This site uses cookies, so that our service can work better. Learn more I understand
dr Michał Mostowik
Warsaw Office
Ogrodowa City Gate
ul. Ogrodowa 58
00-876 Warsaw
tel. +48 22 652 26 18

Cracow Office
ul. Jana Kilińskiego 2
30-308 Cracow
tel. +48 12 315 18 41
Dr Michał Mostowik is a Polish-qualified attorney at law (adwokat) and graduate of Jagiellonian University in Krakow. He defended a doctoral dissertation on personal data protection in the Internet of things under EU law. He completed the „Certificate in American Law” programme at UC Berkeley (Boalt Law School). Michał is also a graduate of the School of German Law held by Jagiellonian University in cooperation with universities of Heidelberg and Mainz.
Representative at the Special Task Force for Financial Innovation in Poland (FinTech) coordinated by the Polish Financial Supervision Authority and participant of the “Blochchain and cryptocurrencies” working group as part of the “Cashless Poland, Paperless Poland” initiative of the Polish Ministry of Digitalisation. He represented a financial institutions’ organization in legislative procedure (including law-making process of the new framework of sectorial data protection rules). He is a member of the Polish European Law Association (Polskie Stowarzyszenie Prawa Europejskiego).
Michał focuses on banking law, regulations of financial technologies, data privacy law and EU law. He has a long-standing experience in advising banks, financial institutions and technology companies. He is an author of several articles and other publications on banking law and financial technologies. Michał was an academic teacher at Jagiellonian University, and he is a highly valued speaker at various conferences and seminars.

He advises in Polish (native) and English languages, he also speaks German
  1. „A draft of the DORA: impact on payment services providers and cloud computing in the financial industry” and (as a co-speaker) „Outsourcing of Open Banking Services (PIS, AIS) under EBA guidelines and KNF’s position”, Legal Environment of Open Banking – new obligations of financial institutions: guidelines of EBA & KNF, MM Conferences S.A., online, May 2021.
  2. „Using of cloud computing in the financial industry ", IP Student workshop, KN TSPWI, online, May 2021.
  3. „Review of settlement finality regulation – „Elixir of life” for the Digital Finance Strategy?", Innovative payment institutions, Digital Banking Academy (ZBP), online, April 2021.
  4. „Outsourcing Policy”, Corporate governance in banks under the „Z” Recommendation, MM Conferences S.A., online, February 2021.
  5. „Incoming EU regulations on the use of cloud and outsourcing in the banking industry”, Practical approach to EBA and KNF requirements on outsourcing and cloud computing, MM Conferences S.A., online, December 2020.
  6. „Unfair contract terms in bank contracts ¬– major practical problems”, Including individual business owners in consumer protection laws from the point of view of a cooperative bank, KZBS, online, December 2020.
  7. „Practical problems of the PSD2 application in the light of the GDPR”, The payment services market under current laws and envisaged changes to the law, and practical problems, MMConferences S.A., online, November 2020.
  8. „EU Digital Finance & Payments Strategy 2020-2024", UregulowaniSprint, DLK Legal, online, October 2020.
  9. „New matrix for the bank’s IT security – practical analysis of the draft regulation on digital operational resilience (of 24.09.2020)”, Legal changes - electronic banking and fintech, Digital Banking Academy (ZBP), online, September 2020.
  10. „The banks using cloud computing as a challenge for the regulation”, Financial Markets Forum: Investments, Banking & FinTech, ELSA Kraków, online, June 2020.
  11. „Financial crisis of 2007-2009: causes and effects, assessment of follow-up reforms and possible directions of further changes”, expert debate following the screening of „Inside Job” (2010), film discussion club, KN PGiH TBSP UJ, Cracow, December 2019.
  12. PSD2 and RTS strong authorization: review of solutions and loopholesAbusive clauses in contracts with natural persons conducting economic activity”, Open Banking PSD2”, Uregulowani 2019+ workshops DLK Legal, Warsaw, October 2019. 
  13. Artificial Intelligence, Internet of Things - discussion of enthusiasts and sceptics - Oxford debate at the conference "Internet of Things - Future of Poland", Ministry of Digitalisation, Warsaw, July 2019. 
  14. Starting an online credit intermediary service”, DLK Legal workshops for JU students, Cracow, May 2019. 
  15. Is the AIS service portal able to replace ASPSP electronic banking?” case study, PSD2 2019, Puls Biznesu, Warsaw, May 2019. 
  16. Provider strong customer authorization obligation”, PSD2 – obligations and risks in relations with clientsMMConferences S.A., Warsaw, May 2019. 
  17. Complaint procedures related to payment transactions”, in-company training for a firm in the banking sector, Warsaw, May 2019. 
  18. Uniform or divergent level of protection of natural persons with regard to the processing of personal data under EU law", conference Poland in diversifying European Union, Gródek n/Dunajcem, June 2018. 
  19. Act on Payment Services after the implementation of PSD II” - an internal training for the supervisory authority, Warsaw, May 2018. 
  20. GDPR in a month – last check”, Payment Meeting, Warsaw, April 2018. 
  21. „GDPR4FIN: dLK class for Fintech professionals”, Warsaw, April 2018. 
  22. „Implementation of PSD II (main changes)”, an internal training for the supervisory authority, Warsaw, March-April 2018. 
  23. „New PSD2 and GDPR ", Dyrektywa PSD2: Open Banking po polsku, Puls Biznesu, Warsaw, March 2018. 
  24. „General Data Protection Regulation (RODO – GDPR)” workshop for the National Association of Cooperative Banks, Warsaw, February 2018. 
  25. „General Data Protection Regulation (GDPR)”, internal workshop for a company active in payment industry, February 2018. 
  26. The scope of application of GDPR and national law in financial industry”, The financial sector facing the challenges of GDPR - experience in the market so far, proposed solutionsMM Conferences S.A., Warsaw, December 2017. 
  27. „The PSD2 interface”, dLK class for FinTech professionals, Warsaw, December 2017. 
  28. „Processing of personal data by insurance intermediaries in the light of new regulations”, Dystrybucja ubezpieczeń po implementacji IDD, MMConferences S.A., WarsawJune 2017. 
  29. „Financial sector’s information security in the light of current economic and technological changes”Ogólnopolska konferencja: UE wobec wyzwań ekonomii przyszłości, KN Prawa Unii Europejskiej TBSP UJ, Cracow, May 2017 
  30. Fintech trends and Applications" (panel discussion), Money 20/20 Roadshow, BudapesztApril 2017 r. 
  31. „Processing of personal data by financial institutions in the light of PSD2”, Bezpieczeństwo danych Klienta w Instytucjach Finansowych w świetle nowych regulacjiMMConferences S.A., Warsaw, March 2017 r. 
  32. Will Financial Services as We Know Them Survive in the Upcoming Decades?", panel discussion, Phoenix 2016 FinTech Conference for CEE, European Business Conferences Group, Prague, June 2016 r. 
  33. Incident notification – possibility of data breach”,  Nowe ramy prawne ochrony danych osobowych – obowiązki i wyzwania dla przedsiębiorców, MMConferences S.A., Warsaw, June 2016. 
  34. Cybercrime and Liability", Workshop Cyber Risks in Inland Navigation, IVR Congress, Cracow, May 2016. 
  35. Bank secrecy and personal data protection  in outsourcing", Outsourcing bankowy – organizacja, zarządzanie i kontrola czynności powierzonych, MMConferences S.A., Warszawa, April 2016. 
  36. „IT incidents in banking”, XXVIII Forum Bankowości Elektronicznej: Bezpieczeństwo Finansowe w Bankowości Elektronicznej, CPI, Warszawa, February 2016. 
  37. „Application of European rules for the transfer and protection of personal data”, Problematyka przetwarzania i ochrony danych osobowych w instytucjach finansowych, MMConferences S.A., Warsaw, December 2015. 
  38. „Legal and practical approach to the authorization of internet and mobile payments”, Bezpieczeństwo płatności elektronicznych w świetle najnowszych zmian prawnych, MMConferences S.A., Warsaw, November 2015. 
  39. Remember or forgetBoundaries of privacy protection on the Internet”, konferencja naukowa Inteligentna i zrównoważona gospodarka sprzyjająca włączeniu społecznemu – wyzwania dla systemów prawnych Unii Europejskiej i państw członkowskich, Gródek n/Dunajcem, June 2015. 
  40. „New principles of banks’ responsibility”, „Role of EU supervisory bodies under PSD II and PAD”, Instytut Szkoleń Prawa Bankowego, Warsaw, April 2018 
  41. Cross-border aspects of alternative investment fund managers’ (“AIFM”) activities", Dyrektywa ZAFI - implementacja przepisów i istniejące problemy, MM Conferences S.A., Warsaw, March 2015 r. 
  42. Banking without banks? – vision of European regulation on banking services market", III Polski Kongres Regulacji Rynków Finansowych FinReg2014, Instytut Allerhanda, Warsaw, October 2014 r. 
  43. „Security of sashless transactions – practical application of law, perspectives of evolution”, Sympozjum Transakcji BezgotówkowychPuls Biznesu, Warsaw, May 2014. 
  44. „Withdrawal from the agreement in the light of consumer directive”, Nowa ustawa o prawach konsumentanowe obowiązki dla przedsiębiorcówmmconferences, Warsaw, March 2014. 
  45. Clients’ data protection in inteligent energy networks”, Prawo konsumenckie w branży energetycznej – najnowsze zmiany i istniejące problemy, MM Conferences S.A., Warsaw, October 2013. 
  46. „The notice and takedown procedure in Polish law – the necessity to amend”, Ogólnopolska Interdyscyplinarna Konferencja Naukowa Paragraf w sieci, Toruń, March 2013. 
  47. „A Summary of the Draft Regulation on Data Protection in the EU”, Unijne podsumowanie roku 2012 – The EU Summary of the Year 2012, Cracow, March 2013. 
  48. „Do we need e-passport and biometrical databases?” Bezpieczeństwo technologii biometrycznych. Ochrona danych biometrycznych, UKSW oraz Naukowe Centrum Prawno Informatyczne, Warsaw, December 2011. 
  1. „Utilisation of account information under the PSD2 and the GDPR” (co-author), Monitor Prawa Bankowego 2018, no. 5 (90).
  2. "Legal protection of payment account information in light of account information services", Monitor Prawa Bankowego 2017, 7-8 (80-81).
  3. „System of the Merchant Protection under EU Interchange Fee Regulation”, Monitor Prawa Bankowego 2017, no 6 (79).
  4. „Polish Law Review in the Context of Application of Distributed Ledger Technology and Digital Currencies” (co-author), K. Zacharzewski, K. Piech [red.], Ministerstwo Cyfryzacji, Warsaw 2017.
  5. „The Code of Good Practice for Cryptocurrency Market Players in Poland” (co-author), K. Zacharzewski, K. Piech, L. Wilczyński [red.], Ministerstwo Cyfryzacji, Warsaw 2017.
  6. „Banking without banks? – EU vision of regulationg banking services”, Polityka i praktyka regulacji rynków finansowych, [red.] W. Rogowski, Oficyna Allerhanda, Cracow-Warsaw, 2015.
  7. “Jungle of designs - modern recognition of the design right on the example of unregistered community design, „Prawo własności intelektualnej – wyzwania współczesności”, AT Wydawnictwo, Cracow 2012.