1 July 2026 may prove to be one of the most important dates for the Polish crypto-asset market. On that date, the transitional period available to entities entered in the Register of Virtual Currency Activities (VASP Register) will come to an end.
The problem is that Poland still has not adopted a Crypto-Assets Market Act. This legislation was intended to establish a national framework for the supervision of crypto-asset service providers (CASPs) and introduce the mechanisms necessary for the practical application of MiCA.
In May 2026, the Polish Parliament passed the Crypto-Assets Market Act for the third time. Today the legislative process once again ended with a presidential veto. As a result, Poland remains one of the last European Union Member States that has not yet adopted a comprehensive legal framework governing the crypto-asset market.
For many entities entered in the VASP Register, the key question is what will happen after 1 July 2026 and whether VASPs will be able to continue operating without significant legal uncertainty.
What this article covers
- 1
- 2
- 3
- 4
- 5
The third veto of the Crypto-Assets Market Act
In May 2026, the Polish Parliament passed the Crypto-Assets Market Act for the third time. The Act was intended to serve as the primary legal framework governing the crypto-asset market in Poland and to designate the authority responsible for supervising CASPs.
The third version largely repeated the solutions contained in the two previous bills that had already been vetoed by the President. Once again, the government proposal provided for extensive supervisory powers for the Polish Financial Supervision Authority (KNF) and a broad system of administrative and criminal sanctions.
Compared to the previous versions, the third bill introduced even stricter sanctions applicable to crypto-asset market participants. The government justified these changes by referring to the need for stronger consumer protection in the cryptocurrency sector.
An important background factor was the Zondacrypto case. Zondacrypto was a cryptocurrency exchange with Polish roots operating under an Estonian licence. In 2026, clients encountered difficulties in accessing services provided by the company and withdrawal of their deposits. These events became one of the main arguments used in the public debate on the need for stricter regulation of the crypto-asset market.
During the parliamentary process, almost all amendments proposed by the Chancellery of the President were rejected. Ultimately, only the provision concerning the obligation to prepare a report on the crypto-asset market was adopted. Other proposals, including lower supervisory fees, limitations on certain KNF powers and the softening of selected sanctions, did not receive parliamentary support.
In practice, this meant that the President once again received a bill based on the same regulatory assumptions that had led to the previous two vetoes. The third attempt also ended with the President refusing to sign the Act.
As a result, Poland still lacks the national legislation necessary to launch a fully operational CASP licensing regime. This comes only a few weeks before the end of the transitional period applicable to Polish VASPs.
MiCA and the lack of a national legal framework
One of the most common questions currently asked by Polish VASPs is what consequences the lack of a national legal framework will have once the MiCA transitional period comes to an end.
MiCA applies directly in all European Union Member States, including Poland. The absence of national legislation does not mean that MiCA has ceased to apply. Nor does it mean that businesses can simply ignore its requirements.
Polish VASPs have therefore found themselves in an unprecedented situation. The transitional period for entities entered in the VASP Register is coming to an end, while at the same time it is not possible to obtain the required authorisation in Poland.
This raises an obvious question: can crypto-asset activities continue after 1 July 2026 on the basis of an existing VASP registration?
The answer is not straightforward.
On the one hand, from 1 July 2026, EU law requires crypto-asset service providers to hold a CASP licence in order to provide crypto-asset services. This requirement follows directly from MiCA.
On the other hand, Poland has not adopted a national regulation. No competent authority has been designated to receive and process licence applications. As a result, it is currently impossible to obtain a CASP licence in Poland.
The situation is further complicated by the legal nature of MiCA itself. Unlike EU directives, EU regulations apply directly in all Member States. They do not require implementation into national law in order to produce legal effects.
At the same time, MiCA cannot operate entirely independently of national legislation. A competent authority must be designated, a licensing procedure must be established and a supervisory framework must be put in place.
Put simply, MiCA applies in Poland and requires CASPs to hold a licence. At the same time, the mechanisms necessary to enforce the new regime have not been implemented.
As a result, the legal position of Polish VASPs after 1 July 2026 remains uncertain. Continuing operations after the end of the grandfathering period may therefore involve a number of legal risks.
Risks of operating after 1 July 2026
As discussed above, the answer to whether crypto-asset activities may continue after 1 July 2026 is not straightforward. Continuing operations after the end of the MiCA transitional period is free from risk.
In my view, every entity entered in the VASP Register that is considering continuing to provide services after 1 July 2026 should carefully assess the associated risks. These include, in particular:
- administrative,
- criminal,
- and civil risks.
Administrative risks
In my view, the current administrative risks are limited. This is because, following the President’s veto, the provisions that were intended to establish a supervisory framework for the crypto-asset market in Poland never entered into force.
The system of administrative fines provided for in the vetoed legislation is not in force. Nor are there any provisions granting a supervisory authority the power to issue administrative decisions against crypto-asset service providers.
As a result, it is currently difficult to identify any obvious mechanism that would allow the administrative enforcement of the CASP licensing requirement against Polish VASPs.
It is sometimes argued that such powers could be exercised directly on the basis of MiCA. In my view, this position raises significant concerns. Public authorities may act only on the basis of, and within the limits of, the law. Poland has not created the legal framework necessary for the exercise of the supervisory powers provided for under MiCA.
This does not mean that activities carried out after 1 July 2026 will be lawful. Quite the opposite. Such activities would remain inconsistent with MiCA, which forms part of the Polish legal order.
It is therefore worth considering whether any consequences may arise under national mechanisms that already exist outside the MiCA framework. One example is the KNF Public Warning List.
In my view, continuing operations after 1 July 2026 does not create an obvious basis for inclusion on that list.
The KNF’s Public Warning List is not an administrative sanction. As a rule, inclusion follows a notification concerning the suspected commission of a prohibited act. For that reason, the issue is more closely linked to the criminal risks discussed below.
Criminal risks
The starting point is that, following the President’s veto, the criminal provisions contained in the Crypto-Assets Market Act never entered into force. As a result, the criminal sanctions that the legislator intended to introduce in connection with the provision of crypto-asset services without the required authorisation do not apply.
In my view, the main question is whether liability may arise under national provisions that are already in force.
Particular attention should be paid to Article 60¹ § 1 of the Polish Code of Petty Offences. Under this provision:
Whoever carries out a business activity without the required registration, entry in a register of regulated activities, licence or permit shall be subject to a fine or a restriction of liberty.
Importantly, Article 60¹ § 1 does not establish criminal liability. It concerns a minor offence punishable by a fine or a restriction of liberty.
At first glance, it may appear that this provision also applies to activities carried out without a CASP licence. MiCA requires such authorisation before crypto-asset services may be provided.
The issue is not that simple. Poland has not designated a competent authority responsible for issuing CASP licences. Nor is there any procedure allowing such a licence to be obtained. This raises the question of whether liability can arise for failing to obtain an authorisation that was objectively impossible to obtain.
In my view, this is currently one of the most important interpretative issues facing Polish VASPs after the end of the MiCA transitional period. It would be difficult to argue that liability for a petty offence arises automatically in respect of every entity that continues operating after the transitional period has expired.
To summarise, the criminal risks associated with continuing operations after the end of the MiCA transitional period currently centre on the potential application of Article 60¹ § 1 of the Polish Code of Petty Offences. The scope of that risk remains uncertain and will depend on how the relevant provisions are interpreted by law enforcement authorities and the courts.
An additional point worth mentioning is that inclusion on the KNF Public Warning List is generally linked to notifications concerning suspected criminal offences. This distinction may be relevant, as Article 60¹ § 1 concerns a minor offence and not a criminal offence.
Civil risks
By civil risks, I mean risks arising from claims brought by clients or other private parties.
In practice, disputes with clients appear to be the most likely scenario. The absence of a CASP licence does not automatically give rise to liability towards a client. Nor does it determine the outcome of any court proceedings. The claimant would still need to establish the legal basis for liability under the applicable rules.
However, It cannot be excluded that the lack of a CASP licence may become an additional argument used by clients in litigation.Where a dispute concerns the improper performance of services, financial loss or another alleged breach of obligations, the fact that the business was operating contrary to MiCA may influence the court’s assessment of the VASP’s conduct.
In other words, the absence of a CASP licence does not automatically establish liability toward clients. However, It may weaken the VASP’s position in circumstances where a dispute regarding the services already exists.
The analysis should not necessarily be limited to disputes with clients. In theory, licensed CASPs could also argue that the provision of services without the required authorisation constitutes unfair competition. At present it is difficult to assess whether such arguments would be accepted by the courts.
Summary of legal risks after 1 July 2026
| Risk category | Assessment | Main observations |
|---|---|---|
| Administrative risks | Limited | As the Polish Crypto-Assets Market Act has not been adopted, no administrative sanctions have been introduced in this area. Accordingly, no obvious basis for administrative measures has been identified. |
| Punitive risks | Moderate | Article 60¹ of the Polish Code of Petty Offences, concerning the carrying on of a regulated activity without the required licence or permit, may become relevant. Beyond that, no other obvious basis for punitive liability has been identified. |
| Civil risks | Moderate | The absence of a CASP licence does not automatically give rise to liability. However, it may weaken the provider's position in disputes with clients and, in theory, could also give rise to claims from other market participants. |
Possible scenarios for Polish VASPs after 1 July 2026
Continuing operations
The first option is to continue operating after the end of the MiCA transitional period. As discussed above, this approach involves certain legal risks. The main scenarios have been outlined in the previous section. Their practical significance will ultimately depend on how they are interpreted by public authorities and the courts.
Cooperation with a licensed CASP
Some businesses may consider cooperating with licensed CASPs established in other EU Member States. In practice, such arrangements may take different forms, ranging from referral models to more complex white-label solutions.
However, caution is required when designing such structures. MiCA covers not only the direct provision of crypto-asset services, but also the intermediation of such services. As a result, not every form of cooperation with a licensed CASP will allow a business to avoid the need to obtain its own CASP licence.
Each model should therefore be assessed on a case-by-case basis
Sale of the business or customer base
Some businesses may decide to sell their operations or transfer their customers to a licensed CASP. This may allow them to exit the market without incurring the ongoing costs associated with operating a crypto business.
At the same time, the process should be carried out in an orderly manner and in compliance with applicable laws. Particular attention should be paid to data protection rules, consumer protection requirements and communication with customers
Termination of business activities
Another option is to discontinue crypto-asset activities altogether.
However, the end of crypto-asset activities does not necessarily mean the end of the company. A business that ceases providing crypto-asset services must still decide what should happen to the company itself.
Stopping the provision of services, shutting down a website or closing bank accounts does not automatically result in the company’s removal from the National Court Register (KRS).
In practice, many business owners wrongly assume that once operations have ceased, the company can simply be left dormant. This approach may give rise to further legal obligations and potential liability on the part of the management board members.
A company that remains registered with the KRS continues to exist as a legal entity. It remains subject to obligations arising under company law, tax law and accounting regulations. These include, among others, the preparation of annual financial statements, the filing of tax returns, maintaining a registered address, retaining corporate records and responding to requests from courts and public authorities.
For example, failure to file annual financial statements may result in the initiation of coercive proceedings by the registry court. During such proceedings, the court may order the company to comply with its statutory obligations and impose fines.
It should also be remembered that members of the management board remain responsible for compliance with tax regulations and the Accounting Act. The fact that operational activities have ceased does not release the company from its accounting, reporting and tax obligations.
In certain cases, failure to comply with these obligations may result not only in administrative consequences, but also in liability under the Fiscal Penal Code and the Accounting Act.
There is also a practical aspect that should not be overlooked. A company that formally continues to exist generates ongoing costs and organisational burdens. These include accounting services, the preparation of financial statements, handling official correspondence and maintaining a registered address.
Liquidation of the company
For businesses that do not intend to continue operating in the crypto-asset market, the next step should be to consider the liquidation of the company.
Liquidation is a legal process that results in the termination of the company’s legal existence and its removal from the National Court Register (KRS). Unlike leaving a dormant company in place, liquidation allows corporate, tax and accounting matters to be brought to a definitive conclusion.
I have discussed the liquidation of a Polish company in detail here:
https://www.lawfirmpoland.com/company-liquidation-in-poland/
In simple terms, the process involves:
- adopting a resolution on the dissolution of the company,
- opening the liquidation process, notifying the National Court Register, carrying out the liquidation activities, satisfying or securing creditors,
- applying for the company’s removal from the National Court Register.
Importantly, liquidation does not occur automatically upon the adoption of a shareholders’ resolution. It is a process that takes at least several months and requires compliance with a number of corporate, accounting and tax obligations.
| Risk area | Abandoning the company | Orderly VASP liquidation |
|---|---|---|
| Personal liability of management board members | Personal liability under Article 299 of the Commercial Companies Code for the company's debts. | Personal liability ends once creditors have been satisfied and the company has been removed from the register. |
| Financial reporting obligations | Exposure to fines and, in some cases, criminal liability. | Financial statements are prepared and closed in a controlled manner. |
| Registry court proceedings | Repeated fines imposed on management board members. | No coercive proceedings. |
| Tax offence liability | Exposure to fines under the Fiscal Penal Code. | Proper closing of the books and final tax settlement. |
| Criminal record implications | A conviction may result in entry in the National Criminal Register. | No criminal record consequences. |
| AML and KYC records | Risk of improper retention or loss of documentation. | Records preserved for the statutory retention period. |
| Final outcome | The company remains in existence and continues to generate obligations and costs. | The company ceases to exist and is removed from the National Court Register. |
MiCA and the lack of a national legal framework
Specific aspects of VASP liquidation
The liquidation of a VASP involves additional considerations that are not normally encountered in the case of other companies.
Particular attention should be paid to the expectations expressed by ESMA in its Statement on the End of Transitional Periods under MiCA.
According to ESMA, entities that fail to obtain a CASP licence should implement a wind-down plan. The purpose of such a plan is to protect customers and ensure that operations are discontinued in an orderly manner without causing unnecessary economic harm to clients.
According to the expectations expressed by ESMA, a wind-down plan should address, in particular, the following areas:
| Area | ESMA expectations |
|---|---|
| Implementation deadline | The wind-down plan should be implemented no later than 1 July 2026, i.e. before the end of the MiCA transitional period. |
| Objective of the process | Operations should be discontinued in an orderly manner without causing unnecessary economic harm to customers. |
| Customer offboarding | The process should provide for the orderly termination of customer relationships, including the transfer of customers' funds and crypto-assets. |
| Prior notice | Customers should receive prior notice of the wind-down process before the plan is implemented. |
| Regulatory compliance | The plan should be designed in compliance with conduct requirements, prudential requirements and AML/CFT obligations. |
However, the wind-down plan is only one aspect of the process. The liquidation of a VASP also involves a number of additional obligations under Polish law.
Voluntary deregistration from the VASP Register
Following the presidential veto of the Polish Crypto-Assets Market Act, the Polish VASP Register continues to formally exist. This means that neither the cessation of activities nor the arrival of 1 July 2026 will automatically result in the removal of an entity from the VASP Register.
In my view, entities discontinuing their virtual currency activities should apply for voluntary deregistration from the VASP Register.
Removal from the register is a clear signal to the authorities that the entity has ceased providing virtual currency services. It is also one of the elements involved in formally bringing to an end the entity’s status as an obliged entity in relation to its VASP activities.
Leaving an inactive entity on the register may give rise to practical issues, such as requests to update information, enquiries from the authorities or uncertainty regarding the actual status of the business.
It should also be remembered that deregistration from the VASP Register is not the same as the liquidation of the company. These are two separate processes.
Status of the AML Officer during liquidation
A separate issue concerns the status of the AML Officer during the period between the cessation of VASP activities and the removal of the company from the National Court Register. The Polish AML Act does not expressly address whether the person responsible for AML compliance should remain in office until the completion of the liquidation process.
In practice, four moments may be considered as potential cut-off points for the performance of this function:
- the actual termination of virtual currency activities;
- the complete termination of all active relationships with customers;
- the removal of the entity from the VASP Register; and
- the removal of the company from the National Court Register.
In my view, the first of these moments should be regarded as clearly too early. Even after operational activities have ceased, obligations under the Polish AML Act may still exist. This applies in particular to reporting obligations towards GIIF and the proper safeguarding of documentation.
Nor is it obvious that removal from the VASP Register should itself be regarded as the moment when the AML Officer’s role comes to an end. Active customer relationships may still exist at that stage. It also cannot be excluded that the Polish AML Act or the company’s internal procedures may require the involvement of the AML Officer, in particular by way of issuing opinions, taking positions or making certain decisions.
Another relevant factor is whether any administrative proceedings or supervisory activities are pending against the company. This applies in particular to AML audits and inspections. In such cases, maintaining the AML function may be justified by the need to ensure proper cooperation with the authorities, to fulfil obligations arising from ongoing proceedings and to provide appropriate support during such proceedings.
In my view, the answer to the question of when the AML Officer’s role should come to an end depends on the circumstances of the particular case. Relevant considerations include whether all customer relationships have been terminated, all obligations under the Polish AML Act have been fulfilled and whether any administrative proceedings or supervisory activities are still pending against the company.
Obligations towards GIIF
The fact that a VASP has stopped providing services does not automatically bring to an end the obligations arising under the Polish AML Act.
Particular attention should be paid to reporting obligations towards GIIF. This includes, among other things, the obligation to submit the final quarterly report for the second quarter of 2026.
It should also be remembered that the discontinuation of business activities does not in itself remove the obligation to notify GIIF of suspicious transactions where the statutory conditions are met.
This issue may be of particular importance during the wind-down process. Depending on the business model, the process of terminating customer relationships and transferring funds or crypto-assets may involve transactions requiring further analysis from an AML perspective.
Practical recommendations for winding down a VASP under Polish regulations
| Area | Recommendation |
|---|---|
| VASP Register | Consider voluntary deregistration from the VASP Register. Neither the discontinuation of activities nor the arrival of 1 July 2026 will automatically result in removal from the register. |
| AML Officer | The appropriate moment for bringing the AML Officer's role to an end should be assessed on a case-by-case basis. Relevant considerations include the termination of customer relationships, fulfilment of obligations under the Polish AML Act and the existence of any pending audits, inspections or administrative proceedings. |
| GIIF reporting | Ensure that all reporting obligations towards GIIF have been fulfilled. Particular attention should be paid to the obligation to submit the VASP statistical report for the second quarter of 2026 and to any suspicious transaction reports required under the Polish AML Act. |
| Suspicious transactions | Continue monitoring transactions during the wind-down process. Depending on the business model, the termination of customer relationships and the transfer of funds or crypto-assets may require further AML analysis. |
| Customer relationships | Verify that all active customer relationships have been properly terminated before bringing the AML framework to an end. |
| Record retention | Remember that, pursuant to Article 49 of the Polish AML Act, obliged institutions are required to retain customer due diligence documentation, transaction records and the results of analyses referred to in Article 34(3) for a period of five years. These obligations survive the discontinuation of VASP activities. |
| Ongoing proceedings and enquiries | Verify whether any audits, inspections or administrative proceedings remain pending. Requests from law enforcement authorities concerning historical transactions may continue to arise even after the cessation of VASP activities and appropriate arrangements should therefore be maintained to ensure proper handling of such requests. |
MiCA in Poland updates
MiCA in Poland – new crypto regulations
MiCA in Poland – update August 2024
MiCA in Poland – update December 2024
MiCA in Poland – update January 2025
MiCA in Poland – update March 2025
MiCA in Poland – update May 2025
MiCA in Poland – New act published (May 2025)
MiCA in Poland – update September 2025
MiCA in Poland – update October 2025
MiCA in Poland – update November 2025
MiCA in Poland – update December 2025
MiCA in Poland – update February 2025
MiCA in Poland – VASPs after 1 July 2026
