Route facts
Decision brief
Who should use this tracker
Operators, compliance teams and clients checking whether a specific legal entity can provide a defined crypto-asset service in the EU.
What decides the answer
Current ESMA register data, the legal entity identifier, authorisation and withdrawal dates, service scope and relevant cross-border coverage.
What this tracker excludes
Undated provider totals, jurisdiction rankings, estimated application durations and conclusions based on commercial brands alone.
Next action
Collect the contracting entity's legal name, LEI where available, proposed service and client Member States before checking the register.
The source of truth
Use the current ESMA register, not a copied list
Articles 109 and 110 of MiCA require ESMA to maintain central register information for authorised providers and non-compliant entities. ESMA says the data displayed in its interim MiCA register is supplied by national competent authorities and the European Banking Authority. Its MiCA page carries a separate file for crypto-asset service providers.
ESMA states that the register is republished at weekly intervals. A national register or recent supervisory decision may therefore appear before the next ESMA publication. ESMA also keeps a withdrawn authorisation in the file with its effective withdrawal date. A search result is only the start of the check: the status, date, service and legal entity fields must all be read together.
Official data
Four tests for a usable register match
| Test | Evidence to match | What it answers |
|---|---|---|
| Test Legal entity | Evidence to match Legal name, LEI where reported and competent authority | What it answers Whether the register record belongs to the proposed contracting entity |
| Test Current status | Evidence to match Authorisation date and any withdrawal date | What it answers Whether the record supports current authority rather than historical authority |
| Test Service scope | Evidence to match Listed crypto-asset services | What it answers Whether the proposed activity appears within the entity's recorded permissions |
| Test Cross-border scope | Evidence to match Member State codes reported for the relevant service | What it answers Whether the register data reflects the intended cross-border service route |
Verification workflow
How to check a provider in the live register
-
Record the publication date
Open ESMA's Markets in Crypto-Assets Regulation page and note the last update shown beside the downloadable register files.
-
Search by legal identity
Match the exact legal name and LEI where available. Do not treat a trading name or group brand as proof of the contracting entity's status.
-
Read both status dates
Confirm the authorisation date and inspect the withdrawal field. A retained historical row with a withdrawal date is not a live permission.
-
Match the service
Compare the proposed product flow with the listed crypto-asset services. An entry does not imply authority for every service defined by MiCA.
-
Check cross-border data
For activity outside the home Member State, inspect the Member State codes associated with the relevant service and apply the Article 65 analysis.
-
Preserve the evidence
Save the register publication date, matched fields and national authority cross-check in the diligence record before contracting or launch.
Cross-border services
Article 65 is a notification process
Article 65 requires a CASP intending to provide services in more than one Member State to notify its home competent authority. The submission identifies the relevant Member States, the services to be provided on a cross-border basis, the intended start date and other activities outside MiCA. The home authority communicates that information to host-state contact points, ESMA and EBA.
This process must be checked at service level. A valid home-state authorisation does not by itself answer whether every service, country or client flow in a proposed rollout is reflected in the cross-border notification. The public register data should be compared with the contract, customer journey and actual allocation of regulated functions.
Counting basis
How to read the dated snapshot
The ESMA MiCA CASP dataset snapshot as of 3 July 2026 contains 263 active legal-entity records. Each record has a distinct legal name and record identifier. The figure counts legal entities, not commercial brands, service lines or Member State coverage entries.
The extracted instrument basis is authorisation or notification. It does not distinguish the basis in a way that supports describing every one of the records as an Article 63-authorised CASP. The figure is therefore a dataset count, not a claim about the number of Article 63 authorisations.
The count will change as authorities report new decisions, service changes and withdrawals, while ESMA's weekly publication cycle can create a short reporting lag. Country rankings and approval-speed claims remain excluded because the register is not a controlled comparison of file quality, question rounds, supervisory workload or end-to-end processing time.
Diligence boundary
What a register entry does not prove
Contracting chain
The register does not show which group company signs the client agreement or which entity performs each customer-facing step.
Product fit
Listed services still need to be mapped to the product, asset flow, custody model, order flow and communications presented to clients.
Operational acceptance
Public status does not establish that a provider will accept a business, customer segment, asset set or proposed technical integration.
Control effectiveness
AML, sanctions, complaints, safeguarding, ICT resilience, outsourcing and incident responsibilities require separate documentary diligence.
- 263
- Active legal-entity records in the ESMA MiCA CASP dataset snapshot as of 3 July 2026, not a count of Article 63 authorisations
- 1 July 2026
- End of the MiCA transitional periods across the EU, according to ESMA
- Article 59
- Current-authorisation gate for providing crypto-asset services within the Union
- Article 65
- Notification process for providing services in more than one Member State
Provider-led models
Apply the same test to an integrated service
A provider-led integration does not change the Article 59 analysis. The regulated service must remain with an entity whose current status and service scope support that activity. The platform's role, customer communications, contracting chain, data exchange, asset flow and escalation model should be documented without suggesting that the platform itself has acquired the provider's authority.
Article 73 also matters where functions are outsourced. It states that outsourcing does not transfer the CASP's responsibility, alter its relationship with clients or change the conditions of its authorisation. Register verification is therefore one diligence layer, not a substitute for allocating responsibility in the operating model and agreements.
FAQ
Questions about the July 2026 tracker
Need a provider-specific status and scope review? Ask us directly
01 Is a pending MiCA application enough after 1 July 2026?
No. ESMA states that the transitional period ended across the EU on 1 July 2026. Current service provision must fit Article 59, which points to an Article 63 authorisation or an eligible financial entity allowed to provide the relevant service under Article 60.
02 Does a familiar brand prove that my provider is authorised?
No. ESMA tells clients to identify the specific authorised legal entity, not another company in the same group. Match the contracting entity's legal name and LEI where available, then verify the service and status dates.
03 Does an ESMA entry cover every crypto-asset service?
No. MiCA authorisations specify the services the provider is allowed to provide. Compare the register's service field with the actual custody, exchange, execution, order, advice, portfolio or transfer function in the product.
04 Why does SKY7 not rank Member States by authorisation speed?
The official register records authorisation information but does not provide a controlled end-to-end measure of application duration or file quality. A ranking built from informal reports would not be an official-source-only tracker.
05 When should the register be checked again?
Recheck decision-critical fields before relying on status, before signing a provider-specific agreement and before launch. ESMA says the interim register is published weekly, so retain the publication date with each diligence record.
Keep reading
Related reading
EU CASP-as-a-Service integration
Map a provider-led operating route without treating integration as a transfer of authorisation.
MiCA deadline missed: what now
Review operating choices after the transitional period has ended.
The MiCA CASP framework for crypto operators
Understand the authorisation perimeter, regulated services and operating conditions.