The MiCA transitional period ends 1 July 2026, the EU-wide backstop for grandfathered crypto firms. We map the deadline, the AML duties and the wind-down risk.
Table of contents
The MiCA transitional period ends on 1 July 2026, the longest grandfathering window any EU member state could grant crypto-asset service providers. From that date, any firm still operating on legacy national registration, without a MiCA authorisation, has no transitional cover anywhere in the European Union and must wind down or stop serving clients.
- Article 143(3) of MiCA lets firms that provided services before 30 December 2024 continue "until 1 July 2026 or until they are granted or refused an authorisation", whichever is sooner.
- Member states could shorten that window. Germany and Ireland closed theirs on 31 December 2025; the Netherlands, Poland, Latvia, Hungary and Slovenia chose just 6 months.
- A firm passporting across the EU faces a patchwork of end dates, not one. The MiCA transitional period is a national choice, not a single deadline.
- ESMA has told national authorities to treat last-minute applications with caution and expects unauthorised firms to have orderly wind-down plans ready.
- Crypto-asset service providers are obliged entities for anti-money laundering, so a lapsed authorisation also puts their KYC, travel-rule and screening duties under scrutiny.
What is the MiCA transitional period and when does it end?
The MiCA transitional period is the grandfathering window that let crypto firms keep trading on old national rules while they applied for a full licence under the Markets in Crypto-Assets Regulation, Regulation (EU) 2023/1114. It ends on 1 July 2026 at the latest. MiCA became applicable to crypto-asset service providers on 30 December 2024, and the transitional regime ran from that date.
Article 143(3) is the operative text. It says crypto-asset service providers that "provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorisation pursuant to Article 63, whichever is sooner." That single sentence sets the outer limit. There is no extension mechanism inside the regulation.
| Fact | Detail |
|---|---|
| Regulation | Markets in Crypto-Assets, Regulation (EU) 2023/1114 |
| CASP rules applicable from | 30 December 2024 |
| Maximum transitional period | 1 July 2026 |
| Legal basis | Article 143(3), MiCA |
| Authorisation route | Article 63 (CASP authorisation) |
| Supervisor coordination | ESMA and national competent authorities |
Why does the deadline differ by member state?
The deadline differs because Article 143(3) gave each member state discretion to cut the window short. The same article lets a state "decide not to apply the transitional regime" or "reduce its duration" where it judged its pre-MiCA national framework less strict than the regulation. States had to notify the Commission and ESMA of their choice. The result is a deliberately non-unified map.
ESMA put the consequence plainly: "CASPs will face different transitional periods depending on the Member State or Member States in which they are active." A firm authorised in a slow jurisdiction can still be operating illegally in a faster one. The table below shows how widely the windows diverge.
| Grandfathering window | Member states |
|---|---|
| 18 months (to 1 July 2026) | Belgium, Bulgaria, Czechia, Denmark, Estonia, Greece, Spain, France, Croatia, Italy, Cyprus, Luxembourg, Malta, Portugal, Romania |
| 12 months (closed 31 Dec 2025) | Germany, Ireland, Lithuania, Austria, Slovakia |
| 6 months (closed mid-2025) | Latvia, Hungary, Netherlands, Poland, Slovenia |
For a firm operating in more than one country, the binding date is the earliest one that applies to it, not the most generous. The MiCA transitional period a firm relies on in Paris does nothing for the same firm's Amsterdam clients.
What does the deadline change for your obligations?
Losing transitional cover changes a firm's status from lawfully operating to unauthorised, and that cascades into every adjacent duty. A crypto-asset service provider is an obliged entity under EU anti-money laundering law, so authorisation is not a standalone licence; it is the gate that legitimises the firm's customer due diligence, monitoring and reporting.
The concrete shifts once the MiCA transitional period expires:
- Customer due diligence and EDD. CASPs must apply full CDD at onboarding and enhanced due diligence for higher-risk customers, the backbone of crypto KYC compliance. After the cliff, an unauthorised firm performing KYC has no lawful basis to take on the customers it is screening. New onboarding should stop.
- Travel rule. The Transfer of Funds Regulation, Regulation (EU) 2023/1113, has required originator and beneficiary information on crypto-asset transfers since 30 December 2024. That duty does not pause for an unlicensed firm; it compounds the exposure.
- Sanctions and PEP screening. Screening obligations continue to bite, and a firm winding down still has to clear flagged transfers and file suspicious activity reports rather than rush balances out the door.
- Record-keeping and audit trail. A clean, exportable record of CDD decisions becomes the evidence a national competent authority will ask for if it questions whether the firm stopped onboarding in time.
- Passporting. Without a MiCA authorisation there are no passporting rights. A licence won in one state does not retroactively cover the period a firm spent unauthorised in another.
The practical reading: the deadline is not only a licensing event. It is an anti-money laundering event, because the firm's KYC programme only has standing while the firm itself is authorised.
What is still uncertain about the MiCA transitional period?
The biggest risk is timing slippage between a firm's earliest national deadline and the day its authorisation actually lands. Authorisation under Article 63 is not instant, and ESMA has signalled that regulators will not wave through eleventh-hour files. In its December 2025 update, ESMA reminded competent authorities to treat "last minute" applications with caution and to hold them to the same standard as any other.
Several open questions remain. ESMA expects firms that are not yet authorised to have "orderly wind-down plans" ready, but what counts as orderly, and how aggressively each national authority enforces it, will vary. A firm caught in the interim gap that ESMA described, authorised in one state but past the deadline in another, has to suspend services to clients in the lapsed jurisdiction even while its application elsewhere is pending. Liability for customer harm during that gap is unsettled. And because the windows were a national choice, cross-border firms carry the cost of reconciling up to a dozen different end dates, a burden that falls hardest on smaller providers without large compliance teams.
How does this compare with other 2026 compliance deadlines?
The MiCA transitional period sits inside a wider tightening of EU and global financial-crime supervision in 2026. It is a hard regulatory cliff rather than a fine, which makes it different in kind from the AML enforcement actions dominating the headlines, but it stems from the same supervisory mood. Regulators are done with grace periods.
For scale, recent enforcement shows what sits on the other side of weak controls: the United States Financial Crimes Enforcement Network levied a record penalty on a broker-dealer this month, the kind of outcome that follows years of unaddressed gaps. Sweden's Finansinspektionen fined Ikano Bank 140 million kronor on 17 June 2026 for anti-money laundering failures, including inadequate enhanced due diligence. The MiCA deadline is the front end of that same risk curve: get authorised and run real KYC, or face the enforcement that follows operating without it.
How should compliance teams respond?
Map every jurisdiction you serve to its exact MiCA transitional period end date, then plan against the earliest one, not 1 July 2026 by default. Confirm the status of your Article 63 application in each home and host state, and assume no leniency for a late file. Where authorisation will not arrive in time, build and document an orderly wind-down for the affected market, keep screening and reporting running through the wind-down, and preserve an exportable audit trail of when you stopped onboarding. Treat the licence and the anti-money laundering programme as one workstream, because supervisors will.
This is where onboarding architecture matters. Zyphe runs decentralised KYC across a network of 60,000-plus nodes, with personal data sharded so no single node holds a complete record and a customer-held key with no central honeypot, verified against ICAO 9303 and eIDAS standards through a single API and per-region data residency. For a CASP rebuilding compliant onboarding under deadline, that is a faster path to defensible KYC. See how it works or book a demo.
The bottom line
The MiCA transitional period closing on 1 July 2026 is the end of the EU's on-ramp for crypto-asset service providers. The headline date is the easy part. The harder reality is that the binding deadline is national, often earlier, and tied directly to a firm's anti-money laundering standing. Teams that have mapped every jurisdiction, secured authorisation and built KYC they can evidence will pass through it quietly. Those still leaning on legacy registration are running out of road.
Cited sources
- ESMA, Markets in Crypto-Assets Regulation (MiCA) overview
- Regulation (EU) 2023/1114 (MiCA), full text, Article 143
- ESMA Statement on MiCA Transitional Measures (17 December 2024)
- ESMA, List of grandfathering periods decided by Member States under Article 143(3)
- Finansinspektionen, Ikano Bank receives a remark and an administrative fine (17 June 2026)
Michelangelo Frigo(Co-Founder at Zyphe)Michelangelo Frigo is a privacy and identity infrastructure expert and co-founder of Zyphe.