MiCA Deadline Looms: 80% of EU Crypto Firms Unlicensed in 2026

With 24 days until the EU’s most consequential crypto regulation takes full effect, fewer than 1 in 5 registered crypto firms in Europe has secured the required authorization. On July 1, 2026, the Markets in Crypto-Assets Regulation’s transitional period expires — and the majority of firms still operating without a license will need to wind down, find a licensed acquirer, or exit the EU market entirely.

What the MiCA Deadline Actually Means

MiCA — the EU’s landmark crypto regulatory framework — came into force for crypto-asset service providers (CASPs) in December 2024 after a phased rollout. To ease the transition, member states were permitted to grant existing registered firms a grandfathering period of up to 18 months to convert their pre-MiCA national registrations into full CASP authorizations under the new regime.

That transitional window closes permanently on July 1, 2026.

From that date, any entity providing crypto-asset services to EU clients without a MiCA license will be operating in breach of EU law. There are no further extensions. On April 17, 2026, the European Securities and Markets Authority (ESMA) issued a formal statement leaving no ambiguity: supervisory tolerance for incomplete migrations is now over. National regulators across the EU are expected to actively enforce the rule starting July 1.

The regulation requires CASPs to meet governance, capital adequacy, IT security, and AML/CFT standards, and to demonstrate operational resilience under DORA, which came into effect in January 2025. The authorization process typically takes 4 to 9 months from submission to decision — meaning any firm not already in the pipeline has effectively missed the window.

The Numbers: A 17% Conversion Rate

The compliance picture is stark. Across the EU, more than 1,200 virtual asset service providers (VASPs) held pre-MiCA national registrations at the start of the transitional period. As of May 2026, approximately 210 of those firms have successfully converted to full CASP authorization — a conversion rate of roughly 17%.

That leaves more than 1,000 firms facing a hard choice in the next three and a half weeks.

The geographic distribution of that 17% is deeply uneven. Ten EU and EEA jurisdictions have yet to issue a single CASP authorization: Croatia, Estonia, Greece, Hungary, Iceland, Italy, Norway, Poland, Portugal, and Romania. Firms registered in these markets face a structural barrier — their regulators have not yet stood up a functioning authorization pipeline at all. For these firms, the practical path to compliance runs through a passport from a jurisdiction that has issued licenses, not a local approval.

Who Got Licensed: The Jurisdiction Leaders

While the overall compliance rate is low, several EU jurisdictions have emerged as CASP authorization hubs. The passport mechanism is key: a single MiCA license in one EU country allows a firm to offer services across all 27 member states and EEA countries without separate national approvals. Where you get licensed matters far less than getting licensed at all.

Germany (BaFin) leads the field with more than 50 authorized CASPs, including BitGo Europe, Trade Republic, Deutsche WertpapierService Bank, DZ Bank, and Boerse Stuttgart Digital Custody. Germany’s depth reflects BaFin’s well-established digital assets framework that predated MiCA.

Netherlands (AFM) has licensed 20+ firms including Bitvavo, Bitpanda, MoonPay Europe, Zerohash Europe, and ClearBank Europe — a mix of crypto-native exchanges and payments infrastructure.

France (AMF) hosts 15+ licensed CASPs with a strong institutional flavor: Société Générale Forge, CoinShares Asset Management, Circle, and Coinhouse all hold French CASP authorizations.

Cyprus (CySEC) issued 13 licenses with a retail focus: eToro, Trading 212, Capital.com, and Revolut are among the authorized firms based there.

Malta (MFSA) is home to several major global exchanges: OKX, Crypto.com, Gemini, and Blockchain.com.

Across all jurisdictions, the named exchanges with confirmed EU authorization include Binance, Bitstamp, Bitpanda, Coinbase, Kraken, Crypto.com, OKX, Revolut, and Bitvavo. These players are well-positioned for the post-July 1 environment. The firms without authorization face either a chaotic wind-down or a rapid client-transfer deal.

The USDT Problem: Tether’s €150 Billion Standoff

The single most consequential compliance gap involves Tether’s USDT — the world’s largest stablecoin by market cap. Tether did not apply for MiCA authorization, and USDT remains non-compliant under the regulation’s stablecoin provisions, which require e-money token issuers to hold a full EU license and maintain 100% liquid reserves under national oversight.

By contrast, Circle’s USDC and EURC are the only top-ten stablecoins by market cap that are fully MiCA-compliant. This is a structural advantage for Circle in the EU market — every exchange that wants to offer a compliant stablecoin is now funneled toward USDC or EURC.

The major exchanges were not waiting for July 1 to act. Coinbase delisted USDT for EU customers in December 2024. Kraken followed in early 2025. Crypto.com and Binance have both delisted or geofenced USDT trading pairs for EU users. Smaller exchanges that still carry USDT exposure will need to act by July 1 or risk being in breach.

For EU-based holders of USDT, the practical risk is platform-level: Tether itself is not violating EU law by existing, but any licensed CASP offering USDT to EU clients will be out of compliance after the deadline. The result is that USDT access in the EU will increasingly require self-custody or non-EU platforms operating via the reverse solicitation carveout.

What ESMA Is Demanding by July 1

ESMA’s April 17 statement set three non-negotiable supervisory expectations for the final stretch:

Wind-down plans must be operational, not on paper. Unauthorized CASPs must have credible, immediately executable plans in place by July 1 — covering client offboarding, asset transfers to authorized platforms or self-hosted wallets, and full operational closure. ESMA explicitly flagged that draft documents still awaiting internal approval will not satisfy the requirement.

Client migrations must be completed with full AML re-onboarding. Licensed CASPs absorbing clients from transitioning firms are required to conduct complete anti-money laundering and know-your-customer onboarding for each migrated client. There is no regulatory shortcut for inherited client books.

Third-country firms face a near-total prohibition. Non-EU crypto companies cannot market to, solicit, or serve EU clients after July 1, except in narrow cases of genuine reverse solicitation where the EU client independently initiates contact without any prior marketing. ESMA has specifically prohibited outsourcing and delegation arrangements designed to route EU customer traffic through a non-EU parent while a licensed EU subsidiary holds the technical authorization.

Enforcement: Criminal Prosecution Is on the Table

MiCA’s penalty framework gives regulators substantial teeth:

• Fines of up to €5 million or 5% of annual turnover, whichever is greater
• Immediate cease-and-desist orders and effective EU market bans
• Criminal prosecution under national law in jurisdictions that have implemented the regulation’s criminal liability provisions

France’s Autorité des marchés financiers (AMF) has been the most direct. It has publicly warned that operating without MiCA authorization after July 1 will expose firms to criminal prosecution under French law — not just administrative fines. France has a history of aggressive financial enforcement, and crypto firms with any French client exposure should treat that warning as credible.

ESMA’s statement puts national competent authorities explicitly on the hook to verify wind-down plans and initiate enforcement — regulators cannot simply wait for whistleblower complaints.

What This Means for Investors

The July 1 deadline creates practical implications for anyone holding or trading crypto in the EU.

Verify your exchange is authorized. The ESMA website maintains an official CASP register. If your platform is not on it — or passporting from a jurisdiction that has issued authorization — it will be operating illegally after July 1. The major exchanges (Coinbase, Kraken, Binance, OKX, Crypto.com) have confirmed authorization. Hundreds of smaller platforms have not.

USDT access will narrow further. Every MiCA-licensed exchange has either already removed USDT or will need to by July 1. If you hold USDT on an EU-regulated exchange, expect a forced conversion notice or account restriction in the next three weeks. Alternatives include converting to USDC, moving to a self-hosted wallet, or transferring to a non-EU platform where reverse solicitation applies.

Licensed players now hold a structural moat. The 4-9 month authorization timeline means latecomers cannot simply apply and catch up. Firms that completed the process in 2025 now control EU market access. Expect consolidation — unlicensed VASPs will either be absorbed by authorized competitors in rushed client-transfer deals, or disappear entirely. That concentrates EU crypto trading volume in a smaller set of well-capitalized, regulated platforms.

DeFi is watching from a distance — for now. MiCA applies to centralized service providers, not to self-hosted wallets or non-custodial DeFi protocols. But ESMA’s prohibition on routing EU clients through non-EU entities is designed to prevent centralized firms from using DeFi as a regulatory bypass. A future MiCA revision expanding scope to DeFi has been openly discussed in Brussels since 2025.

The net effect of July 1 is that the EU crypto market — once spread across 27 fragmented national registration regimes — will consolidate overnight into a regulated oligopoly of roughly 210 licensed firms. Whether that consolidation ultimately raises standards and trust, or simply entrenches incumbents, will depend heavily on how aggressively national regulators enforce the deadline against the 1,000+ firms that missed it.