What Changes on July 1, 2026?
On 1 July 2026, the Article 143(3) grandfathering period under MiCA — Regulation (EU) 2023/1114 — expires, and any firm still serving EU clients on a pre-MiCA national registration must stop. Article 59 already prohibits providing crypto-asset services in the Union without authorisation as a CASP under Article 63 . The transitional rule merely deferred that wall; now it lands.
ESMA's statement of 17 April 2026 makes the cutoff explicit: after this date, any entity offering crypto-asset services to EU clients without a MiCA licence is in breach of EU law and must cease . A legacy VASP, DASP or AML registration — or a merely pending application — no longer qualifies. ESMA has clarified that firms operating only under grandfathering are not authorised CASPs until Article 63 approval is actually granted.
"Get licensed or get out" — the message to crypto-asset service providers as the MiCA transitional period closes (source: Fenech & Fenech Advocates).
The April statement goes further than a deadline. By 1 July, every unauthorised CASP must have already implemented a wind-down plan — including prior client notice and arrangements to transfer assets to a licensed CASP or to self-hosted wallets . National authorities are expected to verify those plans and scrutinise migrations so groups cannot keep trading through an unauthorised affiliate.
The penalties are not theoretical:
- Administrative fines reach EUR 5 million or 5% of annual global turnover for legal persons .
- Criminal liability applies in some states: France carries up to two years' imprisonment and a EUR 30,000 fine, with the AMF able to publish blacklists or seek website blocking .
The Conversion Gap: ~210 Licensed Out of 1,200+
The enforcement risk lands hardest because so few firms actually crossed the line. Of the roughly 1,200-plus VASP entities holding pre-MiCA national registrations, only about 210 had secured full CASP authorisation by mid-2026 . That is a conversion rate near 17% — leaving more than 80% of registered firms without a full licence as the deadline approached.
The bottleneck is partly structural. About ten EU jurisdictions had not issued a single CASP authorisation by mid-2026, raising concerns over national regulator capacity and application backlogs . A complete file can take months to clear, so firms that filed late may not be authorised in time even where a regulator is willing.
The user-side exposure is large. Download data analysed by OKX using Sensor Tower found that of 18.5 million crypto app downloads across Europe between May 2025 and May 2026, roughly 7.6 million went to exchanges lacking MiCA authorisation . That implies a sizeable cohort of EU users may face forced migration or service interruption.
Most large platforms did convert. Each obtained authorisation from a single national regulator, which then passports across all EU/EEA states — but the licence is tied to a specific legal entity, not a global brand.
| Exchange entity | Regulator | Authorisation date |
|---|---|---|
| OKX Europe Limited | Malta (MFSA) | 27 January 2025 |
| Coinbase Luxembourg S.A. | Luxembourg (CSSF) | 20 June 2025 |
| Kraken (Irish entity) | Central Bank of Ireland | 25 June 2025 |
OKX Europe received its Maltese CASP licence on 27 January 2025 , Coinbase announced its Luxembourg CSSF licence on 20 June 2025, and Kraken confirmed its Central Bank of Ireland licence on 25 June 2025 . The practical takeaway for traders: verify the specific legal entity serving you, since one group company holding a licence does not automatically cover affiliates.
The Timeline Was Never Uniform — Many Deadlines Already Passed
That entity-level check matters even more once you realise 1 July 2026 is only the EU-wide outer limit, not a single shared deadline. Article 143(3) let each Member State set the length of its grandfathering window, and many shortened it — so a firm legal in one country may already be operating illegally in another. The result is a fragmented map of national cutoffs, several of which have already lapsed.
According to ESMA's published list of grandfathering periods, the windows split into three tiers :
- 6 months: Latvia, Hungary, the Netherlands, Poland, Slovenia and Finland.
- 9 months: Sweden.
- 12 months: Germany, Ireland, Lithuania, Austria, Slovakia and Norway.
- Full 18 months (to 1 July 2026): France, Spain, Greece, Malta, Cyprus, Luxembourg, Portugal, Romania, Iceland and Liechtenstein.
Several deadlines are already behind us. The Netherlands ended its transition for DNB-registered providers on 30 June 2025 . Sweden required firms to have applied for authorisation or to begin winding down from 1 October 2025 .
Non-EU exchanges face a separate trap. MiCA's reverse-solicitation exception (Article 61) only covers clients who act on their own exclusive initiative, and ESMA's guidelines of 26 February 2025 read "solicitation" broadly and technology-neutrally — ads, websites, apps, social media, retargeting, affiliate campaigns, influencers, SEO and sponsorships all count, and disclaimers cannot override the underlying facts .
"Failure to obtain a MiCA licence by 1 July 2026 will mean the end of CASP operations in the EU," — analysis of ESMA's transitional guidelines (source: Dudkowiak Legal).
What Traders Should Do Before July 1
The practical takeaway for traders is to verify your exchange's licence at the entity level — not the brand level — before 1 July 2026. A MiCA authorisation attaches to a specific legal entity, set of services and passporting scope, so a parent's licence does not automatically cover every subsidiary you might be trading through . Check the exact registered entity name, then act on what you find.
ESMA's Interim MiCA Register is the official central source. It was last refreshed on 4 June 2026 and is updated weekly as five CSV files — white papers, ART issuers, EMT issuers, authorised CASPs, and non-compliant entities . National-register data can lag before appearing there, so cross-check your national competent authority too.
A short checklist:
- Confirm the entity: search the authorised-CASP CSV for the precise legal entity you contract with, not the app or brand name .
- If it is unlicensed: initiate withdrawal or transfer to a licensed CASP or a self-hosted wallet before 1 July, so you are not caught mid-process if services are suspended .
- For non-EU platforms: passive use under the Article 61 reverse-solicitation exception may still be permissible, but only where you act on your own exclusive initiative — any platform actively marketing to you falls outside it .
- Monitor the non-compliant-entities CSV for your exchange; national regulators may also publish blacklists or seek website blocks independently .
The bottom line: licensed CASPs gain a passportable EU/EEA market, while unlicensed firms must obtain a licence, wind down, or transfer their books. With roughly 7.6 million of 18.5 million European app downloads going to unauthorised exchanges, migration risk is concentrated — and the penalties for breach reach EUR 5 million or 5% of global turnover . Verify your entity now; do not wait for the wall to close.
Frequently asked questions
What happens to my funds if my exchange loses EU access on July 1, 2026?
Your assets are not seized, but access can be interrupted. Any exchange operating without a MiCA licence must run an orderly wind-down before the deadline, including transferring crypto-assets to an authorised CASP or to self-hosted wallets that you control. ESMA Q&A 2221 requires firms to notify clients in advance so they can move funds without harm . The April 2026 statement expects every unauthorised CASP to have already implemented that plan by 1 July 2026 . Do not wait for the notice — withdraw or migrate early.
How do I check if my exchange has a MiCA licence?
Use ESMA's Interim MiCA Register, the official central source, which publishes five CSV files (white papers, ART issuers, EMT issuers, authorised CASPs, and non-compliant entities) and refreshes weekly; it was last updated on 4 June 2026 . Check the authorised CASPs file by the exact legal entity name, not the brand. A licence is tied to a specific legal entity, so a group authorisation may not cover the subsidiary that actually holds your account. Note that national-register data can lag before it appears in the ESMA file.
Does MiCA apply to non-EU exchanges like Binance or Bybit?
Yes, indirectly. A third-country exchange may serve EU clients only under MiCA's narrow reverse-solicitation exception (Article 61), which applies where the client acts on their own exclusive initiative. ESMA's reverse-solicitation guidelines of 26 February 2025 read solicitation broadly and technology-neutrally — covering ads, websites, apps, social media, affiliate campaigns, retargeting, influencers, SEO and sponsorships — and disclaimers cannot override the facts . Active marketing to EU users disqualifies the exception, including in B2B contexts.
If an exchange has a MiCA licence in one EU country, can it serve me in any EU country?
Yes — a MiCA CASP licence is passportable across all EU/EEA member states, so one authorised legal entity can serve clients in every member state without local physical presence . The catch is scope: the passport covers only the specific licensed legal entity and the services and passporting scope it declared. Other group companies are not automatically covered, so verify at entity level. For example, Coinbase's Luxembourg entity was licensed by the CSSF on 20 June 2025 .
Why did so few exchanges get fully licensed before the deadline?
Capacity and paperwork, mainly. Of roughly 1,200-plus VASP entities with pre-MiCA national registrations, only around 210 — near 17% — had full CASP authorisation by mid-2026, and about ten EU jurisdictions had issued zero licences amid backlogs . France's AMF notes that review can take up to four months after a complete file is submitted, and initial filings are rarely complete . Many firms simply applied too late.
