The Markets in Crypto-Assets Regulation (MiCA) has landed across the EU like a new operating system, and Poland is booting up its own installation. I’m here to show you how MiCA works by default in Poland, what local tweaks are on the way, and how you can glide through licensing without missing a beat. No law degree required—just a clear game plan and a willingness to dive in.
Overview of MiCA and its applicability in Poland
MiCA replaces fragmented national rules with one unified EU framework for tokens and crypto services. It kicked in on 30 December 2024 via direct effect, so you’re already bound by its articles—even if Poland’s own act is still in draft form. The Polish Draft Act (PDA) published on 9 August 2024 assigns the Komisja Nadzoru Finansowego (KNF) as supervisor and adapts procedural details, but until the Cryptoassets Markets Act is adopted, MiCA’s text applies as-is in Poland.
PRO TIP
Run an internal “service sprint” with your team to map each activity against the MiCA CASP list. Use a simple spreadsheet with columns for service, category, and MiCA applicability to avoid any blind spots.
Licensing requirements for crypto-asset service providers (CASPs)
If you’re handling crypto-assets professionally—trading, custody, brokerage, wallets, or payment facilitation—you need a MiCA license. Think of MiCA as the new driver’s license for crypto services: no more cruising on old AML registrations after mid-2025.
Who must apply
MiCA defines CASPs to include exchanges and alternative trading systems, custodians and wallet providers, brokers and order-execution services, and crypto-fiat payment facilitators. Even niche advisers who build token issuance roadmaps should check whether they cross the “professional services” line. Better safe than sorry, right?
Transition deadlines
Poland has sped up the EU timeline: you must submit your complete application by 1 May 2025, and the old VASP register expires on 30 June 2025. After that date, unlicensed providers must hit the brakes until KNF approval. The current VASP register dissolves on 1 January 2026, so don’t count on extra extension.
Core application dossier and prudential criteria
MiCA demands a detailed dossier proving your fitness, governance, and financial muscle. Treat it like assembling a flight manual: every procedure, role, and backup system must be documented and cross-checked.
| Dossier Component | Key Details | Minimum Capital (EUR) |
| Program of Activities | Describe your services, target users, and business flow. | N/A |
| Governance and Controls | Show your org chart, roles, and risk management steps. | N/A |
| Policies & Procedures | Detailed AML/KYC checks, monitoring rules, and disaster-recovery plans. | N/A |
| Technical Documentation | Map your ICT setup, cybersecurity measures, and resilience tests. | N/A |
| Financial Resources | Prove you hold between €50 000 and €150 000 depending on services. | €50 000–€150 000 |
| Fit & Proper Tests | Provide CVs, background checks, and proof of expertise for key staff. | N/A |
| White Paper (if needed) | Lay out rights, fees, and governance for asset-referenced or e-money tokens. | N/A |
PRO TIP
Create a shared project board (e.g., Trello or Jira) with one card per dossier section. Assign clear owners and due dates, and attach template checklists to each card.
Implementation timeline and regulatory milestones
Timing is everything when deadlines loom. Think of this as your mission timeline: miss one waypoint, and the whole flight plan misaligns.
| Date | Milestone |
| 29 June 2023 | MiCA published in the Official Journal of the EU via EUR-Lex. |
| 30 December 2024 | MiCA applies EU-wide by direct effect; the Polish act is still pending. |
| 1 May 2025 | Deadline to submit your MiCA license application to the KNF. |
| 30 June 2025 | Last day for VASPs under old AML registration to operate without MiCA authorization. |
| July 2025 | KNF expected to issue the first MiCA licenses and guidance notes. |
| 1 January 2026 | Polish VASP register dissolves; only MiCA-licensed CASPs remain. |
PRO TIP
Plug these dates into a shared calendar with automated reminders at T-minus 90, 60, and 30 days. Coordinate reminder emails to all stakeholders.
What crypto firms need to know
I’ve seen firms stumble by treating licensing as a paperwork exercise. In reality, it’s a chance to build ironclad processes that keep glitches out of your operations.
Early engagement with the KNF
Start pre-application meetings three months before your submission. Jot down any verbal advice the KNF offers, then follow up by email for proof. Clear communication upfront saves you rework later.
Robust AML/KYC frameworks
MiCA layers in the Travel Rule alongside existing Polish AML laws. Automate your KYC with API-driven providers to cut manual checks, and run real-time monitoring so you catch suspicious transfers the moment they happen.
Governance & compliance culture
MiCA looks for clear lines of accountability and a named compliance officer. Think of compliance as your company’s autopilot: trained crew and routine drills keep the flight smooth.
Operational resilience
You need a business-continuity plan that survives hardware failures and cyber threats. Run tabletop exercises quarterly, document gaps, and update your tech dossier with test results.
Financial planning
Budget beyond the €50 000–€150 000 capital floor to cover KNF fees and potential buffer boosts. Model scenarios with 20% fee increases so you’re never caught short on the runway.
Product segmentation
Not all tokens wear the same regulatory outfit. Map your e-money, asset-referenced, and utility tokens to MiCA’s obligations so each white paper and fee schedule fits like a glove.
Penalties for non-compliance
Fines can hit 5% of turnover or €5 million, and Polish drafts add penalties up to PLN 3 119 700 for individuals and PLN 22 284 000 for companies. License revocation is also on the table. You don’t want to test those limits.
PRO TIP
Schedule biannual internal audits focusing exclusively on MiCA checkpoints. The goal isn’t to play gotcha—it’s to fix small issues before they become big ones.
Practical next steps
Start with a gap analysis of your workflows against MiCA’s articles. Then assemble your governance policies, technical dossiers, and financial models. Build a project timeline glued to the 1 May and 30 June 2025 deadlines. Liaise with the KNF in writing and monitor every draft of Poland’s Cryptoassets Markets Act. Finally, train your crew so everyone knows their role when the KNF calls.
Streamline MiCA Compliance with CyberUpgrade
Meeting MiCA’s rigorous requirements—from whitepaper filings to ongoing governance and transparency—often means endless manual tracking and audit prep. CyberUpgrade automates your MiCA workflows with prebuilt templates and real-time Slack or Teams prompts, keeping policies, risk assessments, and evidence audit-ready in one central hub.
Beyond MiCA, CyberUpgrade also supports DORA, ISO 27001, and NIS 2 frameworks, letting you “map once, prove many” across multiple regulations. Automated data extraction, vulnerability scans, and KPI dashboards feed each regulator’s portal seamlessly, reducing manual work by up to 80 %.
With fractional CISO services guiding your continuous monitoring and customizable compliance workflows, you’ll secure faster approvals, avoid fines, and adapt as MiCA and related frameworks evolve—turning compliance from a hurdle into a strategic advantage.
Charting your crypto compliance future
Treat MiCA not as a compliance chore but as your secret weapon for trust, resilience, and market leadership. By nailing the licensing process and embedding strong governance, you’ll turn regulatory demands into an operational advantage. What’s your next move to stay glitch-free under MiCA?
