MiCA's full Crypto-Asset Service Provider (CASP) authorization regime has been in effect since December 30, 2024. Article 143 gave member states discretion to grant transitional periods of up to 18 months for firms already operating under existing national law. That 18-month clock expires on July 1, 2026.

After that date:

• Operating without a MiCA license = breach of EU law. Full stop.

• Penalties are real: fines up to €5 million or 5% of annual turnover, cease-and-desist orders, and operating bans

• ESMA is not in a grace-period posture. The regulator has explicitly rejected letter-of-the-law minimum compliance and expects firms to have already taken decisive action

If you haven't filed for CASP authorization by now, the window to get licensed before July 1 is closed. The realistic options left are a clean wind-down or a geo-block — not hope.

ESMA's April 2026 Statement: What the Regulator Actually Expects

On April 17, 2026, ESMA issued a formal statement clarifying its supervisory expectations heading into the July 1 deadline. The message was unambiguous.

For Unauthorized CASPs

Firms that have not obtained authorization must have immediately executable wind-down plans in place before July 1. These plans must:

• Be credible, operational, and ready for same-day implementation

• Comply with all relevant EU conduct, prudential, and AML/CFT obligations

• Enable an orderly market exit without causing undue economic harm to clients

• Include a clear client offboarding protocol — transferring crypto assets to an authorized CASP or to clients' self-hosted wallets

• Provide clients with advance notice before the wind-down is implemented

A wind-down plan is not a contingency document you file away. ESMA expects National Competent Authorities (NCAs) to actively verify that these plans exist and are viable before the deadline.

For Authorized CASPs

Licensed firms are not off the hook either. ESMA expects authorized CASPs to be actively migrating clients from unauthorized entities into licensed structures ahead of July 1. The regulator has put NCAs on notice to assess whether authorized firms are taking timely steps to onboard EU clients from transitioning competitors.

The Reverse Solicitation Trap

One of the most dangerous misconceptions we're seeing in the market right now is that the reverse solicitation exemption offers meaningful cover for serving EU clients without a MiCA license.

It doesn't.

ESMA's guidelines on reverse solicitation are explicit: the exemption is narrow by design and applies to genuinely client-initiated contact only. It is not a general EU-access strategy. Firms attempting to structure ongoing EU client relationships around reverse solicitation are taking on substantial regulatory and legal risk.

What robust geo-blocking actually looks like:

• Web and app geo-blocking based on IP detection for all EU member states

• Removal of apps from EU regional app stores

• Disabling EU-targeted push notifications and marketing

• Excluding EU audiences across all advertising platforms

• Documented audit trail proving the geo-block was implemented and maintained

ESMA has directed NCAs to actively monitor online activity, use marketing surveillance tools, look for EU indicators (EU domains, subdirectories, contact details), exchange intelligence with tax and law enforcement, and act on complaints. "We blocked the website" is not a complete answer.

The Enforcement Landscape

Member states have already demonstrated they will act. Italy, France, and Germany have issued warnings and blocked websites. The Netherlands has levied fines for pre-MiCA registration failures. These were warm-up exercises.

Post-July 1, NCAs are expected to take enforcement action against unauthorized provision of crypto-asset services from day one. The question isn't whether regulators will enforce — it's whether your firm is in their crosshairs.

The medium-term picture is also worth watching. The ECB and ESMA are actively pushing for centralized EU-level supervision of the largest CASPs. Businesses over-investing in light-touch single-state regulatory regimes as a long-term strategy should be reassessing whether that posture survives the next regulatory cycle.

The Practical June Posture: Three Paths

With 19 days left, the decision tree for most firms looks like this:

Path 1: Licensed (or Authorization In-Process with NCA Confirmation)

You're in the best position. Focus immediately on:

• Client migration protocols to absorb offboarding clients from competitors

• Verifying your authorization covers all intended service categories

• Monitoring last-minute ESMA RTS/ITS publications that may affect operational requirements

Path 2: Clean, Documented Wind-Down

If authorization isn't coming by July 1, this is the defensible path. Execute it:

• Wind-down plan finalized and operational now

• Client notification issued with advance notice as required

• Crypto asset transfer protocols in place (to authorized CASP or self-hosted wallet)

• Documentation showing compliance with AML/CFT obligations through exit

• All EU-facing services suspended by end of day June 30

Path 3: Geo-Block + Cessation of EU Services

For firms with EU client exposure but no intent to operate in the EU long-term:

• Comprehensive geo-block across all digital touchpoints (web, app, notifications, ads)

• Existing EU client offboarding completed before July 1

• No reliance on reverse solicitation as ongoing access

• Documented record of the geo-block implementation and maintenance

There is no Path 4 that involves continuing to serve EU clients without a license after July 1 and hoping for a grace period. ESMA has closed that door explicitly.

What to Watch in the Next 19 Days

Last-Minute ESMA RTS/ITS: ESMA has been issuing final technical standards and guidance through mid-2026. New publications affecting operational requirements, conduct obligations, or enforcement priorities could land before the deadline. Monitor the ESMA website actively.

Member-State Enforcement Day One: Don't assume enforcement is slow. Italy, France, Germany, and the Netherlands have demonstrated a willingness to act quickly. Post-July 1, expect immediate enforcement posture from NCAs.

Client Notification Timing: If you're executing a wind-down or geo-block, the clock on client notification is already running. "Advance notice" is not 24 hours before the deadline.

Schedule a consultation with Launch Legal.

Sources & Further Reading

• MiCA: End of the Transitional Period on 1 July 2026 — Elvinger Hoss

• EU Regulator Clarifies Expectations Ahead of MiCA Deadline — CoinGeek

• MiCA Licence or Market Exit? New ESMA Guidelines for CASPs — Dudkowiak & Putyra

• No Licence, No Party: ESMA's Latest Statement on MiCA Transition — Mondaq

• The End of Transitional Periods Under MiCA and Its Consequences — Mondaq

• ESMA MiCA Reverse Solicitation Guidelines — Maples Group

• MiCA Final Deadline: 60 Days for Crypto Firms to Get Authorized or Lose EU Access — The Deep Brief

• ESMA Releases Last Policy Documents to Get Ready for MiCA — ESMA

• MiCA Update – Six Months in Application — Skadden

• MiCA Compliance Deadline Tracker — Citium Tech