Poland’s MiCA bill clears the Sejm: what CASPs should do before the July 2026 cliff

Poland’s Sejm adopted a MiCA implementation bill on May 15, 2026, by a narrow margin, sending the framework to the Senate and closing a legislative loop that twice stalled at the presidential desk. For crypto-asset service providers (CASPs) serving Polish customers, the vote is not abstract politics: it is the moment national law begins to catch up with the EU’s July 1, 2026 end of transitional periods under the Markets in Crypto-Assets Regulation (MiCA).

Public reporting describes the bill as aligning domestic supervision with EU standards and empowering the KNF as the sector watchdog — a shift from fragmented pre-MiCA practice toward passport-ready authorization logic. Operators who treated Poland as a “soft launch” market should assume licensing conversations accelerate immediately, not after the summer holidays.

This guide is educational, not legal advice. Pair it with counsel-reviewed facts, KNF communications, and ESMA’s MiCA single rulebook materials before you change customer onboarding, marketing, or wind-down plans.

ESMA has been clear that transitional arrangements under MiCA expire on July 1, 2026. After that date, CASPs offering regulated services in the EU without authorization should plan orderly cessation or transfer of client relationships — not last-minute rebrands. Poland’s bill is one of the final national pieces in that puzzle; delay in Warsaw still does not extend the EU-wide clock.

Compliance leaders should map services to MiCA annex activities: custody, exchange, advice, placement, and other CASP functions each carry capital, governance, and conduct expectations. A firm licensed for exchange in one narrative but effectively holding keys like a custodian will struggle in KNF interviews.

Build a single “service truth table” owned by legal and product: customer-facing feature, back-office process, asset flow, and MiCA activity label. Update it on every roadmap review.

President Karol Nawrocki’s prior vetoes were not mere procedural noise — they signaled scrutiny of whether rushed statutes protect retail users. Media coverage tied the May vote to consumer harm themes, including high-profile exchange failures. KNF examiners will read that political subtext as a mandate for tougher fitness and governance reviews, even where the statute text looks familiar from other EU states.

Document how your firm prevents commingling, how board committees oversee conflicts, and how customer asset insolvency protections work in practice. Polish policymakers are tired of scandal headlines; your application should read like a risk-reduction program, not a trading-volume pitch.

If you rely on group entities elsewhere in the EU, show how governance, capital, and incident escalation flow across borders — and where Polish customers sit in the org chart for complaints and remediation.

Authorization files fail when operations cannot produce contemporaneous records. Minimum viable KNF discipline includes: versioned AML and travel-rule policies; wallet and key governance with named approvers; reconciliation playbooks with exception thresholds; incident response tests with ticket IDs; and outsourcing registers for cloud, KYC, and liquidity vendors.

Capital planning should reflect MiCA’s prudential tiers — not last year’s pitch-deck runway slide. Finance and compliance should jointly model fixed-overhead coverage, stress scenarios, and how you would wind down Polish books without trapping customer assets.

Human resources matter: resident directors, competent compliance officers, and audit access are recurring MiCA themes. Start recruitment early; “we will hire after approval” rarely satisfies supervisors reviewing ongoing oversight capacity.

Many CASPs continued under legacy Polish frameworks during the transition. That forbearance is not a permanent business model. Use Q2 2026 to run gap analyses against MiCA technical standards on custody segregation, complaints handling, marketing fairness, and white-paper obligations for token offerings still visible to Polish users.

Customer communications deserve a dedicated workstream: what changes on July 1 if authorization is pending, how withdrawals work, and which entities hold contractual relationships. Ambiguous terms-of-service updates create conduct risk and chargeback storms simultaneously.

For firms that cannot obtain authorization in time, prepare wind-down plans ESMA-style: transfer paths to authorized CASPs, self-hosted wallet options where appropriate, and hard deadlines for marketing cessation.

MiCA’s value proposition for authorized EU CASPs is passporting — one authorization, multiple member states, with notification mechanics. Polish authorization may become a strategic hub for EU-wide retail access, but only if your operating model truly meets host-state conduct rules and language expectations.

Third-country firms serving Polish residents without EU authorization face the hardest choices: geofence, partner with an authorized CASP, or establish a substantive EU presence. Paper partnerships where the authorized firm does not control keys or settlements are a supervisory red flag everywhere in Europe, not only in Poland.

Map data residency, support hours, and dispute resolution forums in customer contracts now — examiners compare marketing promises to operational reality.

KNF supervision sits alongside EU AML frameworks and national implementations of travel-rule expectations for virtual asset transfers. Polish passage of MiCA does not relax transaction monitoring, beneficiary identification, or sanctions screening — it intensifies documentary proof that your program scales with retail growth.

Re-screen legacy customers onboarded under lighter transitional standards. Refresh risk ratings when product mixes add staking, leverage-like features, or peer-to-peer corridors.

Align blockchain analytics and counterparty VASP due diligence with your EU group standards if you operate multiple entities — inconsistent thresholds create arbitrage insiders exploit.

Week one: confirm Senate timeline assumptions with Polish counsel; freeze new Poland-only products that complicate licensing narratives. Week two: complete MiCA gap assessment with owners and dates; escalate capital or hiring gaps to the board. Week three: draft customer communication scenarios for authorized, pending, and wind-down states. Week four: run a tabletop where KNF asks for proof of custody segregation during a simulated incident — capture remediation tickets.

Throughout, maintain a decision log regulators can read months later without oral folklore. Fresh legislation rewards firms that already operate like supervised institutions, not those scrambling to invent controls under deadline pressure.

Board members hear “MiCA” and “KNF” as background noise until you translate risk into business outcomes: loss of Polish revenue, inability to passport into Germany or France, personal liability themes in EU conduct rules, and reputational linkage to consumer scandals driving Warsaw’s political urgency. Bring one slide with three numbers — Polish active users, assets held for those users, and weekly onboarding velocity — and one slide with three dates — Senate passage assumptions, July 1 EU transitional end, and your realistic authorization filing date.

Ask for explicit capital and hiring approvals in the meeting minutes, not in side conversations. When authorization slips, those minutes become evidence you escalated early.