- The government is pushing through the crypto-assets bill despite serious legal warnings. Documents available on the Sejm’s website show that the project may raise doubts regarding its compliance with the principles of the rule of law.
- The most controversial issues are the blocking of accounts, transactions and domains. The new regulations may give the state very broad tools to interfere with the assets and activities of crypto companies.
- MiCA was supposed to organize the market, but the Polish law can go much further. Critics warn that instead of increasing safety, the regulations may push legal companies out of Poland.
The Polish Act on the Crypto-Asset Market was supposed to be a technical implementation of the EU MiCA regulation. In practice, however, it is increasingly looking like one of the most serious disputes about the limits of state power over digital assets, user accounts, Internet domains and personal data.
The biggest problem isn’t even that the cryptocurrency industry is protesting regulation. This would be easy to dismiss as a conflict of interest. The problem is more serious: the parliamentary documentation contains opinions of public institutions that have been pointing out the legal risks related to the project for months. Despite this, subsequent versions of the act return with very similar mechanisms.
In short: there is no “meme” or political commentary on the websites of the Sejm and Senate. There are documents that show that state authorities raised specific reservations and that the legislator did not solve all the problems. That is why a strong thesis is increasingly being made in the crypto community: the government is not only implementing MiCA, but is trying to build a system that may conflict with the law.
PUODO warned that the comments were not taken into account
PUODO wrote directly that the substantive provisions of the draft, on which the office had previously submitted comments, remained unchanged. Moreover, according to the letter, the supervisory body’s demands were not taken into account at the government stage, nor were they considered during the work of the Sejm subcommittee and the Senate committee.
This sentence is crucial. It’s not that someone “didn’t have time” to submit comments. It is not about lack of awareness of the problem. The document shows that the office warned, but its reservations were not actually addressed.
In the case of the crypto market, this is particularly important because personal data does not mean only name, surname and e-mail address. We are talking about KYC data, transaction history, wallet addresses, connections between users, asset information, and sometimes also data transferred between entities from different jurisdictions. This is one of the most sensitive areas of digital finance.
PUODO indicated that the regulations should clearly define the purposes of data processing, risks and obligations of entities providing services in the field of cryptoassets. The Office also pointed out that the implementing provisions regarding electronic documents should cover the issues of creating, storing and securing personal data.
To put it simply: if the state creates a new regime for exchanges, currency exchange offices and crypto service providers, it must very precisely answer the question of who processes user data, why, on what basis and for how long. Without this, there is a risk of conflict with the GDPR.
Personal data is not a technical detail
In the opinion of PUODO, there is another important issue: the obligation to maintain professional secrecy. The Office proposed that secrecy should cover the full scope of personal data processed by persons obliged to keep it confidential.
This is not a formality. In practice, a user of a cryptocurrency exchange or currency exchange office leaves a trace that may say more than the classic history of a bank account. Blockchain addresses are public, transactions are permanent, and when combined with KYC data, a very detailed financial profile of a person can be created.
PUODO also drew attention to the need to correctly define the roles of controllers, co-controllers and data processors. This is the foundation of GDPR compliance. If the law does not clearly address this, companies face legal uncertainty and users risk that their data will circulate in the system without sufficient control.
In this sense, the accusation against the government is not “you can’t regulate cryptocurrencies.” It sounds rather like this: we must not create regulations that give the state and institutions enormous powers over the market and at the same time do not close the basic guarantees for citizens.
Account blocking for 96 hours and then up to 6 months
The second most controversial area is the power to block crypto-asset and cash accounts. The current draft provides that in the event of a justified suspicion of violating the provisions on market abuse, the chairman of the Polish Financial Supervision Authority may request a blocking of the account for a maximum of 96 hours. The service provider is to fulfill such a request immediately.
This in itself is a powerful tool. But the project goes further. If the Polish Financial Supervision Authority deems it necessary for the safety of trading or the interests of crypto-asset holders, it may request an extension of the account blockage or suspension of the transaction for a specified period of time, no longer than 6 months.
In practice, this means that a user or company may be cut off from funds for a long time. Of course, the project provides for the possibility of filing a complaint with the administrative court, but only after receiving a copy of the block request.
And this is where the dispute over the law begins. Critics ask: why should such far-reaching interference in property be based primarily on an administrative decision and not on prior, real court control? In a state of law, asset blocking should not be a regular operational tool of the regulator. It should be an exception, backed by very strong guarantees.
The domain may be taken over and registered with the Polish Financial Supervision Authority
The regulations regarding Internet domains go even further. The project provides for a register of domains used for activities inconsistent with the Act or violating the provisions of MiCA. After entry in the register, telecommunications undertakings are to block access to the domain within 48 hours and redirect users to the website with the KNF announcement.
But that’s not all. The project also assumes responsibilities on the part of the hosting, domain registry and registrar. In certain situations, the domain is to be deleted and registered to the Polish Financial Supervision Authority, free of charge and for an indefinite period of time or as indicated by the Polish Financial Supervision Authority.
To the average user, it sounds like an anti-cheat tool. Indeed, the state should be able to quickly respond to false investment platforms, phishing and entities impersonating legal companies.
The problem is that the Internet domain is often the core of a company’s operations. Its seizure or blocking can mean the immediate death of the business, loss of customers, reputation and revenues. Therefore, such instruments must be extremely precise and controlled by the court. Otherwise, a tool aimed at fraudsters may become a tool for administratively paralyzing legal entities.
WEI talks about the risk of violating the constitution and EU law
The report also puts forward a very strong thesis: some of the proposed solutions may pose constitutional and EU risks, including in the context of freedom of business activity, property rights, the right to a court, freedom of expression and the freedom to provide services in the EU.
This is why the narrative of a “government that wants to break the law” doesn’t come out of nowhere. Of course, one must be precise: until the provisions are repealed by a court or the Tribunal, it cannot be said that they are unlawful as a foregone conclusion. However, something else can be said: already at the legislative stage, there are serious warnings that the project may violate standards of protection for citizens and entrepreneurs.
And if the government knows these warnings and yet repeats similar solutions, the dispute is no longer purely technical. It becomes a question about conscious legislative risk.
MiCA does not require national overzealousness
The government argues that the act is necessary to apply MiCA, protect investors, prevent abuses and enable Polish companies to operate on the European market. It’s a rational argument. The crypto market really needs clear rules, especially after years of operating in a regulatory gray zone.
But MiCA is not an invitation to arbitrarily expand the state’s powers. The EU regulation is intended to harmonize rules across the EU, and not to create a situation in which one country builds a much more restrictive regime than others. This is what critics call gold-plating, i.e. adding national obligations beyond what is required by EU law.
If Poland overdoes it, the effect may be opposite to that intended. Legal companies will not disappear from the European market. They will simply register in the Czech Republic, Lithuania, Latvia, Slovakia, Germany or another EU country, and then serve Polish customers cross-border.
Then Polish supervision will not become stronger. It will become less effective because the most innovative and best-organized entities will choose jurisdictions where the law is more predictable.
The president’s project showed that it could be done differently
In the background there is also the presidential proposal, which, according to the Chancellery of the President, was supposed to be a compromise between investor protection, effective supervision and entrepreneurs’ rights. The KPRP indicated, among other things, a more precise system of warnings and blockades, in which public warnings would first be applied to licensed entities, and the blockade would be a further solution, associated with additional guarantees.
The presidential presentation also emphasized the need to move away from “blind blockades” in favor of prevention and conscious risk. In the case of licensed entities, a risky operator would be placed on the warning list and place a visible message for users, and only failure to respond could lead to a block.
This shows that an alternative exists. You can regulate the crypto market, fight fraud and at the same time build stronger guarantees for legitimate companies and users. The dispute is therefore not about whether the state should respond. It concerns whether it should respond proportionally.
It’s not just the crypto industry that’s at stake
It would be easiest to consider this topic as a niche cryptocurrency controversy. This is a mistake. The Act on the Crypto-Asset Market may become a precedent for much broader state interference in digital finance, internet domains and user data.
If the administration is given the opportunity to quickly block accounts, suspend transactions, enter domains in the register and take them over to a state authority, the question is: where exactly is the line? Who controls the decision? How quickly can it be challenged? Who is responsible for the incorrect blocking? How does an entrepreneur regain his reputation if after a few months it turns out that the decision was wrong?
These are fundamental questions for the rule of law. Not only for bitcoin, exchanges and stablecoins.
Poland needs regulations, but not a legislative demonstration of force
The crypto market should not operate outside the law. Users should be protected against fraud and companies should meet clear capital, organizational and information requirements. In this sense, MiCA is needed.
But good regulation does not mean that the state takes as many competences as possible “just in case”. Good regulation gives authorities effective tools, but at the same time protects citizens against arbitrariness.
Documents available in parliamentary circulation show that objections to the Polish act are not an invention of the industry. PUODO pointed to unresolved problems with personal data protection. WEI points to constitutional and EU risks. The presidential proposal showed that more proportionate mechanisms could be designed.
Therefore, the question is no longer just: when will Poland implement MiCA?
The real question is: will Poland implement MiCA in a way that strengthens market security, or will it use EU regulations as a pretext to create one of the most restrictive cryptoasset supervision systems in Europe?
