The European Securities and Markets Authority (ESMA) instructed unauthorized crypto asset service providers (CASPs) to begin winding down their EU operations before the Markets in Crypto-Assets Regulation (MiCA) transitional period ends on July 1, 2026. ESMA issued the guidance on June 23 as some providers remain without MiCA authorization despite continuing to serve EU clients under national regimes. Firms that fail to obtain authorization should take immediate steps to exit the market in an orderly manner while protecting client assets and reducing risks to market integrity, according to the regulator.
ESMA Orders Unauthorized CASPs to Halt New Customer Onboarding
Although many CASPs are expected to receive authorization before the deadline, others may still be operating without the approvals required under MiCA. ESMA stated: "ESMA expects unauthorised CASPs to take immediate steps to wind down their EU activities in an orderly manner, while also safeguarding clients' interests and mitigating risks to market integrity."
ESMA coordinates implementation of the MiCA framework across the European Union. It develops technical standards, issues guidance, and promotes supervisory convergence, while national regulators authorize and supervise crypto asset service providers.
Unauthorized providers must immediately stop onboarding new EU clients, opening new accounts, marketing their services, and soliciting customers. They should limit remaining services to activities necessary for clients to sell or transfer crypto assets, reallocate holdings, or close positions before ending operations. Custody services may continue only for the period strictly necessary to complete an orderly exit.
Clients Instructed to Verify Provider Authorization in ESMA Register
The regulator directed providers to communicate clearly, promptly, and repeatedly with retail and institutional clients about wind-down plans, asset protection measures, transfer options, and deadlines for closing any remaining positions automatically.
ESMA warned: "ESMA reminds clients of unauthorised CASPs, whether EU or non-EU entities, that they do not benefit from MiCA safeguards, including protections for client assets."
Crypto users were encouraged to verify whether their provider appears in the ESMA Register. If a provider is not authorized under MiCA, clients should act promptly by transferring crypto assets to an authorized CASP, where available, or to a self-hosted wallet. Users experiencing difficulties should first contact their provider.
Wind-Down Plans Must Maintain AML/CFT Compliance Throughout Exit Process
Wind-down plans must comply with EU and national conduct rules, along with anti-money laundering and counterterrorism financing requirements. CASPs should maintain customer due diligence, transaction monitoring, sanctions screening, suspicious activity reporting, record-keeping obligations, and crypto asset transfer traceability controls throughout the process.
Where client accounts move to a MiCA-authorized CASP, the receiving provider must complete its own onboarding procedures, including customer due diligence and other AML/CFT checks required under the applicable legal framework.
Firms established outside the European Union were also reminded that they cannot provide MiCA services or solicit EU clients, except under the regulation's narrow reverse solicitation exemption.
ESMA Coordinates Enforcement Action with National Authorities After Deadline
Coordination is underway with National Competent Authorities to monitor significant unauthorized cross-border CASPs as the transitional period ends. Working alongside the European Banking Authority (EBA) and the Anti-Money Laundering Authority (AMLA), regulators may take coordinated enforcement action against unauthorized providers that continue operating after July 1, 2026.
FAQ
What did ESMA instruct unauthorized crypto firms to do on June 23?
ESMA instructed unauthorized crypto asset service providers to begin winding down their EU operations before the MiCA transitional period ends on July 1, 2026. Firms must immediately stop onboarding new EU clients, opening new accounts, marketing their services, and soliciting customers.
How can crypto users verify whether their provider is MiCA authorized?
Crypto users should verify whether their provider appears in the ESMA Register. If a provider is not authorized under MiCA, clients should transfer crypto assets to an authorized CASP, where available, or to a self-hosted wallet.
