The MiCA grandfathering (transitional) period ends on July 1, 2026. Any crypto asset service provider currently operating under a national transitional regime must have a full MiCA CASP authorization by this date — or stop providing services in the EU. There are no extensions.
When MiCA's Title V (crypto asset services) provisions entered into force in December 2024, it came with a lifeline for existing providers: a grandfathering clause that allowed CASPs previously authorized under national law to keep operating while they obtained full MiCA authorization. That lifeline has an expiry date, and it is approaching fast.
If your firm is operating under one of these transitional arrangements — or if you're a compliance professional advising one — this guide covers exactly what the deadline means, which firms it affects, and the specific steps you need to take before July 1.
What Is the MiCA Grandfathering Clause?
Article 143 of MiCA allows crypto asset service providers that were authorized under national law before December 30, 2024 — the date MiCA's CASP provisions became applicable — to continue operating under their existing national authorization for a transitional period of up to 18 months. This transitional period runs until July 1, 2026.
Importantly, individual member states had discretion over how to implement this. Some countries — including Germany, France, and the Netherlands — opted for a shorter transitional window (12 months, ending around December 2025). Others applied the full 18-month period. If you're not certain which timeline applies in your jurisdiction, you need to check with your national competent authority (NCA) immediately.
Several EU member states shortened the transitional period. Germany and France, for example, required CASPs to apply for MiCA authorization within 12 months (by approximately December 2025). If you're operating in these jurisdictions and haven't yet filed, you may already be non-compliant. Consult your NCA immediately.
Which Firms Does This Affect?
The grandfathering clause applies specifically to firms that meet all three of these criteria:
- You were providing crypto asset services in the EU before December 30, 2024
- You were operating under a valid national authorization or registration in at least one EU member state
- You have not yet obtained a full MiCA CASP authorization from an NCA
This catches a large number of firms that operated under the diverse patchwork of national crypto licensing regimes that existed before MiCA: German BaFin crypto custody licenses, French DASP registrations, Dutch DNB VASP registrations, Belgian FSMA registrations, and dozens of others across the bloc.
Firms that launched after December 30, 2024 do not benefit from grandfathering — they needed a full MiCA CASP license from day one.
The CASP Authorization Requirements Under MiCA
To convert your transitional status into a full MiCA CASP authorization, you need to satisfy ESMA's requirements across several domains. Here's what the application involves:
1. Legal Entity and Governance
You must be established as a legal entity in the EU (or have a registered branch in a member state). MiCA requires a clear corporate governance structure with at least two senior managers "of good repute" and with appropriate knowledge, skills, and experience. NCAs will assess the fit-and-proper credentials of all qualifying shareholders (>10% stake) and management board members.
2. Capital Requirements
MiCA sets minimum own funds requirements that vary by service type. At the lower end, operators of a trading platform for crypto assets require at least €150,000 in own funds. Custodians face different thresholds. Most full-service exchanges will need to satisfy the highest applicable tier for their service mix. Ongoing own funds must remain above this floor at all times.
3. Safeguarding Client Assets
One of MiCA's most consequential requirements is mandatory segregation of client crypto assets and client funds from the firm's own assets. Client crypto assets must be held in separate wallets, and client fiat must be held in segregated bank accounts or invested in secure, liquid assets. Your custody arrangements and technical controls will be scrutinized during the authorization process.
4. ICT and Cybersecurity
MiCA mandates robust ICT risk management policies, business continuity plans, and cybersecurity frameworks — requirements that overlap heavily with DORA for in-scope financial entities. You'll need documented incident response procedures, regular penetration testing, and clear policies around third-party ICT providers.
5. AML / CFT Compliance
MiCA does not replace AMLD6 — it runs alongside it. Your AML/CFT program must comply with applicable AML directives, including FATF Travel Rule obligations under the Transfer of Funds Regulation (TFR). The NCA will want to see a current, documented AML risk assessment and controls framework as part of the authorization review.
6. Consumer Protection and Disclosure
CASPs must provide clear, fair, and non-misleading marketing communications. Pre-contractual disclosures, complaint handling procedures, and conflict of interest policies are all required. For exchange operators, best execution policies and order execution documentation are mandatory.
Key Milestones and Timeline
NCAs across Europe are experiencing significant backlogs of CASP authorization applications. Several compliance professionals have reported 4–6 month review timelines even for well-prepared applications. If you haven't already submitted your application, the window to be authorized by July 1 is closing rapidly. Filing in May or June almost certainly means your application won't be processed in time.
What Happens If You Miss the Deadline?
The consequences of operating as a CASP in the EU after July 1, 2026 without a MiCA authorization are severe:
- Prohibition from providing services. NCAs have explicit authority to require immediate cessation of crypto asset services for unlicensed operators. This applies to both established providers and new entrants.
- Administrative sanctions. MiCA empowers NCAs to impose fines of up to €5 million, or 3% of total annual turnover for the preceding year, for operating without authorization.
- Reputational damage. ESMA and NCAs are required to publish enforcement decisions. Being named as a non-compliant CASP in a public enforcement notice is damaging to client relationships, banking relationships, and future licensing prospects.
- Criminal liability in some jurisdictions. Several member states have enacted criminal law provisions for unauthorized provision of regulated financial services. Operating without a license could expose senior management to personal liability.
- Passport loss. The MiCA single-market passport — the ability to provide services across all 27 EU member states on the basis of authorization in a single member state — is only available to authorized CASPs. Non-compliant firms lose access to the entire EU market, not just the member state where they are registered.
The 10-Step Compliance Checklist for Grandfathered CASPs
If you're operating under a transitional arrangement, here's what you need to action before the deadline:
-
Confirm your exact deadline. Contact your NCA to confirm whether the 12-month or 18-month transitional window applies to your jurisdiction. Don't assume.
-
Review ESMA's CASP authorization templates. ESMA has published standardized application templates. Your NCA may have supplementary requirements on top of these.
-
Conduct a gap analysis against MiCA requirements. Map your current governance, capital, safeguarding, AML, and ICT controls against the full MiCA requirements. Identify gaps. Prioritize by remediation timeline.
-
Prepare fit-and-proper documentation for all qualifying individuals. CVs, criminal records checks, and regulatory history declarations for management board members and 10%+ shareholders.
-
Document your capital and own funds position. Prepare audited or management accounts demonstrating compliance with the applicable minimum capital threshold.
-
Establish or document client asset segregation controls. Wallet architecture, custody procedures, and client fund bank account segregation must be formalized and evidenced.
-
Update your AML/CFT program for TFR Travel Rule compliance. Document your counterparty VASP due diligence procedures and travel rule implementation (unhosted wallet treatment, threshold rules).
-
Produce ICT risk management and business continuity documentation. Aligned with DORA if applicable; at minimum covering incident classification, response procedures, and recovery objectives.
-
Submit your application — now. Most NCAs recommend submitting 6 months before your operational deadline to allow time for queries and re-submissions.
-
Monitor for NCA clarifications and ESMA guidelines. ESMA continues to publish Level 2 and Level 3 guidance under MiCA. Some technical standards are still being finalized. Regulatory monitoring is not a one-time exercise.
Choosing a Jurisdiction: The NCA Selection Question
MiCA authorization requires establishment in at least one EU member state, but the choice of jurisdiction matters. NCAs vary significantly in their processing capacity, track record on crypto authorization, and supplementary requirements. Key considerations include:
- Processing speed. Smaller NCAs may have faster queues but less established crypto expertise. Larger NCAs (BaFin, AMF, AFM, FSMA) have more experience but longer wait times.
- Language requirements. Most NCAs require applications in the local language, at least partially. Factor in translation and local counsel costs.
- Physical presence requirements. Most NCAs require genuine substance in the jurisdiction — registered office, local management, actual staff. Pure brass-plate registrations are not acceptable under MiCA.
- Supplementary national requirements. Some member states have imposed additional requirements beyond the MiCA minimum. Verify the full picture for your target jurisdiction before committing.
Using RegPulse to Monitor MiCA Developments
MiCA's Level 2 technical standards are still being finalized by ESMA, and individual NCAs continue to issue guidance notes, Q&A documents, and FAQs that affect how authorization requirements are interpreted and applied in practice. Missing a key clarification from your NCA — on travel rule treatment of unhosted wallets, on capital calculation methodology, on fit-and-proper assessment criteria — could result in your application being deemed incomplete or returned for re-submission.
RegPulse monitors ESMA, all 27 EU NCAs, and major crypto-relevant regulators globally. Our AI filters and scores regulatory updates so your compliance team sees the changes that matter — without manually trawling 50 regulatory websites every day.
Don't Miss a Single MiCA Update Before July 1
RegPulse monitors ESMA and all 27 EU NCAs in real time. AI-scored alerts, plain-English summaries, and jurisdiction filtering — so your team never misses a critical deadline again.
Start your free trial →Frequently Asked Questions
Can the July 1, 2026 deadline be extended?
No. Article 143 of MiCA specifies the maximum transitional period at 18 months from the date of application of Title V provisions. There is no provision in MiCA for NCAs or ESMA to extend this period unilaterally. Legislative change at the EU level would be required to extend the deadline, and no such proposal is currently in the legislative pipeline.
What if my application is still being processed on July 1?
This is a critical grey area. Some NCAs have indicated that firms with pending, complete applications will be permitted to continue operating while their application is under review. Others have not confirmed this position. You should seek explicit written confirmation from your NCA on their approach to this scenario. Do not assume you can operate indefinitely with a pending application.
Does MiCA apply to DeFi protocols?
MiCA primarily targets centralized crypto asset service providers. Fully decentralized protocols where there is no identifiable intermediary providing services on a professional basis may fall outside MiCA's scope — but this analysis is highly fact-specific. ESMA has indicated it will publish further guidance on decentralization criteria. If your business model has any centralized components (smart contract upgrade keys, governance tokens with control functions, fee collection by an identifiable entity), you should obtain legal advice on your MiCA exposure.
What about NFTs?
MiCA explicitly excludes non-fungible tokens from its scope, subject to a rebuttable presumption that applies where NFTs are issued as part of a large series and are functionally interchangeable (de facto fungibility). If you're operating an NFT marketplace, the analysis depends on your specific token characteristics and whether marketplace activities constitute "providing transfer services" under MiCA.
Does Brexit mean UK firms need MiCA authorization?
UK-based firms are not subject to MiCA, but they cannot passport services into the EU on the basis of a UK FCA license. If you're a UK-registered CASP providing services to EU residents, you need separate MiCA authorization in an EU member state (or you're providing services on a reverse solicitation basis, which is heavily constrained under MiCA). The UK is developing its own crypto asset regulatory framework under the Financial Services and Markets Act 2023 — but that does not create EU market access.
The July 1, 2026 deadline is not an abstraction. It is the date after which operating as an unlicensed CASP in the EU triggers real, material enforcement risk. If you're not yet authorized and not yet deep into an application process, the time to act is now.