MiCA Is Coming: What Every Crypto Company Needs to Do Before Q3 2026

The Markets in Crypto-Assets Regulation went into full application on December 30, 2024. But the part that matters most to operating crypto businesses — the end of transitional arrangements — hits July 1, 2026.

After that date, any Crypto-Asset Service Provider (CASP) serving EU customers without MiCA authorization is breaking the law. Not bending a guideline. Not operating in a gray area. Breaking a regulation that carries fines up to 10% of annual global turnover.

Here's what you need to have done before that deadline, broken into actual steps rather than abstract compliance advice.

The Timeline You're Working With

Already in effect (since December 30, 2024):

• Title II: Crypto-asset issuers must publish a white paper before offering tokens to the public
• Title III & IV: Stablecoin-specific requirements (ARTs and EMTs) — reserve requirements, redemption rights, restrictions on significant tokens
• Title V: Authorization requirements for CASPs
• DORA (Digital Operational Resilience Act): ICT risk management requirements apply to all MiCA-authorized entities

July 1, 2026 — hard deadline:

• Grandfathering clause (Art. 143(3)) expires: CASPs operating under pre-MiCA national laws must have MiCA authorization or cease operations
• No extensions. Several member states have already confirmed they won't grant additional transition periods.

Ongoing through 2026:

• ESMA continues publishing technical standards, guidelines, and Q&As
• CARF (Crypto-Asset Reporting Framework) implementation — most member states targeting 2026 adoption
• National competent authorities are publishing their own implementation guidance, which can differ on process even if the regulation is the same

The Checklist

1. Determine Your Authorization Path

Not all CASPs need to go through the same process. MiCA recognizes 10 categories of crypto-asset services:

• Custody and administration of crypto-assets
• Operation of a trading platform
• Exchange of crypto-assets for funds or other crypto-assets
• Execution of orders
• Placing of crypto-assets
• Reception and transmission of orders
• Providing advice
• Portfolio management
• Transfer services
• Providing crypto-asset services on behalf of third parties

Action: Map every service you offer to MiCA's categories. Some services you thought were one thing may be classified differently under MiCA. An exchange that also offers staking, for example, may need authorization for both exchange services and custody.

2. Choose Your Home Member State

MiCA authorization is granted by a national competent authority (NCA) — not by ESMA directly. Once authorized in one member state, you can passport services across all 27 EU countries.

Factors to consider:

• Processing time: some NCAs (France's AMF, Germany's BaFin, Lithuania) have established crypto licensing tracks and move faster
• Local requirements: NCAs can add procedural requirements on top of MiCA's baseline
• Language: your application and ongoing filings need to be in the NCA's accepted languages

Action: Talk to legal counsel in your target member state now. Application processing takes 3-6 months in practice, and July 2026 is closer than it feels. If you haven't started, you're already tight on time.

3. Meet the Prudential Requirements

MiCA imposes minimum capital requirements on CASPs:

• €50,000 for advisory, order transmission/reception, and placing services
• €125,000 for custody, exchange, execution, and transfer services
• €150,000 for operating a trading platform

These are minimums. NCAs can require more based on risk assessments. You also need professional indemnity insurance or comparable guarantees.

Action: Verify your capitalization meets or exceeds the relevant threshold. If you offer multiple service categories, the highest requirement applies.

4. Build Your Governance Framework

MiCA requires:

• At least two persons effectively directing the business, with sufficient knowledge and experience
• Policies on conflicts of interest
• A complaints handling procedure
• Outsourcing policies (if any functions are outsourced)
• Business continuity and ICT security policies (aligned with DORA requirements)

Action: Document everything. MiCA authorization applications require evidence of governance, not just assertions. If your governance structure exists informally, formalize it now.

5. Prepare Your White Papers (If Applicable)

If you issue crypto-assets (not just provide services), you need a compliant white paper. MiCA specifies what must be included:

• Description of the issuer and the project
• Rights and obligations attached to the crypto-asset
• Technology and standards used
• Risks
• Environmental impact disclosure

White papers must be notified to the relevant NCA at least 20 working days before publication.

Action: If you've issued a token, check whether your existing documentation meets MiCA's white paper requirements. Many pre-MiCA white papers don't.

6. Implement AML/CFT Compliance

MiCA-authorized CASPs are subject to the EU's Anti-Money Laundering framework. This means:

• Customer due diligence (KYC)
• Transaction monitoring
• Suspicious transaction reporting to the relevant Financial Intelligence Unit
• Travel Rule compliance for crypto-asset transfers (per the Transfer of Funds Regulation)

Action: If you're operating under national registration and already have AML procedures, review them against MiCA-specific requirements. The Travel Rule implementation in particular has specific technical requirements for crypto transfers that differ from traditional finance.

7. Set Up Regulatory Monitoring

This is the part that doesn't end after authorization. MiCA is a living regulation. ESMA published over 400 related documents in the past 18 months — technical standards, consultation papers, guidelines, Q&As. That pace isn't slowing down.

After July 2026, you'll also need to monitor:

• Changes to ESMA technical standards and guidelines
• NCA-specific guidance in your home member state (and any member states you passport into)
• DORA-related ICT requirements, which evolve separately
• CARF implementation for tax reporting obligations
• Any amendments to MiCA itself (the regulation includes review clauses)

Action: Whether you use RegPulse or another monitoring tool, automate this. Manual monitoring worked when crypto regulation was a handful of agencies publishing a few documents a month. It doesn't work when ESMA alone is publishing weekly.

Common Mistakes

Assuming national registration equals MiCA authorization. It doesn't. Grandfathering lets you continue operating under national law until July 2026. After that, you need MiCA authorization or you stop.

Applying to the wrong NCA. Your home member state is typically where your registered office is located. If you're incorporated in Estonia but all your operations are in Germany, you may need to clarify with both NCAs.

Ignoring EMT dual-licensing. From March 2026, Electronic Money Token custody and transfer services may require both MiCA authorization and a PSD2 payment services license. If you handle stablecoins classified as EMTs, check whether you need both.

Treating MiCA as the only obligation. DORA, CARF, the Transfer of Funds Regulation, and national AML laws all apply simultaneously. Your compliance framework needs to address all of them.

The Bottom Line

MiCA isn't ambiguous. The requirements are published. The deadlines are set. The fines are defined. What catches companies off guard isn't the regulation itself — it's the assumption that there's more time than there actually is.

Five months from now, the transitional period ends. If you haven't started your authorization application, start this week.

RegPulse monitors ESMA, EBA, ECB, and national competent authorities across the EU for MiCA-related publications. If a new technical standard drops or an NCA publishes implementation guidance, you'll know about it the same day.