Michal Kulesza

I am an experienced commercial and IT partner based in Warsaw. I advise on complex IT and commercial law matters, with a particular focus on financial technologies, regulatory compliance, and large-scale digital transformation projects.

I specialise in commercial and IT law, advising technology-driven businesses and regulated financial institutions on high-value, complex projects where legal risk, regulatory expectations and operational execution must be aligned. My practice combines strong transactional experience with a deep understanding of the regulatory landscape affecting ICT outsourcing and digital resilience, including EBA guidelines, DORA and the Polish Financial Supervision Authority (UKNF) framework.

I support clients in strategic IT and cloud initiatives across the banking, insurance, investment, healthcare, energy and telecommunications sectors. I have advised on some of the most significant technology undertakings in the Polish market, including negotiations with global technology providers in connection with data centre and cloud infrastructure projects, as well as large-scale cloud implementations for leading financial institutions. I regularly advise on structuring and negotiating implementation agreements (both waterfall and agile), licensing and maintenance arrangements, outsourcing models and cloud contracts (IaaS, SaaS, PaaS), often in projects involving multiple stakeholders and substantial budgets.

Clients value my ability to translate regulatory and contractual requirements into solutions that are workable in practice and defensible in supervisory discussions. I am particularly focused on governance, third-party risk management, cybersecurity-related contractual safeguards, audit and access rights, and incident response readiness, helping clients deliver technology projects efficiently while meeting supervisory expectations.

Alongside client work, I lecture on modern technology law in postgraduate programmes, deliver industry trainings and speak at conferences. I also publish in trade and business press, ensuring my advice remains grounded in current market practice and regulatory developments.

• Advising a leading Polish financial group on a large-scale DORA implementation programme, including remediation of ICT outsourcing agreements and development of a group-wide compliance framework.
• Advising financial institutions on high-value cloud transformation projects, including negotiation of cloud services agreements (IaaS/SaaS/PaaS), regulatory alignment and third-party risk management.
• Advising a brokerage house on implementation of a remote client onboarding framework, including regulatory aspects (AML/KYC, MiFID) and contracting with technology providers.
• Advising banks and insurers on strategic ICT outsourcing and complex IT contracting, including implementation, licensing, maintenance and service arrangements.
• Supporting clients in negotiations of enterprise technology agreements and critical IT projects, with a focus on governance, audit rights, cybersecurity and operational resilience requirements.