
ESMA directed unauthorized crypto firms to stop onboarding EU clients and exit by July 1. Clients should verify authorization and transfer assets to avoid losing MiCA protections.
The European Securities and Markets Authority (ESMA) has directed unauthorized crypto asset service providers (CASPs) to stop onboarding new EU clients and begin an orderly exit before the Markets in Crypto-Assets Regulation (MiCA) transitional period expires on July 1, 2026. The guidance, issued June 23, targets providers that continue serving EU clients under national regimes without MiCA approval.
Firms that fail to obtain authorization must take immediate steps to wind down, the regulator said. ESMA expects those providers to protect client assets and reduce risks to market integrity while exiting.
“ESMA expects unauthorised CASPs to take immediate steps to wind down their EU activities in an orderly manner, while also safeguarding clients’ interests and mitigating risks to market integrity.”
Unauthorized providers must immediately stop onboarding EU clients and opening new accounts. Marketing and solicitation also end. Remaining services should be limited to activities needed for clients to sell or transfer crypto assets or close positions. Custody may continue only as long as strictly necessary for an orderly exit, ESMA said.
The regulator told providers to communicate clearly and often with retail and institutional clients. That communication must cover wind-down plans, asset protection measures, transfer options, and deadlines for any automatic position closures. ESMA directed firms to repeat those messages as the process unfolds.
Wind-down plans must comply with EU and national conduct rules as well as anti-money laundering and counterterrorism financing requirements. Providers must maintain customer due diligence, transaction monitoring, sanctions screening, suspicious activity reporting, record-keeping, and crypto-transfer traceability throughout the wind-down period.
When client accounts move to a MiCA-authorized CASP, the receiving provider must complete its own onboarding procedures, including customer due diligence and other AML/CFT checks. Firms outside the European Union were reminded they cannot solicit EU clients or provide MiCA services except under the regulation's narrow reverse-solicitation exemption.
“ESMA reminds clients of unauthorised CASPs, whether EU or non-EU entities, that they do not benefit from MiCA safeguards, including protections for client assets.”
Crypto users were encouraged to check the ESMA Register to see if their provider has authorization. If it does not, clients should act quickly by transferring assets to an authorized CASP or to a self-hosted wallet. Those facing difficulties should contact their provider first, ESMA said.
Coordination is underway with National Competent Authorities, the European Banking Authority (EBA), and the Anti-Money Laundering Authority (AMLA). Regulators may take coordinated enforcement action against unauthorized providers that continue operating after July 1, 2026. Crypto firms serving clients across the European Economic Area face shutdown risk if they lack MiCA authorization by that date.
The deadline expires July 1. ESMA and national regulators will monitor cross-border CASPs for compliance.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.