Fewer Regulatory Obligations for Smallest Financial Entities? KNF Proposes Changes to DORA

In June 2025, the Polish Financial Supervision Authority presented a legislative proposal regarding the scope of application of the so-called DORA Regulation. The proposed amendments aim to allow Member States to exclude certain categories of payment institutions and electronic money institutions from the scope of DORA. 

This is part of a broader initiative intended to simplify regulatory requirements for the smallest and least risky entities operating in the financial market.

Who is affected by the changes?

The changes concern two categories of entities:

1. Payment institutions exempted under Article 32(1) of the PSD2 Directive – payment institutions whose average monthly transaction volume does not exceed EUR 3 million.
2. Electronic money institutions exempted under Article 9(1) of the EMD Directive – that is, e-money issuers whose average electronic money in circulation does not exceed EUR 5 million.

Currently, these entities are exempted from many licensing and supervisory obligations. However, under the applicable provisions of DORA, they are still formally subject to its requirements.

Scope of the proposed amendments

The draft amendment provides for the introduction of a new paragraph in the DORA Regulation that would allow Member States to exclude the aforementioned entities from the obligations arising from DORA.

In other words, the decision on whether or not to apply DORA to the smallest institutions may be made at the national level – which aligns with the principle of proportionality in supervision.

According to the draft, each Member State that decides to make use of such an exemption will be required to inform the European Commission of its decision.

Justification for the amendments

Full application of DORA requirements to the smallest financial institutions could result in disproportionate compliance costs and regulatory burdens that would be difficult for small entities to bear. The proposed exemption is intended to strike a balance between the digital security of the financial sector and the promotion of innovation and market competitiveness.

The FSA argues that the risks associated with the operations of such institutions are limited, and their systemic impact is negligible, thus their full inclusion under DORA is not justified from the perspective of regulatory efficiency.

How Could These Changes Affect the Fintech Market?

These changes may have significant practical implications for fintech companies and other locally operating providers. Reducing regulatory obligations increases their operational flexibility, reduces costs, and facilitates market entry. On the other hand, the new provisions may also help supervisory authorities focus their resources on monitoring larger, more complex entities that pose greater operational risks through their activities.

Next Steps – What Should Entrepreneurs Do?

The proposed amendments have been submitted at the EU level and will be subject to further consultations. Entrepreneurs operating in the area of payment services and electronic money should monitor the legislative process and assess whether their business activities may be covered by the proposed exemptions.

More information on the proposed changes can be found on the website of the Financial Supervision Authority here.

Need guidance on how the proposed DORA exemptions could impact your business?

Our Fintech team closely monitors regulatory developments and advises fintechs, payment institutions, and e-money issuers across the EU. Contact us to assess whether your organisation could benefit from the planned changes – and how to adapt your compliance strategy accordingly.