MiCA CASP Authorization: What the July 1, 2026 Deadline Means for Crypto Compliance

On July 1, 2026 — less than two weeks from now — the transitional grace period under the Markets in Crypto-Assets Regulation (MiCA) expires. Any crypto-asset service provider (CASP) operating in the EU without MiCA authorization after that date will be in breach of EU law and must cease providing services immediately.

For compliance officers, MLROs, and AML analysts working with crypto counterparties, this deadline has a direct operational implication: your due diligence process must now include verifying whether a CASP is actually authorized.

What the July 1 deadline means

MiCA fully applied to CASPs from December 30, 2024. However, the regulation included a transitional provision allowing crypto service providers already operating under national law to continue for up to 18 months while they obtained MiCA authorization. That window closes on July 1, 2026.

After that date, the landscape is binary:

• Authorized CASPs hold a MiCA license granted by a national competent authority (NCA) such as BaFin, DNB, AMF, or CySEC, and benefit from EU-wide passporting rights.
• Unauthorized entities must stop providing crypto-asset services to EU clients entirely. Operating without authorization exposes both the entity and its counterparties to regulatory and legal risk.

The European Securities and Markets Authority (ESMA) has been explicit: there are no further extensions, no additional grace periods, and grandfathered entities do not benefit from passporting rights unless they obtain a MiCA license.

Why this matters for your compliance program

If your institution transacts with crypto counterparties — whether exchanges, custodians, OTC desks, or stablecoin issuers — you now need to answer a question that did not exist two years ago: is this CASP actually authorized to operate in the EU?

Transacting with an unauthorized CASP after July 1 creates several categories of risk:

Regulatory exposure. Operating with unauthorized counterparties may be flagged by supervisors as a failure of third-party due diligence, particularly under the AMLR framework which requires continuous counterparty risk assessment.

Settlement risk. An unauthorized CASP may be forced to wind down operations abruptly, creating settlement failures on pending transactions.

Reputational risk. The association with non-compliant entities is increasingly scrutinized by banking partners and regulators alike, particularly given the surge in AML enforcement actions across the EU in 2025.

How to verify CASP authorization

There are three ways to check whether a crypto service provider is MiCA-authorized:

1. ESMA Interim MiCA Register. ESMA publishes a register of authorized CASPs and their passporting notifications. This is the definitive source, updated as NCAs submit notifications.

2. National competent authority registers. Each EU country maintains its own register of authorized entities. Key regulators include BaFin (Germany), DNB (Netherlands), AMF (France), CBI (Ireland), OAM (Italy), and CySEC (Cyprus).

3. AMLRadar CASP Registry. We maintain a searchable database of known authorized and registered CASPs by country, sourced from official national registers. You can search by company name or filter by jurisdiction and authorization status.

Which CASPs are already authorized?

Based on data from national registers, several major operators obtained authorization ahead of the July deadline. Among those with confirmed MiCA or equivalent authorization:

• Coinbase — authorized through BaFin (Germany) and registered with DNB (Netherlands) and CBI (Ireland)
• Bitstamp — authorized through CSSF (Luxembourg)
• Bitpanda — authorized through FMA (Austria) and BaFin (Germany)
• Kraken — authorized through BaFin (Germany)
• Circle — authorized by AMF (France) as EMT issuer for USDC
• Revolut — authorized as EMI with VASP registration in Lithuania
• eToro — authorized through CySEC (Cyprus) as CIF + CASP

Notably absent from public authorization lists as of June 2026: several major offshore exchanges serving EU clients. These entities face a hard decision in the next two weeks.

What authorized CASPs must now demonstrate

MiCA authorization is not a one-time checkbox. Authorized CASPs must maintain ongoing compliance across several dimensions relevant to AML screening:

Travel Rule compliance. CASPs must collect and transmit originator and beneficiary information for crypto-asset transfers above the reporting threshold. This creates new due diligence obligations when transacting with other CASPs.

Sanctions screening. CASPs are required to screen customers and transactions against EU, OFAC, and UK sanctions lists in real time. For payment transactions, the Instant Payments Regulation imposes a 10-second screening window — meaning manual review is no longer operationally feasible.

Enhanced due diligence on high-risk jurisdictions. MiCA aligns with AMLA's risk-based approach, requiring enhanced scrutiny for customers from or transacting with high-risk third countries.

AMLA direct supervision. From 2028, the Anti-Money Laundering Authority will directly supervise the largest cross-border CASPs. Preparation for AMLA supervision is effectively beginning now.

The practical takeaway for compliance teams

The July 1 deadline creates an immediate action item for any compliance program with crypto exposure:

1. Audit your counterparty list. Identify all CASPs you transact with or accept funds from, and verify their authorization status before July 1.

2. Update your due diligence templates. Add MiCA authorization status as a mandatory field in your CASP onboarding and periodic review processes.

3. Monitor for unauthorized operators. Payments or deposits from entities that should be authorized but are not should trigger enhanced scrutiny.

4. Screen wallets associated with unauthorized CASPs. If a counterparty loses authorization and continues operating, funds from their wallets may carry elevated risk.

AMLRadar's CASP Registry lets you search authorized providers by country and verify authorization status. The Wallet Screener checks any crypto address against OFAC, EU, and UK sanctions lists in real time — including addresses associated with entities flagged in enforcement actions.

The July 1, 2026 deadline is not a procedural formality. It is the moment at which the EU crypto market formally divides into compliant and non-compliant operators. Your counterparty due diligence process needs to reflect that division.