How to Legally Launch a Marketplace in Poland? A Practical Guide for 2026

Launching a marketplace is technically easier today than ever before. Frameworks like Next.js, ready-made payment integrations, and cloud services make it possible to build a working platform in just a few months. The problem is that the code is only the beginning.

A marketplace operates at the intersection of many regulatory areas: personal data protection, consumer rights, payments, product safety, and seller relations. In practice, this means that even a small platform must meet a range of legal requirements from day one.

The good news is that most obligations can be implemented relatively early and without enormous costs. In this article, I will cover the most important areas to address before you legally launch a marketplace.
I have build one myself so I know the pains - you can check the project here.

Why has marketplace compliance become so complex?

A few years ago, a marketplace owner primarily had to take care of terms of service, GDPR, and payments. Now additional regulations are coming into force, such as the DSA, GPSR, and the European Accessibility Act. The result is that marketplace compliance today covers not only legal matters, but also business processes, technical security, and user experience.

Marketplace compliance in 2026 covers four areas:

• Personal data and privacy
• Consumer rights
• Seller verification and product safety
• Technical security and payments

Most new EU regulations affecting marketplaces can be assigned to one of these four categories. This is a good starting point for planning platform compliance at the product design stage.

If there is one regulation that every marketplace owner should know in 2026, it is the Digital Services Act (DSA). This regulation has changed the way online platforms operate across the entire European Union and introduced new obligations relating to, among other things, seller verification, handling reports of illegal content, and greater transparency in platform operations. Many of the obligations described later in this article stem directly from the DSA.

1. Define your role: intermediary or seller?

In a typical marketplace, there are two parties to a transaction: the seller and the buyer. The platform acts as an intermediary that provides the technical infrastructure, collects a commission, and organises the purchasing process.

1 / 1

Click to zoom

This distinction matters enormously. If a user gets the impression they are buying directly from the platform, you may inadvertently take on part of the responsibility for complaints, returns, or product conformity.

That is why, from the design stage, you should clearly communicate:

• who the seller is
• who issues the invoice
• who is responsible for the product
• who handles returns and complaints

The terms of service and the product page should unambiguously identify the party to the sales contract.

Mini case: when the platform becomes a contracting party

Imagine a handmade goods marketplace. The buyer sees the platform's logo, pays the platform, and communicates exclusively with the platform's support team. A few months later, a product complaint arises. If the communication and documentation do not clearly identify the seller, the consumer may conclude that the platform itself was the contracting party.

This is precisely why the largest marketplaces display seller details very prominently on the product page and throughout the purchasing process. It is not merely a matter of interface transparency — it is also about limiting legal risk.

2. Prepare your core documentation

One of the most common startup mistakes is treating legal documents as an add-on that can be prepared after launch. In practice, documentation is the foundation of how the platform operates.

1 / 1

Click to zoom

The minimum set includes:

• terms of service
• seller terms and conditions
• privacy policy
• cookie policy
• returns policy
• complaints procedure

For a marketplace, a separate set of seller terms is particularly important. It must cover, among other things, commission rules, account verification, listing removal, and dispute resolution.

It is also worth archiving every version of your documents along with the date they came into effect. In the event of a dispute, this allows you to demonstrate which terms applied at the time the contract was concluded.

The most common startup mistake

Many founders prepare their terms of service just before launch or use a ready-made online shop template. The problem is that a marketplace is not an online shop. Additional relationships arise between the platform, sellers, and buyers that require separate provisions.

3. GDPR is more than just a privacy policy

Virtually every marketplace processes personal data of buyers and sellers. This typically includes:

• contact details
• delivery addresses
• billing data
• order history
• analytics data

Click to zoom

GDPR requires not only informing users about data processing, but also organising internal processes. This means, among other things:

• establishing legal bases for processing
• concluding data processing agreements with service providers
• preparing procedures for handling user requests
• setting data retention periods

GDPR violations can result in fines of up to €20 million or 4% of the company’s total global annual turnover.

Particular attention should be paid to analytics and marketing tools. Data transferred outside the European Union has been under close scrutiny from European regulators for several years.

What does data flow look like in a marketplace?

A customer places an order. Their data flows to the platform, then to the seller, the payment operator, the courier company, and often to analytics and mailing systems as well. Even a small marketplace may have several or even a dozen sub-processors handling personal data. Each of them requires a separate data processing agreement.

4. Cookies and marketing require consent

Why did the cookie topic come back into the spotlight?

For years, many companies used banners that encouraged users to accept cookies while hiding the reject option. European supervisory authorities, however, began enforcing informed consent requirements more and more actively. The result has been a series of proceedings and fines imposed on companies that treated consent as a mere formality.

For years, many companies designed cookie banners in a way that maximised the number of marketing consents. Regulators are increasingly treating such practices as manipulating users rather than obtaining informed consent.

Cookie banners have become a standard feature of the internet, but many implementations still do not meet legal requirements.

Users should be able to reject analytics and marketing cookies just as easily as they can accept them. In practice, this means the "Reject all" button should be just as prominent as "Accept all".

It is also worth separating marketing consents. Consent to a newsletter does not automatically imply consent to advertising profiling or remarketing.

If you use tools such as Google Ads, Meta Ads, or TikTok Ads, your consent collection process should also account for those services.

5. Consumer rights still apply

A marketplace does not exempt sellers or the platform from obligations towards consumers.

Before a purchase, users should receive clear information about:

• product price
• delivery costs
• seller details
• fulfilment time
• complaints procedure
• return policy

A real-world example

If a customer buys a product for €70 and changes their mind a week later, they are generally entitled to return it without giving a reason. Exceptions exist, but they must be grounded in law and clearly communicated before the purchase. Failing to provide this information can result in the statutory withdrawal period being extended.

As a general rule, a consumer has 14 days to withdraw from a distance contract without giving a reason.

The most important consumer right remains the right to withdraw from a contract within 14 days.

From June 2026, new requirements for electronic return processes will also come into force. The aim of the new rules is to ensure that cancelling a purchase is just as simple as making one. For marketplaces, this means implementing a clear returns process that is accessible without complex navigation or unnecessary formalities.

6. Verify your sellers

One of the biggest changes in recent years involves obligations related to seller identification. A marketplace should know who is selling through its platform.

Before allowing a seller to list products, it is worth verifying:

The seller onboarding process should resemble opening a business account more than a standard user registration. The platform should know who is selling through it, where they operate, and which bank account the sales proceeds will be paid into.

• company name
• address
• contact details
• tax ID number
• bank account

For many marketplaces, the obligations related to seller identification represent the biggest change in recent years. In practice, this means moving away from a model in which any user could start selling almost immediately after registration.

Why does verification protect the platform?

Imagine a seller who creates an account using false details, sells dozens of products, and disappears after receiving payment. For the customer, the problem does not end with the seller — the platform is often the first point of contact. Verifying a seller's identity before allowing them to list products significantly reduces this risk.

This is not just a regulatory requirement. Seller verification also reduces the risk of fraud, disputes, and the sale of illegal products.

Buyers should be able to check basic information about a seller before making a purchase.

7. Product safety is becoming a platform obligation

A few years ago, responsibility for product safety rested primarily with the manufacturer and seller. Today, marketplace platforms also have specific obligations.

1 / 1

Click to zoom

They should enable:

• reporting of dangerous products
• swift removal of listings that violate the law
• contacting users in the event of a product recall
• cooperation with supervisory authorities

Mini case: product recall

Suppose one of your sellers offers children's toys. A few months later, the manufacturer reports a defect that could pose a health risk. The marketplace should be able to identify the buyers and notify them about the product recall. The absence of such a procedure is not only a legal risk — it is, above all, a real danger to users.

This is particularly relevant for platforms offering physical products, handmade goods, toys, cosmetics, or electronics.

8. Prepare a procedure for reporting illegal content

A marketplace is responsible not only for products, but also for content published by users. That is why it is necessary to implement a simple reporting mechanism for:

• counterfeits
• copyright infringements
• fraud
• illegal products
• false information

What counts as illegal content in a marketplace context?

In a marketplace context, illegal content is not limited to obvious violations of the law. It can also include counterfeits, trademark infringements, false certificates, unauthorised copies of products, or misleading information about a product's properties. Each of these categories can generate platform liability if no appropriate action is taken after receiving notice of an infringement.

The DSA provides for sanctions of up to 6% of a company’s total global annual turnover for the most serious violations.

Every report should be reviewed and documented. Failure to act after receiving notice of an infringement can lead to platform liability.

9. Payments are best handled by a specialist operator

One of the biggest mistakes made by early-stage marketplaces is attempting to manage customer funds independently.

In most cases, a far safer solution is to use marketplace payment systems offered by payment operators. This approach allows you to:

• avoid complex regulatory obligations
• simplify the KYC process
• handle returns and chargebacks
• reduce the risk associated with holding funds

Why do most marketplaces use Stripe Connect or similar solutions?

Independently holding customer funds can bring a platform into the scope of regulations governing payment services (PSD2). Using a specialist operator such as Stripe Connect, Adyen for Platforms, or similar solutions significantly simplifies compliance and reduces operational risk. The operator takes on KYC obligations, chargeback handling, and the distribution of funds to sellers.

For most startups, this is the simplest and safest path.

10. Do not overlook technical security

Many legal requirements ultimately come down to system security. The absolute minimum includes:

• HTTPS across the entire platform
• regular dependency updates
• backups
• protection against application-layer attacks
• two-factor authentication for sellers
• log and incident monitoring

What does a data breach look like in practice?

A data breach does not have to mean a spectacular hack. In practice, equally common problems include misconfigured servers, outdated libraries, or the absence of backups following a failure. Any such incident involving personal data may require notification to the supervisory authority within 72 hours.

Even a small platform should have a security incident response procedure and a plan of action in the event of a data breach.

Where to start?

If you are building a marketplace with a limited budget and a small team, you do not need to implement everything at once. It is worth focusing first on the elements that carry the greatest legal and operational risk.

1. Terms of service and seller terms
2. Privacy policy and cookies
3. Payment operator integration
4. Returns and complaints process
5. Seller verification
6. Security procedures

The remaining areas can be developed as the platform grows, but the foundations should be in place before sales go live.

Minimum pre-launch implementation checklist

If you are launching a marketplace and want to achieve a reasonable level of regulatory compliance, start with the following elements:

• Terms of service
• Seller terms
• Privacy policy
• Cookie banner (CMP)
• Seller verification (KYB/C)
• Returns procedure
• Mechanism for reporting illegal content
• Stripe Connect integration or equivalent
• HTTPS and basic security measures
• Archiving of terms of service changes

1 / 1

Click to zoom

Summary — how to legally launch a marketplace in Poland

Legally launching a marketplace does not mean reading a dozen statutes and implementing everything at once. A far more effective approach is to treat compliance as a process.

For most new platforms, four areas matter most today: data protection, consumer rights, seller verification, and product safety. These are precisely the areas on which the latest EU regulations are focused.

Many marketplace startups focus primarily on features, design, and acquiring sellers. Yet most problems arise much earlier — in documentation, processes, and regulatory obligations. The good news is that most requirements can be implemented before the platform goes live. The earlier they are addressed, the fewer costly changes will need to be made after the business launches. Thankfully Artovnia.com was being build with that in mind from the very begining.

Legal bases and regulations

A brief list of the regulations on which this article is based:

• GDPR – Regulation (EU) 2016/679
• ePrivacy Directive 2002/58/EC
• Act on the Provision of Electronic Services (Poland)
• Consumer Rights Act (Poland)
• Omnibus Directive 2019/2161/EU
• GPSR Regulation 2023/988
• P2B Regulation 2019/1150
• Digital Services Act (DSA) 2022/2065
• PSD2 Directive 2015/2366
• AML Act of 1 March 2018 (Poland)
• European Accessibility Act (EAA) 2019/882
• NIS2 Directive 2022/2555