ESMA Warns Crypto Firms and Investors as MiCA Transitional Periods End on 1 July 2026
The European Securities and Markets Authority has warned crypto-asset service providers that the EU’s MiCA transitional period will end across the European Union on 1 July 2026. After that date, any firm providing crypto-asset services to EU clients without a MiCA authorisation will be in breach of EU law and must stop offering those services.
The warning is relevant not only for crypto exchanges and custodians. It also affects brokers, transfer service providers, trading platforms, placement services, advisory models, group structures, outsourcing arrangements, and non-EU firms still serving EU clients.
For CASPs that do not expect to receive MiCA authorisation before the deadline, the issue is no longer theoretical. ESMA expects unauthorised firms to have credible, operational and immediately executable wind-down plans that protect clients and avoid unnecessary disruption.
This piece explains what ESMA’s warning means in practice, which firms are most exposed, and what CASPs, investors and counterparties should review before the 1 July 2026 deadline.
For readers’ convenience, we have placed the key official sources and regulatory materials at the end of this article.
Publish Date
7 May 2026
Reading Time
9 minutes
Category
Legal News
Jurisdiction
EU
ESMA Warns Crypto Firms and Investors as MiCA Transitional Periods End on 1 July 2026
The European Securities and Markets Authority has warned crypto-asset service providers that the EU’s MiCA transitional period will end across the European Union on 1 July 2026. After that date, any firm providing crypto-asset services to EU clients without a MiCA authorisation will be in breach of EU law and must stop offering those services.
The warning is relevant not only for crypto exchanges and custodians. It also affects brokers, transfer service providers, trading platforms, placement services, advisory models, group structures, outsourcing arrangements, and non-EU firms still serving EU clients.
For CASPs that do not expect to receive MiCA authorisation before the deadline, the issue is no longer theoretical. ESMA expects unauthorised firms to have credible, operational and immediately executable wind-down plans that protect clients and avoid unnecessary disruption.
This piece explains what ESMA’s warning means in practice, which firms are most exposed, and what CASPs, investors and counterparties should review before the 1 July 2026 deadline.
For readers’ convenience, we have placed the key official sources and regulatory materials at the end of this article.
ESMA confirms that the MiCA transitional period ends on 1 July 2026
| Grandfathering period | Example jurisdictions |
|---|---|
| 18 months | Spain, France, Malta, Cyprus, Luxembourg, Romania, Greece, Estonia |
| 12 months | Germany, Ireland, Lithuania, Austria, Slovakia, Norway |
| 9 months | Sweden |
| 6 months | Latvia, Hungary, Netherlands, Poland, Slovenia, Finland |
| To be confirmed in ESMA list | Belgium, Portugal |
Unauthorised CASPs must prepare and implement wind-down plans
ESMA’s position is clear. CASPs that will not be authorised by 1 July 2026 must implement their wind-down plans by that date.
A wind-down plan should not be a general internal document kept for later use. ESMA expects plans to be credible, operational and immediately executable. They should also be designed in line with applicable conduct, prudential and AML/CFT obligations.
In practice, a CASP wind-down plan should address:
- prior notice to existing clients;
- orderly offboarding of EU clients;
- transfer of crypto-assets to an authorised CASP or self-hosted wallet;
- treatment of open positions and pending transactions;
- complaints handling and client support;
- termination of EU-facing solicitation and marketing;
- recordkeeping for client communications;
- board approval and internal accountability;
- AML/CFT controls during offboarding.
This is a supervisory issue as much as an operational issue. A firm that waits until the final weeks before the deadline may struggle to show that it has taken reasonable steps to protect clients and comply with MiCA.
Authorised CASPs must also manage client migration carefully
The end of the transitional period does not only create obligations for firms that remain unauthorised. Authorised CASPs must also manage client migration in a controlled way, especially where clients are being moved from a non-authorised entity to an authorised EU entity.
This is particularly important for crypto groups with multiple companies, shared branding, centralised infrastructure, and global platforms. MiCA protections apply to the authorised legal entity providing the relevant regulated service. They do not automatically extend to other affiliates or non-EU entities in the same group.
Authorised CASPs should therefore review whether EU clients are contracting with the correct entity. They should also check whether website flows, mobile app onboarding, terms of business, risk warnings, custody disclosures, and client communications clearly identify the authorised provider.
Where client migration is required, firms should also ensure that AML/CFT checks are properly completed. Migrating clients from an unauthorised entity should not become a shortcut around onboarding, due diligence, sanctions screening, source-of-funds checks, or transaction monitoring requirements.
Non-EU crypto firms cannot rely on reverse solicitation as a broad strategy
ESMA has also warned third-country firms that they cannot provide MiCA-regulated services to EU clients or solicit EU clients without proper authorisation, except in narrow reverse solicitation circumstances.
Reverse solicitation should not be treated as a general market-access strategy. It is designed for cases where the client initiates the service at its own exclusive initiative. It does not allow a non-EU crypto firm to actively market, target, onboard, or service EU clients while avoiding MiCA authorisation.
This point is especially important for non-EU exchanges, custodians, brokers, OTC desks and wallet infrastructure providers. It also matters in business-to-business structures, where services are provided to EU institutional clients, fintech groups, investment firms, or other CASPs.
Firms should review their websites, apps, affiliate programmes, referral arrangements, social media campaigns, conference activity, paid advertising, and business development practices. Any activity that targets EU clients may create regulatory exposure if the provider is not authorised.
Outsourcing and custody arrangements need urgent review
MiCA also raises important questions for outsourcing, delegation and custody models. ESMA states that CASPs cannot outsource or delegate certain services, including custody, to entities that are not themselves authorised as CASPs.
This is a major issue for groups that rely on centralised custody infrastructure, non-EU wallet entities, treasury companies, technical service companies, or global operations hubs. A MiCA authorisation at one EU entity does not automatically solve all group-level outsourcing and custody issues.
Authorised CASPs should review their arrangements before the transitional deadline. Key questions include:
- which entity legally provides custody to EU clients;
- which entity controls private keys or wallet infrastructure;
- whether any outsourced service is itself a MiCA-regulated service;
- whether group entities are acting beyond a permitted outsourcing role;
- whether client disclosures accurately describe the arrangement;
- whether outsourcing contracts meet MiCA governance and risk standards.
This review should be linked to broader operational resilience, AML/CFT, safeguarding, conflict-of-interest and governance requirements. It should not be treated as a purely technical infrastructure exercise.
Investors and counterparties should verify the exact authorised entity
ESMA has also addressed investors and users of crypto-asset services. The regulator advises users to check whether their provider is authorised under MiCA and to verify the exact legal entity providing the service.
This is important because many crypto platforms operate under a single brand but through multiple entities. A group may have one authorised EU CASP while other group companies remain outside MiCA’s authorisation perimeter.
Investors, corporate users and counterparties should therefore check:
- whether the provider appears in the ESMA Interim MiCA Register;
- which legal entity is named in the client agreement;
- whether custody, exchange, transfer or execution services are provided by the authorised entity;
- whether the provider is still relying on a national transitional regime;
- what will happen to assets, positions and accounts after 1 July 2026;
- whether client support, complaints and safeguarding arrangements are clear.
For businesses that hold material crypto-assets or use CASPs for treasury, payments, trading or custody, this should become part of counterparty due diligence.
Practical steps for CASPs before the 1 July 2026 deadline
CASPs still operating under transitional arrangements should treat the deadline as a strategic regulatory project. The required action depends on the firm’s authorisation status, business model and EU footprint.
For CASPs seeking MiCA authorisation
Firms with pending or planned MiCA applications should review whether their authorisation timeline is realistic. They should also prepare for supervisory questions on governance, capital, safeguarding, complaints handling, ICT arrangements, outsourcing, conflicts of interest, AML/CFT controls and client asset protection.
A MiCA application is not only a form-filling exercise. It requires a defensible operating model, clear legal entity structure, credible policies, operational controls and evidence that the business can comply in practice.
For CASPs unlikely to be authorised by 1 July 2026
Firms that do not expect to hold a MiCA licence by the deadline should focus on wind-down execution. This includes client notices, offboarding plans, asset transfer arrangements, termination of EU-facing services, and clear internal responsibility for implementation.
These firms should also document the steps taken. Evidence of timely planning and client protection may become important if a national competent authority reviews the firm’s conduct after the deadline.
For authorised CASPs migrating or acquiring clients
Authorised CASPs receiving clients from unauthorised entities should avoid treating migration as a purely commercial opportunity. They need to manage onboarding capacity, AML/CFT screening, contracting entity issues, operational risk and client disclosures.
Where the migration occurs within the same group, the firm should still verify that the authorised EU entity is genuinely providing the regulated service and that clients understand which protections apply.
How Legasset can assist with MiCA authorisation and transition planning
The end of the MiCA transitional period creates licensing, compliance, operational and client-protection risks for crypto businesses serving the EU market. Firms should not wait until the final weeks before 1 July 2026 to assess whether they can continue operating.
Legasset assists crypto businesses, fintech groups, investors and market-entry teams with MiCA authorisation strategy, CASP licensing, EU regulatory structuring, outsourcing review, client migration planning, AML/CFT frameworks and wind-down support. We help businesses assess whether they can continue operating in the EU, what licence route is available, and what changes are needed before the transitional period ends.
FAQ: MiCA transitional period and CASP authorisation before 1 July 2026
When does the MiCA transitional period end?
The MiCA transitional period ends across the EU on 1 July 2026. After that date, crypto-asset service providers offering MiCA-regulated services to EU clients must hold a MiCA authorisation or stop providing those services.
What happens if a CASP is not authorised by 1 July 2026?
A CASP that is not authorised by the deadline must stop offering MiCA-regulated services to EU clients. ESMA also expects unauthorised CASPs to implement credible and operational wind-down plans by the deadline.
What is a CASP wind-down plan?
A CASP wind-down plan explains how a crypto-asset service provider will stop providing services in an orderly way. It should address client notices, asset transfers, offboarding, complaints, AML/CFT controls, open positions, recordkeeping and internal accountability.
Can a non-EU crypto exchange continue serving EU clients without MiCA authorisation?
Generally, no. A non-EU crypto exchange cannot actively solicit or provide MiCA-regulated services to EU clients without proper authorisation, except in narrow reverse solicitation circumstances.
Does MiCA authorisation cover every company in a crypto group?
No. MiCA authorisation applies to the specific authorised legal entity. It does not automatically cover other companies in the same group, non-EU affiliates, or entities operating under the same brand.
How can investors check whether a CASP is authorised under MiCA?
Investors and counterparties should check the ESMA Interim MiCA Register and confirm the exact legal entity providing the service. They should also review client agreements, custody terms and disclosures.
What should CASPs do before the deadline?
CASPs should confirm their authorisation status, assess whether they rely on a national grandfathering regime, prepare or update their MiCA application, review outsourcing and custody arrangements, and implement wind-down or client migration plans where required.
MiCA Transitional Period: Official Resources and Regulatory Materials
Official ESMA statement dated 17 April 2026 confirming supervisory expectations before the end of MiCA transitional periods, including wind-down planning, client migration, reverse solicitation and unauthorised CASP activity.
II. European Securities and Markets Authority — Markets in Crypto-Assets Regulation MiCA page
ESMA’s main MiCA information page, including regulatory measures, supervisory convergence materials, transitional information and access to MiCA-related registers.
III. European Securities and Markets Authority — List of MiCA grandfathering periods under Article 143
Official ESMA list showing national grandfathering periods decided by Member States under Article 143 of Regulation (EU) 2023/1114.
IV. EUR-Lex — Regulation (EU) 2023/1114 on markets in crypto-assets
Official text of MiCA, including the authorisation framework for crypto-asset service providers and Article 143 transitional provisions.
V. European Securities and Markets Authority — MiCA CASP Register
ESMA register for checking authorised crypto-asset service providers under MiCA and verifying the exact authorised legal entity.
