Vixio’s Verdict: The MiCA Transition Clock Is Running Out

May 6, 2026
Request a Demo
<
Back
On April 17, 2026, the European Securities and Markets Authority (ESMA) published a statement on the end of transitional periods under Regulation (EU) 2023/1114 (Markets in Crypto-Assets – MiCA). Given the July 1, 2026 ending of the MiCA transition period, and the finalisation of the state of interplay between MiCA and PSD2, this Vixio’s Verdict will examine the implications of the regulators’ statements.

On April 17, 2026, the European Securities and Markets Authority (ESMA) published a statement on the end of transitional periods under Regulation (EU) 2023/1114 (Markets in Crypto-Assets – MiCA). With the transition period coming to an end on July 1, 2026, the statement clarifies ESMA’s supervisory expectations.

Earlier, on February 12, 2026, the European Banking Authority (EBA) published an opinion on supervisory priorities at the end of the MiCA and Directive (EU) 2015/2366 (revised Payment Services Directive – PSD2) transition period, which ended on March 2, 2026.

Given the July 1, 2026 ending of the MiCA transition period, and the finalisation of the state of interplay between MiCA and PSD2, this Vixio’s Verdict will examine the implications of the regulators’ statements. 

 

The bigger picture

ESMA’s published statement is the latest of three previous statements issued on this topic. Broadly reiterating the views expressed in ESMA’s statement of December 4, 2025, the new statement outlines:

  • The expectations for crypto-asset service providers (CASPs) on wind-down and client migration.
  • Expectations for national competent authorities (NCAs).

Expectations for CASPs on wind-down and client migration

As outlined in ESMA’s December 2025 statement, the authority expects CASPs to have orderly wind-down plans in place, ready for implementation ahead of the end of the transitional periods.

The 2026 statement further clarifies this, with ESMA stating that:

  • Wind-down plans must enable an orderly exit without causing undue economic harm to clients. This includes strict arrangements for the offboarding of clients. Furthermore, CASPs should provide existing clients with prior notice before implementing a wind-down plan.
  • Any unauthorised CASP must have fully implemented its wind-down plan by July 1, 2026.
  • CASPs are expected to actively manage the migration of existing clients ahead of July 1, 2026. Authorised CASPs should take the necessary steps to onboard existing EU clients before the end of the transition period.
  • Entities established outside the EU are, with narrow exceptions, not permitted to provide crypto-asset services that qualify as MiCA services to EU investors, nor may they solicit EU clients with a view to providing MiCA services to them.

Expectations for NCAs

With supervisory convergence being a key priority, the 2026 statement clarifies that NCAs are expected to:

  • Verify the existence and adequacy of orderly wind-down plans for unauthorised CASPs, ensuring these are implemented in a timely manner without causing undue economic harm to clients.
  • Take action against the unauthorised provision of crypto-asset services following the end of the transition period, in cooperation with other competent authorities where appropriate.
  • Scrutinise client migration strategies, ensuring that authorised CASPs take timely steps to onboard EU clients currently or previously serviced by unauthorised CASPs (including unauthorised group entities). NCAs must ensure unauthorised CASPs do not continue business-as-usual activities beyond the transition period.

MiCA and PSD2

Similarly, the EBA’s opinion followed its no-action letter (NAL), published in June 2025. As explored in Vixio’s Verdict: MiCA and PSD2 – EBA Provides More Clarity, But Regulatory Stability Remains A Work in Progress, the EBA’s opinion provided much-needed clarification on the regulatory position that will apply post-March 1, 2026.

However, in doing so, the EBA broadened the circumstances in which an electronic money token (EMT) related activity may trigger authorisation requirements under PSD2. As a direct consequence, firms operating under these regimes may face dual authorisation until PSD3/PSR is given force.

 

Vixio’s View

Although most of ESMA’s expectations simply reiterate previous statements, this transparency is still vital. As MiCA’s transition period draws to a close, crypto-asset service providers will face greater scrutiny, making clear guidance essential.

The statement goes beyond mere reiteration by explaining and emphasising the importance of specific expectations. Two aspects of the statement are particularly notable:

  1. Reverse solicitation.
  2. The potential for fines.

Reverse solicitation

In ESMA’s statement, a single paragraph is dedicated to reverse solicitation and similar incidents. It explicitly states that entities "established outside the EU are, outside the narrow exception of reverse solicitation, not permitted to provide crypto-asset services that qualify as MiCA services to EU investors or to solicit EU clients with a view to provide MiCA services to them". It further clarifies that this strict prohibition also applies in a business-to-business (B2B) context.

Pursuant to Article 59 of MiCA, firms may not provide crypto-asset services within the Union unless they have been authorised in accordance with Article 63. As a consequence, third-country firms that do not obtain such authorisation are explicitly prohibited from offering such services.

However, Article 61 provides a narrow exemption: where a client established or situated in the Union initiates — at its own exclusive initiative — the provision of a crypto-asset service or activity by a third‐country firm, the requirement for authorisation under Article 59 shall not apply. This includes a relationship specifically relating to the provision of that crypto-asset service or activity.

This narrow exemption is further detailed in ESMA’s final guidelines (ESMA35-1872330276-2030), which outline situations in which a third-country firm is deemed to be soliciting EU clients, alongside the supervisory practices meant to detect and prevent circumvention. The annex of the guidelines provides a non-exhaustive list of circumstances where a third-country firm is likely to be regarded as soliciting clients in the Union, including:

  • Using regional or country-specific search engine optimisation (SEO) strategies to optimise its online presence.
  • Using geo-targeting strategies for running digital ads, whether on search engine results pages (SERPs) or social media platforms, that target potential EU clients or clients within specific member states.
  • Hosting a website (or part of a website) in an official language of the Union, which is not customary in the sphere of international finance, or using integrated translation tools, without indication that the firm originates from a jurisdiction using the same language or is targeting a non-EU jurisdiction that uses the same language.
  • Sponsoring an EU- or member state-centric sporting event, such as a national or European championship.
  • Redirecting potential EU clients to its website by including a link on training or educational materials.

Ultimately, with ESMA’s explicit clarification that B2B situations are fully captured by Article 59's prohibitions, alongside the broad scope of ESMA’s guidelines, the practical application of the reverse solicitation exemption has been severely narrowed for unauthorised third-country entities. Firms making use of this exemption will therefore need to be even more wary of falling afoul of its narrow perimeter. 

The potential for fines 

ESMA’s statement frequently reiterates that, after the July 1, 2026 date, any entity providing crypto-asset services to EU clients without a MiCA authorisation will be in breach of EU law. In particular, ESMA calls on national competent authorities to take action against the unauthorised provision of crypto-asset services following the end of the transition period. 

The potential administrative penalties for violating the provisions of MiCA can be substantial: 

Violation 

Penalty 

Infringements of Articles 4 to 14 on Title II crypto-assets other than asset-referenced tokens or e-money tokens. 

Maximum fine of €5m, or up to 3 percent of annual turnover. 

Infringements of Articles 59, 60, 64 and Articles 65 to 83 on: 

  • Article 59: authorisation of crypto-asset service providers.
  • Article 60: provision of crypto-asset services by certain financial entities.
  • Article 64: withdrawal of authorisation of a CASP.
  • Title V authorisation and operating conditions for CASPs - Chapter 2 obligations for all CASPs, Chapter 3 obligations in respect of specific crypto-asset services and Chapter 4 acquisition of CASPs. 

Maximum fine of €5m, or up to 5 percent of annual turnover. 

Infringements of Articles 16, 17, 19, 22, 23, 25, Articles 27 to 41, Articles 46 to 51, Articles 53, 54 and 55 on: 

  • Title III asset-referenced tokens - Chapter 1 authorisation to offer asset-referenced tokens to the public and to seek their admission to trading.
  • Title III asset-referenced tokens - Chapter 2 obligations of issuers of asset-referenced tokens, Chapter 3 reserve of assets and Chapter 4 acquisitions of issuers of asset-referenced tokens.
  • Title III asset-referenced tokens - Chapter 6 recovery and redemption plans and Title IV e-money tokens - Chapter 1 requirements to be fulfilled by all issuers of e-money tokens. 

Maximum fine of €5m, or up to 12.5 percent of annual turnover. 

Infringements of Articles 88 to 92 on: 

  • Article 88: public disclosure of inside information.
  • Article 89: prohibition of insider information.
  • Article 90: prohibition of unlawful disclosure of inside information.
  • Article 91: prohibition of market manipulation.
  • Article 92: prevention and detection of market abuse. 

Any of the following: 

  1. A public statement indicating the natural or legal person responsible and the nature of the infringement.
  2. An order requiring the natural or legal person responsible to cease the conduct constituting the infringement and to desist from a repetition of that conduct.
  3. The disgorgement of the profits gained or losses avoided due to the infringement insofar as they can be determined.
  4. Withdrawal or suspension of the authorisation of a crypto-asset service provider.
  5. A temporary ban of any member of the management body of the crypto-asset service provider, or any other natural person who is held responsible for the infringement, from exercising management functions in CASPs.
  6. In the event of a repeated infringement of Article 89, 90, 91 or 92, a ban of at least ten years for any member of the management body of a crypto-asset service provider, or any other natural person who is held responsible for the infringement, from exercising management functions in a crypto-asset service provider.
  7. A temporary ban of any member of the management body of a crypto-asset service provider or any other natural person who is held responsible for the infringement, from dealing on their own account.
  8. Maximum administrative fines of at least three times the amount of the profits gained or losses avoided because of the infringement, where those can be determined, even if it exceeds the maximum amounts set out in point (i) or (j).
  9. In respect of a natural person, maximum administrative fines of at least €1m for infringements of Article 88 and €5m for infringements of Articles 89 to 92 or in the member states whose official currency is not the euro, the corresponding value in the official currency on June 29, 2023.
  10. In respect of legal persons, maximum administrative fines of at least €2.5m for infringements of Article 88 and €15m for infringements of Articles 89 to 92, or 2 percent for infringements of Article 88 and 15 percent for infringements of Articles 89 to 92 of the total annual turnover of the legal person according to the last available accounts approved by the management body, or in the member states whose official currency is not the euro, the corresponding value in the official currency on June 29, 2023.

Given the scope of possible fines, as well as the potentially sizable ramifications for non-compliance with MiCA, firms should take particular care in adhering to MiCA’s strict requirements before the deadline. 

Interplay between PSD2 and MiCA

Beyond the threat of MiCA-specific fines, firms issuing electronic money tokens (EMTs) face an additional layer of complexity: dual authorisation. As highlighted in the EBA's February 2026 opinion, which built upon its June 2025 no-action letter (NAL), the scope of what constitutes a payment service has broadened.

This means firms operating at the intersection of crypto-assets and traditional payments must navigate penalty frameworks under both MiCA and PSD2. However, this regulatory overlap is transitional. The EBA’s guidance serves as a temporary bridge covering the period from the NAL’s publication until the eventual implementation of PSD3 and the Payment Services Regulation (PSR). Consequently, firms must remain agile, managing the compliance burden of the current dual-regime landscape while actively preparing for the arrival of PSD3.

And yet, the transient dual-regulatory period could apply for an extended period. As set out in the final text of PSD3/PSR, payment and e-money institutions will be able to make use of a 27-month transitional period before the new regime takes full force. Thus, if PSD3 was to be published by the end of this year, the regime would not apply until Q1 2029. 

 

Looking ahead

With the July 1, 2026 deadline only a few months away, ESMA’s latest statement serves as a final notice for the crypto-asset industry. The transitional phase is effectively over, and firms can no longer rely on regulatory grey areas. CASPs should use the remaining weeks to finalise immediate compliance actions.

For CASPs that have not yet secured MiCA authorisation, the urgency cannot be overstated. Firms must immediately operationalise their transition or exit strategies before the July deadline.

Given the substantial administrative fines, reaching up to 12.5 percent of annual turnover for certain infringements, as well as the threat of management bans, the cost of non-compliance is severe. Whether a firm is exiting the EU market, migrating clients or managing dual authorisation, execution of these compliance obligations is the only way to navigate the impending July 1 deadline.

Alex Davies

Our premium content is available to users of our services.

To view articles, please Log-in to your account. Alternatively, if you would like to gain access to the tools that will help you navigate compliance risk with confidence please get in touch today.

Request a demo

Gambling
Payments
Banking
Digital Assets

You understand that by completing this form, you are also signing up to receive marketing communications from us. You can opt out of such communications at any time. Please see our Privacy Policy here.

Submission sent
Submission sent

You understand that by completing this form, you are also signing up to receive marketing communications from us. You can opt out of such communications at any time. Please see our Privacy Policy here.

Submission sent

You understand that by completing this form, you are also signing up to receive marketing communications from us. You can opt out of such communications at any time. Please see our Privacy Policy here.

Submission sent
Still can’t find what you’re looking for?
Get in touch to speak to a member of our team, and we’ll do our best to answer.
Contact us
No items found.
No items found.
European Union

Please choose your preferred
service to log in to.

GamblingCompliance
PaymentsCompliance
Don’t have an account?