MiCA Deadline: What EU CASPs and Users Must Do Before 1 July 2026
The Markets in Crypto-Assets Regulation -- MiCA -- entered into force across the European Union in stages, with the full application deadline for crypto asset service providers set at 1 July 2026. For exchanges, custodians, and other platforms serving EU users, this deadline marks the point at which operating without authorisation becomes unlawful. For users in EU member states, it marks the moment when the platforms they use must either hold a CASP licence or stop serving them.
The regulatory text runs to several hundred pages. The practical reality for market participants is more contained but still complex. What follows is a working summary of what CASPs must do, what EU users should understand about the transition, and where the gaps in the framework are likely to generate friction.
What MiCA Requires of Crypto Asset Service Providers
MiCA creates a harmonised licensing regime across all 27 EU member states. A platform authorised as a CASP in any member state can passport its services across the entire EU, similar to how banking licences work under the single market framework.
The services that require CASP authorisation include: operation of a trading platform, exchange of crypto assets for funds or other crypto assets, custody and administration on behalf of clients, transfer services, order execution and transmission, placing of crypto assets, and provision of advice.
To obtain authorisation, a CASP must be established as a legal entity in an EU member state. The application is submitted to the national competent authority (NCA) of the home member state -- in France, the AMF; in Germany, BaFin; in Ireland, the Central Bank of Ireland, and so on. The NCA evaluates the applicant against requirements that include:
Governance and organisation. CASPs must demonstrate adequate internal governance, including risk management frameworks, business continuity plans, and internal control mechanisms. Senior management must meet fit-and-proper requirements, demonstrating competence and integrity.
Capital requirements. MiCA sets minimum own-funds requirements based on the type of services provided. Trading platform operators face higher capital requirements than entities providing only advisory services. The specific minimums range from EUR 50,000 to EUR 150,000 depending on the service category, though NCAs can impose higher requirements based on individual risk assessments.
Conduct of business and operational rules. CASPs must act honestly, fairly, and professionally in clients' best interests. This includes clear information about services, fees, and risks; effective complaints procedures; conflict of interest management; and full responsibility for any outsourced critical functions.
The Licensing Process and Timeline
The NCA has up to 40 working days (approximately two calendar months) to assess whether an application is complete, followed by up to three months to make an authorisation decision. In practice, the process has taken significantly longer for many applicants, particularly in jurisdictions where the NCA has limited crypto-specific expertise or is processing a high volume of applications.
Entities that were already operating in the EU under national registration regimes (such as France's PSAN registration or Germany's BaFin crypto custody licence) benefit from a transitional provision. Under MiCA's grandfathering clause, these entities may continue providing services during a transition period even if their full CASP authorisation has not yet been granted -- provided they have submitted their application within the required timeframe and are not subject to enforcement action.
The grandfathering period is defined by national implementation. Some member states have set the period at 18 months from MiCA's full application date. Others have opted for shorter windows. The variation means that the same exchange might have different operating timelines depending on which member state it considers its home jurisdiction.
For entities that do not hold any existing national registration, the 1 July 2026 deadline is hard. Without an authorisation or a qualifying pending application, they cannot legally provide crypto asset services to EU clients.
Custody Segregation Rules
MiCA's custody requirements represent one of the regulation's most operationally significant provisions. CASPs providing custody services must:
Segregate client assets from proprietary assets. Client crypto assets must be held separately from the CASP's own holdings. The practical implementation requires either separate on-chain wallets for client assets or a robust internal ledger system that clearly attributes holdings to individual clients, backed by sufficient on-chain assets to cover all client claims.
Ensure client assets are not used for proprietary purposes. A CASP cannot use custodied client crypto assets for its own trading, lending, staking, or any other purpose unless the client has given explicit, informed, and prior consent. This stands in contrast to the pre-MiCA norm where many exchanges commingled client funds with operational assets.
Maintain adequate safeguarding measures. This includes cybersecurity requirements, key management procedures, and operational resilience standards. CASPs must be able to demonstrate that client assets can be returned even in the event of the CASP's insolvency.
Accept liability for loss. Unless the loss results from an event beyond the CASP's control (and the CASP has taken all reasonable precautions), the CASP is liable for loss of client crypto assets in custody. This is a significant shift from the disclaimer-heavy terms of service that most exchanges previously relied on.
The custody rules effectively mandate what good practices already looked like -- segregation, security, accountability -- but give them legal force and enforcement mechanisms. For exchanges that were already operating responsibly, the operational burden is manageable. For those that were using client assets as a source of working capital or yield, the rules force a fundamental restructuring of their business model.
Stablecoin Issuer Requirements: EMTs and ARTs
MiCA distinguishes between two categories of stablecoins, each with distinct regulatory treatment.
E-money tokens (EMTs) are crypto assets that reference a single official currency. USDC, USDT, and any euro-denominated stablecoin like EURe or EUROC fall into this category. EMT issuers must be authorised as either a credit institution (bank) or an electronic money institution under the EU's existing e-money directive. They must maintain reserves of at least 100% of the outstanding token value, held in secure, low-risk assets. The reserves must be segregated and deposited with credit institutions, with diversification requirements (no more than a specified percentage at any single institution).
Notably, EMTs referencing a non-EU currency face additional restrictions. When a non-euro-denominated EMT (such as a USD stablecoin) exceeds certain usage thresholds within the EU -- broadly, one million transactions per day or EUR 200 million in transaction volume per day -- the issuer faces stricter reserve requirements and reporting obligations. This provision was designed to prevent a foreign-currency stablecoin from becoming a de facto payment instrument that undermines the euro's monetary sovereignty.
Asset-referenced tokens (ARTs) are crypto assets that reference multiple currencies, commodities, or a basket of assets. Think of a token pegged to a combination of dollars, euros, and gold. ART issuers need direct authorisation from an NCA under MiCA-specific requirements, including reserve requirements, redemption rights for holders, and restrictions on paying interest on the tokens.
Both categories require white paper publication (analogous to a prospectus), ongoing disclosure obligations, and compliance with marketing rules. The stablecoin provisions of MiCA took effect earlier than the general CASP requirements -- in June 2024 for EMTs and ARTs -- meaning issuers have already had nearly two years to comply. As our GENIUS Act analysis covers, the U.S. framework under the GENIUS Act takes a somewhat different approach to stablecoin reserve requirements, but both frameworks share the core principle of mandating reserve backing and disclosure.
What EU Users Experience Differently Post-MiCA
For retail users in EU member states, MiCA introduces several tangible changes: standardised risk warnings on platforms, restrictions on aggressive crypto marketing, the right to clear information about listed assets and fees, mandatory complaints handling procedures, and cross-border access to any authorised platform through the passporting mechanism.
The overall effect is that the EU crypto experience post-MiCA more closely resembles the regulated financial services environment familiar from banking and investment products.
The Grandfathering Clause and Transition Period
Entities operating under existing national registrations (such as France's PSAN or Germany's BaFin crypto custody licence) may continue providing services during a transition period while their CASP application is processed. The transition period length varies by member state -- some have set 18 months from MiCA's full application date, others have opted for shorter windows.
This inconsistency creates potential confusion. ESMA has issued guidance aimed at harmonising the transition, but national implementation differences persist. For users, the practical step is to verify that any platform they use either holds full CASP authorisation or is clearly operating under a recognised grandfathering provision.
Which Exchanges Have Obtained CASP Authorisation
By early 2026, several major exchanges have secured CASP authorisation in at least one EU member state. Coinbase obtained authorisation through Ireland. Bitstamp, already holding a Luxembourg licence, transitioned to full CASP status. Crypto.com secured authorisation through a European entity. Kraken applied through its European subsidiary. OKX and Bybit have pursued authorisation through various EU jurisdictions.
The pace of authorisation has been uneven. Some NCAs have processed applications relatively quickly. Others -- particularly in jurisdictions receiving high volumes of applications or those with less developed crypto regulatory infrastructure -- have been slower. The result is that some well-known platforms are operating under grandfathering provisions rather than full authorisation as the July 2026 deadline approaches.
Smaller exchanges face a harder path. The compliance costs of CASP authorisation represent a meaningful barrier, and some have exited the EU market rather than pursue authorisation.
Gaps and Enforcement Questions
MiCA is the most comprehensive crypto regulatory framework enacted by any major jurisdiction, but it leaves several areas unresolved.
DeFi protocols. MiCA explicitly applies to "crypto asset service providers" -- entities providing services. Fully decentralised protocols that operate without an identifiable service provider are technically outside MiCA's scope. The boundary between "decentralised" and "centralised with a decentralised front end" is, however, not clearly defined. Enforcement action against protocols that claim decentralisation while having identifiable governance structures is likely to test this boundary.
NFTs. MiCA generally excludes unique, non-fungible crypto assets. But fractionalised NFTs, large collections of fungible-in-practice NFTs, and NFTs used as financial instruments may fall within scope. The regulatory treatment of specific NFT use cases will be clarified through enforcement and ESMA guidance over time.
Cross-border enforcement. MiCA applies to services provided to EU clients, regardless of where the provider is based. But enforcing compliance against a platform incorporated in a non-cooperative jurisdiction with no EU physical presence presents practical challenges. Users accessing non-EU platforms through VPNs or other means may find themselves outside MiCA's protective framework.
Supervisory divergence. Although MiCA is an EU regulation (directly applicable in all member states), NCAs retain discretion in several areas, including capital requirement adjustments, transition period lengths, and enforcement priorities. The risk of supervisory arbitrage -- where CASPs seek authorisation in the most permissive jurisdiction -- is mitigated but not eliminated.
MiCA vs. the U.S. Approach
MiCA provides a single, comprehensive regulation covering virtually all crypto asset activities. The U.S. approach, through the GENIUS Act for stablecoins and the CLARITY Act for token classification, addresses crypto regulation in separate pieces through different agencies.
MiCA's advantage is comprehensiveness and legal certainty -- a CASP authorised under MiCA knows exactly what rules apply and can passport across the EU. The U.S. advantage lies in flexibility, but the disadvantage is regulatory fragmentation and ongoing uncertainty about how different pieces of legislation interact.
For global platforms, maintaining compliance with both regimes simultaneously is the operational challenge. A stablecoin meeting GENIUS Act requirements may not satisfy MiCA's EMT requirements if the reserve composition or corporate structure differs. The Research section covers developments in both frameworks, and our Methodology page explains how compliance factors into platform assessments.
FAQ
What happens if my exchange does not have CASP authorisation by 1 July 2026?
If the exchange does not hold full CASP authorisation and is not operating under a recognised grandfathering provision, it must stop providing crypto asset services to EU clients. In practice, this means the exchange should notify affected users, allow a reasonable period for asset withdrawal, and then restrict access. If an unauthorised platform continues serving EU users after the deadline, it faces enforcement action from the relevant NCA. Users should not wait until the deadline -- verify your platform's regulatory status now and have a contingency plan.
Does MiCA apply to decentralised exchanges?
MiCA applies to "crypto asset service providers," which are defined as legal entities or natural persons providing crypto asset services. A truly decentralised protocol with no identifiable operator or service provider arguably falls outside this definition. However, regulators have indicated that protocols with identifiable governance (such as a DAO with known participants, a foundation that controls upgrades, or a team that operates the front end) may be treated as CASPs. The line between decentralised and centralised is a spectrum, not a binary, and enforcement actions will progressively define where regulators draw it.
Will MiCA make crypto more expensive in the EU?
Compliance costs are real and will be partially passed through to users. Exchanges will incur costs for licensing, governance, reporting, custody infrastructure, and capital requirements. Smaller platforms that cannot absorb these costs will exit the market or consolidate, potentially reducing competition. However, MiCA also creates a more predictable operating environment that may attract institutional participants and increase overall liquidity, partially offsetting the compliance cost burden. The net effect on costs for retail users will likely be marginal -- slightly higher fees on some platforms, offset by improved protection and reduced risk of platform failure.
How does MiCA affect staking services?
MiCA does not specifically regulate proof-of-stake validation. However, staking-as-a-service likely falls under the custody and administration category, requiring CASPs to disclose risks, fees, lockup conditions, and slashing exposure. Client assets used for staking remain subject to segregation and safeguarding rules.
Can a UK exchange serve EU users after MiCA?
Since Brexit, the UK is a third country under EU law. A UK-based exchange cannot passport services into the EU and must establish a legal entity in an EU member state and obtain CASP authorisation there. Simply serving EU users from a UK entity without EU authorisation is non-compliant after the full application date. Several UK exchanges have established EU subsidiaries specifically for this purpose, typically in Ireland, the Netherlands, or France.