EU fintech platform regulation

MiCA's July Cliff Arrives with 83% of Legacy EU Crypto Platforms Still Unlicensed

Only 204 of 1,200+ legacy crypto-asset service providers secured full CASP authorisation before the EU's hard July 1 deadline eliminates all transitional operating rights.

People of Internet Research Team · 2026-06-23
MiCA's July 1 Authorization Cliff People of Internet Research · EU 204 CASPs Fully Authorised Out of 1,200+ legacy EU crypto reg… ~83% Legacy Providers Unlicensed Share of pre-MiCA CASPs without fu… 10 EU States, Zero CASPs Member states with no public CASP … €30K France Max Criminal Fine AMF's maximum fine for directors o… peopleofinternet.com

Key Takeaways

The Arithmetic of Non-Compliance

The numbers are stark. As of June 18, 2026, just 204 crypto-asset service providers (CASPs) appear on ESMA's interim MiCA register with full authorisation. Behind them stands a field of over 1,200 legacy registrations that existed under the patchwork of national regimes MiCA was designed to replace — an authorisation rate of roughly 17 percent, with days left on the clock.

On July 1, 2026, the EU's Markets in Crypto-Assets Regulation extinguishes every transitional operating right granted to legacy platforms across all 27 member states. There is no extension. There is no grace period. Providers without a CASP licence that continue to solicit EU clients become, in ESMA's own words, "in breach of EU law and must cease offering such services."

Why Regulators Had a Point

Before judging the cliff, steelman the logic behind it. MiCA is the world's most comprehensive crypto-specific regulatory framework — a single rulebook replacing a maze of national registration schemes that ranged from rigorous (Germany's BaFin, France's AMF) to effectively nominal. The case for a hard deadline is that open-ended transitions become permanent states of limbo. The EU has watched the crypto industry delay and lobby its way around softer deadlines before; a firm date was the Commission's most credible commitment device.

For retail investors who lost funds to unregulated platforms in the 2021–2022 downturn, a regime with mandatory capital buffers, custody standards, and consumer-disclosure rules represents a meaningful improvement over the prior patchwork. ESMA's April 17, 2026 supervisory statement operationalised those principles: it directed national competent authorities (NCAs) to require orderly wind-down plans from unlicensed providers, enforce client-migration obligations, and issue consumer warnings. The architects of MiCA deserve credit for building a substantive regime rather than a checkbox one.

The Enforcement Gap Is Structural, Not Behavioural

But 83 percent non-compliance is not a sign of bad actors — it is a structural signal. And the structure it reveals is troubling.

Analysis of ESMA's register data shows that as of May 2026, ten EU member states had produced zero public CASP authorisation records. That is not a coincidence of timing; it reflects stark differences in regulatory capacity and, in some cases, political appetite. Germany's BaFin accounts for a disproportionate share of the 204 approved entities, with France's AMF, Malta's MFSA, the Netherlands' AFM, and Cyprus's CySEC rounding out the leading jurisdictions.

For a crypto platform whose home regulator has produced nothing, the available choices are to passport via an authorising state, relocate, or exit the EU market. Relocation is expensive and slow. Passporting requires an initial authorisation that depends on the very NCAs that are backlogged. This is not a level playing field — it is an inadvertent geography-of-compliance problem baked into the single-market design.

Reverse Solicitation: The Loophole That Wasn't

Third-country platforms domiciled in the US, UK, Switzerland, and Singapore — many with substantial EU client bases — had hoped MiCA's "reverse solicitation" exemption would provide a structural holding pattern. MiCA Article 61(2) permits non-EU firms to serve EU clients when the client approaches the provider on their own initiative, without any active marketing by the firm.

In practice, many platforms interpreted this liberally: an account-creation flow or a cookie acceptance was treated as sufficient evidence of client initiation. ESMA's April 2026 supervisory statement shut that reading down explicitly. The authority reiterated that the exemption is narrow and cannot function as a workaround — a firm that actively markets to EU users via app stores, referral schemes, or geo-targeted social media falls outside the exception, regardless of how the onboarding flow is structured. NCAs were called upon to apply uniform enforcement of that standard.

"Outside the narrow exception of reverse solicitation, [third-country providers] are not permitted to provide crypto asset services that qualify as MiCA services to EU investors." — ESMA Statement, April 17, 2026

For the dozens of mid-tier international platforms that had been counting on reverse solicitation as a de facto licence substitute, this guidance was the effective end of that strategy.

Who Actually Bears the Burden

The platforms most exposed by the July 1 cliff are not the large exchanges. Major players completed European authorisations well ahead of schedule, in many cases by acquiring or partnering with already-licensed European entities. The platforms that could not are generally smaller: niche aggregators, staking-as-a-service providers, crypto lending desks, and fintech-embedded crypto wallets offered by challenger banks that did not anticipate being classified as CASPs under MiCA's expansive service definitions.

France's AMF has signalled it will publish a blacklist of unauthorised providers and seek court orders to block their websites. With administrative fines and criminal penalties of up to two years imprisonment for company directors, the cost of continuing to operate without authorisation is asymmetric for most mid-sized platforms. The rational response — and the likely one — is a quiet EU market exit.

The innovation cost is real. European retail investors will lose access to yield-generating crypto instruments and niche services that have no equivalent in the authorised cohort of 204. The barrier is not the principle of authorisation — which is proportionate and justified — but the processing capacity of national regulators asked to absorb several hundred complex applications simultaneously on a fixed schedule.

The Path Forward

The supervisory picture after July 1 will be uneven. ESMA's register updates weekly, but enforcement actions are the prerogative of NCAs — and ten of them have authorised nothing. The risk of de facto fragmentation, where an unlicensed platform continues operating quietly in a jurisdiction that lacks enforcement will or capacity, is real and will test ESMA's coordination role over the coming months.

The proportionate response from the Commission is to acknowledge the NCA capacity bottleneck and establish an expedited passporting pathway for providers that submitted complete applications before a documented cutoff date. A hard deadline on transitional status is correct policy; punishing providers for their home regulators' processing delays is not.

MiCA is the right framework. The July 1 cliff is a legitimate mechanism. But a cliff that 83 percent of the industry cannot clear on schedule is not evidence of industry bad faith — it is evidence that implementation planning underestimated the administrative load on the weakest NCAs. The EU should fix the bottleneck without softening the standard.

Sources & Citations

  1. ESMA MiCA Interim Register
  2. ESMA April 2026 Statement on End of Transitional Periods
  3. AMF France: DASP Transitional Period Reminder
  4. LeapRate: MiCA Licensing and the Stablecoin Shakeout
  5. CoinGeek: EU Regulator Clarifies Expectations Ahead of MiCA Deadline