← Regulations / Poland / custody
Grade A AI-Researched

Poland -- Custody Regulations Regulatory Overview

Published: 2026-04-22 Updated: 2026-04-22 Author: SearXNG+LLM Version 1 Sources cited in: English (1), Polish (2)
Note: This article cites primary sources in languages other than English. Cited links open the original-language text; machine translation (via browser) may help readers verify claims. See the badge next to each source for its language.

Methodology

AI-generated synthesis from web search results.

Limitations

  • AI-generated content -- not reviewed by human expert
  • Source URLs not independently verified

Poland's regulatory landscape for cryptocurrency and digital asset custody is currently shaped by its transposition of EU Anti-Money Laundering (AML) directives, with a significant shift anticipated with the upcoming implementation of the EU's Markets in Crypto-Assets (MiCA) Regulation.

Here's a breakdown:

Current Regulatory Framework (Primarily AML-Focused)

Under the current regime, the primary legislation affecting virtual asset service providers (VASPs), including those offering custody, is the Polish Act of March 1, 2018, on Counteracting Money Laundering and Terrorist Financing (the "AML Act"), which transposes the EU's 4th and 5th AML Directives.

1. Custodial License Requirements (AML-Based Registration)

  • Requirement: Entities providing services related to virtual currencies, including "holding virtual currencies, including offering services to their users that consist of maintaining virtual currency instruments or access keys on their behalf," are considered Virtual Asset Service Providers (VASPs). These entities are obliged to register in the Register of Activities in the Field of Virtual Currencies (Rejestr Działalności w Zakresie Walut Wirtualnych).

  • Conditions for Registration:

    • The applying entity must be a legal person, an organizational unit without legal personality, or a natural person conducting business activity.
    • Individuals involved in management or ownership must not have been convicted of specific financial crimes or money laundering offenses.
    • Proof of knowledge and experience in the field of virtual currencies (e.g., certificate of completion of training, professional experience) is required.

  • Regulatory Body: The register is maintained by the Minister of Finance.

  • Purpose: This registration primarily serves AML/CFT purposes, ensuring that service providers implement appropriate customer due diligence (KYC), transaction monitoring, and suspicious activity reporting measures. It is not a comprehensive prudential license.

2. Segregation of Client Assets Rules

  • Current Status: The current Polish AML Act does not explicitly mandate specific rules for the segregation of client assets for virtual currency custodians. While good practice and general commercial law principles might suggest segregation, there is no direct regulatory requirement specific to crypto custody in the current AML framework.

3. Insurance/Bonding Requirements

  • Current Status: The current Polish AML Act does not impose specific insurance or bonding requirements for virtual currency custodians.

4. Cold Storage Mandates

  • Current Status: The current Polish AML Act does not mandate the use of cold storage or any other specific technology for securing virtual assets. Security measures are generally left to the VASP's discretion, subject to general IT security best practices.

5. Qualified Custodian Definitions

  • Current Status: There is no specific definition of a "qualified custodian" for virtual assets within current Polish law. The AML Act focuses on identifying and registering VASPs for AML/CFT purposes, not on their operational qualifications or prudential standards as custodians.

Pending Custody Legislation (MiCA Regulation)

The EU's Markets in Crypto-Assets (MiCA) Regulation (Regulation (EU) 2023/1114) is a landmark piece of legislation that will significantly reshape the regulatory landscape for crypto-assets and their service providers across the EU, including Poland. MiCA is a regulation, meaning it will be directly applicable in Poland without the need for national transposition once it enters into force.

  • Timeline:
    • Titles III and IV (relating to asset-referenced tokens and e-money tokens) apply from 30 June 2024.
    • Titles II, V-XII (covering other crypto-assets and crypto-asset service providers, including custody) apply from 30 December 2024.

MiCA's Impact on Custody:

MiCA introduces comprehensive requirements for Crypto-Asset Service Providers (CASPs), which explicitly include "provision of custody and administration of crypto-assets on behalf of clients."

1. Custodial License Requirements (MiCA Authorization)

  • Requirement: Under MiCA, entities wishing to provide custody and administration of crypto-assets will need to obtain an authorization from their competent national authority (likely the Polish Financial Supervision Authority – KNF). This authorization will be passportable across the EU.
  • Conditions for Authorization: CASPs will need to meet stringent organizational, operational, and prudential requirements, including:
    • Having a minimum initial capital (Article 60).
    • Maintaining sound administrative and accounting procedures.
    • Having robust IT systems and security protocols.
    • Effective internal control mechanisms.
    • Business continuity planning.
    • Suitability of management and shareholders.
  • Regulatory Body: The KNF will be the primary national competent authority for MiCA in Poland.

2. Segregation of Client Assets Rules (MiCA Mandate)

  • Requirement: MiCA explicitly mandates the segregation of client crypto-assets and funds. Article 67 specifies that CASPs providing custody services must:
    • Enter into an agreement with clients for the custody of crypto-assets.
    • Keep records and accounts that enable them to immediately distinguish crypto-assets held on behalf of clients from their own crypto-assets.
    • Ensure that client crypto-assets and funds are not used for their own account.
    • Not encumber client crypto-assets or funds without explicit prior consent.

3. Insurance/Bonding Requirements (MiCA Capital & Professional Indemnity)

  • Requirement: MiCA imposes initial capital requirements (Article 60) for CASPs providing custody services. Additionally, Article 67(4) requires CASPs providing custody to maintain a professional indemnity insurance policy or hold own funds equivalent to the professional indemnity insurance, covering the risks of liability for negligence or professional errors.

4. Cold Storage Mandates

  • Status: MiCA requires CASPs to have robust IT systems, security protocols, and procedures (Article 66(2)(c)), but it does not explicitly mandate the use of cold storage. It focuses on the outcomes of secure safeguarding, allowing flexibility in the technical implementation (hot, warm, cold, multi-sig, etc.), provided the overall security framework is sound and risk-managed.

5. Qualified Custodian Definitions (MiCA Authorization)

  • Status: MiCA effectively establishes a framework for "qualified" custodians by requiring authorization and compliance with detailed prudential and operational standards. Any CASP authorized under MiCA to provide custody services will meet the regulatory definition of a qualified provider within the EU.

  • Regulatory Reference:

    • Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (MiCA Regulation) – specifically, Article 3(1)(10) (definition of crypto-asset services), Article 3(1)(15) (definition of custody and administration of crypto-assets), Chapter 2 (Authorization of CASPs), and Article 67 (Specific obligations for CASPs providing custody and administration of crypto-assets).
    • URL (EUR-Lex): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1114

Summary:

Currently, Poland regulates crypto custody primarily through an AML/CFT registration regime managed by the Ministry of Finance. This framework lacks specific prudential rules for asset segregation, insurance, cold storage, or qualified custodian definitions. However, the upcoming MiCA Regulation will fundamentally change this, introducing a comprehensive authorization framework overseen by the KNF, with explicit mandates for capital, professional indemnity, strict client asset segregation, and robust operational security for all crypto-asset service providers, including custodians, from late 2024.

It is crucial for any entity operating or planning to operate in this space to closely monitor the final implementation details of MiCA and potentially consult with legal professionals specializing in Polish and EU financial regulations.

Sources & Attribution

This article was generated by SearXNG+LLM .

Primary Sources

[1] https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180000723 pl (government-public)
[2] https://www.gov.pl/web/finanse/dzialalnosc-w-zakresie-walut-wirtualnych pl (government-public)
[3] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1114 (government-public)

Edit History

2026-04-22 — auto-publish-pipeline: published — Auto-published: grade A

This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →