EU funds compliance – KPO and RRF requirements

A Warsaw-based technology company wins a KPO grant worth EUR 3m. Six months later, an audit by the Ministry of Funds and Regional Policy identifies a procurement irregularity. The grant is suspended. Recovery proceedings begin. The company faces repayment of the full disbursed amount – with interest.

EU funds compliance under Poland's National Recovery and Resilience Plan (Krajowy Plan Odbudowy, KPO) and the broader Recovery and Resilience Facility (RRF) framework requires beneficiaries to meet overlapping obligations in procurement, reporting, anti-fraud, and sustainability. Polish law implements these requirements through the Act on Supporting Sustainable Development (ustawa o wspieraniu zrównoważonego rozwoju) and sector-specific grant agreements. A single material breach can trigger full grant recovery, with no ceiling on the repayment obligation.

This page sets out the regulatory framework, the instruments used to verify compliance, the most common pitfalls for Polish and foreign beneficiaries, and a practical checklist for self-assessment. The structure follows the problem-to-solution logic that fund recipients face in practice: understanding the rules, managing the audit cycle, and protecting the grant against recovery claims.

What does KPO compliance actually require?

KPO compliance is not a single obligation. It is a layered system of conditions attached at three levels: the European Commission's RRF Regulation, Poland's implementation framework, and the individual grant agreement. Each level adds requirements. Missing any one of them can constitute a breach at the level above.

At the European level, the RRF Regulation requires Poland to meet milestones and targets tied to each disbursement tranche. These milestones cover structural reforms and investment outputs. Beneficiaries contribute to milestone achievement indirectly – their projects must deliver measurable results on time. Delays of more than 90 days in reporting project outputs can trigger a milestone failure at the national level, which in turn blocks the next tranche from Brussels.

At the national level, the Ministry of Funds and Regional Policy (Ministerstwo Funduszy i Polityki Regionalnej) acts as the implementing body. It coordinates with the Court of Audit (Najwyższa Izba Kontroli, NIK) and the Central Anti-Corruption Bureau (Centralne Biuro Antykorupcyjne, CBA) on irregularity investigations. Beneficiaries must comply with the Public Procurement Law (Prawo zamówień publicznych, PZP) even when they are private entities, if the grant exceeds certain thresholds. The threshold for full PZP application currently stands at PLN 130,000 net for services and supplies.

At the agreement level, grant contracts typically impose additional conditions: branding requirements, data retention for at least five years after project closure, prohibition of double financing, and ESG reporting obligations that increasingly align with CSRD Poland standards. Failure to maintain documentation for the full retention period is one of the most frequently cited grounds for recovery.

Milestone and target reporting within agreed deadlines
Procurement compliance, including records of competitive selection
No double financing from other EU instruments
Data and document retention for a minimum of five years
ESG and sustainability conditions embedded in the grant agreement

How do Polish authorities audit KPO beneficiaries?

Audits under the KPO framework follow a structured cycle. The implementing body conducts administrative verification at each payment claim. On-site controls are triggered by risk scoring, random selection, or third-party complaints. The European Anti-Fraud Office (OLAF) retains the right to conduct its own investigations independently of national authorities.

Administrative verification checks every payment request against supporting documents. Auditors examine invoices, procurement records, bank statements, and payroll data. A discrepancy between the declared expenditure and the supporting documentation – even a formatting error on an invoice – can result in an ineligible cost finding. Ineligible costs are deducted from the payment and, if already reimbursed, become a recovery claim. Recovery carries statutory interest from the date of the original disbursement.

We secured a reversal of an ineligible cost finding exceeding PLN 1.8m for a manufacturing client in the Mazowieckie region (autumn 2025). The finding had been based on an incomplete procurement file. We reconstructed the documentation trail and demonstrated that the competitive selection had in fact been conducted. The recovery claim was withdrawn within 60 days of our formal objection.

On-site controls are more intrusive. Auditors arrive with a checklist derived from the grant agreement and the applicable PZP provisions. They inspect physical assets, interview project staff, and cross-reference financial records. Beneficiaries have the right to be present and to submit explanations. However, explanations submitted after the draft audit report is issued carry less weight than those given during the on-site visit. Preparing staff for on-site interviews is therefore a practical priority, not an administrative formality.

OLAF investigations are rare but consequential. They can result in recommendations to the Commission to exclude Poland from a disbursement tranche. For the individual beneficiary, an OLAF finding of fraud forfeits the right to any future EU funding – a preclusive consequence with no time limit. Early cooperation with national auditors is almost always the better strategy. For more on how compliance programmes reduce audit exposure, see our guide on compliance programme design for subsidiaries in Poland.

What are the most common compliance pitfalls for KPO beneficiaries?

Procurement errors account for the largest share of recovery claims in Poland's KPO portfolio. The most frequent issue is inadequate documentation of the competitive selection process. Polish law requires beneficiaries to demonstrate that they obtained at least three comparable offers before awarding a contract above PLN 50,000 net. Many companies conduct the comparison informally, by email, without retaining a structured record. An auditor who cannot reconstruct the selection process from the file will treat the expenditure as ineligible.

Double financing is the second most common ground for recovery. A company that receives a KPO grant for equipment and simultaneously claims depreciation of the same equipment as an eligible cost under a separate EU programme triggers double financing. The prohibition applies even where the overlap is unintentional. Beneficiaries operating across multiple EU funding streams – Structural Funds, Horizon Europe, and KPO simultaneously – must maintain a cost allocation matrix that demonstrates clean separation.

ESG conditions embedded in grant agreements are increasingly specific. KPO investments are required to comply with the "do no significant harm" (DNSH) principle under the RRF Regulation. This means that a project must not materially harm any of the six environmental objectives defined in the EU Taxonomy Regulation. In practice, beneficiaries are asked to self-certify DNSH compliance at the application stage and to maintain supporting evidence throughout the project. Where a company's activities later diverge from the self-certification – for example, due to a change in production process – the grant agreement may be terminated.

Whistleblower compliance is a related risk. Poland's Act on the Protection of Whistleblowers (ustawa o ochronie sygnalistów) requires companies with 50 or more employees to maintain an internal reporting channel. KPO grant agreements increasingly reference this obligation as a condition of funding. A beneficiary without a functioning whistleblower channel may face a finding that it has breached the grant's anti-fraud conditions. For technical requirements on channel design, see our article on whistleblower channel design.

How should foreign investors structure KPO participation?

Foreign investors entering the Polish market through KPO-funded projects face an additional layer of complexity. The grant agreement is concluded with the Polish entity – typically a subsidiary or a special-purpose vehicle registered with the National Court Register (KRS). The parent company abroad is not a party to the agreement. However, grant conditions often extend to the group level through provisions on related-party transactions, transfer pricing, and AML compliance.

Our team obtained interim measures protecting assets worth over EUR 4m for a German investor's subsidiary in Lower Silesia (spring 2025), where a KPO audit had incorrectly characterised an intragroup service fee as double financing. The key issue was whether the fee reflected arm's-length pricing. We engaged a transfer pricing specialist and submitted a benchmarking report within the 14-day response window. The audit finding was reversed on administrative appeal.

AML obligations apply to KPO beneficiaries that qualify as obligated institutions under the Anti-Money Laundering Act (ustawa o przeciwdziałaniu praniu pieniędzy). Even where the beneficiary is not itself an obligated institution, the implementing body will conduct beneficial ownership verification through the Central Register of Beneficial Owners (Centralny Rejestr Beneficjentów Rzeczywistych, CRBR). Discrepancies between the CRBR entry and the actual ownership structure are treated as a red flag and can delay grant disbursement by several months.

Foreign investors should also consider the interaction between KPO conditions and CSRD Poland obligations. Large companies and their subsidiaries subject to the Corporate Sustainability Reporting Directive will need to produce sustainability reports covering Scope 1, 2, and 3 emissions. KPO grant agreements increasingly require beneficiaries to align their ESG reporting with these standards. A company that has not yet begun its CSRD implementation journey may find that the grant's sustainability conditions are more demanding than anticipated. For a practical overview of GDPR and broader compliance gaps that affect data handling in KPO projects, see our article on GDPR audit and compliance gaps in Polish companies.

The decision matrix for structuring KPO participation depends on three variables: the size of the grant, the sector, and the ownership structure. Grants above EUR 1m warrant a dedicated compliance function within the Polish entity. Grants in regulated sectors – energy, healthcare, financial services – require additional regulatory sign-off from the Polish Financial Supervision Authority (KNF) or sector-specific bodies. Groups with complex ownership structures should resolve CRBR discrepancies before submitting the grant application, not after.

What should beneficiaries prepare before an audit?

Audit readiness is not the same as compliance. A company can be substantively compliant but fail an audit because its documentation is incomplete or poorly organised. Polish auditors follow standardised checklists. Knowing the checklist in advance – and organising the file to match it – materially reduces the risk of an ineligible cost finding.

The following checklist covers the minimum documentation requirements for a KPO on-site audit. Each item corresponds to a standard audit checkpoint.

Complete procurement file: solicitation documents, at least three comparable offers, selection protocol, and signed contract
Financial records: invoices, bank transfer confirmations, and payroll extracts for all eligible costs
Asset register: physical inventory of all equipment purchased with grant funds, with serial numbers and location records
DNSH self-certification: original application declaration plus any updates reflecting changes in project scope
Whistleblower channel documentation: policy, channel technical specification, and evidence of employee notification

Beyond documentation, beneficiaries should designate a single point of contact for the audit. This person should have authority to provide explanations on behalf of the company and access to all project files. Fragmented responses – where different departments give inconsistent answers to the same auditor question – are a significant source of avoidable findings. A compliance lawyer Warsaw-based or otherwise familiar with Polish audit procedure can prepare the team for the interview phase and review draft responses before submission.

The response window after a draft audit report is typically 14 days. This is a hard deadline. Submissions made after the window closes are not considered in the final report. Companies that receive a draft report on a Friday afternoon – a common occurrence – must be ready to mobilise legal and financial resources over the weekend. Having a pre-agreed escalation protocol reduces response time and improves the quality of the objection.

Specific attention to ESG reporting is warranted in the final project phase. Grant agreements typically require a sustainability impact assessment to be submitted alongside the final payment claim. This assessment must demonstrate that the project's outputs remain consistent with the DNSH self-certification made at application. Where the project has evolved – new subcontractors, changed production methods, expanded scope – the assessment must explain how DNSH compliance has been maintained throughout.

To receive an expert assessment of your KPO or RRF compliance position, contact info@kordeckipartners.com.

Every KPO beneficiary faces a specific combination of procurement obligations, ESG conditions, and audit risk that cannot be addressed with a generic checklist. A breach that goes unaddressed before the audit becomes an irreversible recovery claim once the final report is issued. Acting before the audit – not in response to it – is the only reliable way to protect the grant.

If your company holds a KPO or RRF grant above PLN 500,000 and has not conducted an internal compliance review in the past 12 months, we will audit your documentation file, identify exposure points, and prepare your team for the next control cycle: info@kordeckipartners.com.

Frequently asked questions

Q: How long does a KPO beneficiary need to retain project documentation?

A: Polish grant agreements implementing the RRF framework require beneficiaries to retain all project documentation for a minimum of five years after the date of the final payment. For projects involving state aid, the retention period extends to ten years from the date of aid award. The retention obligation covers financial records, procurement files, asset registers, and correspondence with the implementing body. Digital copies are acceptable provided they are stored in a format that cannot be altered without detection.

Q: Can a foreign parent company be held liable for a KPO compliance breach by its Polish subsidiary?

A: The grant agreement is concluded with the Polish entity, so the primary repayment obligation falls on the subsidiary. However, grant conditions frequently include provisions on group-level guarantees, particularly for grants above EUR 2m. Where the parent company has provided a guarantee or a comfort letter, it may be joined to recovery proceedings. Additionally, OLAF investigations can extend to the group level if fraud or systemic irregularity is suspected. A common misconception is that corporate separation fully insulates the parent – in practice, it does not where guarantee documents have been signed.

Q: What is the typical cost and timeline for resolving a KPO audit finding?

A: The administrative appeal against a draft audit finding must be submitted within 14 days. If the appeal is unsuccessful, the beneficiary may challenge the recovery decision before the administrative courts, with proceedings at first instance (the Regional Administrative Court, WSA) typically lasting 12 to 18 months. Legal costs for a contested recovery claim in the range of PLN 500,000 to PLN 2m typically range from PLN 30,000 to PLN 80,000 in legal fees, depending on complexity. Early engagement – before the draft report is finalised – is significantly cheaper and more likely to succeed than litigation.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to EU funds compliance, ESG reporting, and regulatory risk management. We work with Polish entrepreneurs, foreign investors, and in-house legal teams navigating KPO and RRF requirements, CSRD Poland obligations, and AML compliance. To discuss your situation, contact info@kordeckipartners.com.