.svg)
On June 2, 2025, the Polish Financial Supervisory Authority (KNF) announced that it had submitted a package of proposals intended to simplify regulatory frameworks across the EU financial services sector to the EU member states, the European Commission and other institutions within the EU Financial Services Committee.
These proposals form part of a broader initiative led by the Polish Ministry of Finance, which aims to harmonise and streamline EU regulations to support the competitiveness of the European Union’s economy, including that of Poland.
The KNF, working jointly with the Ministry of Finance and its own advisory and consultative Team for Simplification of Regulations Concerning the Financial Services Sector, designed the proposals to achieve several key objectives:
- Reduce burdens faced by small and medium-sized enterprises, not only by reducing reporting obligations but also by easing organisational requirements.
- Facilitate the release of capital currently constrained by regulatory provisions.
- Eliminate regulatory requirements that lead to increased operational costs for financial entities.
- Simplify environmental, social and governance (ESG) reporting frameworks to reduce the excessive compliance costs currently placed on businesses across the EU.
How does this change things?
The KNF's proposals, although broad in their scope, introduce targeted simplifications that have particular implications affecting payment institutions (PIs), electronic money institutions (EMIs) and crypto-asset service providers (CASPs), among other entities. The following table summarises the key proposed changes directly affecting the abovementioned entities, alongside the existing regulatory landscape they aim to amend:
|
Category of proposed change |
Current regulatory status |
Proposed change |
|
Scaling back reporting obligations related to the management of ICT third-party risk under Regulation (EU) 2022/2554 (Digital Operational Resilience Act - DORA) |
Currently, Article 28(3)(3) of DORA obliges financial entities to report at least yearly to the competent authorities. This report must include the number of new arrangements on the use of ICT services, the categories of ICT third-party service providers, the type of contractual arrangements, and the ICT services and functions which are being provided. |
The proposal is to remove the existing third subparagraph from Article 28(3) of DORA. This eliminates the yearly reporting obligation, as the data for designating critical ICT third-party service providers will now be derived from the full registers obtained annually under Article 28(3)(4), rendering the separate report less relevant. |
|
Simplifying data reporting on interchange fees under Regulation 2015/751 for card-based payment transactions |
Currently, the provisions of Regulation 2015/751 necessitate that the same data on interchange fees is reported twice: for example, in Poland, once by payment service providers to the KNF; and once by payment organisations to the National Bank of Poland. |
The proposed change involves amending Article 3 of Regulation 2015/751 to cover only payment organisations with regulatory requirements, thereby eliminating this dual reporting. This aims to simplify data reporting by establishing a single entity (payment organisations) responsible for compliance and monitoring.
|
|
Amending Regulation (EU) 2023/1114 (Markets in Crypto-Assets Regulation – MiCA) provisions concerning reporting requirements for asset-referenced token (ART) and e-money token (EMT) issuers |
Currently, under MiCA, Article 23(1) for ARTs (and analogously for EMTs via Article 58(3)) requires issuers to report quarterly on estimated average daily transaction numbers and values. Exceeding set thresholds (e.g., 1m transactions, €200m value) leads to mandatory cessation of token issuance and a plan submission upon the first exceedance. |
The proposal would amend Article 23(1) and add Article 23(6) for ARTs, and amend Article 58(3) for EMTs to introduce options for the competent authority to order cessation upon first exceedance, with mandatory cessation only if limits are exceeded in two consecutive quarters, reducing issuer risks from complex transaction estimation. |
|
Narrowing the scope of financial institutions subject to DORA, particularly by removing payment institutions (PIs) and electronic money institutions (EMIs) from its requirements. |
Currently, Article 2 of DORA applies to payment institutions exempted under Directive 2015/2366 and electronic money institutions exempted under Directive 2009/110. Although a simplified ICT risk management framework under Article 16 of DORA applies to them, the extensive digital operational resilience requirements are deemed an excessive burden due to their limited scale and risk level. |
The proposal aims to amend Article 2 and Article 16 of DORA Regulation. It suggests adding a new subparagraph in Article 2 to allow member states to decide whether to exclude exempted PIs and EMIs from DORA's application. Additionally, Article 16(1) would be amended to reflect this national option for these entities. |
|
Limiting obligations regarding the maintenance and reporting of registers detailing ICT third-party service provider contracts under DORA |
Currently, Article 28(3), first subparagraph, of DORA mandates financial entities to maintain an extensive register of information for all contractual arrangements on the use of ICT services provided by third-party service providers. This broad scope, covering nearly 100 data fields, creates a significant and burdensome documentation and processing obligation. |
The proposal aims to amend Article 28(3), first subparagraph, of DORA to limit this obligation to only include ICT services supporting critical or important functions of the financial entity. This change, which also requires adjustment of Implementing Regulation 2024/2956, seeks to reduce administrative burden by adopting a more risk-based approach. |
|
Introduction of a "grace period" for the implementation of the requirements under the comprehensive ICT risk management framework for financial entities starting to apply it in the course of their operations under DORA |
Currently, Article 16 of DORA provides for a simplified ICT risk management framework for certain financial entities. If an entity exceeds the business scale threshold for this simplified framework, it is immediately required to apply the comprehensive ICT risk management framework. |
The proposal aims to amend Article 16 of DORA by adding a new subparagraph to introduce a one-year "grace period". This allows financial entities a transition period before the mandatory application of the comprehensive ICT risk management framework when they exceed the simplified framework's thresholds. |
|
Removing the need to assess operational security risks under Directive 2015/2366/EU (revised Payment Services Directive - PSD2), given overlap with DORA requirements |
Currently, Article 95 of Directive 2015/2366/EU (PSD2) requires payment service providers to establish a framework for managing operational and security risks associated with their payment services. This includes submitting an annual, comprehensive assessment of these risks to the competent authority. |
The proposal involves the deletion of Article 95 of PSD2. This change aims to remove the requirement for assessing operational security risks, as the subject matter is comprehensively covered by DORA for most payment service providers, thereby avoiding duplication of obligations. |
|
Expanding the use of certification schemes as a method of fulfilling ICT third-party risk management obligations under EU Delegated Regulation 2024/1773
|
Currently, the first sentence of Article 8(3) of Delegated Regulation 2024/1773 restricts financial entities from relying solely on certificates issued by third parties for ICT third-party risk management over time. This limitation often necessitates additional internal or third-party audits, generating extra burden and costs. |
The proposal aims to amend the first sentence of Article 8(3) of Delegated Regulation 2024/1773 to remove the restriction on solely relying on third-party certifications. This change will enable financial entities to make wider use of certifications, reducing the burden of conducting additional audits for ICT third-party service providers and lowering compliance costs. |
|
Reducing the frequency with which institutions must update access rights for ICT systems supporting critical or important functions under EU Delegated Regulation 2024/1774 |
Currently, Article 21(1)(e)(iv) of Delegated Regulation 2024/1774 mandates that financial entities update access rights for ICT systems supporting critical or important functions at least once every six months. This increased frequency is considered an excessive burden in terms of organisation, tools and resources. |
The proposal aims to amend Article 21(1)(e)(iv) of Delegated Regulation 2024/1774 to reduce the required frequency of updating access rights for all ICT systems to at least once a year. This change applies uniformly to all ICT systems, aiming to reduce associated costs and administrative burden. |
|
Limiting the range of providers required to offer basic payment accounts under Directive 2014/92/EU on comparability of payment account fees (Payment Accounts Directive) |
Currently, Article 16 of the Payment Accounts Directive (PAD) broadly obliges all payment service providers to offer basic payment accounts. This universal requirement is considered an unjustified and disproportionate regulatory burden, particularly for small entities, due to high compliance costs and operational complexities. |
The proposal aims to amend Article 16 of PAD to abandon the universal obligation for all payment service providers to offer basic accounts. Instead, it suggests a model where the obligation is limited to a narrower catalogue of providers, selected based on quantitative or qualitative criteria or by choosing a designated operator. |
|
Easing reporting requirements under Regulation (EU) 260/2012 (Single Euro Payments Area – SEPA) |
Currently, Article 15(3) of the SEPA Regulation mandates payment service providers to report to competent authorities every 12 months on the level of charges for various payment services and the share of rejections due to financial restrictive measures. |
The proposal aims to amend Article 15 of the SEPA Regulation to eliminate these reporting obligations, particularly those related to fee levels. This change seeks to reduce redundant reporting, as such information is deemed excessive given SEPA's established operation. |
|
Introducing simpler rules for cross-border transactions under Regulation (EU) 2021/1230 on cross-border payments and SEPA |
Currently, rules for cross-border transactions and fees are fragmented across Regulation (EU) 2021/1230 and the SEPA Regulation, with overlaps also existing with provisions in PSD2. This distributed regulation makes comprehensive clarity and transparency of fees complex. |
The proposal aims to remove Regulation (EU) 2021/1230 and the SEPA Regulation by transferring their provisions to a single, comprehensive regulation (e.g., the Payment Services Regulation - PSR). This will consolidate and simplify rules for cross-border transactions and fee transparency, eliminating duplicated obligations. |
The bigger picture
According to the Commission Work Programme 2025 titled "Moving forward together: A Bolder, Simpler, Faster Union", a central pillar of the European Union's strategy is a significant drive for simplification. The programme outlines a commitment to making EU rules simpler and more cost-effective for both citizens and businesses, aiming to tackle all sources of regulatory burdens. This includes not only reporting requirements but also other administrative costs associated with areas such as permitting, labelling and certification. The overarching goal is to ensure that EU rules effectively deliver on the Union's economic, social and environmental objectives while significantly cutting down on red tape.
Commissioner Valdis Dombrovskis also clearly explained this strong need for change in his speech on February 21, 2025. He said the EU is facing big challenges, including global threats, and urgently needs to make its economy stronger. He talked about the European Commission's new plan, called "A simpler and faster Europe", which aims to seriously cut down on paperwork and costs. He set out the commission’s big goals: reducing administrative costs by 25 percent for all companies and 35 percent for small and medium-sized businesses, which means saving billions of euros each year. Dombrovskis made it clear this is about changing the way rules are made to be simpler and more cost-effective. He stressed that it is not about getting rid of important protections, but about letting businesses grow without too much unnecessary hassle, by looking at all kinds of administrative costs, not just reporting.
The proposals for simpler rules put forward by the KNF team are therefore part of a broader European initiative to streamline regulations. This effort is particularly evident given Poland's presidency of the Council of the European Union in the first half of 2025. A country holding the presidency gains a significant opportunity to shape the EU's legislative agenda and advance key policy objectives. Poland's emphasis on reducing regulatory burdens reflects a growing consensus across the EU that too many complex rules can unintentionally slow down business and make it harder for Europe to compete globally.
One of the main rationale for pursuing regulatory simplification also stems from observations of other major global economies, such as the United States. Under Donald Trump's administration, deregulation has been a key priority in US policy, especially with Executive Order 14192 from January 31, 2025, which requires removing ten existing rules for every new one. The central premise is that by reducing regulatory complexity, European businesses can accelerate growth, attract greater investment and enhance the continent's overall competitiveness.
Why should you care?
For businesses operating within the European financial landscape, these proposed regulatory simplifications represent a significant shift towards a more efficient and less burdensome operating environment. Companies stand to gain direct financial and operational relief. Whether it is through the reduction of repetitive reporting obligations for short positions and ICT third-party service contracts, the easing of audit requirements via increased certification or the removal of redundant operational security assessments, these changes translate into real cost savings. This means fewer resources spent on compliance paperwork, less time dedicated to administrative tasks and a streamlined approach to meeting regulatory demands.
Beyond immediate cost reductions, these reforms offer crucial strategic advantages. By freeing up financial and human capital that would otherwise be tied up in complex compliance activities, businesses gain the capacity to reinvest in their core operations, innovation and strategic growth. For instance, payment institutions and electronic money institutions, particularly smaller ones, could be entirely removed from certain DORA requirements, allowing them to focus resources on service development rather than extensive digital resilience frameworks. Similarly, a proposed grace period for implementing comprehensive ICT risk management frameworks offers a smoother transition for growing entities, avoiding sudden, large-scale compliance shocks and enabling a more manageable scaling of operations.
Ultimately, these concerted efforts to simplify regulations aim to foster a more competitive and dynamic business ecosystem across the EU. The push for clearer, more consolidated rules, such as those for cross-border transactions, promises to make everyday operations more efficient and transparent. For businesses, this means not only a lighter compliance load but also a more predictable and enabling regulatory landscape that encourages investment and innovation. In a competitive global market, a regulatory environment that promotes growth becomes a critical factor for success, benefiting companies of all sizes and driving broader economic prosperity within the Union.
