Timelines
How the transitional window closed
MiCA has applied to crypto-asset service providers since 30 December 2024. Article 143 allowed Member States to apply transitional measures to firms that had provided services under national law before that date. ESMA confirmed that all such periods had ended by 1 July 2026. As of July 2026, the live question is therefore not how much transition time remains, but whether the entity providing each service is authorised under Article 63 or is an eligible financial entity permitted under Article 60.
The ESMA MiCA register and the relevant competent authority record are the public starting points for that check. A legacy registration, a pending application or a group-level regulatory statement should not be presented as current authority for a specific entity and service.
The stakes
What operating without authorisation now means
Article 59 permits crypto-asset services in the EU only where the provider is an authorised CASP or an eligible financial entity acting within the applicable MiCA route. A firm cannot replace that gate with a pending application, historic VASP status, an API agreement or another group company's authorisation. Continued activity can create regulatory, contractual, banking, safeguarding and customer remediation exposure, but the consequences must be assessed for the actual facts and competent authority.
Reverse solicitation is not a general continuity route. MiCA treats it as a narrow client-initiative situation, and ESMA guidance addresses its strict application. It should not be used as the assumed basis for maintaining an EU client book. Any continuity decision needs transaction-specific legal review and current authority evidence.
Immediate controls
Stabilise before you choose a route
-
Map the exposure
Map every EU customer, service, entity, contract, asset position and distribution channel. Reconcile the entity providing each service with the live ESMA register and relevant competent authority record.
-
Escalate new onboarding and continued service
Put new onboarding and continued regulated activity through immediate legal and compliance review. A pending application or historic VASP registration is not the Article 59 authority gate.
-
Review provider communications
Assess contractual notification duties and communications with banks and payment providers under legal and compliance advice. Keep the remediation facts accurate and distinguish decisions already taken from proposed next steps.
-
Plan an orderly client outcome
Do not make blanket termination, continuation or migration decisions without legal review. Preserve records and map contracts, assets, open instructions, notices and support obligations before implementing a client plan.
-
Choose a route and date the milestones
The three options below carry different dependencies and failure modes. Record the chosen route, decision owners, evidence gaps, conditions and review dates.
Route one
Option 1: a fresh CASP application
A fresh application is the route for a business that intends to provide regulated crypto-asset services through its own EU entity. The file must fit the requested services and evidence governance, prudential resources, ownership, management, safeguarding, complaints, outsourcing, ICT resilience, AML controls and operational readiness. MiCA contains procedural assessment periods, but they are not a universal end-to-end delivery estimate. Completeness work, information requests, file quality, supervisory review and applicant readiness determine the real plan.
The applicant must establish a defensible home-state and substance position rather than select a filing venue from an unofficial speed ranking. It must also plan for the operating gap: filing an application does not itself permit the applicant to provide the regulated services. A separate provider-led or wind-down arrangement may be considered only after the responsibilities and customer consequences are mapped.
Route two
Option 2: acquiring an authorised CASP
An acquisition can be examined where a real target has the required services, operating model and regulatory record. It is not an automatic continuity solution. A proposed acquisition of a qualifying holding is subject to the MiCA Articles 83-84 framework, and the transaction also requires corporate, regulatory, financial, technology, client-asset and compliance diligence.
A register entry does not show that an entity is for sale, suitable for the buyer or ready for the proposed change. Scope, liabilities, customer assets, outsourcing, financial crime controls, ICT dependencies, ownership assessment and remediation can each change the decision. We cover the process in detail in our guide to acquiring an authorised CASP.
Route three
Option 3: restructuring around your EU clients
Not every firm should claw its way back to EU authorisation. If EU-facing revenue is a modest share of the book, the honest answer may be to stop providing crypto-asset services in the EU: keep serving your non-EU markets from the existing entity, and wind down or migrate the EU client base in an orderly, documented way.
Orderly matters. Customer notices, asset return or migration, open orders, complaints, records, data retention and provider obligations should be mapped and carried out under a legally reviewed plan. A later CASP application may remain a separate strategic option, but it does not cure activity conducted without a valid current basis.
A provider-led model can sit inside this route where an EU-authorised CASP genuinely supplies the regulated services under its own agreement and within its verified scope. The product company may coordinate the customer experience and technical integration, but it does not inherit the CASP's authorisation. The contracting, order, custody, payment, AML and data roles must be mapped before this is treated as a viable operating model.
Side by side
The three routes at a glance
| Route | Regulatory mechanics | Primary dependencies | Fits best when |
|---|---|---|---|
| Route Fresh CASP application | Regulatory mechanics Article 63 completeness review and assessment of a complete file; a qualifying information request can suspend the assessment within the limits set by that Article | Primary dependencies Completeness, information requests, governance evidence, operating readiness and the NCA review process | Fits best when EU revenue justifies the wait and you want the scope built around your own business |
| Route Acquire an authorised CASP | Regulatory mechanics Qualifying-holding notification assessed by the NCA before completion (MiCA Articles 83-84 framework) | Primary dependencies Target availability, diligence, deal negotiation, ownership assessment and post-closing remediation | Fits best when A matching target exists and its scope, condition and ownership process withstand diligence |
| Route Restructure or use a provider-led model | Regulatory mechanics Orderly wind-down or migration, or regulated services supplied directly by an authorised EU CASP after perimeter review | Primary dependencies Client contracts, provider scope and approval, data and asset migration, integration and offboarding obligations | Fits best when The product can keep regulated services with a selected provider, or EU activity no longer justifies an own authorisation |
- 1 July 2026
- the last national transitional period ended
- Article 59
- regulated crypto-asset services require an authorised or otherwise permitted provider
- Article 65
- cross-border provision depends on notification and the authorised service scope
- 3 routes
- apply, acquire, or restructure around a valid provider-led or exit model
Choosing a route
How to decide from the facts already available
The route decision turns on facts the business can assemble: EU customers and services, contract and entity structure, current authority evidence, assets and money in flight, banking dependencies, provider options and any real acquisition target. SKY7 structures those facts into a route recommendation, evidence gaps and decision gates. See how a SKY7 mandate runs for the engagement model.
FAQ
Frequently asked questions
Straight answers to what founders and buyers ask. If yours isn't here, ask us directly
01 Can we keep serving existing EU clients while we apply?
Not on the strength of a pending application. As of July 2026, providing crypto-asset services in the EU requires a valid Article 59 basis, and a filed application does not create one. Reverse solicitation is a narrow exception under ESMA guidance for clients acting on their own exclusive initiative - it is not a way to run a book. Check the relevant authority's current statements and obtain transaction-specific advice before making any continuity decision.
02 Is buying an authorised CASP faster than applying?
Sometimes, but not automatically. The change of qualifying holding must be notified to and assessed by the national competent authority before completion under the MiCA Articles 83-84 framework. Target availability, diligence, transaction terms, regulatory assessment and remediation all affect the outcome. Compare the evidence and dependencies for a real target with those for a fresh application rather than relying on a generic speed claim.
03 Does one CASP authorisation cover all EU Member States automatically?
No authorisation proves automatic availability for every service and market. Article 65 provides a cross-border notification process, and the provider can offer only the services covered by its authorisation. Confirm the live register record, notification and target-market availability before relying on the route.
Keep reading
Related reading
The MiCA CASP framework for crypto operators in 2026
The wider regime for service scope, operating obligations and cross-border notification.
Acquiring an authorised CASP: change of control
What the Articles 83-84 qualifying-holding process involves before you can complete a deal.
EU CASP-as-a-Service integration
How SKY7 maps a provider-led model, prepares onboarding and coordinates integration.
Who is the regulated provider?
Separate technology, introducer, embedded and direct regulated-service roles.