MiCA Deadline 2026 — What Crypto Businesses Must Do Now

Q: Has the MiCA CASP deadline passed?

The primary MiCA CASP authorization deadline — December 30, 2024 (when CASP rules entered force) — has passed. The grandfathering period allowing previously-registered VASPs to continue operating while applying for CASP authorization ended December 30, 2025. Some member states optionally extended this to June 30, 2026 for VASPs that filed CASP applications before December 30, 2025. As of March 2026, new CASP applications can still be submitted, but operating without authorization while applying is only permissible where the member state grandfathering extension applies.

Q: What happens if I operate without a CASP license after the deadline?

Operating crypto-asset services in the EU without a MiCA CASP authorization (and without a valid grandfathering exemption) constitutes a breach of MiCA Art. 59. NCAs have powers to issue public warnings, order cessation of activities, impose administrative fines (up to €5 million or 3% of annual turnover, whichever is higher), and refer cases for criminal prosecution under national implementation laws. Counterparties including banks and payment processors may refuse to work with unauthorized crypto businesses.

Q: Can I still apply for a CASP license in 2026?

Yes. New CASP authorization applications can be submitted to NCAs at any time — there is no application deadline. MiCA is a permanent regulatory framework. The grandfathering transition provisions specifically concerned whether previously VASP-registered firms could continue operating while applying — not whether new applications could be filed. Any business can apply for CASP authorization today. Authorization takes 3–8 months depending on jurisdiction.

Complete MiCA Implementation Timeline

Understanding the MiCA deadlines requires tracking four distinct regulatory events. Here is the complete implementation chronology:

June 2023

MiCA Regulation Published — 18-Month Clock Starts

MiCA Regulation (EU) 2023/1114 was published in the Official Journal of the EU on June 9, 2023, and entered into force 20 days later. The regulation immediately set the 18-month clock running for stablecoin provisions (Title III/IV) and the 36-month clock for CASP provisions (Title V). ESMA and EBA began developing the extensive Level 2 regulatory technical standards (RTS) required under MiCA.

June 30, 2024

MiCA Title III and IV Enter Force — Stablecoin Rules Live

MiCA Titles III and IV (Asset-Referenced Token and E-Money Token issuance rules) entered into force on June 30, 2024. Stablecoin issuers — including e-money token issuers and asset-referenced token issuers — were required to hold ESMA/NCA authorization from this date. This was the first major MiCA deadline that affected operating businesses, primarily stablecoin projects.

Dec 30, 2024

MiCA Title V Enters Force — CASP Rules Live, Applications Open

MiCA Title V (CASP authorization and ongoing obligations) entered into force on December 30, 2024. From this date: (1) NCAs began accepting CASP authorization applications, (2) the 12-month grandfathering period started for VASPs registered under pre-MiCA national regimes, (3) new businesses wishing to provide crypto-asset services in the EU could apply for CASP authorization. The grandfathering window was a gift to legacy businesses — not to new entrants.

Dec 30, 2025

Grandfathering Period Ends — CASP Authorization Required

The MiCA Art. 143 transitional grandfathering period expired on December 30, 2025 — 12 months after CASP rules entered force. From this date, all businesses providing crypto-asset services in the EU must hold a MiCA CASP authorization or be operating in breach of EU law. Member states had the option to extend transitional provisions by up to six additional months (until June 30, 2026) for VASPs that submitted CASP applications before December 30, 2025.

June 30, 2026

Absolute Hard Deadline — No Further Extensions

June 30, 2026 is the absolute final date. No further grandfathering or transitional provisions exist under MiCA. Any business providing crypto-asset services in the EU without a CASP authorization after this date is operating in clear breach of MiCA regardless of any prior VASP registration status or pending application. NCAs are expected to increase enforcement actions materially after this date.

Grandfathering Rules — Member State Variations

MiCA Art. 143(3) gives each member state the option to allow previously VASP-registered businesses to continue operating under the pre-MiCA registration for up to 18 months from December 30, 2024 — i.e., until June 30, 2026 — provided that the VASP submitted a CASP authorization application before December 30, 2025. This was an optional member state provision, not a mandatory EU-wide rule. Implementation varied significantly:

Lithuania

Lithuania implemented the full 18-month grandfathering option. VASPs registered with Lithuania's FNTT (Financial Crime Investigation Service) that filed CASP applications with the Bank of Lithuania before December 30, 2025 may continue operating under their VASP registration until June 30, 2026 or until the CASP application is decided (whichever is earlier). The Bank of Lithuania actively communicated this timeline to registered VASPs.

Estonia

Estonia did not implement the full optional grandfathering extension. The FSA had already substantially wound down Estonia's pre-MiCA VASP registry through its 2022–2023 cleanup. Entities wishing to provide crypto-asset services in Estonia from December 30, 2024 were expected to apply for CASP authorization directly. Estonia has been among the stricter NCAs in enforcing the transition.

Poland

Poland did not have a formal pre-MiCA VASP registration regime comparable to Estonia or Lithuania — Polish crypto businesses operated under AML obligations without a dedicated VASP registry. As a result, there was no legacy VASP population to grandfather. KNF began receiving CASP applications from December 30, 2024 for new authorizations.

Germany

Germany had required crypto custody providers to hold BaFin authorization under §1 KWG since 2020, and offered a specific transition for these existing BaFin-authorized entities. BaFin permitted authorized crypto custodians to continue operating under their existing BaFin authorization while filing for CASP authorization upgrade. New CASP service categories (exchange, trading platform, portfolio management) require fresh CASP applications.

Key Point: Grandfathering Required Filing by Dec 30, 2025

Even in member states that implemented the optional grandfathering extension, this only applies to businesses that filed a CASP application before December 30, 2025. Businesses that did not file before that date cannot claim grandfathering protection — they must either obtain CASP authorization immediately or cease EU operations.

What Happens if You Operate Without Authorization

MiCA Art. 111 and national implementing legislation create a clear enforcement framework for unauthorized CASP activities. NCA powers against unauthorized operators include:

Public warnings: NCAs can publish a public warning on their official website identifying the unauthorized operator and the nature of the breach — a reputationally damaging sanction
Cease-and-desist orders: NCAs can order immediate cessation of all CASP activities directed at EU clients
Administrative fines: Up to €5 million or 3% of total annual turnover (whichever is higher) for legal persons; up to €700,000 for natural persons
Criminal referral: National implementing laws may create criminal offences for operating without authorization — penalties vary by member state
Bank and payment provider pressure: NCAs communicate with banks and payment service providers about unauthorized operators; banking relationships may be terminated

As of March 2026, several EU NCAs have begun formal investigations into businesses operating without CASP authorization. ESMA maintains a public register of authorized CASPs — absence from this register is a clear signal to counterparties and clients.

Urgent Action Steps — March 2026

If you are providing crypto-asset services in the EU without a CASP authorization, here are the steps to take immediately:

1

Assess Your Scope

Determine whether your activities fall within MiCA's definition of "crypto-asset services" under Art. 3(1)(17). DeFi protocols, non-custodial software, and NFT platforms may fall outside scope — but this requires a legal opinion. Get a MiCA scope legal opinion if uncertain.

2

Check Your Grandfathering Status

If you hold a legacy VASP registration in Lithuania, Malta, or another EU member state that implemented grandfathering, verify whether (a) your jurisdiction offered the extension and (b) you filed a CASP application before December 30, 2025. If both conditions are met, you may continue until June 30, 2026.

3

Select Your CASP Jurisdiction Immediately

If you do not have a valid grandfathering exemption, you need CASP authorization urgently. Select your jurisdiction based on processing speed and your business needs. Lithuania (3–4 months) is the fastest EU option. See our jurisdiction comparison guide.

4

Start Documentation Preparation Now

CASP documentation preparation takes 4–8 weeks: AML program, DORA ICT framework, business plan, director fit-and-proper dossiers (criminal record certificates alone take 4–6 weeks). Every day of delay extends your authorization gap.

5

Consider Interim Risk Mitigation

While your CASP application is in process, consider whether your business can temporarily limit EU client onboarding, use geographic restrictions, or take other compliance risk reduction measures. Document all steps taken to demonstrate good faith to the NCA.

Which Businesses Are Affected by the MiCA Deadline?

The MiCA deadline affects a broader range of businesses than many operators initially assumed. You are affected if:

You provide crypto exchange services to EU clients — exchanging crypto for fiat or for other crypto on behalf of EU users
You custody crypto assets for EU clients — holding private keys or controlling crypto wallets on behalf of EU users
You operate a crypto trading platform accessible by EU users — whether you are EU-incorporated or not
You provide crypto portfolio management to EU clients — including robo-advisory services
You advise EU clients on crypto investments
You were VASP-registered in any EU member state and have not yet obtained CASP authorization
You are a non-EU company actively marketing crypto services to EU clients — MiCA applies based on where clients are located, not where the business is incorporated

Businesses that may be outside MiCA's scope include: purely non-custodial wallet software providers, DeFi protocol developers with no operational role in service provision, NFT platforms (subject to NFT characterization analysis), and businesses providing services exclusively to non-EU clients with genuine geographic restrictions.

Frequently Asked Questions

Has the MiCA CASP deadline passed?

The primary grandfathering deadline — December 30, 2025 — has passed. Businesses operating without CASP authorization and without a valid grandfathering exemption are in breach of MiCA. Some member states offered optional extensions to June 30, 2026 for VASPs that submitted CASP applications before December 30, 2025. New CASP applications can still be submitted at any time — there is no application deadline — but operating without authorization during the review period carries regulatory risk.

What happens if I operate without a CASP license after the deadline?

Operating without authorization in breach of MiCA Art. 59 exposes you to: NCA public warnings, cease-and-desist orders, administrative fines up to €5 million or 3% of turnover, criminal prosecution under national law, and loss of banking relationships. NCAs are actively monitoring and the enforcement environment is tightening in 2026.

Can I still apply for a CASP license in 2026?

Yes. CASP authorization applications can be submitted to NCAs at any time in 2026 and beyond — MiCA is a permanent licensing framework with no application cutoff. Authorization takes 3–8 months depending on jurisdiction. The urgency is that you should not be operating regulated services without authorization during the review period (unless a valid grandfathering exemption applies in your jurisdiction).

Which businesses are affected by the MiCA deadline?

MiCA applies to any business providing crypto-asset services to EU clients professionally — regardless of where the business is incorporated. This includes EU and non-EU companies providing exchange, custody, trading platform, portfolio management, advice, and transfer services to EU users. DeFi protocols, non-custodial software developers, and NFT platforms may fall outside scope but require individual legal analysis to confirm. See our MiCA scope legal opinions service.