Our Expert in Poland
Understanding how to get a PSD2 license is the essential first step for any FinTech planning to offer payment services or issue electronic money in Poland. The Polish Financial Supervision Authority, known locally as the KNF (Komisja Nadzoru Finansowego), is the sole regulator responsible for authorising Payment Institutions (KIP), Electronic Money Institutions (EMI) and Small Payment Institutions (SPI) under Poland’s transposition of the EU’s Payment Services Directive (PSD2). With the Poland 2026 Payment Systems Amendment now reshaping direct-access rules and onboarding timelines, applicants who file early stand to benefit from a clearer regulatory runway before the anticipated PSD3/PSR transition begins to complicate the landscape.
This guide maps the complete licensing journey, from choosing the right licence type through capital requirements, safeguarding, documentation and post-authorisation passporting, so founders, compliance officers and general counsels can plan with confidence.
If your business will issue electronic money (e-wallets, prepaid cards, stored-value accounts), you need an EMI license in Poland with a minimum initial capital of €350,000. If you will only provide payment services, transfers, payment initiation, account information, a Payment Institution (KIP) license is sufficient, with initial capital ranging from €20,000 to €125,000 depending on the services offered. For very early-stage ventures with low transaction volumes, a Small Payment Institution (SPI) licence in Poland offers a simplified entry point with reduced capital and lighter reporting obligations.
Industry observers expect the KNF review process to take between three and six months for a well-prepared application, though incomplete filings routinely extend that window to nine months or longer. Given the 2026 reforms tightening fit-and-proper assessments and the broader EU push toward PSD3, the practical advice is clear: file early, file thoroughly, and build your governance and AML architecture before approaching the regulator rather than in parallel.
The KNF (sometimes referred to internationally as the PFSA, Polish Financial Supervision Authority) supervises all payment and electronic money institutions operating in Poland. Its mandate derives from the Polish Act on Payment Services, which transposes PSD2 (Directive 2015/2366) and the Electronic Money Directive (2009/110/EC) into domestic law. Every KIP, EMI and SPI authorised in Poland appears on the KNF’s public register and, for cross-border purposes, on the European Banking Authority’s centralised Register of Payment and Electronic Money Institutions.
The Poland 2026 Payment Systems Amendment introduced several changes that directly affect new applicants. Among the most consequential are revised rules on direct access to payment systems infrastructure, a compressed 14-day onboarding playbook for compliant institutions, and strengthened governance expectations for management bodies. Applicants filing in 2026 must demonstrate compliance with these updated PSD2 Poland requirements from the outset, retroactive adjustment is not an option.
For FinTechs operating at the intersection of payments and digital assets, it is worth noting that Poland’s regulatory environment also encompasses MiCA licensing requirements, which run on a parallel but distinct track. A company that both issues e-money and provides crypto-asset services may need dual authorisation.
The KNF publishes application templates, fee schedules and supervisory guidance on its dedicated electronic money and payment institution portal. Applicants should download the current version of the application form before beginning preparation, as the KNF periodically updates its requirements. Cross-border verification of existing licensed entities can be conducted through the EBA’s payment institutions register, which aggregates data from all EU national competent authorities.
Choosing the correct licence type is the most consequential early decision in the process of getting a PSD2 license. An incorrect choice can result in months of wasted preparation, unnecessary capital lock-up, or, worse, regulatory action for operating outside the scope of your authorisation. The decision framework is straightforward once you map your planned services against the three available categories.
A KIP licence authorises the holder to provide one or more of the payment services listed in Annex I of PSD2. These include executing payment transactions (credit transfers, direct debits, card-based payments), payment initiation services (PIS), and account information services (AIS). A KIP cannot issue electronic money. This is the appropriate licence for payment aggregators, payment initiation providers, open-banking platforms and merchant acquirers that do not need to hold customer funds in stored-value form.
The initial capital requirement for a Payment Institution license in Poland depends on the specific services the applicant intends to offer. Under PSD2 as transposed into Polish law, the minimum own funds thresholds are:
An EMI license in Poland permits the holder to issue electronic money, digital representations of monetary value stored electronically and accepted as a means of payment by parties other than the issuer. EMI licensing in Poland also allows the institution to provide all payment services available to a KIP. This is the correct licence for FinTechs operating e-wallets, prepaid card programmes, or any model where users maintain a stored-value balance.
The minimum initial capital for an EMI is €350,000, reflecting the higher prudential risk associated with issuing e-money and holding customer funds. The KNF applies this threshold strictly, requiring proof of paid-up capital before authorisation is granted.
The SPI pathway is designed for early-stage or low-volume operators. An SPI may provide payment services provided its average monthly transaction volume does not exceed €1.5 million (calculated over the preceding 12 months). SPI registration involves a simplified notification to the KNF rather than a full authorisation procedure, and there is no prescribed minimum initial capital. However, SPI operators face significant operational limitations: they cannot passport services into other EU member states, and if transaction volumes exceed the threshold, they must apply for full KIP authorisation.
| Licence Type | Permitted Services | Minimum Initial Capital |
|---|---|---|
| EMI (Electronic Money Institution / KIPE) | Issue e-money, store funds, execute payment transactions, card issuance, PIS, AIS | €350,000 |
| KIP (Payment Institution) | Payment initiation, account information, card acquiring, credit transfers, direct debits (no e-money issuance) | €20,000 – €125,000 (varies by service scope) |
| SPI (Small Payment Institution) | Limited payment services; monthly transaction volume capped at €1.5 million average | No prescribed minimum (simplified registration) |
The process of how to get a PSD2 license through the KNF follows a structured sequence. Each stage has distinct deliverables, and the regulator expects applicants to arrive well-prepared. Below is the practical step map that industry practitioners use when navigating KIP KIPE licensing in Poland.
Step 0, Pre-application assessment and entity structure. Before engaging the KNF, determine whether you will apply as a newly incorporated Polish entity, as a branch of an existing EU-authorised institution (using passporting), or by seeking fresh authorisation. Non-EU companies must establish a Polish legal entity, there is no direct application route from outside the EEA. Verify the EBA register to confirm no existing authorisation covers your planned activities.
Step 1, Pre-application meeting with the KNF (recommended). While not mandatory, a pre-application meeting allows the applicant to present its business model, discuss the intended licence scope and receive informal guidance on the KNF’s expectations. Prepare a concise business plan summary, a preliminary governance chart and a high-level description of your safeguarding and AML approach. This meeting can reduce formal review times significantly by identifying gaps before submission.
Step 2, Formal application submission. The applicant files the prescribed KNF application form together with the complete documentation package (detailed in the checklist section below). Core components include the business plan with three-year financial projections, a governance and internal control framework, evidence of initial capital, the proposed safeguarding model, an AML/CTF programme, an IT security policy, outsourcing agreements and senior management CVs with proof of fit-and-proper status. The application fee is payable upon submission.
Step 3, KNF review and supplementary questions. The KNF assigns a case officer who reviews the file and may issue requests for information (RFIs). Under Polish administrative procedure, the statutory review period is generally three months, but complex applications, particularly those involving novel business models, multi-jurisdictional outsourcing arrangements or unclear ownership structures, routinely extend to six months or beyond. Responding promptly and comprehensively to RFIs is critical; each incomplete response restarts the clock on that specific element.
Step 4, Authorisation decision and register entry. Upon satisfactory review, the KNF issues a formal authorisation decision. The institution is entered on the KNF’s domestic register and notified to the EBA for inclusion in the EU-wide register of payment and electronic money institutions. Operations may commence only after the authorisation date stated in the decision.
Early indications from 2026 applications suggest that well-prepared KIP applications are being processed in approximately three to four months, while EMI applications, which involve more complex safeguarding and capital assessments, typically require four to six months. The most common causes of delay are:
Applicants who take the pre-application meeting seriously, secure their safeguarding arrangement with a regulated Polish or EU bank before filing, and submit a bespoke (not template) AML programme consistently achieve faster authorisation. For payment aggregator models, it is advisable to present a clear legal analysis of how funds flow through the platform and to demonstrate that client funds are segregated from the company’s operating funds at all times.
Meeting PSD2 Poland requirements goes well beyond depositing the minimum capital. The KNF evaluates four interconnected pillars: capital adequacy, safeguarding of client funds, governance fitness and anti-money laundering controls. Weakness in any one of these pillars can block authorisation regardless of the strength of the others.
The initial capital thresholds outlined earlier represent the minimum own funds that must be fully paid up and evidenced before the KNF will grant authorisation. In practice, the KNF may require applicants to hold capital above the statutory minimum where the business plan projects rapid scaling, high-value transactions, or elevated operational risk. Ongoing own-funds calculations use either the fixed-overhead method or a method based on payment volume, as prescribed by PSD2 and implemented in the Polish Act on Payment Services.
PSD2 mandates that payment institutions and EMIs protect funds received from payment service users or received for the execution of payment transactions. The directive recognises two principal safeguarding methods:
| Safeguarding Method | How It Works | Practical Considerations in Poland |
|---|---|---|
| Segregation (ring-fencing) | Client funds are deposited in a separate account at a credit institution or invested in secure, liquid, low-risk assets, ring-fenced from the institution’s own funds. | Most commonly accepted by the KNF. Applicants should secure a safeguarding account commitment from a Polish or EU bank before filing. |
| Insurance or guarantee | An insurance policy or comparable guarantee from an authorised insurer or credit institution covers the amount of client funds that would otherwise need to be segregated. | Less frequently used in Poland; availability of suitable products from insurers can be limited. The KNF scrutinises the terms and counterparty risk closely. |
The KNF requires that each member of the management board demonstrates relevant experience in financial services, payments or a closely related field. Senior managers undergo individual fit-and-proper assessments covering professional qualifications, personal integrity (including criminal record checks) and the absence of conflicts of interest. The institution must also present a clear organisational chart, documented internal control procedures, a business continuity plan and a conflicts-of-interest policy. Shareholder structures must be fully transparent, with all direct and indirect holders of qualifying holdings identified and approved.
Poland’s Anti-Money Laundering Act (implementing the EU’s 4th and 5th Anti-Money Laundering Directives) applies in full to all authorised payment and e-money institutions. The KNF expects the following as part of any PFSA license Poland application:
A complete application package is the single most effective way to avoid delays. The KNF’s published guidance, together with the requirements set out in the Polish Act on Payment Services, specifies the following core documents:
Two areas consistently trigger RFIs and delays. First, outsourcing agreements that fail to include audit rights for the KNF or that delegate critical functions to entities outside the EEA without adequate risk mitigation. Second, proof-of-funds documentation that does not clearly demonstrate the source of capital, the KNF will trace the origin of funds through the entire ownership chain. Applicants should treat the checklist as a minimum: the KNF retains discretion to request additional documentation at any stage.
Receiving authorisation is not the finish line. Payment institutions and EMIs licensed in Poland are subject to ongoing supervisory obligations, and the regulatory landscape is set to shift further as the EU advances toward the Payment Services Regulation (PSR) and PSD3 framework.
Passporting into other EU member states. A Poland-authorised KIP or EMI may provide services across the EU/EEA through the freedom to provide services or by establishing a branch. This requires a formal notification to the KNF, which then communicates with the host-state regulator. The notification must include details of the services to be offered, the target member states and the identity of any local agents. For most notification-based passporting, the host-state regulator has a defined period (typically two months) to respond before services may commence.
Ongoing reporting and supervision. Licensed institutions must submit periodic prudential returns to the KNF, including own-funds calculations, safeguarding reports, complaint data and transaction volume statistics. Annual financial statements must be audited. The KNF conducts both on-site and off-site supervisory reviews and has the power to impose remedial measures, fines or, in serious cases, licence revocation.
The most common enforcement triggers are late or incomplete prudential returns, safeguarding breaches (failure to maintain the required segregation of client funds) and inadequate AML controls identified during supervisory inspections. The KNF also monitors whether an institution’s actual business activities remain within the scope of its authorisation, mission creep without licence variation is treated seriously.
Future-proofing for PSD3/PSR. The European Commission’s proposed PSD3 directive and accompanying Payment Services Regulation (PSR) are expected to consolidate and strengthen the current PSD2 framework. While the legislative timeline remains subject to the EU co-decision process, industry observers expect the final texts to introduce enhanced open-banking obligations, stricter fraud-liability rules and potentially new authorisation categories. Applicants filing now should consider building modular product architectures, incorporating contractual flexibility clauses and aligning AML/CTF programmes with the latest EBA guidelines. Firms operating in both traditional payment systems and digital-asset services, particularly those navigating MiCA compliance deadlines, should plan for converging regulatory expectations across both regimes.
Understanding the difference between an EMI and a bank licence is relevant here: unlike a bank, an EMI may not accept deposits or grant credit from customer funds. This narrower scope means lower regulatory capital but also a more limited product set. Businesses that anticipate needing deposit-taking capabilities should consider a bank licence from the outset rather than attempting to convert an EMI authorisation later.
This article was produced by Global Law Experts. For specialist advice on this topic, contact Aaron Glauberman at LegalBison, a member of the Global Law Experts network.
posted 23 minutes ago
posted 47 minutes ago
posted 1 hour ago
posted 2 hours ago
posted 2 hours ago
posted 4 hours ago
posted 4 hours ago
posted 5 hours ago
posted 5 hours ago
posted 6 hours ago
posted 6 hours ago
posted 6 hours ago
Find the right Legal Expert for your business
Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message