No CASP Licence, no EU Business: MiCA Transitional Period Ends Across the EU
MiCA transitional period ends: no CASP licence, no ordinary EU crypto services
The EU’s Markets in Crypto-Assets Regulation has reached a decisive point. On 1 July 2026, the final EU-wide transitional period for crypto-asset service providers ended.
For crypto firms still relying on old national VASP registrations, the position is now clear. A legacy registration is no longer a legal basis for ordinary EU client servicing. Firms without CASP authorisation must either stop providing crypto-asset services to EU clients, complete an orderly wind-down, migrate clients to an authorised structure, or reassess whether any remaining activity is genuinely outside the MiCA perimeter.
This article explains what changed on 1 July 2026, what ESMA expects from unauthorised and authorised CASPs, and why reverse solicitation should be treated as a narrow legal exception rather than a commercial fallback. For readers’ convenience, we have placed the key official sources and regulatory materials at the end of this article.
Publish Date
2 July 2026
Reading Time
17 minutes
Category
Legal News
Jurisdiction
EU
MiCA’s transitional period has now ended across the EU
Regulation (EU) 2023/1114 on markets in crypto-assets created a new EU authorisation framework for crypto-asset service providers. Under Article 143(3) of MiCA, certain firms that were already providing crypto-asset services under applicable national law before 30 December 2024 could continue operating temporarily.
That transitional route was never open-ended. Member States could apply shorter periods, and some did. In all cases, however, the final EU-wide outer limit was 1 July 2026.
ESMA has now confirmed the practical result in direct terms. After 1 July 2026, any entity providing crypto-asset services to EU clients without a MiCA licence is in breach of EU law and must cease offering those services.
This is not only relevant to firms that never applied for authorisation. It is also relevant to firms that filed late, firms whose applications remain pending, firms operating through legacy national registrations, and groups that still route EU clients through non-EU entities.
A CASP application is not the same as a CASP authorisation
Many firms treated the MiCA transition as an application deadline. That is risky.
The end of the transitional period is an authorisation and market-access issue. If a firm is not authorised as a CASP and cannot rely on a valid legal basis, it should not continue business-as-usual EU client activity merely because an application has been submitted or is being prepared.
For practical purposes, the first post-deadline question is simple: which legal entity is authorised to provide the relevant crypto-asset service to the relevant EU client?
The answer should be checked against ESMA’s Interim MiCA Register and the relevant national competent authority records. The MiCA register is the official reference point for authorised crypto-asset service providers, white papers, issuers and non-compliant entities reported to ESMA by NCAs and the EBA.
Legacy VASP registrations no longer solve the EU access question
Before MiCA, crypto businesses often operated through national VASP, DASP, virtual asset or AML registration regimes. These frameworks varied significantly between Member States. Some were mainly AML/CFT registration regimes. Others imposed broader governance, conduct or prudential expectations.
MiCA replaces that fragmented model with an EU authorisation framework for CASPs. This means the legal analysis has shifted.
A firm should no longer ask only whether it had a national registration before MiCA. It should ask:
- whether the specific entity is authorised under MiCA;
- whether the exact service is covered by that authorisation;
- whether the client is being served by the authorised EU entity;
- whether any outsourcing, custody, onboarding or group arrangement involves an unauthorised entity; and
- whether any remaining EU-facing activity could be treated as solicitation.
The answer must be documented. Brand-level statements are not enough. ESMA has warned consumers that MiCA protections apply to the specific authorised EU legal entity, not automatically to every company in the same group or every entity using the same brand.
Unauthorised CASPs should already have implemented wind-down plans
ESMA expected CASPs that had not obtained authorisation to prepare orderly wind-down plans before the end of the transitional period. By 1 July 2026, unauthorised CASPs were expected to have implemented those plans.
A credible wind-down plan should not be a symbolic board document. ESMA expects plans to be operational, credible and immediately executable. They should allow an orderly exit without undue economic harm to clients.
In practice, this usually means prior client notice, clear timelines, asset transfer options, withdrawal support, closure of open positions where relevant, and arrangements for transferring crypto-assets to an authorised CASP or a self-hosted wallet.
The plan should also reflect applicable conduct, prudential and AML/CFT obligations. A firm cannot use “wind-down” as a label for continued commercial onboarding, retention campaigns or delayed compliance.
Client migration is now a regulated risk area
The end of the transitional period also creates pressure on authorised CASPs. ESMA expects authorised providers to actively manage the migration of existing EU clients before the deadline and to apply robust onboarding controls.
This creates a commercial opportunity for authorised firms, but it also creates regulatory exposure.
Authorised CASPs receiving clients from unauthorised providers should assess the source of the client base, the quality of existing KYC and AML/CFT records, custody arrangements, complaint history, outsourcing links, sanctions screening, wallet risk, and any relationship with non-EU group entities.
A migration process that looks efficient from a business perspective may still create regulatory problems if the authorised CASP cannot evidence proper onboarding, client classification, custody segregation, complaints handling, outsourcing oversight and AML/CFT control.
NCAs are expected to act against unauthorised crypto services
National competent authorities are now central to the post-deadline phase. ESMA expects NCAs to verify wind-down plans, check their adequacy, and ensure they are implemented in time.
NCAs are also expected to take action against unauthorised crypto-asset service provision after the end of the transitional period. This may include cooperation with other competent authorities where services, clients, legal entities or infrastructure are spread across multiple jurisdictions.
The supervisory focus is likely to include firms that continue EU onboarding, maintain EU-facing websites, process EU client trades, hold EU client assets, route activity to non-EU affiliates, or describe activity as “reverse solicitation” without supporting evidence.
For firms still active in the EU without authorisation, the risk is not theoretical. The legal basis has changed.
Reverse solicitation is narrow, factual and easy to lose
For third-country firms, MiCA contains a reverse solicitation route under Article 61. This applies where a client established or situated in the EU initiates the provision of a crypto-asset service at the client’s own exclusive initiative.
This is not a general exemption for non-EU platforms. It is not a substitute for CASP authorisation. It is also not a solution for EU-established firms that failed to complete authorisation.
ESMA’s reverse solicitation guidelines take a strict and practical approach. Solicitation should be construed broadly and in a technology-neutral way. It may include internet advertising, emails, telephone calls, banners, pop-ups, social media, websites, mobile applications, face-to-face meetings, roadshows, trade fairs, event invitations, affiliate campaigns, retargeting, response forms, messaging platforms and sponsorship deals.
The assessment depends on the facts. A disclaimer saying that services are provided only at the client’s initiative will not override conduct showing that the firm targeted EU clients.
“Passive” EU business needs evidence, not assumptions
Reverse solicitation is often misunderstood because the client may appear to take the final step. A client may click, register, submit a form or open an account without direct sales contact. That does not automatically make the relationship passive.
The relevant question is broader: did the firm solicit, promote, advertise or offer crypto-asset services to EU clients or prospective EU clients?
Several ordinary commercial actions can create risk. These include EU-targeted landing pages, EU language content linked to onboarding, EU-focused SEO campaigns, paid search directed at EU users, social media campaigns visible to EU audiences, affiliate referrals, event follow-ups, sponsorship visibility, post-meeting emails, push notifications, and product prompts after an initial client interaction.
Even a conference meeting can become relevant. A conversation at a trade fair, a scanned badge, a follow-up email, a product deck, or an invitation to continue discussion may be part of a solicitation trail.
Website design and access controls should be reviewed immediately
After 1 July 2026, firms that are not authorised under MiCA should review their public-facing and client-facing infrastructure.
The review should cover websites, app stores, onboarding flows, IP controls, language settings, country selectors, affiliate links, social channels, help centres, newsletters, CRM workflows, referral schemes, event materials, and client support scripts.
Geo-blocking can help reduce risk, but it is not a complete legal answer. ESMA’s guidance refers to measures such as blocking access from EU IP addresses and making mobile applications unavailable in EU app stores. Those controls should be supported by documented policies, monitoring, escalation procedures and evidence retention.
VPN use can complicate the evidential position. A firm should not assume that VPN access makes EU activity safe or that it removes the need for controls. The better question is whether the firm can show that it did not target EU clients, did not facilitate unlawful EU onboarding, and did not continue EU services outside a valid legal basis.
Group structures need particular attention
Crypto groups often operate under a single brand while using multiple legal entities. One entity may be authorised in the EU. Another may hold technology, custody, liquidity, execution, marketing, support or treasury functions outside the EU.
After the MiCA transition, this structure must be reviewed carefully.
ESMA has specifically warned that entities established outside the EU are not permitted, outside the narrow reverse solicitation exception, to provide MiCA services to EU investors or solicit EU clients. ESMA also highlights that this applies in a business-to-business context.
Custody is particularly sensitive. ESMA states that MiCA prohibits CASPs from outsourcing or delegating certain services, including custody, to entities that are not themselves authorised as CASPs.
An EU licence should not be treated as a wrapper for unauthorised third-country service provision. If the EU authorised entity is only nominally involved, while the real service is performed elsewhere, the structure may require urgent remediation.
Practical post-deadline checklist for crypto firms
Firms that still have EU clients or EU-facing activity should complete a documented compliance review now.
The review should cover the following points:
- Confirm whether the exact legal entity serving EU clients is authorised as a CASP.
- Check whether each crypto-asset service is within the authorisation scope.
- Stop EU onboarding where no valid authorisation or exemption exists.
- Review websites, apps, affiliates, campaigns, events, social media and sales follow-ups.
- Assess whether any claimed reverse solicitation file is supported by evidence.
- Implement or update wind-down communications and client asset transfer processes.
- Review custody, outsourcing, delegation and non-EU group arrangements.
- Check AML/CFT onboarding for any client migration to an authorised CASP.
- Preserve records showing when EU-facing activity stopped or changed.
- Decide whether to apply for CASP authorisation, partner with an authorised CASP, migrate clients or exit the EU market.
This should be treated as a board-level and compliance-level exercise. The decision affects licensing, operations, technology, client communications, commercial contracts and potential enforcement exposure.
Strategic options after the MiCA transition
For firms without authorisation, there are usually four realistic paths.
The first is full CASP authorisation. This is appropriate where the EU remains a strategic market and the firm is prepared to meet MiCA governance, prudential, safeguarding, outsourcing, conduct, complaint-handling and AML/CFT requirements.
The second is client migration to an authorised CASP. This may be suitable where a firm cannot obtain authorisation quickly but wants to preserve client relationships through a compliant structure. It requires careful legal allocation of roles, client consent, data transfer analysis, AML/CFT checks and commercial documentation.
The third is orderly wind-down. This may be the only defensible option where authorisation is not available, reverse solicitation is not supportable, and the firm cannot restructure safely.
The fourth is strict non-EU operation with reverse solicitation controls. This is relevant mainly for third-country firms. It requires evidence, training, access controls, marketing restrictions, and disciplined handling of EU-originating contacts.
None of these options should be improvised after the deadline. Each requires a documented legal and operational plan.
The new EU crypto market is more regulated and more selective
MiCA has changed the EU crypto market from a patchwork of national registrations into a licensing environment with EU-wide consequences.
For authorised CASPs, this creates a stronger regulatory position and potential client inflows. For unauthorised firms, it creates a sharp market-access constraint. For clients, it makes entity verification more important. For counterparties, it changes due diligence expectations.
The transition period is over, but the regulatory work is not. Firms now need to show that their EU activity, client migration, reverse solicitation controls, outsourcing arrangements and wind-down steps match the new legal reality.
Legasset assists crypto businesses, fintech groups and investors with CASP authorisation strategy, MiCA compliance reviews, reverse solicitation assessments, client migration, wind-down planning, AML/CFT structuring, outsourcing analysis and EU market-entry planning.
MiCA transitional period and CASP authorisation after 1 July 2026: key business questions
Can a crypto firm still serve EU clients after 1 July 2026 without a CASP licence?
Generally, no. After the end of the MiCA transitional period, a firm providing crypto-asset services to EU clients without MiCA authorisation is at risk of unauthorised activity. A narrow reverse solicitation route may be available for third-country firms in specific circumstances, but it should not be treated as a commercial strategy.
Is a national VASP registration still enough after the MiCA deadline?
No, not for ordinary ongoing EU crypto-asset services after the expiry of the relevant transitional period. Legacy national registrations were part of the pre-MiCA framework. Firms now need to assess whether the relevant legal entity has CASP authorisation under MiCA.
Does submitting a CASP application allow a firm to keep operating?
Not by itself. A pending application is not the same as authorisation. After the transitional period, firms should not continue EU client services unless they have a valid legal basis.
What should unauthorised CASPs do now?
Unauthorised CASPs should stop unlawful EU-facing activity, implement an orderly wind-down where required, support client withdrawals or transfers, review client communications, and document the legal basis for any remaining activity.
Can reverse solicitation be used after MiCA?
Reverse solicitation may apply where an EU client requests a crypto-asset service from a third-country firm at the client’s own exclusive initiative. ESMA interprets solicitation broadly, so firms need strong evidence and controls. Marketing, event follow-ups, affiliates, targeted website features or retargeting may undermine reliance on the exemption.
Are EU clients protected if they use a global crypto brand?
Not automatically. MiCA protections apply to the specific authorised EU legal entity providing the service. Clients and counterparties should verify the entity name, contractual counterparty and authorisation status in the ESMA register.
Topic-Specific Official Resources and Regulatory Materials
This statement confirms the 1 July 2026 expiry of the EU-wide transitional period, ESMA’s expectations for unauthorised CASPs, wind-down planning, client migration and NCA action.
II. ESMA — Markets in Crypto-Assets Regulation MiCA page and Interim MiCA Register
This page hosts ESMA’s MiCA implementation materials and the Interim MiCA Register files, including authorised CASPs, crypto-asset white papers and non-compliant entities.
III. ESMA — Guidelines on reverse solicitation under MiCA
These guidelines explain how competent authorities should assess solicitation by third-country firms under Article 61 of MiCA and provide examples of conduct likely to be treated as EU client solicitation.
IV. EUR-Lex — Regulation (EU) 2023/1114 on markets in crypto-assets
The official MiCA legal text sets out the authorisation framework for CASPs, transitional measures, reverse solicitation provisions and broader crypto-asset market rules.
How do I get other licenses?
Europe’s MiCA CASP Register After March and April 2026
EU Parliament Floats Crypto and Online Gambling Levies for Future Budget
Digital Euro Pilot Moves Forward as PSP Application Deadline Approaches
Malta Gaming Operators Face New AML Expectations as MGA Points Industry to AMLA Consultations
UK Crypto Firms Can Request FCA Pre-Application Meetings From 11 May 2026
ESMA Warns Crypto Firms as MiCA Transitional Period Ends on 1 July 2026
South Africa FSP Licences and Market Overview for Investors
BVI Company Formation Guide: Setup Route, Compliance, Banking Reality
China Company Formation For Foreign Founders: Setup And Compliance













