ESMA Tells Unauthorized Crypto Firms to Exit EU Market

The European Securities and Markets Authority (ESMA) has called on crypto-asset service providers without MiCA authorization to wind down their activities in the European Union as the MiCA transitional period comes to an end on 1 July 2026.

In a public statement dated 23 June 2026, ESMA clarified how crypto-asset service providers, or CASPs, should handle their exit from the EU market if they have not secured authorization under the Markets in Crypto-Assets Regulation by the deadline.

The statement targets firms that may still be serving EU clients under previous national regimes but have not completed the transition to MiCA authorization. ESMA said these providers must take immediate steps to exit the market in an orderly way while protecting clients and reducing risks to market integrity.

ESMA Sets Wind-Down Expectations

According to ESMA, unauthorized CASPs must immediately stop onboarding new EU clients, opening new accounts, forming new client relationships, and carrying out marketing or solicitation activities.

The regulator also said these firms should limit their services to actions required for clients to sell or transfer crypto-assets, reallocate assets, or close positions. Custody of client crypto-assets may continue only for the period strictly necessary to complete an orderly exit.

ESMA added that firms must communicate clearly, promptly, and repeatedly with retail and institutional clients. These communications should explain the measures being taken to safeguard client assets, provide a clear wind-down timeline, and set out the deadline by which clients should transfer, dispose of, reallocate, or close their positions.

The regulator also expects firms to inform clients if any remaining positions may be closed automatically and to explain the protection requirements that apply during the exit process.

MiCA Moves From Transition to Enforcement

The warning shows that MiCA is moving from implementation to enforcement. While several CASPs are expected to obtain authorization before the deadline, ESMA acknowledged that other entities, including significant providers currently serving EU clients under national regimes, may not be authorized by 1 July 2026.

For those firms, the regulator’s message is clear. Continuing to provide crypto-asset services to EU clients without MiCA authorization will no longer be treated as a transitional matter. It becomes a question of unauthorized market activity.

This is a major moment for EU crypto regulation. MiCA was designed to create a harmonized framework for crypto-assets across the bloc, covering transparency, disclosure, authorization, supervision, market integrity, and consumer protection. The end of the transitional period now turns that framework into a practical test for both firms and regulators.

AML Controls Must Continue During Exit

ESMA stressed that wind-down arrangements must comply with relevant EU and national conduct rules, as well as anti-money laundering and counter-terrorist financing obligations.

This means unauthorized providers must continue applying customer due diligence, transaction monitoring, sanctions screening, suspicious transaction and activity reporting, record-keeping, and crypto-asset transfer traceability requirements throughout the wind-down process.

Where clients are transferred to a MiCA-authorized CASP, the receiving provider must also carry out the required onboarding procedures, including customer due diligence and other AML/CFT checks.

This point is important because ESMA is not presenting wind-down as a simple shutdown. The regulator is asking firms to exit while still maintaining controls, protecting clients, and preserving market integrity.

Non-EU Firms Also Face Restrictions

ESMA also reminded crypto firms established outside the EU that they cannot provide MiCA-regulated services to EU clients or solicit EU clients, except where services are provided strictly at the client’s own exclusive initiative under the narrow reverse solicitation regime.

The regulator said this restriction also applies in a business-to-business context. It further noted that MiCA prohibits CASPs from outsourcing or delegating certain services, including custody, to entities that are not authorized as CASPs.

This point matters for global exchanges and infrastructure providers that may have historically served EU users from outside the bloc. Under MiCA, access to EU clients is becoming more tightly controlled, with authorization acting as the main gateway to the market.

Consumers Told to Check Authorization

ESMA also warned consumers that clients of unauthorized CASPs, whether based inside or outside the EU, do not benefit from MiCA safeguards, including protections for client assets.

The authority urged clients using crypto services in the EU to verify whether their provider is authorized under MiCA through the ESMA Register. If a provider is not authorized, clients are encouraged to act promptly, including by transferring their crypto-assets to an authorized CASP or to a self-hosted wallet.

However, this consumer guidance also exposes a practical weakness. ESMA’s own MiCA page currently presents the Interim MiCA Register as downloadable CSV files, with the latest update listed as 19 June 2026. ESMA says the interim register will remain available as a collection of CSV files until it is formally integrated into its IT systems.

For legal and compliance teams, this may be manageable. For ordinary users trying to check whether a crypto platform is authorized, the process is less straightforward. A searchable and user-friendly public register would better match MiCA’s consumer protection goals, especially as users are being asked to make timely decisions about where to hold or transfer their assets.

A Clearer Boundary for Crypto Firms

ESMA said it is working with National Competent Authorities to monitor significant unauthorized cross-border CASPs and ensure they wind down without delay. The regulator also said it will coordinate with the European Banking Authority and the Anti-Money Laundering Authority where needed.

For the crypto industry, the statement marks a clear regulatory boundary. Firms that secured MiCA authorization can continue operating within the EU framework. Firms that did not must stop onboarding clients, limit activity to orderly exit measures, and communicate clearly with users.

The coming weeks will show how many firms complete the transition into the MiCA regime, and how many are forced to leave one of the world’s most important regulated crypto markets.