Pursuant to the Polish Criminal Code (CC), an offence may be classified as a felony or a misdemeanour. A felony is a prohibited act penalised with the deprivation of liberty for a period of no less than three years, or with a more severe penalty. A misdemeanour is an offence penalised with a fine exceeding 30 daily rates or exceeding PLN5,000, the limitation or deprivation of liberty each exceeding one month. A felony may be committed only intentionally, while a misdemeanour may also be committed unintentionally if the law provides so, although the perpetrator could also be liable for attempting to commit an offence.

Moreover, Polish law provides for a liability for less severe unlawful acts under the Code of Petty Offences. A petty offence may be committed intentionally or unintentionally. However, the statute may exclude liability for a petty offence committed unintentionally. A perpetrator could also be liable for attempting to commit a petty offence if the law provides so.

Notwithstanding the above, there is a further classification of tax offences regulated under the Fiscal Criminal Code (FCC). A tax offence is an act prohibited under the FCC and penalised with fines calculated on daily rates, limitation or deprivation of liberty. A fiscal petty offence is also an act prohibited under the FCC but penalised with a fine specified at an exact amount. A tax offence is classified as a fiscal petty offence if the amount of public debt depleted or exposed to depletion, or the value of the object of the act, does not exceed five times the minimum remuneration at the time of its commission (amounting to PLN21,355 ‬in 2024). What is more, the perpetrator could be liable for attempting to commit a tax offence. In such a case, the penalty may not exceed two-thirds of the maximum statutory penalty prescribed for a particular tax offence.

In the Polish legal system, as a general rule, the burden of proof “rests on who asserts, not on who denies”. Under the criminal procedure, this means the burden of proving the defendant’s guilt lies with the prosecution, and that fact must be established beyond reasonable doubt. The defendant is innocent until proven guilty.

It must be proven beyond reasonable doubt that all prerequisites of an offence have been fulfilled. All doubts that cannot be dispelled must be resolved to the benefit of the accused.

In exceptional cases, the criminal procedure provides for a derogation from the need to prove certain facts. In these cases, there is no need to provide evidence of a particular circumstance; however, it does not preclude a counter-proof being provided. The so-called “surrogates of proof” are notoriousness, obviousness, probability and presumptions, whether factual or legal.

Notoriousness provides for the rule that the facts indisputably known by the legal authority and the parties shall not require proof. Obviousness is something more than notoriousness, as it relates to the knowledge that every averagely-educated and intelligent person possesses. A probability is a substitute for evidence that does not provide certainty, but only the likelihood (reliability) of a claim about a certain fact. Proof is not required in such a situation – not because there is no doubt about the fact, but because it will be proven later. For example, the precautionary measures may be applied if there is a high probability that the accused has committed a crime. As regards presumptions, they constitute a judgment about a high probability of some fact deduced from another fact (or facts) that do not induce any doubts. There are factual presumptions (existing irrespective of the legal system) and legal presumptions (provided under the provisions of criminal procedure). The most significant legal presumption is the rule that the accused shall be presumed innocent until their guilt is proven and recognised in a final judgment.

Polish law provides for the statute of limitations. The limitation period varies depending on the type of the offence. Pursuant to the CC, as a general rule, an offence ceases to be punishable after the lapse of the following number of years from the moment of its commission:

• 40 in the case of homicide;
• 20 in the case of another felony;
• 15 if the act constitutes a misdemeanour subject to the penalty of deprivation of liberty exceeding five years;
• ten if the act constitutes a misdemeanour subject to the penalty of deprivation of liberty exceeding three years; and
• five for other misdemeanours.

Private prosecution offences cease to be punishable one year after the harmed party learns the identity of the perpetrator of the crime, but no later than three years after the commission of the offence. If the proceedings are initiated within the aforementioned time periods, the punishability of the offence ceases ten years after the lapse of the specific period (five years in the case of private prosecutions).

The punishment of tax offences ceases after ten years if the act constitutes a tax offence penalised by a deprivation of liberty exceeding three years or five years if the act constitutes a tax offence penalised by a fine, limitation of liberty or deprivation of liberty of up to three years.

A fiscal petty offence is subject to a one-year limitation period; however, if proceedings were instituted within this period, the offence will cease to be punishable after two further years have elapsed.

In Polish criminal law, there is no special regulation on the extraterritorial jurisdiction to prosecute white-collar offences.

As a general rule:

• the CC applies to a Polish citizen who has committed a crime abroad;
• the CC applies to a foreigner who commits a prohibited act abroad against the interests of the Republic of Poland, a Polish citizen, a Polish juridical person or a Polish organisational entity without legal personality, as well as a foreigner who has committed a crime of a terrorist nature abroad; and
• liability for an act committed abroad is applicable only if this act is also recognised as a crime by the statute in force where the commission of the act was located.

If the above-mentioned conditions are met, the Polish authorities are entitled to initiate and conduct criminal proceedings. However, the Polish authorities may conduct their activity only on Polish territory. Any action that should be carried out on foreign territory requires a motion for legal aid.

Crimes that Provide for Corporate Liability (ALCE)

The current Act on Liability of Collective Entities for Acts Prohibited Under Penalty (ALCE), which regulates issues of quasi-criminal liability of commercial companies, has been in force since 28 November 2003. The ALCE is applicable if a person acting in the name of a company has committed one of the offences specified in the statute and the company gained, or could have gained, any benefit from this act, whether financial or not.

The list of offences, the commission of which may cause the commencement of criminal proceedings, includes:

• mismanagement;
• public corruption;
• corruption in business;
• credit and subsidy fraud;
• money laundering;
• crimes related to making repayment of creditors impossible and reducing their satisfaction;
• failure to file a bankruptcy petition on time; and
• insider trading.

Numerous other offences are specified in other pieces of legislation that regulate specific areas of economic activity.

Conditions for Corporate Liability

A condition for initiating proceedings against a company is that a legally binding and final guilty verdict against a person acting in the name of that company has been established. There are two other instances when proceedings against a company may be commenced: a verdict that conditionally discontinues criminal proceedings against such an individual, or a verdict that discontinues criminal proceedings by stating that, even though the crime has been committed, the perpetrator cannot be punished. Criminal personal liability always comes before quasi-criminal corporate liability.

As from 1 September 2022, there is an exception to the above rule. Collective entities may be held liable for environmental offences committed by their representatives without the prior requirement of a final conviction of the offender.

Liability on the basis of the ALCE may be imposed in the event that one of the following is proven:

• at least a lack of due diligence in the choice of the person representing the entity, who is at the same time the perpetrator of an offence; or
• the defective organisation of the company, which did not ensure avoidance of the commission of an offence, when it could have been prevented if the body or representative of the collective entity had applied required due diligence.

It should be noted that the liability arising under this Act is non-transferable; that is, in the case of a merger, division or restructuring of the relevant company, the liability expires. However, the court might impose an interim prohibition of such transformations in a company to prevent it from avoiding liability.

It should be emphasised that it follows from experience to date that the law enforcement bodies do not commence proceedings in every case in which such a possibility arises. The Ministry of Justice statistics show that only a couple of dozen proceedings of this type are commenced a year. This figure is very low, particularly taking into account the fact that more than 10,000 people are sentenced each year for committing business crimes.

In addition, under Article 24 of the FCC, a legal entity (eg, a company) should be liable in whole or in part for a fine imposed on a perpetrator of a fiscal offence, if the perpetrator is a substitute for that entity conducting its affairs as a proxy, manager, employee or acting in any other capacity, if the entity obtained or could have obtained any financial benefit from the committed fiscal offence.

The court imposes the punishment at its own discretion, within the limits prescribed by the law. It is obliged to observe that the onerousness of a penalty does not exceed the degree of fault, taking into account the degree of social harmfulness of the act and taking into consideration the preventative and educational aims it is to achieve with regard to the sentenced person, as well as the need to develop the legal awareness of wider society.

The CC provides for the general guidelines that state that, while imposing a penalty, the court takes into account, in particular, the perpetrator’s motivation and manner of conduct – eg, the type and degree of the violation of the perpetrator’s duties, the type and the extent of negative consequences of the crime, the characteristics and personal conditions of the perpetrator, the perpetrator’s way of life prior to the commission of the crime and their behaviour after the commission of the crime. The CC also states that the court should, in particular, consider the perpetrator’s efforts to redress the damage or to satisfy the public sense of justice in any other form, as well as the harmed party’s conduct.

The court is also expected to take into consideration the positive results of the mediation between the harmed party and the perpetrator or the settlement they have reached during the proceedings held before a court or a public prosecutor. Nevertheless, there are no specific rules or guidelines addressed to the judges regarding the assessment of penalties in the event of a deferred prosecution agreement, non-prosecution agreement or plea agreement.

Victims of a white-collar crime may seek compensation based on both civil and criminal law. The choice of civil or criminal proceedings would determine the jurisdiction of a civil or criminal court.

Pursuant to Article 46 Section 1 of the CC, in the event of a conviction, the court may order the offender to partially or fully remedy any damage caused by the offence or compensate for any injury. Ordering the compensation is obligatory if a pertinent motion has been filed by the harmed party or the prosecutor. The criminal court will apply the civil law rules while deciding on the compensation.

There is no class action available in criminal procedure. A harmed party may join the dispute as an auxiliary prosecutor together with the public prosecutor; however, the court may limit the number of auxiliary prosecutors if it is necessary to secure a correct course for the proceedings. The court will decide that a subsidiary prosecutor cannot participate in the proceedings if the maximum number of prosecutors defined by the court is already involved. Seeking remedies through class actions is, however, possible under civil law regulations.

White-collar crimes are prosecuted by public prosecutors in conjunction with the support of the police, the Internal Security Agency, the Central Anti-corruption Bureau, the Central Investigation Bureau, the Border Guard, the Military Police (within a very narrow scope), the Tax Offices, the National Tax Administration, the Tax Administration Chambers, and the Tax and Customs Offices.

In the enforcement agencies, there are specialised divisions that deal with particular types of crime, including white-collar crimes. However, the public prosecutors and courts usually handle all types of criminal cases, and there are no dedicated courtrooms for white-collar crimes.

There are no civil/administrative enforcement agencies for white-collar crime. However, some activities falling within the scope of white-collar crime are also examined by the regulators, including infringements of antitrust laws, consumer-protection violations, and regulations of stock companies and financial institutions, as well as energy laws. Regulatory authorities are permitted to proceed with their cases in accordance with administrative law but may also file a notification of an offence with the public prosecutor.

An investigation is initiated if there is a justified suspicion that an offence was committed. A decision to initiate the investigation is issued ex officio or upon notification filed by any other party. The notifying party does not need to be harmed by the offence to efficiently file the notification; however, the harmed party has much wider procedural rights than a sole notifying party.

In general, there are no special rules or guidelines governing the initiation of an investigation. However, the Public Prosecutor General is entitled to issue guidelines for prosecutors that may be relevant to practice. For example, the Guidelines of 10 August 2017 concern VAT frauds and other tax evasion offences; according to the Guidelines, these cases should be handled by prosecutors who specialise in combatting these types of crimes, and these cases should be conducted jointly with other units such as the Internal Security Agency or the Central Anti-Corruption Bureau. From the beginning, the investigation should focus on identifying the perpetrators who are responsible for the main acts of this criminal activity. The prosecutor also underlines that securing the fiscal interests of the State is a priority.

The enforcement agencies have wide powers to gather any type of information. Under the provisions of the criminal procedure, any legal person/organisational unit/individual is obliged to assist the authorities conducting criminal proceedings by providing requested information.

Public prosecutors may demand the production of documents or other evidence (including the seizure of electronic devices). Refusal to provide the requested information may result in a dawn raid.

Documentation that may serve as evidence should be surrendered at the request of the court, the public prosecutor, or, in urgent cases, the police or other authorised agency. If the seizure is conducted by the police or another authorised agency acting at its own behest, the person surrendering the documentation may immediately request that the decision approving the seizure be drawn up by the court or the public prosecutor. A person surrendering an object should be advised of that right.

The enforcement authorities carrying on criminal proceedings are entitled to summon any person (inter alia, an employee, officer or director of the company) to testify. A person who has been formally summoned as a witness is obliged to appear at the place indicated by the authority and to testify. Interrogations generally take place at the premises of the summoning authority; however, questioning in a different place (eg, a company’s headquarters) is not ruled out.

Following the adoption of the Whistle-Blower Protection Act (see 4.4 Whistle-Blower Protection) an internal investigation is one of the possible follow-up actions taken by a company to assess the truthfulness and accuracy of the information contained in a whistle-blower’s report.

However, the companies often decide to conduct internal investigations not always initiated only by a specific whistle-blower’s report, but also as a result of a decision made by the management to check the correct operation of important internal processes.

Moreover, it is assumed that conducting an internal investigation represents fulfilment of the obligation to take care of the interests of the enterprise under management. Failure to verify signs of irregularity may represent grounds for liability for damages and, in extreme cases, for criminal liability for mismanagement. Internal investigations are conducted not only when the provisions of law have been violated but also when, as a result of the law being violated, the enterprise has been harmed.

In addition, specific entities (eg, banks, investment funds, entities managing alternative investment companies, insurance companies, reinsurance companies, as well as entities conducting brokerage activities and fiduciary banks) are obliged on the basis of special provisions to maintain tight compliance control or an internal audit system. These systems have a similar function to internal investigations and are, at times, subject to compulsory reporting. Failure to properly maintain the aforementioned systems may result in one or more of many administrative sanctions being imposed on the entity.

In recent years, the number of internal investigations regarding irregularities in the private sector has increased noticeably. In many instances, this is due to the operation in Poland of companies regulated by the strict rules of the US Foreign Corrupt Practices Act or the UK Bribery Act.

Commonly, an internal investigation will encompass a review of business e-mail correspondence and electronic files, meetings with employees, and the company’s financial and contractual documents. As regards confidentiality and secrecy, no specific regulations exist and, therefore, use of any information within an internal investigation must comply with generally applicable provisions (particularly the EU General Data Protection Regulation). Processing personal data (except sensitive data) is generally permitted within an internal investigation. However, it is recommended that the necessary consent be obtained from the person to whom the data relates.

As already stated, crimes (including white-collar crimes) are initiated in two ways: ex officio or at the request of the harmed party. Whenever the harmed party is the State Treasury, the proper mode is, in general, ex officio. Examples of types of crimes prosecuted ex officio are insurance fraud, money laundering, sham bankruptcy, etc. Examples of types of crimes prosecuted on request – unless the harmed party is the State Treasury – are fraudulent frustrating of a public tender, fraudulent non-satisfaction of creditor’s demands, causing loss due to culpable maintenance of unreliable documentation, etc. The request should be filed to the police, the public prosecutor’s office or other relevant enforcement authority.

Generally, the same rules govern charging and filing the indictment in all kinds of matters, including white-collar crime cases. A justified suspicion of an offence is sufficient to institute the proceedings and collect evidence. The prosecution has discretionary power to decide if the examination of evidence provides grounds for charges/indictment. The indictment is then verified in two-instance court proceedings.

There are no deferred prosecution agreements under Polish law. However, there are some mechanisms that allow mitigation of the penalty and a criminal investigation to be resolved without a trial. In cases referred to Article 335 of the Code of Criminal Procedure, the prosecutor may move for conviction of the accused without a trial. This requires the following conditions to be met: the confession of the accused; an explanation of all the circumstances of the case that does not contradict conclusions based on other evidence gathered; and the attitude of the accused indicating that the purpose of proceedings will be achieved without a trial. The court will verify whether the circumstances of the commission of the offence give rise to doubts and that the attitude of the accused indicates that the purposes of the proceedings will be obtained.

Upon the public prosecutor’s motion, the court may apply extraordinary mitigation of the penalty, and may even conditionally suspend its enforcement. Such a situation may occur with regard to a perpetrator who has, apart from giving explanations in their own case, disclosed a crime subject to the penalty of deprivation of liberty for five years and presented its substantive circumstances to a law enforcement authority that had no prior knowledge of these facts.

If, on the other hand, the prosecutor refers the indictment to the court and the trial begins, the accused still has the possibility of voluntarily submitting to the punishment, according to Article 387 of the Criminal Code. This possibility exists:

• until the end of the first hearing of all the accused
• if the offence is punishable by up to 15 years’ imprisonment.

The accused may make use of this possibility by submitting a request for a verdict and for the imposition of a specific penalty or measure of punishment, forfeiture or compensation without taking evidence.

When considering the defendant’s request for voluntary surrender, the court examines whether the circumstances of the offence and guilt are beyond doubt and whether the objectives of the proceedings will be achieved despite the absence of a full trial.

Pursuant to the CC, an active briber is not subject to a penalty if the benefit or its promise has been accepted by a passive briber and the perpetrator has reported this to a law enforcement authority. An active briber must disclose all the substantive circumstances of the crime before this authority has learned about it.

Pursuant to Article 296 of the CC, anyone who, while under a legal obligation to manage the property or business of an individual, a company, or an organisational unit without legal personality, by abusing the authority vested in them, or by failing to perform their duties inflicts substantial damage, is liable to imprisonment for between three months and five years. If the offender referred to above, by abusing the authority vested in them, or by failing to perform their duties, creates an imminent danger of causing substantial damage to property, they are liable to imprisonment for up to three years. For perpetrators acting with the intent to gain a material benefit, a more severe punishment is prescribed, ranging from six months to eight years in prison. Non-deliberate violations are subject to imprisonment for up to three years. If the perpetrator of the above offence caused damage exceeding PLN1 million, they are liable to imprisonment for between one and ten years.

Corporate fraud may be also classified as an offence of misappropriation. According to Article 284 of the CC, anyone who misappropriates movable properly entrusted to them is liable to imprisonment for between three months and five years.

The CC also provides for criminal liability for corruption in business (see 3.2 Bribery, Influence Peddling and Related Offences).

Moreover, Article 306b of the CC introduced aggravated forms of certain offences against business transactions and property interests in civil law transactions (eg, acting to the detriment of the company, money laundering). If the value of the property or the amount of damage exceeds PLN5 million, such crimes are punishable by three to 20 years of imprisonment. If the value of the property or the amount of the damage exceeds PLN10 million, such crimes are punishable by five to 25 years’ imprisonment. Thus, some financial crimes can be a felony (see 1.1 Criminal Offences).

Additionally, Article 23 of the Combating of Unfair Competition Act (CUCA) criminalises illegal use of business secrets. Anyone who causes serious damage to an entrepreneur by violating their obligation towards that entrepreneur by disclosing business secrets to another person or using such secrets in their own business shall be liable to a standard fine, restriction of liberty, or imprisonment for a period of up to two years. The same penalty applies to anyone who illegally obtains access to business secrets and discloses them to another person or uses such secrets in their own business.

Article 24 of the CUCA criminalises causing serious damage to an entrepreneur by reproducing or copying their products in a manner that might mislead customers as to the identity of the manufacturer. The perpetrator is liable to a standard fine, restriction of liberty, or imprisonment for a period of up to two years. In the event that such reproduction or copying involves marking the products with counterfeit trademarks in order to introduce them to trading, or trading in such counterfeit products, under Article 305 of the Industrial Property Law (IPL), the perpetrator is liable to a standard fine, restriction of liberty, or imprisonment for a period of up to two years. Note that, under Article 305 of the IPL, no damage to another entrepreneur is required for the liability to apply. A stricter regime applies to perpetrators who deal with counterfeit goods of significant value or make such criminal activity a permanent source of their income. Such perpetrators are liable to imprisonment for a period of six months to five years.

The CC provides for the criminal liability of both the person accepting a bribe and the person offering it in all types of bribery crimes covered by legal provisions. Separate provisions regulate issues related to liability for official, international and business corruption.

The subject of a bribe may be material or personal benefit. Material and personal benefit includes both the benefit for oneself as well as for another person. Criminal conduct may consist in giving, accepting, demanding or making a promise of benefits.

Criminal liability for handling or promising a bribe may be imposed on each individual. However, liability varies according to the function performed by the person accepting the bribe.

In the case of an offence of “public corruption”, the person accepting the bribe is a person performing a public function (this is a notion broader than that of a “public official”). Pursuant to Article 115, Section 19 of the CC, a person performing a public function is a public officer, a member of a self-government authority, a person employed in an organisational entity using public funds, unless they exclusively perform service duties, and any other person whose public activity and duties are established or recognised by a statute or by an international agreement binding on the Republic of Poland. The term “public corruption” also refers to persons performing a public function in a foreign state or international organisation.

Polish law does not define the minimum value of a material benefit, which is considered to be the profit gained by the person who accepts the bribe. Therefore, this may be an act that increases the assets or reduces the liabilities of the person accepting the bribe. Money and hospitality expenditures, gifts and promotional expenditures, or facilitation payments of considerable material value, are always classified as material benefits.

As already described, provisions of criminal law also provide for criminal liability in the case of corrupt conduct in business relations. It is a crime to corrupt a person holding a managerial function in a business entity or an employee of a business entity in exchange for abuse of the powers granted to them or for the non-performance of their duty, which may cause material damage to that entity, or which may constitute an act of unfair competition or an inadmissible preferential act in favour of a buyer or recipient of goods, services or performances. If, as a result of actions taken by a corrupt manager or employee, damage is caused that is in excess of PLN200,000, then the Act provides for a more severe penalty.

Legal Framework for Offences – International Conventions

Poland has signed up to numerous international conventions related to anti-bribery and anti-corruption. Poland was admitted to the European Council on 26 November 1991 and is a party to the Criminal Law Convention on Corruption of 27 January 1999 (which came into effect on 1 April 2003). Since 1 August 2014, Poland has also been subject to the Additional Protocol to the Criminal Law Convention on Corruption.

In addition, Poland ratified the United Nations Convention against Corruption on 15 September 2006.

The OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, drawn up in Paris on 17 December 1997, has been in force in Poland since 7 November 2000.

As a member of the European Union, Poland has also implemented a range of EU legal acts on combating corruption.

National Legislation

The main national legislation in the area of anti-bribery and anti-corruption is the Polish Criminal Code, which provides for most offences relating to corruption. In particular, the CC’s provisions regulate issues related to liability for official, international and business corruption. However, some offences related to bribery and corruption are laid down in separate regulations. For instance, liability for corruption in sport is provided for under the Act on Sport.

Corrupt conduct may be prevented by restrictions imposed on persons holding public functions linked to participation in a business activity.

Pursuant to the provisions of the Act on Limiting the Conduct of Business Activity by Persons Holding Public Functions, persons holding public functions may not be members of governing bodies in commercial law companies, or work or undertake actions on behalf of business entities if the objectivity of their role is called into question. Persons holding public functions also cannot hold more than 10% of the shares in commercial companies or conduct their own business activity. In addition, they are obliged to submit asset declarations, including those that are part of marital joint ownership. At present, legal provisions do not impose the obligation on business entities to implement compliance programmes. However, many firms operate such programmes. An amendment to the CC came into effect on 1 October 2023.

This amendment introduced many fundamental changes to the CC, in particular by increasing the penalties for certain offences, including bribery and corruption offences. For example, the act increases the penalty for corruption offences where the financial benefit exceeds PLN200,000 from up to 12 years’ imprisonment to up to 15 years’ imprisonment; and where the financial benefit exceeds PLN1 million, from up to 15 years to up to 20 years of imprisonment. (see 3.1 Criminal Company Law and Corporate Fraud). 

Pursuant to Article 181 of the Act on Trading in Financial Instruments, anyone who uses inside information contrary to the prohibition referred to in Article 14 (a) of Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (MAR) shall be liable to a fine of up to PLN5 million or imprisonment for a period of three months to five years, or both these penalties jointly. Article 14(a) of the MAR provides that it is forbidden to:

• engage or attempt to engage in insider dealing;
• recommend that another person engages in insider dealing or induce another person to engage in insider dealing; or
• unlawfully disclose inside information.

As mentioned in 1.1 Criminal Offences, tax offences are described under a separate legal act, the FCC.

Under Polish law there is an obligation to prevent tax evasion. Failure to prevent tax evasion is a criminal offence. A tax offence occurs when a taxpayer exposes a tax to depletion by submitting a tax return to a tax authority that is untrue or conceals the truth.

The most popular tax offence, VAT fraud, usually involves the use of fake or otherwise unreliable invoices. These crimes are provided under Articles 270a and 277a of the CC. Forgery of or tampering with an invoice in relation to circumstances influencing the amount of a tax (or other public obligation) or its refund, in order to use such an invoice as an authentic one, or using the fake invoice, constitutes a separate offence. The perpetrator is liable to imprisonment for a period of six months to eight years. If the perpetrator forged or used invoices documenting transactions whose value exceeded PLN5 million, or forging or using fake invoices constituted a source of their permanent income, the offence is considered as a felony and is punishable by at least three years of imprisonment. Moreover, if the value exceeded PLN10 million, the perpetrator is liable to imprisonment for a period of five to 25 years.

Business entities are obliged to keep financial records, and, in the case of commercial law companies, their financial records and statements are subject to mandatory examination by an independent certified auditor.

Keeping inaccurate financial records constitutes a crime under fiscal criminal law. Inaccurate financial records are understood as records containing false entries. With regard to criminal liability, under fiscal criminal law it is possible to hold a management board member liable even if financial record-keeping was not included in their responsibilities. Such a board member will be subject to criminal liability for fiscal crimes committed as part of the operations of the company they manage. Importantly, a management board member may even be subject to liability under fiscal criminal law for crimes committed at a time when they did not hold this position.

Cartels and other competition deeds are defined and regulated under administrative law, in particular the Protection of Competition and Consumers Act, and are subject to fines. Furthermore, the CC provides for liability for hindering a public tender. The law states that anyone who, in order to achieve material benefit, prevents or obstructs a public tender, or acts in concert with another entity to the detriment of the owner of property or an entity or institution for which the tender is to be held, is liable to imprisonment for up to three years.

As from 1 October 2023, the CC provides a wider range of application of the provisions regarding obstructing or thwarting the tenders or public procurement procedure. Currently, the CC protects all kinds of tenders, irrespective of the entity organisers thereof. Before that date, the CC protected only public tenders. Moreover, commission of the above offence in order to gain financial or material benefit results in an aggravated penalty of imprisonment for a term of six months to eight years

Pursuant to the CC, whoever takes on intercession in settling a matter in exchange for a material or personal benefit or its promise by claiming to have influence in a domestic or foreign organisational entity utilising public funds, inducing another person’s belief in the existence of such an influence, or assuring another person of the existence of such an influence, is subject to a penalty of deprivation of liberty for between six months and eight years.

The Act on Competition and Consumer Protection (ACCP) provides for prohibition of practices that are harmful to the collective interests of consumers. The President of the Office of Competition and Consumer Protection may impose on an entrepreneur a financial penalty amounting to no more than 10% of the turnover generated in the financial year preceding the year in which the penalty is imposed if the entrepreneur, even unintentionally, concluded an agreement with a consumer including the illicit contractual provisions or harmed the collective interest of consumers by proposing to such consumers the purchase of financial services that do not correspond to the needs of these consumers as ascertained on the basis of the information available to the entrepreneur in the scope of these consumers’ features, or proposing the purchase of such services in a manner inadequate to their nature, breaching the obligation to provide reliable, correct and complete information to consumers, or performing unfair market practices or acts of unfair competition.

The aforementioned are administrative offences. The ACCP provides for one petty offence related to consumer criminal law under its Article 114, which states that any person who is in breach of the obligation to provide the explanations and information as may be required by the consumer ombudsman, or to respond to the comments and opinions of the consumer ombudsman, shall be liable to a fine of no less than PLN2,000.

Classification of Cybercrimes

According to Article 287 of the CC, anyone who commits computer fraud, ie, influences automatic data collection, processing or transfer without due authorisation, alters (for example, SQL-injection type attacks), deletes or creates electronic records with intent to obtain material benefit or cause damage to others, is liable to imprisonment for a period of three months to five years.

According to Article 278 section 2 of the CC, whoever, without the permission of an authorised person, obtains someone else’s computer software with the purpose of gaining material benefit, is subject to the penalty of deprivation of liberty for between three months and five years.

According to Article 269a of the CC, anyone who significantly interrupts the operation of a computer system or an IT network by means of data transmission (eg, distributed denial-of-service attacks), deletes, corrupts, or alters data, or restricts access to data (eg, via ransomware attacks), will be subject to the same penalty.

Additionally, as stated in Article 268a of the CC, the unauthorised deletion, destruction, and restriction of access to electronic data (eg, via ransomware attacks), as well as the prevention of access to or automatic processing of such data, is subject to imprisonment of up to three years. If the perpetrator causes significant damage, they are liable to imprisonment for a period of three months to five years.

Pursuant to Article 269 of the CC, corruption, alteration, or deletion of any data of particular significance for national defence, transport security, operation of government or local government or interruption or prevention of access to such data or its processing is subject to a penalty of imprisonment for a period of six months to eight years. Destruction or exchange of related hardware is subject to the same penalty.

Moreover, under Article 269b of the CC, anyone who prepares, obtains, transfers, or sells any devices or software enabling the user to commit the above offences (this covers various “back doors”, “Trojan horses”, keyloggers, webcam hacks, botnet-related software, viruses, ransomware software, etc), as well as computer passwords, access codes or other data enabling unauthorised access to information stored in an IT system or IT network, is subject to the penalty of deprivation of liberty for between three months and five years.

Exemptions

There is an exemption from criminal liability of persons performing penetration tests at the request of the interested party, ie, launching controlled attacks, preparing software intended to find and test so-called exploits, and sending spoof mails to check employees’ cybersecurity awareness.

Bug bounty programmes are also decriminalised. Hunting bug bounties will not constitute an offence if the person who identified a “bug” (malfunctioning software), security loophole, or other exploit caused no damage by their activity (either to the interested entity or to the public interest) and immediately informed the administrator of the relevant system or network of the “bug’s” existence and the threat it could pose.

Cybercrime Related to Payment Instruments

Cybercrimes related to payment instruments (eg, payment card systems) remain a major challenge to Polish prosecutors. Apart from being classified as the earlier-discussed “computer frauds”, they are sometimes considered to be regular frauds (subject to a penalty of imprisonment) or even burglaries (subject to a penalty of imprisonment for a period of one to ten years). Polish regulation of payment services does not contain any particular provisions criminalising such violations of cybersecurity.

Financial, trade and customs sanctions are described, in particular, under the FCC.

The main offences in relation to the aforementioned sanctions are tax fraud, unreliable books and records, the import or export of goods without presentation to customs or without customs declaration, misrepresentation of the customs control authority, a change in the purpose of the goods or another condition to exempt the goods from customs duty.

Pursuant to the CC, whoever obstructs or frustrates criminal proceedings by assisting the perpetrator of a crime or a fiscal crime in evading criminal liability, especially by concealing the perpetrator, is subject to a penalty of deprivation of liberty for between three months and five years. Moreover, whoever assists in concealment of an item obtained by means of a prohibited act is subject to the penalty of deprivation of liberty for between three months and five years (up to two years if the perpetrator acts unintentionally). Concealment of financial instruments, securities, foreign exchange, property rights or other movable or immovable property may also be the subject of money laundering and penalised by deprivation of liberty for between six months and eight years. A person who merely conceals cannot be liable for a predicate offence and concealment within one act.

As a general rule, not only the offender, but also anyone who induces or orders the offender to commit a crime, or (intending another person to commit a crime) facilitates the commission of the act, and/or organises a prohibited act to be carried out, is liable for their actions, and the penalty will be imposed within the limits of the penalty provided for the liability provided for the offence itself. Nonetheless, in the case of aiding, the court may apply extraordinary mitigation of the penalty.

The CC provides that anyone who receives, transfers or transports abroad, or assists in the transfer of title or possession of legal tender, securities or other foreign currency valuables, property rights or real or movable property obtained from the profits of offences committed by other people, or takes any action that may prevent or significantly hinder the determination of their criminal origin or place of location, or their detection or forfeiture, is liable to imprisonment for between six months and eight years.

If the perpetrator gains material benefit which exceeds PLN5 million, the penalty increases to up to 20 years’ imprisonment; when the material benefit exceeds PLN10 million the penalty increases to up to 25 years’ imprisonment

The anti-money laundering act provides for new obligations on banks, payment institutions and other obligated institutions (including lawyers). As a result, failure to fulfil particular obligations may constitute a criminal offence. For instance, whoever, acting in the name of or on behalf of an obliged institution, fails to comply with the obligation to provide the general inspector with a notification of any circumstances that may indicate a suspicion that the criminal offence of money laundering or terrorist financing has been committed, shall be subject to imprisonment for a period from three months to five years. The same penalty shall apply to whoever fails to provide the general inspector with a notification of a reasonable suspicion that a given transaction, or the assets that are the object of that transaction, may be linked to money laundering or terrorist financing. The Act also penalises preventing or inhibiting the performance of public control over the fulfilment of obligations related to counteracting money laundering.

As already mentioned, Polish jurisdiction does not provide for the obligation to self-report or to carry out internal investigations. Nevertheless, many companies implement such programmes, and this is one of the defence arguments for white-collar offences. The compliance programmes are particularly common in companies with foreign capital and in the financial sector. A functioning compliance programme is helpful in cases of actions contrary to the law that harm the interests of enterprises. A frequent problem that arises in criminal proceedings involving crimes harming enterprises is the lack of internal regulations which clearly lay down the procedures and scope of duties, a result of which means that it is difficult to show the actions or omissions of the guilty party.

Bearing in mind that the Whistleblower Protection Act, which entered into force on 25 September 2024 (see 4.4 Whistleblower Protection), changes in approach to passive – and disregard to reported – improprieties within the organisation by the managers, are expected. Lack of a proper reaction may have a negative impact on an assessment of the managers, not just by the entities’ owners. At the same time, proper reaction to the notification, and complying with the law’s requirements, should have had greater meaning during the investigation conducted by the enforcement authorities and assessments of the line of defence provided.

Polish criminal law provides for some exceptions for bearing criminal liability in general. Some of them may be applicable to white-collar crimes.

Firstly, whoever acts with the intention of performing an economic experiment that is expected to produce significant cognitive or economic value, and whose expectation of achieving those objectives, purposefulness, and method of performing the experiment are well-founded in light of contemporary knowledge, does not commit a crime.

Secondly, whoever acts with the purpose of averting an immediate danger to any legally protected interest, if the danger cannot be otherwise avoided, where the sacrificed interest represents a lower value than the interest that is being salvaged, does not commit a crime.

Moreover, if the perpetrator of a white-collar crime has voluntarily redressed the full damage, the court may apply extraordinary mitigation of the penalty or even waive its imposition.

Fiscal offences are subject to a mechanism of “active repentance”. The perpetrator of a fiscal crime or fiscal petty offence who notifies enforcement authorities of relevant circumstances concerning the offence (particularly the persons who assisted in committing the offence) before the authorities become aware of the offence shall not be subject to a fiscal crime or fiscal petty offence. This rule is applicable only if the public debt has been fully repaid.

An alternative solution is provided to the perpetrators of the abuse of the trust offence. If the perpetrator thereof has voluntarily redressed in full the inflicted damage, before the criminal proceedings have been instituted, then they are not subject to a penalty.

In general, no special “credit” is granted for voluntary disclosure of any offence. However, as described in 4.2 De Minimis, in the case of some offences – such as active bribery – disclosure of all the substantive circumstances of an offence can result in non-punishment.

There are several possibilities to avoid a criminal trial; however, there are no deferred prosecution agreements under Polish law (see 2.6 Deferred Prosecution).

With respect to fiscal crimes, it is only possible for the person responsible for committing the act to avoid criminal fiscal liability by presenting the “active repentance” described above, or adjustment to a tax return. The FCC stipulates a number of specific requirements for acts of “repentance” that need to be met for any actions to avoid liability to be effective.

In the last quarter of 2023, a new norm has been introduced to Polish CC, which states that the perpetrator of the crime of obstructing or thwarting a public tender, who notified the authority responsible for prosecuting crimes or the competition protection authority of a European Union member state or the European Commission of the fact of its commission, and disclosed all relevant circumstances, shall not be punished.

Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons reporting breaches of Union law obliged member states to implement it by 17 December 2021. Poland passed the Whistle-Blower Protection Act in June 2024, and the Act entered into force on 25 September 2024.

According to the Whistle-Blower Protection Act, every company employing more than 50 people is obliged to establish an internal reporting procedure. This should be done after appropriate consultations either with the company trade unions, if any operate within the company, or with employee representatives, who are selected applying an appropriate internally adopted procedure.

A whistle-blower is protected, including against retaliation, from the moment of reporting, provided that they had reasonable grounds to believe that the information being the subject of the report was true at the time of reporting, and that it constituted information about a violation of the law.

A violation of the law is an act or omission that is unlawful or intended to circumvent the law, relating to:

• corruption;
• public procurement;
• financial services, products and markets;
• counteracting money laundering and terrorism financing;
• product safety and compliance with requirements;
• transport safety;
• environmental protection;
• radiological protection and nuclear safety;
• food and feed safety;
• animal health and welfare;
• public health;
• consumer protection;
• protection of privacy and personal data;
• security of IT networks and systems;
• financial interests of the State Treasury of the Republic of Poland, local government units and the European Union;
• the internal market of the European Union, including public law rules of competition and state aid and taxation of legal persons; and
• constitutional freedoms and rights of humans and citizens.

However, the companies may additionally provide the possibility of reporting other information about violations of internal regulations or ethical standards applicable in the company as part of the internal reporting procedure.

A company that does not establish an internal reporting channel in accordance with the Act, or establishes it in a way that significantly breaches the Act, may be subject to a fine of up to PLN5,000, ie, approximately EUR1,200. Moreover, the Act penalises the prevention or serious hindering of the whistle-blower’s report, which may result in a fine ranging from PLN500 (ie, approximately EUR120) to PLN1,080,000 (ie, approximately EUR260,000), restriction of liberty, or imprisonment, depending on the severity of the violation.

According to the Polish Anti-Money Laundering Act, banks or other financial entities are obliged to create an anonymous whistle-blowing procedure for reporting irregularities within the scope of money laundering.