On 11 June 2024, the President of the Republic of Poland signed the Act of 23 May 2024 amending the Act on the exchange of tax information with other countries and some other Acts (Journal of Laws of 2024, item 879). With regard to reportable arrangements, the amendments invlove the addition of Art. 86a §1 p. 6a and Art. 86da to the Act of 29 August 1977 – Tax Ordinance (hereinafter: the Tax Ordinance).

The amendments result from the implementation of Council Directive (EU) 2021/514 of 22 March 2021  amending Directive 2011/16/EU on adminstrative cooperation in the field of taxation (DAC7), aimed at honing and broadening  the existing legislation governing the exchange of information and administrative cooperation in matters related to taxes.

The amending Act adds to Art. 86a §1 p. 6a of the Tax Ordinance the definition of a controlling party, i.e. the ultimate beneficiary owner, as stated in Art. 2 sec. 2 p. 1 of the Act of 1 March 2018 on counteracting money laundering and the financing of terrorism. This definition has been introduced due to the use of the term controlling party in the conditions specified in one of the special hallmarks (Art. 86a § 1 p.13 letter e of the Tax Ordinance).

Additionally, Chapter 11A of the Tax Ordinance has been supplemented with Art. 86da  §1 imposing on the promoter and the supporter transmitting information on reportable arrangements the obligation to notify natural persons in writing, regarding information pertaining to them, about collecting, processing and forwarding the information as well as about their right to obtain from the data controller the information they are legally entitled to obtain from the data controller within a time frame that is sufficient for exercising their right to have their personal data protected before the transmission of the information is effected. 

Under the newly-added §2, above the indicated Article, if it is likely that there is a security breach regarding natural person’s personal data that is collected and processed for automatic exchange of information purposes and the said breach negatively affects the protection of this natural person’s personal data, the promoter and the supporter transmitting information on reportable arrangements must, without any delay, notify the natural person of the fact in writing. 

Data security breach may occur as a result of a delibarate illegal action, negligence or fortuitous event leading to a damage, loss or change of information or other event involving an unauthorised acces to information, disclosure or use of information, this particularly includes personal data that is transmitted, retained or otherwise processed, whereas the breach may regard data confidentiality, accessibility or integrity.  

The above regulations come into force as of 1 July 2024. 

Please bear in mind that the new obligation to provide information may in fact mean that you will have to update your internal MDR procedures aimed at counteracting incompliance with the legal obligation to provide information on reportable arrangements. 

If you have any doubts – feel free to reach out to our experts who will gladly support you in the proces of updating your procedures or arranging them if your Company has not yet implemented any.