Europe’s markets regulator has told unauthorized crypto-asset service providers to shut down EU operations without delay. The European Securities and Markets Authority issued the directive as the Markets in Crypto-Assets Regulation transitional period expires on 1 July 2026.
MiCA is the EU’s landmark crypto regulatory framework. It requires any firm offering crypto services to EU clients to hold a formal authorization. A transitional period allowed existing providers to continue operating under national regimes while they sought approval. That window closes on July 1.
Some firms secured authorization ahead of the deadline. Others did not. ESMA’s statement targets the second group.
According to the ESMA release, unauthorized firms face a clear set of obligations. They must stop taking on new EU clients. Marketing and solicitation to EU residents must cease. New accounts cannot be opened.
Existing services must narrow in scope. Firms can only continue operating to the extent necessary to help clients sell assets, transfer holdings, close positions, or exit the platform.
Custody of client assets is permitted only for as long as it takes to complete an exit in good order. Firms must also communicate with clients. ESMA expects communication to be clear, prompt, and repeated.
Clients need to know the wind-down timeline, what protections are in place, and what will happen to residual positions if no action is taken. A deadline for automatic position closure must be stated.
AML crypto rules still apply
ESMA emphasized that compliance obligations do not pause during a wind-down. Firms must maintain anti-money laundering and counter-terrorism financing controls throughout the exit process. This includes customer due diligence, transaction monitoring, sanctions screening, suspicious transaction reporting, and record-keeping.
Where a client transfers to a MiCA-authorized provider, the receiving firm must conduct full onboarding checks. Authorization does not carry over from an old provider.
ESMA extended the warning to firms based outside the European Union. Non-EU CASPs cannot provide MiCA-covered services to EU clients, including in business-to-business arrangements.
The regulator also noted that MiCA bars firms from outsourcing custody services to entities that lack CASP authorization under the regulation.
ESMA issued a direct warning to retail users. Clients of unauthorized providers do not benefit from MiCA’s investor protection rules. There is no guarantee of asset safeguarding under the framework if the provider is not licensed.
EU clients were advised to check whether their provider holds authorization by consulting the ESMA Register, a public database of licensed CASPs.
The July 1 deadline marks the end of a years-long transition to a unified EU crypto rulebook.
