Folio 05 Insights Article

Regulatory updatesVASP/CASP Crypto Assets

MiCA CASP authorisation tracker: July 2026

As of July 2026, the transitional periods under MiCA have ended across the EU. ESMA's statements of 17 April and 23 June 2026 identify 1 July 2026 as the end of the transition and call on unauthorised providers to wind down EU activity. An application in progress is not a current authorisation. Article 59 of Regulation (EU) 2023/1114 supplies the operating gate. A person may provide crypto-asset services within the Union only if it is authorised as a crypto-asset service provider under Article 63, or is an eligible financial entity allowed to provide the relevant services under Article 60. The legal entity and service scope therefore matter more than a brand name, group description or marketing statement.

Modern glass-fronted institutional building with an EU flag visible outside

Route facts

Decision brief

Who should use this tracker

Operators, compliance teams and clients checking whether a specific legal entity can provide a defined crypto-asset service in the EU.

What decides the answer

Current ESMA register data, the legal entity identifier, authorisation and withdrawal dates, service scope and relevant cross-border coverage.

What this tracker excludes

Undated provider totals, jurisdiction rankings, estimated application durations and conclusions based on commercial brands alone.

Next action

Collect the contracting entity's legal name, LEI where available, proposed service and client Member States before checking the register.

The source of truth

Use the current ESMA register, not a copied list

Articles 109 and 110 of MiCA require ESMA to maintain central register information for authorised providers and non-compliant entities. ESMA says the data displayed in its interim MiCA register is supplied by national competent authorities and the European Banking Authority. Its MiCA page carries a separate file for crypto-asset service providers.

ESMA states that the register is republished at weekly intervals. A national register or recent supervisory decision may therefore appear before the next ESMA publication. ESMA also keeps a withdrawn authorisation in the file with its effective withdrawal date. A search result is only the start of the check: the status, date, service and legal entity fields must all be read together.

Official data

Four tests for a usable register match

Test Evidence to match What it answers
Test Legal entity Evidence to match Legal name, LEI where reported and competent authority What it answers Whether the register record belongs to the proposed contracting entity
Test Current status Evidence to match Authorisation date and any withdrawal date What it answers Whether the record supports current authority rather than historical authority
Test Service scope Evidence to match Listed crypto-asset services What it answers Whether the proposed activity appears within the entity's recorded permissions
Test Cross-border scope Evidence to match Member State codes reported for the relevant service What it answers Whether the register data reflects the intended cross-border service route

Verification workflow

How to check a provider in the live register

  • Record the publication date

    Open ESMA's Markets in Crypto-Assets Regulation page and note the last update shown beside the downloadable register files.

  • Search by legal identity

    Match the exact legal name and LEI where available. Do not treat a trading name or group brand as proof of the contracting entity's status.

  • Read both status dates

    Confirm the authorisation date and inspect the withdrawal field. A retained historical row with a withdrawal date is not a live permission.

  • Match the service

    Compare the proposed product flow with the listed crypto-asset services. An entry does not imply authority for every service defined by MiCA.

  • Check cross-border data

    For activity outside the home Member State, inspect the Member State codes associated with the relevant service and apply the Article 65 analysis.

  • Preserve the evidence

    Save the register publication date, matched fields and national authority cross-check in the diligence record before contracting or launch.

Cross-border services

Article 65 is a notification process

Article 65 requires a CASP intending to provide services in more than one Member State to notify its home competent authority. The submission identifies the relevant Member States, the services to be provided on a cross-border basis, the intended start date and other activities outside MiCA. The home authority communicates that information to host-state contact points, ESMA and EBA.

This process must be checked at service level. A valid home-state authorisation does not by itself answer whether every service, country or client flow in a proposed rollout is reflected in the cross-border notification. The public register data should be compared with the contract, customer journey and actual allocation of regulated functions.

Counting basis

How to read the dated snapshot

The ESMA MiCA CASP dataset snapshot as of 3 July 2026 contains 263 active legal-entity records. Each record has a distinct legal name and record identifier. The figure counts legal entities, not commercial brands, service lines or Member State coverage entries.

The extracted instrument basis is authorisation or notification. It does not distinguish the basis in a way that supports describing every one of the records as an Article 63-authorised CASP. The figure is therefore a dataset count, not a claim about the number of Article 63 authorisations.

The count will change as authorities report new decisions, service changes and withdrawals, while ESMA's weekly publication cycle can create a short reporting lag. Country rankings and approval-speed claims remain excluded because the register is not a controlled comparison of file quality, question rounds, supervisory workload or end-to-end processing time.

Diligence boundary

What a register entry does not prove

Contracting chain

The register does not show which group company signs the client agreement or which entity performs each customer-facing step.

Product fit

Listed services still need to be mapped to the product, asset flow, custody model, order flow and communications presented to clients.

Operational acceptance

Public status does not establish that a provider will accept a business, customer segment, asset set or proposed technical integration.

Control effectiveness

AML, sanctions, complaints, safeguarding, ICT resilience, outsourcing and incident responsibilities require separate documentary diligence.

263
Active legal-entity records in the ESMA MiCA CASP dataset snapshot as of 3 July 2026, not a count of Article 63 authorisations
1 July 2026
End of the MiCA transitional periods across the EU, according to ESMA
Article 59
Current-authorisation gate for providing crypto-asset services within the Union
Article 65
Notification process for providing services in more than one Member State

Provider-led models

Apply the same test to an integrated service

A provider-led integration does not change the Article 59 analysis. The regulated service must remain with an entity whose current status and service scope support that activity. The platform's role, customer communications, contracting chain, data exchange, asset flow and escalation model should be documented without suggesting that the platform itself has acquired the provider's authority.

Article 73 also matters where functions are outsourced. It states that outsourcing does not transfer the CASP's responsibility, alter its relationship with clients or change the conditions of its authorisation. Register verification is therefore one diligence layer, not a substitute for allocating responsibility in the operating model and agreements.

FAQ

Questions about the July 2026 tracker

Need a provider-specific status and scope review? Ask us directly

01 Is a pending MiCA application enough after 1 July 2026?

No. ESMA states that the transitional period ended across the EU on 1 July 2026. Current service provision must fit Article 59, which points to an Article 63 authorisation or an eligible financial entity allowed to provide the relevant service under Article 60.

02 Does a familiar brand prove that my provider is authorised?

No. ESMA tells clients to identify the specific authorised legal entity, not another company in the same group. Match the contracting entity's legal name and LEI where available, then verify the service and status dates.

03 Does an ESMA entry cover every crypto-asset service?

No. MiCA authorisations specify the services the provider is allowed to provide. Compare the register's service field with the actual custody, exchange, execution, order, advice, portfolio or transfer function in the product.

04 Why does SKY7 not rank Member States by authorisation speed?

The official register records authorisation information but does not provide a controlled end-to-end measure of application duration or file quality. A ranking built from informal reports would not be an official-source-only tracker.

05 When should the register be checked again?

Recheck decision-critical fields before relying on status, before signing a provider-specific agreement and before launch. ESMA says the interim register is published weekly, so retain the publication date with each diligence record.

Tell us what you need

Verify the legal entity before designing the route

Share the proposed service, contracting chain and EU customer geography for a current status and scope review.

Editorial note

Editorial disclaimer

Primary sources reviewed: Regulation (EU) 2023/1114, including Articles 59, 63, 65, 73 and 109; ESMA's Markets in Crypto-Assets Regulation page; ESMA's statements dated 17 April and 23 June 2026 on the end of the MiCA transitional periods. Last reviewed: 13 July 2026. This article is general information only, not legal, regulatory, tax, investment or financial advice. Register data and authorisation status can change, so verify the current official record before relying on it.