Poland’s KSeF phase 2 takes effect after solving initial hurdles

Following its long-awaited launch on February 1^st, 2026, Poland’s National e-Invoicing System (KSeF) transitioned into its second major phase on April 1^st, 2026. This milestone significantly extended the mandatory scope of the obligation, effectively bringing the majority of the Polish business sector into a digital tax ecosystem.

To ease this transition, the Ministry of Finance has confirmed that throughout 2026, sanctions will not be imposed for errors made while using the system.

While the volume of processed invoices and the high number of active entities suggest a structurally successful launch, the first weeks of the mandate were characterized by some operational friction, feedback and concerns from the market highlighted:

• System security and data sovereignty
• Registration and connectivity hurdles

Concerns have also been raised regarding self-billing management, specifically concerning recent tax rulings [↗︎] that suggest a strict approach to the seller’s prior acceptance process as a condition for VAT deduction.

Even as this second phase takes effect, the Ministry, as shared during March 30^th press conference [↗︎],  is also focusing on continuous optimization through a future KSeF 2.0 update. This overhaul will introduce a streamlined Taxpayer Application featuring a “3-step” navigation interface and integrated scam-reporting tools, including new functionalities.

Overview of the first months of KSeF obligation and market readiness

The first phase of the B2B e-invoicing mandate in Poland started on February 1st 2026, with large companies with an annual turnover exceeding PLN 200 million (~€50 million) being required to issue B2B e-invoices through the national KSeF platform using the specific FA(3) structured format. In the meantime, all entities, including smallest VAT-exempt micro-entrepreneurs, must be able to receive e-invoices through KSeF since the February.

The initial phase saw a robust start, with the Ministry of Finance reporting during a press conference on March 30^th [↗︎] that over 35 million invoices were processed in the first month and over 87 million invoices during the first two months. The Ministry also reported that approximately 152,000 active entities issued invoices in February, a figure that surged to 345,000 by the end of Marc. While only 5,000 of these were the large taxpayers under the immediate mandate, many businesses anticipated and joined voluntarily, signalling a high level of market readiness.

Consequently, while April 1st, 2026, was originally designed to mark a massive expansion of the mandatory B2B e-invoicing scope, by including all others VAT-registered businesses in Poland, exception for the smallest VAT-exempt micro-entrepreneurs,its actual impact was notably softened by the high level of voluntary early adoption.

Except for the smallest VAT-exempt micro-entrepreneurs, who remain outside the mandatory issuance scope until January 1, 2027, the entire Polish business landscape is now effectively integrated.

System Security and Data Sovereignty

In late January 2026, just days before the first mandate, the Polish government addressed rising concerns regarding data security and the integrity of the KSeF platform [↗︎]. The Director of the IT Center at the Ministry of Finance issued a formal clarification, emphasizing that KSeF is a proprietary system built entirely by the Ministry of Finance in accordance with the highest international cybersecurity standards.

To ensure total data sovereignty, the Ministry confirmed several key technical safeguards:

• National Infrastructure: KSeF operates exclusively on servers located within Poland, relying solely on national infrastructure and domestic technological resources.
• Advanced Encryption: All data within the platform is secured using proprietary encryption and cryptography tools integrated directly into the Ministry of Finance’s secure infrastructure.
• Stress-Tested Performance: The system architecture was designed with a “24:1” capacity ratio, meaning it is capable of processing a full day’s typical invoice volume within a single hour.
• Multi-Agency Validation: Beyond internal audits, the KSeF environment underwent rigorous performance, security, and fault-tolerance testing in direct cooperation with state security services.

Furthermore, the Ministry reaffirmed that the platform is fully compliant with all personal data protection requirements, ensuring that the massive influx of B2B data remains protected from unauthorized access or external cyber threats.

Initial hurdles: registration, connectivity, and latency

The first month of the mandate revealed several operational challenges as businesses began navigating the live environment. Market participants reported persistent difficulties regarding the complexity of the new FA(3) schema validation rules, alongside occasional system latency during peak traffic hours.

A primary friction point in early February 2026 concerned the Trusted Profile (Profil Zaufany). Companies attempting to log into the KSeF portal manually frequently encountered timeouts and technical errors. Although this authentication method represented only 5% of total connections in the first month, with the vast majority of traffic being automated calls, the impact on smaller, manual users was significant.

In response to these disruptions, the Ministry of Finance asserted that they had prepared for the implementation to the best of their ability. Minister Andrzej Domański clarified in early February [↗︎] that the instability was not due to a failure of the core KSeF engine, but was rather the result of a coordinated DDoS (Distributed Denial of Service) attack targeting the login gateway. The Minister also confirmed that the system had been hit by a “digital siege” originating from 17 different countries simultaneously.

To reinforce this stability, the Ministry of Finance fast-tracked the integration of the mObywatel mobile application on February 14, 2026 [↗︎]. This move was specifically designed as a “pressure-relief valve” for businesses struggling with the April 1st rollout. By allowing users to authenticate via a simple QR-code scan and biometrics, mObywatel bypassed the SMS-based delays associated with the Trusted Profile, providing a more reliable and modern alternative for the hundreds of thousands of small entrepreneurs entering the mandatory scope.

Key Summary of Authentication Statistics (February 2026):

• KSeF Certificates (68%)
• Production Tokens (23%)
• Trusted Profile (5%)
• National Node (3%)
• Qualified Signature (1%)