Dowiedz się więcej na temat naszych produktów. Zobacz nasz blog
  • EN
  • PL
    • Wizards
    Umów się na rozmowę
    Umów się na rozmowę

    DORA in Poland: Digital Resilience ofthe Financial Sector

    On April 18, 2024, the Polish Government Legislation Center published a draft law. It implements the DORA in Poland regulation (Digital Operational Resilience Act) and Directive 2022/2556 into Polish law. This draft introduces amendments to several financial sector laws. The amendments align the domestic legal system with EU requirements for digital operational resilience.

    DORA in Poland: Is the New Law Necessary?

    The DORA regulation is directly applicable, meaning it does not require implementation into
    Polish law. However, certain provisions, such as designating supervisory authorities or
    establishing detailed rules for financial entities, necessitate adjustments to national
    legislation.

    For this reason, the Ministry of Finance proposed amending laws, such as the Banking Law,
    the Payment Services Act, and the Financial Instruments Trading Act. These amendments
    are primarily technical and aim to facilitate the implementation of the DORA regulation in
    Poland.

    Scope of Application

    The DORA regulation allows for excluding certain entities, such as credit unions (SKOKs) or
    Bank Gospodarstwa Krajowego, from its scope. However, Polish legislators decided to
    include these institutions to ensure uniform application of the regulations across the financial
    sector.

    The draft law exempts key banking and financial sector entities from most provisions of the Polish Cybersecurity Act. However, these entities are not entirely exempt from domestic regulations. Their obligations are adjusted to meet DORA requirements.

    DORA in Poland

    KNF as the Supervisory Authority

    The draft law designates the Polish Financial Supervision Authority (KNF) as the body
    responsible for overseeing compliance with DORA regulations. As part of its new powers,
    the KNF will be able to:

    ● Supervise the activities of financial entities regarding digital resilience.
    ● Impose administrative penalties, including fines of up to PLN 20,869,500 or 10% of
    annual revenue.
    ● Issue public statements identifying individuals or companies responsible for
    violations.
    ● Temporarily suspend the use of services provided by key external ICT providers.

    The KNF will also have the authority to request access to data transmission records and
    require financial entities to report contractual arrangements related to ICT services.

    Reporting of Contractual Arrangements

    The draft law clarifies the reporting requirements for financial entities to the KNF, including:

    ● A 14-day deadline for notifying planned contractual arrangements regarding ICT
    services for critical functions.
    ● Annual reports to be submitted by January 31 each year, starting in 2026.

    Highlighting Innovation

    The introduction of DORA regulations can also significantly contribute to the development of
    technology in the financial sector. These regulations encourage the adoption of modern
    solutions such as artificial intelligence (AI) and blockchain, which enhance digital security.
    Implementing innovative technologies will enable financial institutions to better monitor risks,
    streamline operations, and build customer trust. Integrating such tools can also support the
    sector’s competitiveness on an international scale.

    Entry into Force and Next Steps

    The draft law will take effect on January 17, 2025. This date coincides with the start of the DORA regulation. Public consultation feedback is under review. The draft may undergo further modifications.