Banking & Fintech /

Polish government has passed a bill on digital resilience of the financial sector and EuGB green bonds

The Government has adopted a draft law amending certain laws to ensure the financial sector’s operational digital resilience and the issuance of European Green Bonds, submitted by the Minister of Finance.

The proposed legislation aims to bring Polish law into line with new European Union requirements in two areas:

  • increasing the cyber resilience of the financial sector (in line with the EU’s DORA package)
  • and creating a uniform standard for European Green Bonds (EuGB).

The Act is intended to enable EU law to be applied in Poland appropriately, taking into account national considerations, particularly with regard to the Polish Financial Supervision Authority’s (PFSA) supervision of the implementation of the new regulations.

The Act is intended to enable EU law to be applied in Poland appropriately, taking into account national considerations, particularly with regard to the Polish Financial Supervision Authority’s (PFSA) supervision of the implementation of the new regulations.

The proposed regulation is purely informational and adaptive in nature – it introduces changes to a number of existing sectoral laws without additional interpretations or commentaries.

Legal basis – implemented EU acts

The proposed law serves to implement and apply the following legal acts of the European Union:

  • Regulation (EU) 2022/2554 of 14 December 2022. – the so-called Digital Operational Resilience Act (DORA) – establishing uniform requirements for the operational digital resilience of the financial sector.
  • Directive (EU) 2022/2556 of 14 December 2022. – a complementary act to the DORA Regulation, amending a number of EU sectoral directives (e.g. UCITS, Solvency II, MiFID II, PSD2) on digital resilience – requiring transposition into national law.
  • Regulation (EU) 2023/2631 of 22 November 2023. – establishing a European green bond standard and optional disclosures for sustainable bonds (European Green Bonds Standard, EuGB).

Key developments regarding the operational digital resilience of the financial sector

  • Uniform ICT security requirements:

The Act introduces into the Polish legal order uniform requirements for the security of networks and IT systems supporting financial services, in line with the EU DORA Regulation. The new ICT risk management obligations will cover a wide range of financial institutions, including, among others, banks (credit institutions), payment institutions, investment firms, insurance companies, investment funds and central securities depositories.

These entities will be obliged to adequately secure their ICT systems, monitor and report serious cyber security incidents to the relevant supervisory authorities, and regularly test their operational digital resilience – comprehensive tests of their systems must be carried out at least once a year to check the level of security and detect possible vulnerabilities to cyber attack.

  • FSC’s oversight of DORA requirements:

The PFSA is designated as the national supervisory authority responsible for enforcing the new digital resilience rules. The draft law gives the PFSA the relevant inspection and supervisory competences – including the power to conduct inspections at DORA-regulated institutions.

In addition, a legal basis will be created for the PFSA to cooperate and exchange information with the European financial sector supervisory authorities (EBA, EIOPA, ESMA) and the supervisory authorities of other EU countries in ensuring cyber resilience. This will enable the national supervisor to respond more effectively to cross-border incidents and threats, share information and participate in joint supervisory activities at EU level.

Amendments to sectoral laws

In order to implement the above solutions, the draft amends a number of sectoral laws regulating the functioning of the financial market. The amendments will include, among others, the Banking Law, the Investment Funds Act, the Financial Instruments Trading Act and the Financial Market Supervision Act. Other acts such as the Payment Services Act, the Insurance and Reinsurance Act or the Capital and Pension Markets Acts will also be adjusted – to ensure that national regulations are consistent with the new DORA requirements and the EuGB standard.

According to the draft, the Act is to enter into force, in principle, on the day following its publication in the Journal of Laws, which will allow the full operability of the EU rules in the Polish legal system as soon as possible.

According to the draft, the Act is to enter into force, in principle, on the day following its publication in the Journal of Laws, which will allow the full operability of the EU rules in the Polish legal system as soon as possible.

The new obligations will therefore take effect immediately after the Act’s enactment and publication, strengthening the digital security of the financial sector and creating conditions for the development of the green bond market in Poland.

Do you have questions about the new obligations? Contact our law firm – we will help you adapt to the changes.

Author team leader DKP Legal Piotr Glapiński
Contact our expert
Write an inquiry: [email protected]
check full info of team member: Piotr Glapiński

Contact us

Flaga Polski.POZNANPOLAND
pl. W. Andersa 3
61-894 Poznań
+48 61 853 56 48[email protected]
Flaga Polski.WARSAWPOLAND
Rondo ONZ 1
00-124 Warsaw
+48 22 300 16 74[email protected]
Flaga Polski.KRAKOWPOLAND
Opolska 110
31-355 Kraków
+48 61 853 56 48[email protected]
Flaga Polski.ZIELONA GÓRAPOLAND
Jana Sobieskiego 2/3
65-071 Zielona Góra
+48 61 853 56 48[email protected]
Flaga Włoch.MILANITALY
Via F. Sforza 15
20122 Milan
+48 61 853 56 48[email protected]
See all local services