How Polish VASPs Can Keep Operating After 1 July 2026

If you hold a Polish virtual currency registration and you have been told your only choices are to apply for a license abroad, close the company, or wait for a law that may never come, that framing is incomplete. There is a fourth route. It keeps you operating from Poland, with your team, your office, and your client book intact, and without a single day of unlicensed trading. It is not a loophole and it is not theory. It is the same structural asymmetry that the KNF (Komisja Nadzoru Finansowego) itself described in February, and most of the commentary written this week has walked straight past it.

Let me explain what actually changed on 11 June, what the 1 July deadline does and does not mean for you, and the specific structures we have seen work for operators in exactly your position.

What the third veto actually did

On 11 June 2026, President Nawrocki refused to sign the crypto-assets market act for the third time. The version that reached his desk differed from the previous vetoed text by a single amendment. With the Sejm short of the three-fifths majority that overriding a presidential veto requires, Poland now has no realistic path to designate a competent authority before the European transition window closes. For this legislative cycle, the gap is permanent.

The consequence is narrow and precise, and it matters that you understand it precisely rather than in the panicked version circulating online.

MiCA, the EU crypto-assets regulation, has applied directly in Poland since 30 December 2024. What Poland never enacted is the national law that names which Polish body issues CASP authorizations and supervises the market. Until that body exists, the KNF cannot accept a CASP application from anyone, because there is no legal basis for it to do so. The transition arrangement that let registered Polish operators keep trading under old national rules expires on 1 July 2026. The KNF has stated plainly that this date cannot be extended by statute or by any decision of its own.

So from 1 July, a company whose only permission to operate is its entry in the Polish virtual currency register loses the legal basis to provide crypto-asset services from Poland. The register, held by the Director of the Tax Administration Chamber in Katowice, was always an anti-money-laundering register rather than a license. It continues to exist under AML law. It does not, on its own, authorize you to keep exchanging, holding, or executing for clients after the deadline.

This is not a niche problem, and the scale is worth stating plainly. As of 12 June 2026, Poland's virtual currency register, the RDWW, held 1,140 valid registrations. Of those, 998, seven of every eight, are limited liability companies, the sp. z o.o. form that was marketed across the world to crypto operators precisely because it asked so little: minimal capital, remote setup, no residency requirement. The owners behind those companies are, in the main, not Polish. The wrapper was taken up overwhelmingly by international founders, a large share of them Ukrainian, running businesses whose clients sit mostly outside Poland as well, so this is a largely foreign-owned and foreign-facing industry registered in Warsaw rather than rooted in it. If you are reading this, the odds are overwhelming that you are one of those 998, and the same deadline stands in front of all of them at once. The register has been thinning for a while, 701 of the 1,841 entries ever issued, close to thirty-eight percent, have already been cancelled as supervision tightened and operators read the direction of travel. What changes on 1 July is that the legal basis disappears for everyone still on the list, on the same day.

That composition matters for how you plan, because it shapes the politics around any fix. An industry that is largely foreign-owned and serves clients abroad carries a thin domestic constituency: few Polish voters, few Polish customers, little of the local weight that normally pushes a stalled financial law over the line. None of this speaks to the merits of the legislation, and the reasons given for the veto are a separate matter entirely. As a practical forecast, though, it counsels against waiting. The pressure that would force a rapid replacement is mostly absent, so build for a world in which the gap persists, not one in which it quietly closes next quarter.

The KNF position is set out in its statement of 10 February 2026, which remains the operative official document. It is worth reading in full: Stanowisko UKNF (PDF).

The asymmetry nobody is putting in the headline

Here is the part that changes everything for an operator who wants to survive rather than exit.

The same KNF statement confirms that a crypto-asset service provider licensed in another member state, one that has notified its home regulator, may serve clients in Poland without interruption. The veto does not touch that. And the fact generalises in the direction that actually matters to you: a MiCA authorization granted in any single member state passports across the entire European Economic Area, every one of its thirty states, Spain and Italy and France and the Netherlands and Poland alike. One license, lawful reach into every EEA market at once. A CASP authorised in Germany, Lithuania, Malta, or Ireland serves clients in all of them on the same paperwork.

Read that against the veto and the real picture appears. What becomes impossible on 1 July is being the Polish-licensed principal, because Poland issues no license. What remains entirely possible is serving the very same clients, wherever in the EEA they sit, through a license issued somewhere that does grant one. Your client book is not closed to you. Your access to it simply has to run through a MiCA passport rather than a Polish registration.

This is why "exit Poland" is the wrong instruction. The business you built does not have to leave. The regulated permission does.

Why the routes in every headline do not fit a normal operator

Before the structure that works, clear away the three that the commentary keeps recommending, because for a typical small or medium fiat-to-crypto business they range from punishing to impossible, and you should not lose three weeks discovering that for yourself.

Getting your own CASP license in another member state. In principle you apply abroad, receive a MiCA license, and serve your clients under its EEA-wide passport. In practice, for an operator of ordinary size, this route is largely closed today. The open regimes are slow and they are expensive, and "expensive" understates it. We have watched a capable client commit close to a million euro to a single Baltic application and still receive, round after round, the answer that the capital was not enough, the documentation was not enough, the governance was not enough, until the client walked away. The license you are chasing is real and so is the cost of it, and on current evidence a fresh application is realistic only for the genuinely well-funded with the better part of two years to spare. It is not a survival plan for July.

Buying a company that already holds a license. Acquisition sounds faster, and in the right case it is, but the arithmetic has moved against you. Licensed CASPs are scarce. In some neighbouring markets only a handful of firms hold the authorization at all, and when supply is that thin, price follows. We have seen a single license in one such market carry an asking figure around half a million euro before diligence, before integration, before you have onboarded one client. Add the change-of-control review by the host regulator and the compliance history you inherit along with the shell, and for most operators this is a number that ends the conversation rather than starting one. For the genuinely well-capitalized it stays on the table. For everyone else it does not.

Restructuring your activity outside MiCA's perimeter. MiCA does not capture everything, so in theory you reposition into activity that falls outside the CASP regime. For the default European model, fiat-to-crypto exchange for retail clients, this is not a real option. The genuinely out-of-scope categories, fully decentralized arrangements with no operator, genuinely unique non-fungible tokens, assets that are financial instruments under MiFID II, describe a different business from the one you run. Forcing your model into them tends to multiply your operating cost several times over rather than lighten your regulatory load, and regulators read substance, not labels, so renaming a custodial exchange as decentralized finance protects no one. If a real slice of your activity already sits outside the perimeter, structure around it. If it does not, do not contort the whole business to pretend it does.

Set those three aside. Here is the one that actually keeps an ordinary operator open.

The route that keeps you open: operate through an already-licensed CASP

This is the fourth route, and it answers the eighteen-day problem precisely because it requires none of the three things you cannot do in time: no license of your own, no half-million-euro purchase, no new business model, and no move out of Poland.

Read this part carefully, because it is exactly where operators get confused. The licensed CASP is not you. It is a separate company that already holds a MiCA authorization, granted somewhere in the EEA, and is willing to take your business on. If you held such a license yourself you would not be reading this, because your own passport would already reach every client you have. You do not, so rather than become a license holder you attach to one.

You place the regulated activity, the custody, the exchange, the execution, the transfers, with that licensed partner. Because its authorization passports across the EEA, it serves your clients wherever they actually are, in Spain, Italy, France, anywhere in the Union, exactly as your Polish registration used to let you reach them. This is the point most of the exit-focused commentary misses. The operators losing sleep over the Polish deadline are, in the main, not serving Polish clients at all. They chose a Polish registration years ago because it was light and inexpensive to obtain, and they have used it to serve an affluent client base spread across western Europe. Those clients are precisely the ones a licensed partner's passport keeps open to you. You keep everything that is not the license itself: the brand in front of the client, the team at their desks, the office and its lease, the relationships. What moves is the regulated permission, not the business. Your company stays Polish, your people stay employed in Poland, and the substance stays here.

One honest boundary on that reach. The MiCA passport runs to the European Economic Area, meaning the EU plus Norway, Iceland, and Liechtenstein. It does not run to Switzerland, which sits outside the EEA and regulates crypto-asset services under its own FINMA framework. If a meaningful part of your book is Swiss, that slice needs its own answer, whether through the partner's existing Swiss arrangements, the relevant Swiss authorization, or the narrow and genuinely tested ground of reverse solicitation. Do not assume an EEA passport quietly covers Zurich, because it does not.

A word on which partners to approach, because the field sorts itself once you see the incentive. The licensed firms that serve retail clients directly, the consumer exchanges, are the wrong door. To them your client book is the prize, and they have little reason to sit invisibly behind your brand when they could onboard those clients as their own. The partners whose interests line up with yours are the ones whose entire business is powering other companies: the infrastructure and on-ramp providers who supply the licence and the rails while you supply the brand and the customers, so that the end client sees your product and the regulated machinery stays out of sight. To them you are a customer, not a threat, and that alignment is the whole game. Approach that type first, and do not spend your shortest weeks pitching a consumer exchange that would rather replace you than carry you.

One practical point decides whether a given partner can actually carry your model, and it is easy to miss. A fiat-to-crypto business is not one regulated activity but two. The crypto side, buying the asset and delivering it to the client, is the CASP service. The money side, taking client funds into a virtual IBAN and holding and moving them, is a payment service, which under EU law needs a payment-institution or e-money licence, not a CASP authorisation. So the partner you choose has to cover both legs: the CASP for the crypto and a payment or e-money capability for the fiat, either held within the same group or supplied through its own payment partner. The providers that specialise in powering other companies tend to bundle the two, and because the fiat rails come with them, they can step into the place of the payment institution you may be losing anyway. A partner that holds only the CASP and expects you to keep running the fiat leg yourself solves half your problem and leaves the other half sitting exactly where it is. When you make your shortlist, this is the first question to ask, before price and before timelines.

There are three depths at which this works, and the right one depends on how much of the customer relationship you need to keep in your own hands.

The lightest is a referral or introducing arrangement. You market and bring clients to the licensed CASP, which onboards and serves them directly, and you earn referral or marketing fees. Your regulatory footprint is smallest here, because you never touch the regulated service itself, only the marketing around it. The trade is that the client relationship reads more visibly as the partner's than as yours.

The middle depth, and for most fiat-to-crypto operators the natural fit, is a white-label or distribution model. The product carries your brand and your front-end and your customers experience your service, but behind the interface the regulated rails, the exchange and custody and execution, are provided by the licensed partner standing as the regulated counterparty. You keep the brand and the customer experience. The partner keeps the license and the exposure that comes with it.

The deepest is to become the licensed CASP's local operating and distribution arm in Poland: onboarding support, local-language service, compliance assistance, technology, the same staff who already do this work for you now. This preserves the most jobs and the most operational continuity, and it demands the most care in how the contract is drawn.

There is one technical line that decides whether any of these is genuinely clean, and it is worth stating plainly. Receiving a client's order and passing it on, what MiCA calls reception and transmission of orders, is itself a regulated crypto-asset service. So the arrangement has to be built so that the order is legally received by the licensed CASP, with your screen operating as that CASP's own channel, rather than received by you and then handed across as an unlicensed middleman. The same interface can sit in front of the client either way. Only one of the two structures keeps you on the right side of the line, and which one you have actually built is a question of substance, not of what the contract is titled.

That care is the one warning you must take seriously. The European regulator ESMA has been explicit that a licensed CASP cannot be a hollow shell that outsources its core functions to an unlicensed partner who does the real work, what it calls a letter-box entity. The arrangement has to reflect substance. The licensed partner must genuinely hold and control the regulated functions, and you must not quietly keep performing the regulated service yourself behind a relabeled contract. Drawn properly, this is a recognized and ordinary model across European financial services. Drawn as a costume over business-as-usual, it is exactly what a regulator later unwinds. The honest cost of the route is margin: you share revenue with the partner, and you accept a degree of dependence on them. Set against losing the business outright on 1 July, for most operators that is a trade worth making, and it is the only route that delivers genuine continuity with no unlicensed day in between.

When your bank/emi is the one forcing the clock

For many operators the real deadline is not 1 July at all. It is the letter from your bank or your electronic money institution. We are seeing payment partners, including EMIs outside Poland, move to close crypto business accounts now, ahead of the deadline, precisely because they can see the Polish license ending with no replacement coming. The question they keep asking, how will you operate legally after this, is not hostile. It is the question their own compliance function is forced to put to them, and "the law might change" is not an answer they can file.

The useful news is that the partner structure above is the answer to exactly that question, and it settles the money problem and the licensing problem in a single move.

Take the standard purchase flow: a client deposits funds to a virtual IBAN, agrees a price, buys, and receives the crypto in their own wallet. Today every leg of that runs through your registration and your EMI account. Under a licensed-CASP arrangement, the client sees the same flow, but the regulated and monetary legs shift underneath it.

The IBAN the client funds belongs to the licensed CASP or its payment partner, not to the account at the EMI that is trying to leave. The fiat is received by an authorised entity. When the client agrees the rate and buys on your branded screen, the order is placed with and executed by the licensed CASP as principal. The CASP sources and delivers the crypto to the client's wallet under its own authorization. Your company supplies the front-end, the brand, the onboarding, the local-language support, the relationship. You stop being the unlicensed entity holding regulated flows, which is the precise thing your EMI cannot live with, and the money moves through rails that are themselves licensed.

This is also why the partner route beats buying a company outright for an operator in your position, and you put your finger on the reason yourself. Acquiring a firm that holds a license does not mean you can run it from day one, because the host regulator still has to clear new directors and beneficial owners, and that fit-and-proper review can be slow and is not guaranteed to go your way. As a distributor or introducer standing behind a licensed partner, you do not need that approval at all, because you are not the license holder. You keep the part of the business that is yours and let the partner carry the part that needs a license.

Two honest cautions. First, this still takes setup: contracts, integration, and the partner's own diligence on you, so think in weeks, not an afternoon. If your EMI has named a closure date, open both conversations at once. Tell the partner you need to move quickly, and tell the EMI, in writing, that you are restructuring so that regulated activity and client funds will sit with a MiCA-licensed CASP, with a timeline attached. A credible plan with a named direction tends to buy more runway than silence, and in many cases the partner's own payment rails simply replace the EMI you were about to lose. Second, you are handing the regulated relationship and a share of the economics to the partner, so your margin narrows. Set against closure, that is a trade most operators in your seat will take.

The route that looks like a shortcut and is actually a trap

Some operators are quietly running a different calculation: there is no Polish authority, therefore no Polish sanction, therefore why not simply keep going on the register and wait. I understand the arithmetic. I would urge you not to trust it, and the reasons are practical rather than moralistic.

Documented operation without a valid basis after 1 July does not vanish. It follows you into every future license application, in Poland and in any other member state, where regulators weigh exactly this kind of history when they assess fitness. The clean applicant gets the benefit of the doubt. The applicant with a paper trail of trading without authorization does not.

And the regulator is not the only gatekeeper. Banks apply their own risk policies, and they are already withdrawing services from crypto businesses that lack a clear regulatory footing. Lose your złoty and euro accounts and no retail-facing model functions, regulator or no regulator. The "just keep going" path tends to end not in a fine but in a frozen account and a closed application door. It is the most expensive option disguised as the cheapest.

A practical sequence for the next eighteen days

If I were sitting across the table from you this week, this is the order I would work in.

First, confirm precisely which of your services are regulated crypto-asset services under MiCA and which are not. The answer drives everything that follows, and operators self-assessing this get it wrong more often than they get it right.

Second, open conversations now with one or two CASPs that already hold a MiCA license and its EEA passport about a referral, white-label, or distribution arrangement that takes effect on 1 July. This is your continuity, not merely a stopgap. The partners worth working with run their own diligence, so the firms that start this week hold the leverage and the better terms.

Third, only if you are genuinely well-funded, run an own-license application or an acquisition track in parallel as a longer-term move toward holding the permission yourself. For most operators the partner arrangement is not a bridge to something else, it is the destination for the foreseeable future, and that is a perfectly sound place to be.

Fourth, protect your banking. Whatever structure you choose, make sure your payment rails sit with or behind an entity that holds the authorizations banks now expect to see, because the account closure tends to arrive before any regulator ever does.

None of this requires you to fire your team or abandon your Polish company. It requires you to separate two things that the Polish registration used to bundle together: the permission to operate, and the operation itself. The permission has to move. The operation can stay exactly where it is.

FAQs

Does my Polish virtual currency register entry let me keep trading after 1 July 2026?

No. The transition arrangement that let registered operators trade under old national rules ends on 1 July. After that date the register alone does not authorize you to provide crypto-asset services from Poland.

My payment institution is threatening to close my account. What do I tell them?

Tell them, in writing, that you are restructuring so that regulated activity and client funds will move to a MiCA-licensed CASP through a white-label or distribution arrangement, and attach a timeline. That is a concrete answer to the question their compliance function is obliged to ask, and it preserves the account far better than silence does. In many cases the licensed partner's own payment rails end up replacing the institution that was leaving in the first place.

My clients are mostly in western Europe, not Poland. Does any of this keep me serving them?

Yes, and this is the heart of it. A MiCA license held in any EEA member state passports across all thirty EEA states, so a licensed partner can serve your clients in Spain, Italy, France, and the rest of the Union exactly as your Polish registration did. The one boundary worth flagging is Switzerland, which sits outside the EEA and needs its own arrangement. Poland issues no license of its own, but it cannot block a license issued elsewhere in the Union, and that license reaches your whole European book.

Do I have to leave Poland to keep operating?

No. The route that keeps you open is built precisely so your company, your team, and your office stay in Poland, with only the regulated permission held by a licensed partner. Getting your own MiCA licence in another member state is a legitimate parallel option, moderate in cost, on the order of fifty to seventy thousand euro, and roughly three to six months, but it takes longer than the eighteen days you have and it asks you to build real presence in that state, so it is a background project rather than a reason to uproot from Warsaw. Buying a ready-made licence is a costlier alternative, half a million euro or more, for the well-funded. The realistic answer is to keep operating in Poland through a partner that already holds a licence and its EEA passport, and to pursue your own authorization in parallel only if and when you choose to.

Do I have to change my fiat-to-crypto business model to survive this?

No, and be wary of advice that tells you to. Restructuring a standard fiat-to-crypto exchange into something outside MiCA's scope typically multiplies your operating cost rather than solving the licensing problem. The partner-based route lets you keep the same model, the same brand, and the same customers, with the regulated permission held by a licensed CASP standing behind you.

What should I look for in a partner?

Two things above all. First, pick a provider whose business is powering other companies, an infrastructure or on-ramp partner that supplies the licence while you keep the brand and the clients, rather than a consumer exchange that would rather onboard your clients itself. Second, make sure the partner covers both legs of your flow: a CASP authorization for the crypto, and a payment or e-money capability for the fiat, since taking client funds into an account is a payment service that a CASP license alone does not authorize. Price and timelines matter, but a partner that fails either of these cannot carry your model.

Will the law eventually pass?

Quite possibly, in a later cycle and likely in amended form, and an operator who wants a Polish license will be well placed to apply the moment the framework is in force. What no business can do is run on a date that does not yet exist. So build for continuity now through the partner route, keep your operation in Poland, and treat the eventual Polish regime as something to step into when it arrives rather than a deadline to sit and wait on.

Is this legal advice?

No. This is general analysis of a fast-moving situation, and the right structure depends on the specifics of your services, your clients, and your corporate setup. Take tailored advice before you commit to any of these routes.