Michal Kulesza

I am a commercial and IT partner based in Warsaw, specialising in tech law, regulatory compliance and cybersecurity. I advise on complex fintech matters, digital transformation projects, cyber resilience (DORA, NIS2), AI regulations and technology implementations in regulated sectors.

I also specialise in IT law, regulatory compliance and cybersecurity. I advise technology-driven businesses and regulated institutions on high-value, complex, digital transformation projects where legal risk, regulatory expectations and operational execution are of the essence. My practice combines strong transactional experience with a deep understanding of the regulatory landscape affecting digital resilience, ICT outsourcing and cybersecurity, including DORA, NIS2, EBA guidelines, AI Act and Polish Financial Supervision Authority (KNF) requirements.

I support clients in strategic cloud, cyber resilience, data management and technology implementation initiatives across the banking, insurance, investment, healthcare, energy and telecommunications sectors. I have advised on some of the most significant technology undertakings in the Polish market, including negotiations with global providers of cloud and data centre platforms (AWS, Microsoft, Google Cloud, Oracle), and large-scale cloud migrations for leading financial institutions, as well as critical system implementations that require DORA and NIS2 compliance.

I regularly advise on structuring and negotiating IT agreements, including cloud contracts, often in projects involving multiple stakeholders and budgets that exceed tens of millions of Polish zlotys.

Clients value my ability to translate regulatory requirements into solutions that are workable in practice and defensible in supervisory discussions. I am particularly focused on operational and digital resilience, third-party risk management, cybersecurity-related contractual safeguards, audit and access rights, incident response readiness and exit strategies. I help my clients deliver ambitious technology projects efficiently whilst fully meeting the expectations of KNF and other supervisory bodies.

Alongside client work, I lecture on modern technology law in postgraduate programmes, deliver industry trainings, and speak at conferences. I also publish in trade and business press, ensuring my advice remains grounded in current market practice and regulatory developments.

• Advising a leading Polish financial group on a large-scale DORA implementation programme, including remediation of ICT outsourcing agreements and development of a group-wide compliance framework.
• Advising financial institutions on high-value cloud transformation projects, including negotiation of cloud services agreements (IaaS/SaaS/PaaS), regulatory alignment and third-party risk management.
• Advising a brokerage house on implementation of a remote client onboarding framework, including regulatory aspects (AML/KYC, MiFID) and contracting with technology providers.
• Advising banks and insurers on strategic ICT outsourcing and complex IT contracting, including implementation, licensing, maintenance and service arrangements.
• Supporting clients in negotiations of enterprise technology agreements and critical IT projects, with a focus on governance, audit rights, cybersecurity and operational resilience requirements.