The European Securities and Markets Authority (ESMA) has directed unauthorized crypto asset service providers to stop accepting new EU clients and begin exiting the market before MiCA’s transitional framework expires.
Firms that fail to obtain authorization should take immediate steps to exit the market in an orderly manner while protecting client assets and reducing risks to market integrity, according to the regulator. Although many CASPs are expected to receive authorization before the deadline, others may still be operating without the approvals required under MiCA.
The authority stated:
“ESMA expects unauthorised CASPs to take immediate steps to wind down their EU activities in an orderly manner, while also safeguarding clients’ interests and mitigating risks to market integrity.”
Custody services may continue only for the period strictly necessary to complete an orderly exit. The regulator also directed providers to communicate clearly, promptly, and repeatedly with retail and institutional clients about wind-down plans, asset protection measures, transfer options, and deadlines for closing any remaining positions automatically.
ESMA Urges Crypto Users to Verify Whether Their Provider Is MiCA AuthorizedWhere client accounts move to a MiCA-authorized CASP, the receiving provider must complete its own onboarding procedures, including customer due diligence and other AML/CFT checks required under the applicable legal framework. Firms established outside the European Union were also reminded that they cannot provide MiCA services or solicit EU clients, except under the regulation’s narrow reverse solicitation exemption.
The authority warned:
“ESMA reminds clients of unauthorised CASPs, whether EU or non-EU entities, that they do not benefit from MiCA safeguards, including protections for client assets.”
Coordination is underway with National Competent Authorities to monitor significant unauthorized cross-border CASPs as the transitional period ends. Working alongside the European Banking Authority (EBA) and the Anti-Money Laundering Authority (AMLA), regulators may take coordinated enforcement action against unauthorized providers that continue operating after July 1, 2026.




















