Regulations pertaining to the insurance market and the financial markets in Poland

The Regulation (EU) 2024/1689 came into effect on 1 August 2024. The so-called AI Act establishes harmonized provisions for artificial intelligence, providing the first-ever comprehensive legal framework for artificial intelligence in the world. The Regulation introduces a comprehensive legal framework for AI systems to ensure their safe and ethical use. Some of the provisions, including those on banned practices, will come into effect on 2 February 2025, and others on 2 August 2025. Insurers will have to carefully review the systems they use to ensure they meet the AI Act’s definition of AI. This requires identifying which technologies fall within the scope of the Regulation, which can be a challenge due to the variety of solutions in use and possible definition issues. On 4 December 2024, the Council of the EU adopted its general position on the proposed framework for access to financial data (Access to Financial Data, FIDA). The work began in early 2025 in order to finalize the implementation of the Regulation. The purpose of FIDA is to make it easier to share financial data between institutions, which should be conducive to developing new services for clients. The project came with expectations of increasing competitiveness and opening up new opportunities for consumers and businesses. However, over time the legitimacy of this regulation and its proportionality raised some questions. One of the main objections is the excessive complexity of the Regulation, which would require the financial sector to invest heavily in technology infrastructure, developing APIs, and providing advanced data security. In addition, in the insurance sector, which is much more complex than the banking sector, the process of standardizing data in our industry poses very different challenges. The variety of information processed, its specific nature and the high complexity of the data make it more difficult to implement uniform mechanisms for sharing.

On 8 January 2025, Directive (EU) 2025/1 of the European Parliament and of the Council on establishing a framework for the recovery and resolution of insurance and reinsurance undertakings (IRRD) was published. The purpose of the IRRD is to strengthen the insurance sector and increase its resilience and ability to protect the interests of policyholders. The IRRD introduces mechanisms to help insurance companies and relevant authorities manage crisis situations and respond early to serious financial difficulties. This is to protect policyholders and reduce the negative impact on the economy and financial system, while eliminating the risk of burdening taxpayers. The directive will be implemented in three phases of consultation with the insurance industry, during which EIOPA will develop detailed technical standards and guidelines. The first phase will be completed in Q2 2026, the second in Q4 2026, and the third will last until Q2 2027. Although the directive is to be implemented in Q4 2026, the industry is proposing a transition period until 2028 to be able to become fully compliant with the new regulations. The directive is to be implemented into Polish law by the end of January 2027.

The Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA) came into force on 17 January 2025. Its purpose is to strengthen the operational resilience of the entire financial sector to digital risks by establishing uniform standards for managing information and communications technology (ICT) risks. DORA covers a broad spectrum of entities, including insurance companies, which will have to adapt their operations to the new requirements. Insurers are required to implement comprehensive mechanisms for identifying, assessing and monitoring risks associated with the ICT services they are provided with. This includes the preparation of risk management policies and procedures that will be an integral part of the organization’s overall risk management system. Insurers have to report serious incidents in the ICT area to the relevant supervisory authorities within strict deadlines. By 30 April 2025, insurers are required to turn over records of their ICT service providers to regulators. This is intended to gather information at the supervisory level on all ICT service providers providing services to financial entities, and thus better monitor and manage the risks associated with third-party technology providers. Regular audits of key ICT service providers and implementation of post-audit findings will become mandatory. These measures are designed to ensure that suppliers meet the required security standards and do not pose a threat to the insurer’s operational continuity.

The Regulation 2023/2854 on harmonized rules on fair access to and use of data (Data Act) comes into effect in 2025. It harmonizes the approach to nonpersonal data. The Regulation was published on 22 December 2023 in the Official Journal of the EU. Its purpose is to facilitate sharing data across the European Union and between different sectors of the economy, which may have a positive impact on insurance offerings, through, for example, insurers’ access to data collected on vehicles.

The legislation constituting the anti-money laundering or counter-terrorist financing package was also published in the Official Journal of the EU. The package includes, among other things, a regulation on the prevention of the use of the financial system for money laundering, which is intended to replace the existing EU directive and also the anti-money laundering and counter-terrorist financing law issued thereunder. The Regulation harmonizes and clarifies the laws applicable in the EU and ensures that their application is more consistent and enforcement better. The Regulation will be the primary legal act regulating the operation of obliged institutions in the area of anti-money laundering and counter-terrorist financing. The Regulation will take effect on 10 July 2027.

The Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 on corporate sustainability reporting (Corporate Sustainability Reporting – CSRD) came into effect on 1 January 2024. It was implemented into Polish law under the Act of 6 December 2024 Amending the Act on Accounting, the Act on Statutory Auditors, Audit Firms and Public Supervision and Certain Other Acts. First reports will be published in 2025 (data covering the 2024 fiscal year). The CSRD increases the scope of information provided, which has to comply with EU reporting standards. According to the requirements, operators are to provide investors with information on sustainability that should be taken into account in the investment process. What is key, is the so-called double materiality assessment. It requires companies to extensively analyze their operations and value chain to identify material points through which the organization has the greatest impact on the environment or social issues.

On 26 February 2025, the European Commission announced the first deregulation package under the Omnibus Directives. Its purpose is to simplify EU regulations, increase competitiveness, and unlock additional investment potential. Thereby the Commission began implementing the plan announced last year to reduce administrative burdens by at least 25% and, for small and medium-sized enterprises (SMEs) – by as much as 35% by the end of this term. The Commission predicts that the adoption and implementation of the package will save businesses EUR 6.3 billion annually and trigger EUR 50 billion in additional investment. This is an important step toward creating a more business-friendly environment in the European Union, conducive to company growth, innovation, and creation of quality jobs. The first announced package of the Omnibus Directive proposals addresses what many entrepreneurs believe is one of the most problematic areas – sustainable financing. The proposed changes relate to sustainable finance reporting (Corporate Sustainability Reporting Directive, CSRD), sustainability due diligence (Corporate Sustainability Due Diligence Directive, CSDD), and EU taxonomy.

The draft amendments provide for significant modifications to reporting obligations by significantly reducing the scope of the CSRD (by up to 80%) focusing reporting obligations on the largest companies that have a key environmental and social impact. It was proposed to limit application only to large companies with more than 1,000 employees and a turnover of more than EUR 50 million or a balance sheet total exceeding EUR 25 million. In addition, a two-year postponement in the implementation of the requirements was introduced for companies included in subsequent phases of implementation. The project would also remove the European Commission’s authority to adopt sectoral reporting standards and abandon the implementation of a requirement for reasonable assurance. In addition, there is a plan to significantly reduce the number of ESRS reporting indicators (European Sustainability Reporting Standards), which is expected to improve transparency, consistency with other regulations, and reduce the administrative burden on companies. A major change for the insurance sector is the decision that sector standards will not be prepared.

The proposed amendments to the taxonomy provide for optional reporting under the EU taxonomy for companies with fewer than 1,000 employees and a turnover of less than EUR 450 million. In addition, consultations were planned to reduce administrative burdens, including simplifying reporting templates by reducing the number of required data by 70%, introducing a financial materiality threshold, streamlining KPIs for financial institutions (with a focus on Bank GAR, Green Asset Ratio), and simplifying Do No Significant Harm (DNSH) regulations. It is particularly important that companies are allowed optional reporting, which includes insurance companies with fewer than 1,000 employees and a turnover of less than 450 million. Reporting the “greenness” of an insurance portfolio and the “greenness” index of assets is a major challenge for smaller financial institutions.

On 5 November 2024, the European Council and Parliament adopted a revision of the Solvency II Directive. The most important areas of that revision were amendments to the calculation of technical provisions in the areas of risk margin, cost of capital rate (down from 6% to 4.75%), extrapolation, volatility adjustment and interest rate risk. The purpose of the amendment was to simplify the provisions and make them more adjusted to the risks that insurance companies bear. The changes will allow insurers to free up some of the funds that previously had to be held in reserve. This will make it possible to invest them, particularly in the European Green Deal. The revision will introduce new regulations that will force insurance companies to take greater account of and better communicate sustainability risks. This will facilitate the policyholders’ understanding of the environmental aspects of the insurance companies’ operations.

The Directive (EU) 2025/2 of the European Parliament and of the Council amending Directive 2009/138/EC (Solvency II, or Solvency II) was published on 8 January 2025. The changes to the Solvency II rules will free up cash that insurance companies have had to hold in reserve, allowing the sector to channel more funds into the economic recovery and the European Green Deal in particular. The update will also simplify supervision and, on the other hand, strengthen the supervisors’ position on systemic risk. The update also includes new provisions that will require insurance companies to better account for sustainability risks and report more information on these risks so that policyholders can understand a company’s green credentials. The directive is to be implemented by the end of January 2027.

The Act on Mandatory Insurance, Insurance Guarantee Fund and Polish Motor Insurers’ Bureau took effect on 6 November 2024. It implements the Directive (EU) 2021/2118 of the European Parliament and of the Council of 24 November 2021 amending Directive 2009/103/EC relating to insurance against civil liability in respect of the use of motor vehicles, and the enforcement of the obligation to insure against such liability. The statute increases the minimum guarantee amounts in motor vehicle liability insurance and farmers’ liability insurance. The new amounts expressed in Polish zlotys are: in the case of personal injury – PLN 29,876,400 for one accident, regardless of the number of injured persons (previous amount expressed in euros – 5,210,000), and in the case of property damage – PLN 6,021,600 for one accident, regardless of the number of injured persons (previous amount expressed in euros –1,050,000). The increase in guarantee amounts requires PZU to adjust its IT systems and make relevant changes to internal documents and client documentation.

The Act of 26 April 2024 on Ensuring that Business Entities Meet Accessibility Requirements for Certain Products and Services will come into effect on 28 June 2025. The purpose of the statute is that the products and services designated therein have characteristics that allow them to be used, as intended, by people with special needs, on an equal basis with other users. When offering insurance remotely, electronically via websites and mobile devices, it has to be ensured, among other things, that the communication function is available through more than one sensory channel and includes alternatives to visual, audio, speech, and tactile elements. At the same time, the statute also regulates that the message should be clear and comprehensible (font size and shape, line spacing, etc.). The solutions adopted in the statute require insurance companies to adapt their remote acquisition systems, in particular by ensuring multi-channel communication.