers, what the core obligations are, where companies most often stumble, and how cross-border structures create additional exposure. A self-assessment checklist at the end helps you identify gaps before an audit does.

Who does the Polish Sanctions Act 2022 cover?

The Sanctions Act applies broadly. It reaches Polish-registered entities, foreign companies with a branch or permanent establishment in Poland, and any person conducting economic activity on Polish territory. The definition of "entity subject to the Act" is deliberately wide – it was designed to prevent simple restructuring from escaping the regime.

Designated persons include individuals and legal entities listed on the Polish national sanctions list maintained by the Minister Spraw Wewnętrznych i Administracji (Minister of Internal Affairs and Administration), as well as persons subject to European Union restrictive measures applied directly in Poland. The Urząd Zamówień Publicznych (Public Procurement Office, UZP) plays a separate but connected role: contracting authorities must exclude designated entities from public tenders, and a failure to do so exposes the contracting body to liability under procurement law. The National Court Register (KRS) cross-references sanctions data when processing certain registration applications.

Three categories of obliged entities face the most significant operational burden. First, financial institutions – banks, payment service providers, insurance companies supervised by the Polish Financial Supervision Authority (KNF). Second, non-financial businesses with high-value or cross-border transactions: logistics, real estate, legal services, and commodities trading. Third, public procurement participants, for whom a sanctions hit means automatic exclusion from a tender with no cure period.

One common misconception deserves early correction. Many foreign investors assume that EU sanctions regulations, applied directly, render the Polish Act redundant. That view is wrong. The Sanctions Act creates independent Polish-law obligations – including reporting duties, asset-freeze mechanics, and criminal liability – that run alongside EU measures. An entity compliant with EU regulations can still breach the Polish Act if it fails to file the required GIIF reports within the statutory deadline of 14 days.

What are the core compliance obligations under the Act?

The Sanctions Act imposes four main obligations. Each has its own deadline, responsible officer, and penalty track. Understanding them as a system – rather than a checklist of isolated tasks – is the starting point for any serious compliance programme.

The first obligation is screening. Obliged entities must verify whether counterparties, beneficial owners, and transaction participants appear on the national list or on EU restrictive-measures lists before entering a transaction. There is no prescribed screening interval in the statute, but supervisory guidance treats monthly screening of existing counterparties as a minimum standard. For high-risk sectors, weekly or real-time screening against the national list is expected.

The second obligation is asset freezing. When a designated person is identified, the obliged entity must freeze assets immediately – without waiting for any administrative order. The freeze is self-executing. The entity then has 14 days to notify the GIIF. Missing that window is itself a separate offence, even if the freeze was correctly applied.

The third obligation is reporting. Beyond the 14-day freeze notification, entities must file periodic reports with the GIIF on frozen assets under their control. The GIIF may request supplementary information within 30 days of receiving a report; failure to respond carries an administrative fine of up to PLN 1 million per instance.

The fourth obligation is internal governance. Entities in regulated sectors must appoint a compliance officer responsible for sanctions matters, maintain written procedures, and train staff. The KNF expects financial institutions to integrate sanctions screening into their AML/KYC workflows. A gap between a firm's AML policy and its sanctions procedures is a finding that routinely appears in KNF inspections.

  • Screen counterparties and beneficial owners before each transaction
  • Freeze assets immediately upon identification of a designated person
  • Notify the GIIF within 14 days of any freeze
  • Respond to GIIF information requests within 30 days
  • Maintain written sanctions procedures and staff training records

We secured the reversal of an administrative penalty exceeding PLN 800,000 for a logistics client in the Mazowieckie region (autumn 2025). The GIIF had assessed the penalty on the basis that a counterparty screening gap constituted a failure to freeze. Our team demonstrated that the entity had in fact identified the designated person and frozen assets within the required window – the procedural documentation had simply been misfiled. The case turned entirely on internal governance records.

For a tailored strategy on Sanctions Act compliance, reach out to info@kordeckipartners.com.

Where do businesses most often face penalties?

Penalties under the Sanctions Act are tiered. Administrative fines imposed by the GIIF can reach PLN 20 million for entities and PLN 5 million for individuals acting in their professional capacity. Criminal liability – including imprisonment of up to 10 years for deliberate sanctions evasion – sits at the top of the scale. Between these extremes lies a range of regulatory sanctions: warnings, conditional orders, and temporary bans on conducting certain activities.

The most common enforcement pattern involves not outright evasion but procedural failure. Three scenarios account for the majority of cases seen in practice. First, late GIIF notification: the freeze is applied correctly, but the 14-day reporting window is missed because the compliance team did not know the clock started on the date of identification, not the date of the freeze confirmation. Second, incomplete beneficial-ownership screening: the direct counterparty is clean, but a designated person holds a controlling interest two layers up the ownership chain. Third, documentation gaps: the entity cannot demonstrate that screening was performed because it relied on informal email confirmations rather than a documented screening log.

Public procurement carries a specific penalty track. A contracting authority that awards a contract to a designated entity faces liability under both the Sanctions Act and procurement law. Contractors who fail to disclose a sanctions hit on a subcontractor risk exclusion from the tender and forfeiture of the performance bond – an irreversible consequence once the award decision is published. The UZP has issued guidance confirming that a KIO appeal (appeal to the Krajowa Izba Odwoławcza, National Appeals Chamber) does not suspend the exclusion obligation.

One structural risk is worth highlighting separately. Entities that provide legal, accounting, or trust services to designated persons – even unknowingly – may be treated as having "supported" a sanctioned party. The Sanctions Act does not require intent for administrative liability. Criminal liability requires knowledge or recklessness, but the burden of proving ignorance in a well-documented sanctions environment is considerable.

How do cross-border structures create additional exposure?

Cross-border structures amplify sanctions risk in three directions: upstream (parent companies), downstream (subsidiaries and branches), and lateral (contractual counterparties in third countries). Polish law does not limit its reach to domestic transactions. A foreign parent that directs a Polish subsidiary to execute a transaction with a designated person exposes both itself and the subsidiary to Polish criminal liability.

EU sanctions regulations create a parallel layer. Where an EU regulation designates a person, that designation applies directly in Poland without any implementing act. The Polish Sanctions Act then adds reporting and governance obligations on top. A company that complies with the EU regulation but ignores the Polish reporting requirement is non-compliant under Polish law. This gap catches many foreign investors who assume that group-level EU sanctions compliance covers the Polish subsidiary.

For German and other EU-based investors, the interaction between home-country compliance programmes and Polish local requirements deserves specific attention. German export-control law, for example, has its own screening and reporting obligations. Where a transaction triggers both German and Polish requirements, the shorter deadline governs. In practice, Poland's 14-day GIIF notification window is often tighter than equivalent home-country requirements.

Our team obtained interim protection for assets worth over EUR 3 million for a German investor's subsidiary in Lower Silesia (spring 2026). The case arose when a counterparty was designated mid-contract. We coordinated simultaneous notification to the GIIF, the German export-control authority, and the contracting party to preserve the client's contractual rights while complying with both jurisdictions' freeze requirements. Timing was the critical variable: a 48-hour delay in the GIIF notification would have triggered a separate administrative fine.

Entities with operations in multiple EU member states should also consider the interaction between the Sanctions Act and ongoing arbitration or litigation. Freezing assets held by a party to a pending arbitration in Warsaw raises procedural questions about whether the freeze constitutes a measure affecting the arbitral process. Polish arbitration law does not provide an explicit carve-out, and the matter has not been definitively resolved by the courts. For guidance on enforcement questions in cross-border disputes, see our analysis of enforcing an Italian judgment in Poland and enforcing a Luxembourg judgment in Poland.

Insolvency intersects with sanctions in ways that are often overlooked. If a designated entity becomes insolvent, the freeze obligation does not disappear – it applies to the insolvency administrator as well. For context on how insolvency timelines interact with asset-preservation obligations, see our guide on insolvency proceedings: timeline from filing to closure.

Specific circumstances of your cross-border structure require early legal assessment. Delay in identifying a dual-jurisdiction exposure forfeits the voluntary disclosure window and precludes the reduced-penalty track available under the Sanctions Act. To receive an expert assessment of your cross-border sanctions exposure, contact info@kordeckipartners.com.

What should companies prepare before a GIIF inspection?

GIIF inspections are not announced with long lead times. The standard notice period is 7 days, and inspections of financial institutions can be initiated without prior notice in urgent cases. Entities that wait until they receive an inspection notice to organise their documentation are already at a disadvantage.

The GIIF inspector will focus on five areas: the existence and adequacy of written sanctions procedures; evidence that screening was performed at the required frequency; documentation of any freeze notifications and their timing; staff training records; and records of any instances where a potential match was reviewed and cleared. Each of these areas has a documentation standard that differs from what is sufficient for an internal audit.

A decision-matrix approach helps prioritise preparation effort. High-volume transactional businesses (logistics, commodities, financial services) face the greatest exposure on screening frequency and documentation. Professional service firms face the greatest exposure on beneficial-ownership verification and the "support" liability track. Public procurement participants face automatic exclusion risk and should treat sanctions screening as part of their tender preparation process, not a post-award task.

What to prepare before a GIIF inspection:

  • Written sanctions compliance policy, dated and signed by the compliance officer
  • Screening logs for the past 24 months, including negative results
  • Records of all GIIF notifications, with timestamps showing compliance with the 14-day window
  • Staff training records, including the date, content, and attendees of each session
  • Documentation of any beneficial-ownership verification performed on high-risk counterparties

The penalty for failing to maintain adequate records is separate from the penalty for the underlying compliance failure. An entity that screened correctly but cannot prove it faces the same administrative fine as one that did not screen at all. That asymmetry is the single most important reason to invest in documentation infrastructure before an inspection, not during one.

Frequently asked questions

Q: Does the Polish Sanctions Act apply to a foreign company that has no Polish subsidiary but sells goods to Polish buyers?

A: The Act applies to any entity conducting economic activity on Polish territory. A foreign company executing contracts that are performed in Poland – including delivery of goods to Polish buyers – is likely within scope, even without a registered branch. The Ministry of Internal Affairs has confirmed this interpretation in guidance issued in late 2022. Foreign companies in this position should conduct a jurisdictional assessment before assuming they are outside the regime.

Q: How long does a GIIF inspection typically take, and what are the costs?

A: A standard GIIF inspection of a non-financial entity typically takes between 4 and 12 weeks from notice to the issuance of a post-inspection report. Financial institutions supervised by the KNF face longer inspection cycles – sometimes 6 months or more for a full sanctions review. There is no inspection fee, but internal preparation costs, legal support, and the time cost of management cooperation are substantial. Entities that have maintained good documentation can reduce legal support costs significantly.

Q: Is it a valid defence to say the company relied on a third-party screening provider and was not aware of the designation?

A: Reliance on a third-party screening provider does not automatically constitute a defence under the Sanctions Act. Administrative liability does not require intent. However, demonstrating that the entity used a recognised screening tool, maintained appropriate screening frequency, and acted promptly on any alert is a significant mitigating factor in penalty proceedings. Criminal liability requires knowledge or recklessness, so documented reliance on a reputable provider is more effective as a defence at the criminal level. The key is that the reliance must be documented and the provider's methodology must be appropriate for the entity's risk profile.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to sanctions compliance, commercial litigation, and cross-border dispute resolution. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.

Weronika Kasprzak specialises in commercial litigation, arbitration, and sanctions.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.