Countdown clock showing 1 July 2026 MiCA transitional period deadline with EU member state timeline markers on a dark navy background
Back to blog
MiCA Compliance

MiCA Article 143 Transitional Period Ends 1 July 2026: Wind-Down, Enforcement & Your Last Operational Options

On 1 July 2026, every CASP still operating without a granted MiCA authorisation becomes an unlicensed firm in breach of EU law — full stop. This is not a deadline to file; it is a deadline to hold. Here is exactly what that means for your wind-down obligations, what ESMA and NCAs will do next, and the narrow paths that still exist for continuity.

By Compliora AI Team 2026-06-01 14 min read
Contents
  1. The Hard Stop: What MiCA Article 143(3) Actually Says — and What It Doesn't
  2. Per-Country Deadline Map: When Did Your Window Actually Close?
  3. ESMA's April 2026 Statement: What 'Heightened Scrutiny' Really Means in Practice
  4. Article 111 Sanctions: The Specific Enforcement Teeth for Unlicensed Operations
  5. What a Credible ESMA-Compliant Wind-Down Plan Must Actually Contain
  6. Three Operational Paths After July 1: Authorised, Passport-In, or Exit
  7. The Poland Problem: A Structural Legislative Failure With No Regulatory Fix
  8. Last-Minute Application Risks: Why a June 2026 Filing Is Not a Safety Net
  9. Client Asset Protection During Exit: MiCA Obligations That Don't Switch Off
  10. ~210 Out of 1,200+: What the Authorisation Conversion Rate Tells Compliance Teams
  11. Compliance Action Checklist: What to Do Before and After 1 July 2026

The Hard Stop: What MiCA Article 143(3) Actually Says — and What It Doesn't

The transitional window created by MiCA Article 143(3) has a precise legal boundary that is worth reading word for word, because the industry has generated a remarkable volume of confusion about what it actually permits. The provision allows crypto-asset service providers that were providing services lawfully under national law before 30 December 2024 to continue doing so until 1 July 2026 — or until they are granted or refused authorisation under Article 63, whichever is sooner. Every word in that sentence carries legal weight.

The operative word is granted. Not applied for. Not pending. Not under review. A CASP that filed a complete MiCA application on 1 June 2025 and has heard nothing back does not have an extended right to operate past the transitional deadline in its jurisdiction. The application itself confers nothing beyond what the transitional period already permits. If the competent authority has not issued an authorisation decision — positive or negative — before the applicable cutoff, the legal basis for continued operation expires automatically. This is the single most operationally dangerous misconception circulating among compliance teams right now.

Article 143(6) creates a separate, lighter track for entities that already held national authorisations or registrations as of 30 December 2024. These firms can apply for MiCA authorisation via a simplified procedure, with national competent authorities having the ability to tailor documentation requirements where the national licensing process already captured equivalent information. This matters practically: a firm that held, say, a German BaFin crypto custody registration before the MiCA application date does not necessarily have to reconstruct its entire regulatory file from scratch. However, the simplified procedure does not alter the hard deadline — the authorisation must still be granted before the transitional window closes in that Member State.

Member States had full discretion under Article 143(3) to set a shorter national transitional period — and many exercised it aggressively. What they could not do was extend the window beyond 1 July 2026. That outer limit is fixed by the Regulation itself, which means no Member State law, no NCA circular, and no domestic political circumstance can push the EU-wide hard stop. The Regulation is directly applicable; it does not need transposition to take effect, and it cannot be modified by national legislators.

ESMA was unusually explicit about enforcement expectations during this period. In its December 2024 statement, the authority signalled that national competent authorities were expected to apply heightened scrutiny to grandfathered operators and that the transitional window was not an invitation to defer compliance indefinitely. By April 2026, ESMA's posture had hardened further: its statement made clear that firms without granted authorisation must cease regulated activities at their applicable deadline, and that NCAs were expected to act swiftly against continued unlicensed operation. The message from both statements is the same — the transitional period is a runway, not a renegotiation.

One further misconception deserves direct correction. Some operators have assumed that because they submitted applications, they are in a grey zone that regulators will tolerate past 1 July 2026. That reading is not supported by the Regulation's text or by ESMA's published positions. Post-deadline operation without a granted authorisation is not a regulatory grey zone — it is unauthorised provision of crypto-asset services, with the full enforcement consequences that follow. For a deeper look at what the authorisation process itself demands, see our complete guide to CASP licence requirements.

Per-Country Deadline Map: When Did Your Window Actually Close?

One of the most consequential features of the MiCA transitional regime is that it did not create a single, uniform European deadline — it created a framework within which each Member State could choose its own shorter window. The practical result is a patchwork of cutoff dates that vary by more than a year across the EU. What follows is a structured map of those deadlines based on available public sources, including the aosphere member-state implementation tracker. These dates reflect the position as reported at the time of writing; readers should verify current status directly with the relevant NCA, as some positions have evolved.

Tier 1 — Windows already closed well before July 2026

  • Netherlands: DNB applied a 6-month transitional period, meaning the window closed on 30 June 2025. Grandfathered VASPs that had not received a MiCA authorisation by that date lost their legal basis to operate.
  • Poland: A special and acutely difficult case. Poland adopted a 6-month transitional period — also 30 June 2025 in design — but the underlying Crypto-Assets Market Act required to designate KNF as the competent authority was vetoed by the President for the second time on 12 February 2026. Without the implementing legislation, KNF cannot process CASP applications. There is no mechanism under EU law to extend the 1 July 2026 outer limit. Polish operators therefore face a total operational cliff with no domestic licensing path available. This is not a technical oversight — it is a structural gap that Polish counsel and the Wozniaklaw analysis have described as leaving firms in an effectively irresolvable position absent new legislation.

Tier 2 — Windows closed December 2025

  • Austria, Germany, Spain: All three applied transitional periods ending 31 December 2025. Firms in these jurisdictions that had not received MiCA authorisation by year-end 2025 are now operating without a valid legal basis unless they subsequently obtained authorisation.
  • Lithuania: The Bank of Lithuania confirmed a shortened window. Sources differ on whether the precise cutoff was mid-2025 or 31 December 2025; the aosphere tracker places Lithuania in the December 2025 cohort. Readers operating in Lithuania should confirm the exact date directly with the Bank of Lithuania, as the NCA has confirmed that operators lose their legal basis immediately upon expiry with no grace period.
  • Ireland and Italy: Per the aosphere tracker, both jurisdictions applied 12-month transitional periods, placing their cutoffs at 30 December 2025. Note: some secondary sources have reported Italy as running to the full July 2026 deadline. The aosphere tracker — cited as authoritative throughout this article — places Italy in the 12-month cohort. Firms with Italian operations should verify their position directly with Consob and/or Banca d'Italia, as the consequences of misidentifying this date are severe.

Tier 3 — Full 18-month window to 1 July 2026

  • Czech Republic: Runs to 1 July 2026, but the CNB required applications to be submitted by 31 July 2025 to preserve transitional status.
  • Estonia: Full 18-month window to 1 July 2026. Estonia's Financial Intelligence Unit has been processing applications but the volume of legacy VASP registrations is high relative to authorisation capacity.
  • France: The AMF has publicly reminded digital asset service providers that the transitional period expires 1 July 2026 and that the PSAN (Prestataire de Services sur Actifs Numériques) registration it previously issued does not automatically convert to a MiCA CASP authorisation.
  • Luxembourg: Full 18-month window. The CSSF has been processing applications under the Article 143(6) simplified procedure for firms with prior national authorisations.
  • Malta: Full 18-month window to 1 July 2026. Malta's prior Virtual Financial Assets Act framework means most operators have existing MFSA licences and are applying under the simplified procedure.
  • Cyprus: Full 18-month window, but the CySEC required firms wishing to retain transitional status to submit their MiCA application by 27 February 2026. Firms that missed that submission deadline cannot rely on transitional protection through to 1 July 2026.

EEA (non-EU) note: Iceland and Liechtenstein adopted transitional arrangements aligned with the EU outer limit, running to 1 July 2026. Norway's position has developed separately given its EEA incorporation timeline for MiCA; operators in EEA states should not assume automatic equivalence with EU Member State timelines.

Critical operational warning on passporting: Grandfathered CASPs operating under Article 143(3) transitional protection had no MiCA passporting rights during the transitional period. Cross-border service provision depended entirely on whether the relevant national permission in the home state covered cross-border activity, and whether the host state's national rules permitted it. Article 65 — which governs cross-border provision of crypto-asset services for fully authorised CASPs — was simply not available to transitional operators. Firms that assumed their legacy national registration gave them EU-wide reach were exposed, and some have learned this the hard way. For the post-authorisation picture, see our analysis of CASP licence requirements and our overview of MiCA compliance deadlines for 2026.

For the broader context of how the grandfathering regime was designed and what it was intended to achieve, see our detailed explainer on Article 143 grandfathering. If you have already missed your jurisdiction's cutoff, the options remaining to you are narrow — but understanding them precisely still matters. See also our assessment of the biggest MiCA compliance mistakes made by Web3 startups for a candid account of how firms misread this deadline map.

ESMA's April 2026 Statement: What 'Heightened Scrutiny' Really Means in Practice

On 17 April 2026, ESMA published a formal statement directing National Competent Authorities (NCAs) across all EU Member States to move from supervisory patience to active enforcement as the Article 143(3) transitional window approached its close. The statement was not a general reminder — it was a operational directive with three distinct prongs, each of which has concrete implications for any crypto-asset service provider still operating under a pre-MiCA national registration.

First, NCAs were directed to take enforcement action against unauthorised provision of services after 1 July 2026. This means that from the morning of that date, operating without a granted Article 59 authorisation is not a technical irregularity to be resolved administratively — it is an active breach attracting the sanctions regime set out in Article 111. There is no grace period built into the regulation, and ESMA's April statement made clear that NCAs should not create one informally.

Second, ESMA explicitly warned NCAs to scrutinise migration strategies that attempt to preserve business-as-usual operations through structural workarounds. The regulator identified two specific patterns: shell arrangements, where an authorised entity nominally holds the licence but the substantive operation is conducted by an unauthorised affiliate; and outsourcing chains that route customer-facing activity through non-authorised third-country firms. Both are treated as unauthorised service provision regardless of the contractual label applied. Any firm that has restructured its group specifically to exploit these gaps should treat ESMA's language as a direct signal that its model is in scope for review.

Third, late applications filed in May or June 2026 are to receive heightened review — not expedited sympathy. ESMA was unambiguous that a sub-standard application submitted close to the deadline will not benefit from any presumption of good faith. NCAs were instructed to assess these files with greater scrutiny, not less. The implication is practical and serious: a firm that has spent the transitional period deferring its application has not purchased more preparation time — it has accumulated supervisory suspicion.

This April statement built on an earlier ESMA warning issued in December 2025, which had already put the market on notice that the transitional period was not extendable and that NCA forbearance could not be assumed. The Autorité des marchés financiers (AMF) in France issued its own public reminder in February 2026, specifically addressing digital asset service providers and emphasising that the AMF would not treat the post-deadline period as a soft landing. These national-level communications reinforce that ESMA's position is not aspirational — it reflects coordinated supervisory intent across major jurisdictions.

Separately, ESMA's peer review of Malta's MFSA — conducted in April 2025 with a report published in July 2025 — has raised the baseline quality standard that every NCA is now expected to apply when assessing CASP authorisation applications. The peer review issued recommendations covering four core areas: business plans must be assessed in a forward-looking manner rather than taken at face value; ICT infrastructure must demonstrate DORA-readiness as a condition of authorisation, not a post-authorisation obligation; conflicts of interest — particularly in intragroup structures — must be identified and mitigated before authorisation is granted; and intragroup governance arrangements must be substantive, not merely documented. Any firm applying in 2026 faces an NCA that has been explicitly benchmarked against these criteria. A late applicant is not facing the same bar that existed in early 2025.

ESMA's Interim MiCA Register, updated on a weekly basis, now includes a non-compliant entities tab. Appearing on that tab — because an application was refused, withdrawn, or a firm is operating without authorisation — is not an abstract regulatory consequence. It is publicly visible to institutional counterparties, payment processors, banking partners, and retail customers. The commercial harm from that listing can precede any formal fine by weeks or months. Firms that have not yet engaged seriously with the authorisation process should weigh this reputational exposure as part of their wind-down calculus, not an afterthought.

Article 111 Sanctions: The Specific Enforcement Teeth for Unlicensed Operations

The administrative sanctions framework that applies to unlicensed operation after 1 July 2026 is set out in Article 111 of Regulation (EU) 2023/1114 — not, as is sometimes incorrectly cited, Article 113. Understanding the distinction matters: Article 113 addresses the exercise of supervisory powers and procedural cooperation between authorities. Article 111 is where the financial penalties and their specific thresholds are defined. Any practitioner or compliance officer advising on post-deadline risk should anchor their analysis to the correct provision.

For legal persons — companies, partnerships, and other entities — the floor for administrative fines in the unlicensed-operation scenario is at least €5,000,000. This is a minimum, not a cap. NCAs retain discretion to go higher where circumstances warrant, and the regulation's general framework requires them to take into account the duration of the breach, the degree of responsibility, the financial strength of the firm, and whether the breach was intentional. A firm that continued operating for weeks or months after the deadline, while fully aware of its non-compliance, faces a materially worse outcome than one that wound down promptly.

For natural persons — directors, senior managers, and other individuals deemed responsible — the minimum administrative fine is at least €700,000. This personal liability exposure is one of the most underappreciated aspects of the sanctions regime. The regulation makes clear that enforcement action can run concurrently against the entity and the individuals who directed or permitted the breach. Founders and board members of non-compliant CASPs are not shielded by corporate structure.

The turnover-based component operates as a proportional overlay. Where applicable, NCAs may impose a fine in the range of 3% to 12.5% of annual turnover — whichever produces the higher figure relative to the fixed-amount minimums described above. This range is accurate specifically for the unlicensed-operation scenario. It is worth noting that Article 111 provides for higher ceilings in respect of certain other MiCA breaches — up to €15,000,000 and a 10%–15% of turnover range — but those thresholds attach to different categories of violation. The 5 million / 3%–12.5% framing is the correct reference for operating as a CASP without authorisation.

Publication of decisions is governed by Article 114. NCAs are required to publish sanctions decisions, including the identity of the sanctioned entity or individual, the nature of the breach, and the penalty imposed. This naming-and-shaming mechanism is not optional for the NCA — it is a regulatory obligation, subject only to limited exceptions where publication would cause disproportionate harm or jeopardise an ongoing investigation. For a business whose commercial relationships depend on trust, the reputational consequence of an Article 114 publication will frequently exceed the financial cost of the fine itself.

Beyond financial penalties, NCAs hold a range of additional enforcement tools that can be deployed immediately and without the procedural timelines associated with formal fines. These include:

  • Immediate cessation orders, requiring the firm to halt all crypto-asset services with no operational runway.
  • Website blocking and app-store removal — measures specifically referenced by Poland's KNF in public communications about post-deadline enforcement, even in the absence of a fully transposed national law.
  • Asset freezes, particularly where client assets are held and the NCA determines there is a risk of dissipation.
  • Refusal or withdrawal of any pending authorisation application, meaning a firm cannot use an outstanding application as a shield while continuing to operate.

There is a further layer of exposure that sits outside the MiCA sanctions framework itself. A firm that continues to hold client crypto-assets after the deadline while operating without authorisation faces compounding civil liability to those clients, as well as potential exposure under AML/CFT frameworks — since unlicensed status may affect the validity of the firm's existing compliance obligations and reporting relationships. Operational inertia past the deadline is not a neutral position; it actively increases the legal surface area across multiple regulatory regimes simultaneously. Firms that cannot obtain authorisation by 1 July 2026 should treat structured wind-down — with proper notification to clients, orderly return of assets, and engagement with their NCA — as the legally and commercially safer path.

What a Credible ESMA-Compliant Wind-Down Plan Must Actually Contain

ESMA's April 2026 statement made one thing unambiguous: a wind-down plan is not a document you draft on 2 July 2026. It must be ready for immediate implementation before the transitional period expires. National competent authorities (NCAs) are actively scrutinising whether firms have genuinely operationalised exit procedures or are simply hoping enforcement will be slow. If your plan exists only as a slide deck, regulators will treat it as no plan at all.

A credible, NCA-compliant wind-down plan must address six distinct requirements:

  • Readiness before the deadline. The plan must be board-approved, tested against your actual client book, and capable of execution without further internal approvals before 1 July 2026. Board-level sign-off — documented in minutes — is a minimum evidential requirement.
  • Orderly client offboarding with prior notice. Clients must receive written notice in sufficient time to make an informed decision about where to transfer their crypto-assets. That means identifying authorised CASPs to which clients can migrate and providing clear instructions for transferring assets to self-hosted wallets. Abrupt service termination without adequate notice is itself a consumer protection failure.
  • No undue economic harm. The pricing, sequencing, and mechanics of offboarding must not cause clients avoidable financial loss. Withdrawal fees artificially inflated during wind-down, or asset freezes with no clear timeline, are exactly the kind of conduct NCAs will treat as aggravating factors in enforcement proceedings.
  • Continuous AML/CFT compliance throughout exit. The Transfer of Funds Regulation (TFR), applicable AML Directives, and all KYC/CDD obligations remain fully in force during wind-down. There is no compliance holiday during exit. Firms must continue screening, monitoring, and reporting suspicious transactions until the last client relationship is closed. Final AML/CFT reports should be prepared and retained.
  • Sustained prudential and safeguarding obligations. Own-funds requirements under Article 67 of MiCA (Regulation (EU) 2023/1114) and client asset safeguarding obligations under Article 70 — including segregation from firm assets — must remain intact until the last client has been offboarded. A firm cannot release regulatory capital or commingle client assets simply because it has announced it is winding down.
  • A complete documentation trail. Firms should retain board resolutions, all client communications (dates, content, delivery confirmation), asset transfer records, and a final reconciliation showing that every client's assets were correctly returned or transferred. This paper trail is your primary defence if an NCA opens a post-exit review.

The distinction between a genuine wind-down and a service suspension is one regulators are drawing carefully. A service suspension — taking the trading interface offline while retaining custody of client assets, maintaining employee headcount, and preserving the technical infrastructure — is not an exit. NCAs in several member states have already indicated they will treat prolonged suspension as continued unauthorised provision of crypto-asset services, attracting the same sanctions as active operation. The test is whether the firm is demonstrably reducing its EU footprint and returning client assets, not merely going quiet.

If your firm is at the wind-down stage, the time to act is now — not at month-end. For context on the broader compliance obligations that frame this exit process, see our guide on MiCA compliance deadlines for 2026 and our overview of CASP licence requirements.

Three Operational Paths After July 1: Authorised, Passport-In, or Exit

After 1 July 2026, the legal landscape collapses to three options. There is no fourth path, no informal grace period, and no jurisdictional arbitrage play that survives regulatory scrutiny. Understanding which path is realistically available to your firm requires honesty about where your authorisation application actually stands today — not where you hope it will be.

Path 1 — Hold a granted MiCA authorisation. If your firm has received a formal authorisation decision from any EU/EEA NCA, you may operate across the single market under the MiCA passporting mechanism. Passporting rights flow from a granted authorisation; they are not negotiated separately with host-state regulators. The mechanics are set out in Article 65 of MiCA: you notify your home NCA, which then has 10 working days to forward the notification to host NCAs, ESMA, and EBA. You may commence cross-border services from the date your home NCA receives the notification — or at the latest on the 15th calendar day after submission, whichever is earlier. Host NCAs are informed, not asked for permission. This is a material procedural distinction: a host NCA cannot block or delay services by failing to respond. If you hold an authorisation and have not yet filed cross-border notifications, that should be an immediate priority.

Path 2 — Application in an active pipeline jurisdiction. For firms whose applications were already well advanced before mid-2026, there is a residual possibility of obtaining authorisation shortly after 1 July — provided the application was filed while the transitional period was still running and the NCA's pipeline is functioning. Jurisdictions with active processing capacity as of mid-2026 include France (AMF), Luxembourg (CSSF), Malta (MFSA), Czech Republic (CNB), Estonia (Finantsinspektsioon), and Cyprus (CySEC). However, the processing timeline under Article 62 and Article 63 of MiCA is substantial — NCAs assess completeness before the substantive review clock even begins, and overall timelines routinely exceed four months. Any application filed in May or June 2026 will almost certainly not produce a granted authorisation before the deadline. Path 2 is viable only for firms with applications that were filed months ago and are genuinely progressing through review. It is not a strategy for firms starting the process now. For a detailed breakdown of what authorisation applications must contain — including the requirements under Commission Delegated Regulation (EU) 2025/305 — see our complete CASP licence requirements guide.

Path 3 — Full exit and wind-down. For firms that are neither authorised nor in a credible late-stage pipeline, the only lawful option is a structured wind-down of EU-facing services. This means implementing the client offboarding plan discussed in the previous section, ceasing all MiCA-regulated services to EU clients, and — if the entity itself is to survive in another market — formally restructuring its EU activities. Some operators are exploring the establishment of a new EU subsidiary in an active jurisdiction as a route back to the market. This is legally possible but demands genuine operational substance: real staff, real decision-making, real local infrastructure. A letter-box entity with a registered address and a forwarding number will not survive NCA scrutiny, and several NCAs have already signalled that substance requirements will be enforced strictly.

One route that does not qualify as a fourth path is continued operation as a third-country firm relying on reverse solicitation. After 1 July 2026, non-EU firms cannot provide MiCA-regulated services to EU clients except within the extremely narrow reverse-solicitation exception — which requires that the client approached the firm entirely on their own initiative, with no prior marketing, targeting, or outreach by the firm. As we explain in our dedicated analysis of reverse solicitation for non-EU firms, regulators treat this exception as genuinely narrow, and firms that rely on it broadly face the same enforcement exposure as firms operating without authorisation. The sanctions under Article 111 of MiCA — a minimum administrative fine of €5,000,000 for legal persons, or a turnover-based component ranging from 3% to 12.5% of annual turnover — apply regardless of where the firm is incorporated.

If you are uncertain which path applies to your firm, the starting point is an honest assessment of your current authorisation status. Our overview of the Article 143 grandfathering rules and our tracker of MiCA compliance deadlines can help frame that assessment — but at this stage of the transitional period, the analysis needs to be specific to your jurisdiction, your services, and your application timeline.

The Poland Problem: A Structural Legislative Failure With No Regulatory Fix

Poland represents the most acute example of what happens when a Member State's domestic legislative machinery fails to keep pace with directly applicable EU law. The country's Crypto-Assets Market Act — the national implementing statute needed to designate the Komisja Nadzoru Finansowego (KNF) as the competent authority under MiCA — was vetoed by the President for a second time on 12 February 2026. That second veto is not a procedural delay. It is a structural deadlock: without the Act, KNF has no legal basis under Polish domestic law to receive, assess, or grant CASP authorisations under MiCA Article 62.

The consequences are not theoretical. Poland maintains a register of virtual asset service providers (the RDWW register), and firms on that register were entitled to continue operating under Article 143(3) — the transitional grandfathering provision — until 1 July 2026 or until their MiCA authorisation was granted or refused, whichever came first. KNF has been unambiguous: the 1 July 2026 deadline is fixed by EU Regulation and cannot be extended by any Polish statute, ministerial decree, or KNF decision. Poland cannot legislate itself an extension. The deadline is a ceiling set in Brussels, not Warsaw.

After 1 July 2026, the legal position is stark. RDWW registrations carry no operational entitlement under MiCA. No Polish-issued CASP licence exists or can exist while the legislative gap persists. KNF has publicly warned that operating without authorisation after the deadline may trigger administrative sanctions — including those provided for in MiCA Article 111, which sets minimum administrative fines of at least €5,000,000 for legal persons and at least €700,000 for natural persons — as well as website blocking and orders to cease activity immediately. These are not hypothetical enforcement tools; several EU competent authorities have already signalled willingness to use them against non-compliant operators after the transition ends.

The only viable path for operators who need to serve the Polish market after 1 July 2026 is to obtain CASP authorisation in a different Member State where a functioning legislative and regulatory pipeline exists, and then exercise cross-border passporting rights under MiCA Article 65. Under that provision, a CASP notifies its home competent authority, which has 10 working days to transmit the notification to the host Member State authority, ESMA, and EBA; the firm may begin providing services into the host state from the date it receives confirmation of transmission, or at the latest on the 15th calendar day thereafter. Crucially, the passport attaches to the MiCA authorisation, not to the Polish registration — firms that have not yet obtained authorisation elsewhere have no passport to exercise.

Contrast this with jurisdictions such as France, Luxembourg, and Malta, where transposing legislation is in place, the NCA has been formally designated, and application pipelines are actively processing files. Operators who identified this risk early and re-domiciled their regulatory anchor to one of these jurisdictions — or who structured a dual-track approach from the outset — are positioned to continue serving Polish clients lawfully via Article 65 notification. Those who remained anchored exclusively to the RDWW register and assumed the Polish Act would eventually pass are now facing wind-down or enforced exit from the market.

The Polish situation is a cautionary illustration of a broader principle: MiCA's transitional regime protects firms that act on it, not firms that wait for their home Member State to act for them. Regulatory readiness is ultimately the firm's responsibility, not the legislature's.

Firms currently in this position should seek urgent legal advice on available home-state options, the realistic timeline to authorisation in a receptive jurisdiction, and whether interim wind-down of Polish client activity is required to avoid enforcement exposure. See our guide to CASP licence requirements and the MiCA compliance deadlines tracker for jurisdiction-specific pipeline status.

Last-Minute Application Risks: Why a June 2026 Filing Is Not a Safety Net

A persistent misconception circulating among operators still without MiCA authorisation is that filing a CASP application in late May or June 2026 acts as a kind of operational lifeline — that the act of submitting preserves the right to operate while the NCA deliberates. This is wrong, and understanding precisely why it is wrong matters for anyone making operational decisions in the final weeks before 1 July 2026.

1. The statutory timeline does not compress for convenience. Under MiCA Article 63, a national competent authority has 25 working days to assess whether an application is complete. Only once it is deemed complete does the substantive assessment period begin — and that period runs to 90 working days, extendable by a further 30 working days for complex cases. That is a theoretical minimum of roughly five calendar months from the date a complete file lands with the NCA. In practice, NCAs across the EU — including the AMF in France — have publicly noted that applications rarely arrive complete on first submission. Requests for additional information, clarification rounds, and supplementary document requests are routine, and each one adds weeks or months. A June 2026 filing is not going to produce a July 2026 authorisation. It may not produce a 2026 authorisation at all.

2. Heightened scrutiny applies to late filers, not reduced scrutiny. ESMA has signalled clearly that last-minute applications will receive elevated regulatory attention, not a lighter touch. The implicit expectation embedded in Article 143 was that firms operating under transitional relief would use the 18-month window to build genuinely compliant infrastructure and submit well-prepared applications. An application filed days before the deadline raises immediate questions about operational readiness, governance maturity, and the completeness of the compliance framework — questions NCAs are under no obligation to resolve favourably or quickly.

3. Filing in June 2026 does not extend rights in jurisdictions whose transitional windows have already closed. The grandfathering period is jurisdiction-specific. Member States including the Netherlands, Poland (structurally), Austria, Germany, Spain, and Lithuania each had deadlines that expired before 1 July 2026 — in some cases as early as 30 June 2025. A firm that lost its transitional operating right in December 2025 does not recover it by filing an application in another Member State in June 2026. The right to operate in each Member State attaches to the local transitional status or to an active MiCA authorisation — not to a pending application elsewhere. See the Article 143 grandfathering explainer and the per-country deadline map for detail on which windows have already closed.

4. The simplified procedure is not universally available. Article 143(6) provides a streamlined authorisation path, but it applies only to entities that were already nationally authorised as of 30 December 2024 under a pre-existing national regime. Firms that were merely registered (as opposed to fully authorised) under national law, or that began operating after that date, are not eligible for the simplified procedure and must go through the full Article 62 process regardless of when they file.

5. Application completeness is a hard threshold, not a formality. Commission Delegated Regulation (EU) 2025/305 — adopted under Article 62 — prescribes the mandatory content of a CASP authorisation application in precise detail. An incomplete file does not pause the clock in any operationally useful sense: it pauses the substantive review, but the transitional deadline continues to run. Submitting an incomplete application buys time only on paper; it does not preserve operational rights.

The constructive advice for firms still in the queue is this: concentrate entirely on application quality rather than submission speed. Proactive, substantive engagement with your NCA — flagging outstanding items, seeking pre-submission meetings where the NCA permits them, and responding to information requests within days rather than weeks — is materially more valuable than a rushed filing. In parallel, wind-down plans must be drafted and ready to execute now, not after the deadline passes. Regulators look more favourably on firms that demonstrate orderly contingency planning than on those that appear to have assumed authorisation was guaranteed. For common errors that undermine applications at this stage, see the seven biggest MiCA compliance mistakes.

Client Asset Protection During Exit: MiCA Obligations That Don't Switch Off

The expiry of the MiCA transitional period is not a compliance off-switch. For any CASP executing a wind-down after 1 July 2026 — whether because authorisation was refused, withdrawn, or never sought — a dense layer of client-protection obligations continues to bind the firm until the very last asset is returned or transferred. Understanding which rules stay live, and for how long, is not optional: regulators across the EU have made clear that a disorderly exit is itself an enforcement event.

Custody and segregation persist until the last transfer. MiCA Article 70 requires CASPs providing custody and administration of crypto-assets on behalf of clients to segregate those assets from the firm's own proprietary holdings at all times. That duty does not terminate on the date the firm's authorisation lapses or its business winds down. It endures for as long as the CASP retains de facto control over client assets. A firm that has ceased accepting new business but still holds crypto-assets in omnibus wallets remains fully within the scope of Article 70, and any commingling of client assets during that period constitutes a continuing breach — one that is particularly difficult to explain to a supervisory authority conducting a post-mortem review.

Client fiat must stay ringfenced. Fiat currency received from clients in connection with crypto-asset services must be held with an EU credit institution or a central bank. This safeguarding requirement does not dissolve when a firm enters wind-down mode. During offboarding, firms must ensure that fiat balances are returned from properly segregated accounts — not from the firm's operating cash pool. Any co-mingling of client fiat with operational funds during a wind-down is a regulatory breach independent of the authorisation question.

The travel rule applies to every outbound transfer. The Transfer of Funds Regulation — now directly applicable to crypto-asset transfers — requires that originator and beneficiary information accompany all transfers of crypto-assets. This obligation is not suspended because a firm is offboarding clients. Every transfer of a client's crypto-assets to an external wallet — whether a self-hosted wallet or the custodial wallet of an authorised CASP — must carry the required travel rule data. Firms processing large volumes of offboarding transfers simultaneously face real operational pressure here: compliance shortcuts taken under time pressure are precisely the kind of conduct that generates post-wind-down supervisory scrutiny.

AML/CFT due diligence continues through the final transfer. Customer due diligence and transaction monitoring obligations under the EU Anti-Money Laundering Directives do not terminate at wind-down. If anything, offboarding presents elevated ML/TF risk: clients seeking to move assets quickly, to unfamiliar destinations, under time pressure, is a transaction pattern that AML frameworks are specifically designed to flag. Firms must continue to apply risk-based monitoring to outbound transfers and must not disable monitoring systems prematurely in an effort to reduce operational costs during exit.

Client notice must be adequate and explicit. The AMF has used the standard of sufficient prior notice when describing what clients are owed before a CASP ceases operations. In practice, this means clients need enough time and enough information to make an informed decision about where to move their assets — including explicit instructions for transferring to an authorised CASP or to a self-hosted wallet. A generic email sent days before the deadline is unlikely to satisfy that standard, particularly where clients hold illiquid or complex positions.

Critical risk to flag: a firm that suspends customer-facing services but continues to hold client crypto-assets is not outside MiCA's scope. It is still providing custody. If that firm no longer holds a valid MiCA authorisation after 1 July 2026, it is providing a regulated service without authorisation — precisely the conduct that attracts the sanctions set out in Article 111. The suspension of services is not a safe harbour. The only safe harbour is returning or transferring every client asset before authorisation lapses.

Compliance teams overseeing a wind-down should treat the asset-return process as a regulated activity in its own right, with its own project plan, its own compliance sign-off, and its own regulatory notification to the competent authority. Several NCAs have already indicated that they expect proactive engagement from firms choosing not to seek MiCA authorisation — silence is not a strategy.

~210 Out of 1,200+: What the Authorisation Conversion Rate Tells Compliance Teams

Approximately 210 CASPs had received MiCA authorisations across 23 EU Member States as of May 2026. Set against the more than 1,200 VASP entities that held national registrations under pre-MiCA AML-registration regimes, that figure — roughly one in six — tells compliance teams something important about the real substance of what MiCA demands, and about the landscape that authorised operators are now inheriting.

Most pre-MiCA registrations were never substantive authorisations. The dominant prior regime across the EU was an AML-registration model: firms registered with a national FIU or competent authority primarily to satisfy anti-money laundering obligations. That registration conferred no positive finding on governance quality, capital adequacy, ICT resilience, conflicts-of-interest management, or conduct standards. MiCA requires a competent authority to make an affirmative determination on all of those dimensions before granting authorisation. The bar is genuinely, structurally higher — and the low conversion rate reflects that reality rather than any administrative backlog alone. Many of the 1,000-plus firms that have not converted simply could not meet the substance requirements.

Some operators made a deliberate commercial decision to exit. Not every non-conversion is a failure of compliance. A meaningful subset of pre-MiCA VASPs operated business models that are economically unviable under MiCA — whether because the cost of compliance exceeds projected EU-market revenue, because the firm's core product (certain algorithmic or DeFi-adjacent services) does not fit cleanly within the MiCA service taxonomy, or because the firm's primary customer base is outside the EU and the effort of full authorisation is not commercially justified. For those firms, the decision not to pursue authorisation may have been rational. What matters, from a regulatory standpoint, is that they have actually ceased EU-facing services — not merely ceased applying.

A number of applications remain in progress. In jurisdictions that elected the full 18-month transitional period — France, Luxembourg, Malta, Czech Republic, Estonia and others — applications submitted before the national deadline remain in the queue. Competent authorities processing a high volume of applications simultaneously face real resource constraints. The ~210 figure will rise before 1 July 2026, but the pace of authorisation decisions across the EU has not been sufficient to convert the majority of applicants within the window. Understanding which deadlines apply in which jurisdiction remains essential for tracking when transitional protection actually ends for any given firm.

ESMA's non-compliant entities list changes the enforcement dynamic. The ESMA Interim MiCA Register now includes a dedicated tab for entities identified as operating outside the authorisation framework. This is the first EU-wide public list of known non-compliant crypto-asset service providers — a significant escalation from the pre-MiCA environment, where enforcement was fragmented at national level. The existence of that list creates reputational and counterparty risk for any firm appearing on it, quite apart from the direct supervisory consequences.

For authorised CASPs, the consolidation creates both opportunity and obligation. Market consolidation at this scale means a large population of clients will be actively migrating from unlicensed to licensed providers between now and — and beyond — 1 July 2026. That inflow is a commercial opportunity. It is also a compliance obligation: authorised CASPs onboarding clients from non-compliant entities must apply their standard due diligence frameworks to those clients, and should treat the source of migrating assets — particularly where the prior custodian is known to have operated outside MiCA — as a risk factor warranting enhanced scrutiny. The travel rule data accompanying inbound transfers from winding-down entities may be incomplete; firms should have a process for handling those gaps rather than assuming clean data.

The conversion rate is, ultimately, a signal about the seriousness of the MiCA regime. Regulators designed it to consolidate a fragmented, lightly supervised sector into a smaller number of properly capitalised, properly governed, properly monitored firms. The numbers suggest it is working — which means the compliance obligations on those firms that remain authorised will be scrutinised with corresponding seriousness.

Compliance teams at authorised CASPs should document their approach to the current migration wave now, before supervisory questions arise later. The most common compliance failures in this environment tend to cluster around precisely this kind of transition — high volume, time pressure, and the temptation to deprioritise due diligence in favour of speed.

Compliance Action Checklist: What to Do Before and After 1 July 2026

The window for transitional cover under MiCA Article 143(3) is closing — and in several jurisdictions it has already closed. What you do in the weeks before and immediately after 1 July 2026 will determine whether your firm faces an orderly continuation, a controlled wind-down, or regulatory enforcement under Article 111. The checklist below is divided into three groups based on your actual legal position right now. Be honest about which group you are in.

For Unlicensed CASPs With a Pending Application

Your transitional cover persists only until the NCA grants or refuses your authorisation, or until 1 July 2026 — whichever comes first. Operating beyond that date without a decision in your favour is unlicensed activity, regardless of how long the application has been sitting with the regulator.

  • Confirm your jurisdictional deadline. Transitional end dates vary materially by member state. France, Luxembourg, Malta, Czech Republic, and Estonia run to the full 1 July 2026 date. Lithuania and Spain cut off at 31 December 2025 — if you are in those markets and still operating, take immediate advice. Cyprus required applications to be filed by 27 February 2026 to preserve transitional status. Verify your position against your home NCA's published rules, not third-party summaries.
  • Verify application completeness against Commission Delegated Regulation (EU) 2025/305. This delegated regulation sets out the specific content requirements for authorisation applications submitted under Article 62. A completeness deficiency — even a minor one — pauses the clock and hands the NCA grounds to deprioritise your file. Do not assume a submitted application is a complete one.
  • Engage your NCA proactively. Regulators are processing a large volume of applications from a standing start. Waiting passively for a deficiency letter is a mistake. Scheduled check-ins with your case officer, prompt responses to information requests, and clear internal ownership of the application file will distinguish your firm from the many that are not engaging.
  • Draft and board-approve a full wind-down plan now. Do not treat this as a contingency document to be written after a refusal. A credible wind-down plan — covering client asset return, contract termination, staff obligations, and orderly cessation of services — should exist and be board-approved before 1 July 2026. Several NCAs expect to see evidence that this planning has occurred.
  • Issue client communications with clear transfer instructions. Clients are entitled to adequate notice. Communications should specify where assets are held, how they will be returned, the timeline, and any steps clients need to take. Generic notices do not satisfy the standard of care.
  • Maintain asset segregation and TFR compliance throughout wind-down. MiCA Article 70 requirements on client asset safeguarding and Travel Rule obligations under the Transfer of Funds Regulation do not relax because a firm is in wind-down. Enforcement files routinely originate from the wind-down period itself.

For Unlicensed CASPs Without Applications — or in Blocked Jurisdictions

Poland is the clearest example of a structurally blocked jurisdiction. The national crypto-assets markets law was vetoed a second time in February 2026, the KNF has not been designated as competent authority, and no transitional authorisation pathway exists. The 1 July 2026 deadline is set by an EU Regulation — it cannot be extended by national law, and it will not be. If your operations are Poland-facing and you have no MiCA authorisation, you have a binary choice: cease EU-facing services, or face enforcement.

  • Cease all EU-facing services by 1 July 2026 at the latest. This means services directed at EU-resident clients, not merely services offered from within the EU. The geographic scope of the obligation follows client location, not server location.
  • Execute your wind-down and client offboarding plan. The plan should already exist — if it does not, producing it now is the first priority. Asset return must be orderly, documented, and traceable.
  • Assess restructuring viability honestly and with genuine substance. Redomiciling to an active EU jurisdiction — one where a full MiCA authorisation pipeline is functioning — may be viable for some firms. It is not viable as a paper exercise. NCAs are alert to firms establishing empty shells in new jurisdictions to claim a transitional status they do not legitimately hold. Genuine substance, adequate own funds under Article 67, and a real compliance programme are prerequisites, not formalities. See our full guide to CASP licence requirements for what that involves in practice.
  • Take specific legal advice on Article 111 exposure. Administrative fines for operating without authorisation can reach at least €5,000,000 for legal persons, with an additional turnover-based component of between 3% and 12.5% of annual turnover. For natural persons, the minimum threshold is at least €700,000. The period of post-deadline operation — even if brief and winding down — is the exposure window. Quantify it and act accordingly.

For Authorised CASPs

The cliff edge on 1 July 2026 is not only a risk event for unlicensed firms — it is also an operational moment for licensed ones. A significant volume of clients will need to migrate to authorised providers. That is an opportunity, but it comes with obligations that must not be shortcut.

  • Prepare for client migration inflows with full AML/CFT compliance. Volume pressure is not a valid justification for weakening onboarding standards. Know-your-customer procedures, source-of-funds checks, and risk classification must apply to every migrating client. Regulators will scrutinise the quality of onboarding during this period specifically.
  • File Article 65 passporting notifications promptly for all target markets. Cross-border provision of crypto-asset services is governed by Article 65: your home NCA must transmit the notification to host NCAs, ESMA, and EBA within 10 working days, and you may commence services from the date of receipt or no later than the 15th calendar day thereafter. This is the correct passporting mechanism — not Article 59 (which sets the authorisation requirement) or Article 60 (which covers notifications by certain already-regulated financial institutions). If you have target member states not yet covered, the time to file is now. For context on where single-jurisdiction strategies can break down operationally, see our CASP licensing guide.
  • Monitor the ESMA register weekly. From 1 July 2026, counterparties that appear on the ESMA register as transitional-status entities will lose that status. Continuing to rely on them as regulated counterparties after that date creates compliance and legal risk for your own firm. Build a monitoring workflow into your compliance calendar.
  • Do not accept outsourced or white-label arrangements from unlicensed firms attempting to continue operations through your authorisation. MiCA Article 16(7) prohibits delegation structures that effectively circumvent the authorisation requirement. Any arrangement where an unlicensed entity is the substantive operator and your authorisation is the legal wrapper is exactly the kind of structure NCAs and ESMA have flagged as a circumvention risk. The reputational and regulatory consequences of being found to have facilitated this are severe.

The compliance obligations described here are not abstract. ESMA has been explicit that it expects NCAs to act swiftly against firms operating without authorisation after the transitional period ends. For a full breakdown of where firms most commonly fail in MiCA preparation, see our analysis of the seven biggest MiCA compliance mistakes. And for clarity on what the transitional provisions actually said — and what they never promised — see our dedicated piece on Article 143 grandfathering.

Frequently asked questions

Does filing a MiCA authorisation application before 1 July 2026 allow a CASP to keep operating past the deadline?

No. MiCA Article 143(3) requires that authorisation be 'granted' — not merely applied for. Filing an application does not extend your right to operate. In jurisdictions whose transitional period already ended (e.g., Germany and Austria at 31 December 2025, the Netherlands at 30 June 2025), an application filed in 2026 does not revive expired grandfathering. In jurisdictions with the full 18-month period (France, Luxembourg, Malta, Czech Republic, Estonia, Cyprus), a pending application only preserves cover if it was submitted before any mandatory application deadline set by that NCA and the decision has not yet been issued. After July 1, 2026, any entity without a granted authorisation must cease EU services entirely.

What are the specific sanctions under MiCA for operating without authorisation after 1 July 2026?

Under MiCA Article 111, NCAs may impose administrative fines of at least €5,000,000 on legal persons and at least €700,000 on natural persons (such as directors) for operating without authorisation. An additional turnover-based component can apply in the range of 3%–12.5% of annual turnover. Under Article 114, NCAs must publish the sanction decision publicly, creating significant reputational harm. NCAs may also order immediate cessation of services, website blocking, and reject or withdraw any pending authorisation application.

Can a CASP authorised in one EU Member State serve clients in another Member State where the transitional period has already expired?

Yes — but only once that CASP holds a granted MiCA authorisation (not merely grandfathered status). Under MiCA Article 65, an authorised CASP notifies its home NCA of its intention to provide cross-border services; the home NCA has 10 working days to forward this to host NCAs, ESMA, and EBA. The CASP may commence services from the date it receives that communication or at the latest on the 15th calendar day after submission. Grandfathered CASPs had no EU passport rights during the transitional period — cross-border operation required separate national permissions in each host state.

What must a MiCA-compliant wind-down plan include?

Per ESMA's April 2026 statement, a wind-down plan must be robust, operational, and ready for immediate execution before the transitional period expires. It must: (1) arrange orderly offboarding with sufficient prior client notice; (2) ensure an orderly market exit without causing undue economic harm; (3) maintain full AML/CFT compliance (TFR travel rule, KYC/CDD) throughout the offboarding process; (4) preserve client asset segregation under MiCA Article 70 until the last asset is returned; and (5) be signed off at board level with a documented communications log. Merely suspending services while continuing to hold client crypto-assets does not constitute a valid exit — the firm remains in scope of MiCA until custody is fully transferred.

What is the situation for crypto firms registered in Poland after 1 July 2026?

Poland's Crypto-Assets Market Act was vetoed by the President for the second time on 12 February 2026, leaving KNF without the legislative basis to process CASP applications. Polish VASP registrations in the RDWW register were covered by Article 143(3) until 1 July 2026, but KNF has explicitly confirmed this deadline cannot be extended by Polish law or KNF decision. From 2 July 2026, Polish VASP registrations have no legal effect. The only viable path to continue serving Polish clients is to obtain a MiCA authorisation in another EU Member State with an active licensing pipeline and notify into Poland via Article 65 passporting.

Does the Article 143(3) grandfathering apply to firms that were not registered as VASPs before 30 December 2024?

No. Article 143(3) applies only to entities that were providing crypto-asset services 'in accordance with applicable law' before 30 December 2024. This means lawful operation under a national regime (e.g., a VASP registration, AML registration, or equivalent national authorisation). Firms operating informally or without any national registration were never grandfathered and have been required to hold MiCA authorisation from 30 December 2024. Equally, Article 143(6)'s simplified authorisation procedure is available only to entities that were formally authorised under national law on 30 December 2024.

Link copied to clipboard