Payments and e-money
Payment institution, electronic money institution, small payment institution. The choice of form determines your capital, audits, and launch pace. The KNF reviews every element of the architecture.
FinTech Industry
Regulation isn't going away. Your product can be ready for every next one.
We design a legal architecture that doesn't slow your product down. KNF, DORA, MiCA, the AI Act, every regulation already has its place in your stack.
Trusted by
We know your business model
Every FinTech model has its own regulatory logic.
Digital payments, online lending, BNPL, factoring, crypto, currency exchange, insurtech, each of these models operates under a different regime. Your legal architecture should be designed for your model, not copied from another industry.
Online lending / consumer lending
Non-interest cost caps, BIK, reporting, AML. The entire process architecture, from application to debt collection, has to be designed from a regulatory perspective. UOKiK watches closely.
Crypto / Web3
MiCA, token classification, CASP license, AML/KYC. Every product decision carries regulatory consequences. The legal architecture has to be part of the product roadmap, not an add-on.
Insurtech
Insurance intermediation, personal insurance, product distribution. A KNF license is required, along with KID documentation and IDD compliance. Scaling requires an architecture that can support new product lines.
Problems we know
Legal challenges in FinTech.
Every regulation is a potential stop sign for scaling. Every architectural decision is a potential KNF consequence.
KNF licenses and compliance
The choice of licensing regime affects capital, audits, and reporting. Switching regimes mid-scale is costly. The decision has to be made deliberately at the outset.
DORA, the Digital Operational Resilience Act
ICT risk management, incident reporting, resilience testing, third-party risk management. DORA applies to most financial entities. Your compliance architecture will need reorganizing.
MiCA and crypto regulation
Token classification, CASP license, white paper, AML, segregation of client assets. MiCA creates a single crypto market across the EU, along with a single set of obligations. Every crypto project requires reanalysis.
AML/KYC and anti-money laundering
Customer identification, transaction monitoring, reporting to the GIIF, risk management. A full AML/KYC system is the operational foundation of any FinTech, and a mistake costs you a fine and your license.
The AI Act for credit scoring
Credit scoring algorithms are classified as high risk. Model documentation, transparency, human oversight, fairness. Full compliance requires rebuilding the decision-making process.
Open banking and PSD2
Account access APIs, customer consent, liability for incidents, integrations with TPPs. Every new product feature requires both a regulatory and a technical assessment at the same time.
Why dotlaw
Law that understands regulation as part of the product.
Go or No-Go.
We don't describe legal risk in the abstract and we don't leave you with "on the one hand... on the other hand." We close every matter with a concrete recommendation. Your team understands what it's signing, the first time, without a lawyer in the room.
On your terms.
We work in the model that fits your stage of growth: from project-based support, through ongoing retainer service, to fractional counsel that acts like an in-house legal department. The form of collaboration is tailored to you.
First in Poland. Still first.
Every service is designed with AI from the ground up, not bolted on at the end. Faster turnaround, lower cost, and fully predictable pricing. No more billing hours for work that AI does in minutes.
Documents built like products.
We design contracts, terms, and policies so your team can read and understand them without a legal dictionary. Legal Design isn't a style, it's a principle.
How we start
From the first conversation to compliance-ready.
A conversation, 20 minutes.
No briefs, no forms. You tell us what you do and what's hurting. We tell you straight whether and how we can help.
An action plan in 48 hours.
Whatever the scale, within 48 hours you'll know how we'll define the scope of work, how we'll approach the problem, and when you'll get a quote. No dragging it out.
Full onboarding in a week.
One week from signing. Our lawyers are fully up to speed on your business and we start working. No warm-up period.
Case study
Lisk - The LSK token operates freely across 27 EU countries.
Onchain Foundation needed regulatory clarity for LSK under MiCA. Token classification, obligation assessment, documentation. Dotlaw delivered a full analysis that allowed the token to operate freely across the European Union.
„Professionalism and a deep understanding of blockchain technology. We recommend them without reservation.”
MiCA · Crypto · 27 EU countries
Read the full case studyFAQ
Questions we hear
most often.
It depends on the model. Payments plus holding of funds means an electronic money institution (EMI). Payments alone without holding funds means a payment institution (PI). Small scale (up to EUR 5M per year) means a small payment institution (SPI). Online lending means lending activity reported to the KNF. The decision has to be made before launch, and changing a license mid-scale is costly.
Markets in Crypto-Assets Regulation, the EU regulation creating a single crypto market. It applies to token issuers (utility, asset-referenced, e-money) and crypto-asset service providers (CASPs). It requires a license, a white paper, AML, and segregation of client assets. Fully in force since December 2024.
If it assesses creditworthiness or insurance risk, it most likely does, as a high-risk system. It requires documentation, transparency, human oversight, and post-market monitoring. Plus registration in the EU database. Full compliance requires rebuilding the decision-making process.
DORA introduces obligations across five areas: ICT risk management, incident reporting, resilience testing (TLPT), third-party risk management, and the sharing of cyber-threat information. It applies to banks, EMIs, PIs, and most CASPs. Implementation is a 12 to 18 month project.
Remote identification via video or eKYC, verification against public databases, real-time transaction monitoring, reporting to the GIIF, and document retention of at least 5 years. Every step must be documented. In the event of a KNF inspection, the audit trail is what counts.
Yes, an insurance agent or broker license. It requires training, an exam, professional liability insurance, and entry in the KNF register. The app can serve as a tool for a licensed intermediary or for the insurer itself. Without a license, the activity is illegal.