The Markets in Crypto-Assets Regulation (MiCA) transitional period closed on July 1, 2026, and roughly 210 firms hold full authorisation against more than 1,200 that previously operated on national crypto registrations across the European Union — a conversion rate below 20%. The single market MiCA created is real. It is also far smaller, and far more concentrated, than the regulation’s architects described.
The European Securities and Markets Authority (ESMA) confirmed in April 2026 that there would be no extension, and the deadline passed as stated. Every crypto-asset service provider (CASP) operating in the EU without MiCA authorisation is now in breach of EU law and must cease trading or wind down. This longform walks through what the rule actually requires, how the EU’s approach now compares with the US, UK, Japan and Singapore, what the enforcement posture looks like in practice, and what the roughly 990 firms that did not make it are supposed to do with their customers’ assets.
Methodology and sources
The authorisation figures come from ESMA, which reported approximately 210 fully authorised firms as of May 2026 against more than 1,200 pre-existing national registrations. Deadline mechanics come from ESMA’s public statement on the end of the MiCA transitional period and its April 2026 confirmation that no extension would be granted. Comparative jurisdictional positions are drawn from primary regulator communications and, where noted, from published legal commentary.
Two caveats. First, the 210 figure is a May snapshot; some authorisations will have completed between then and the July 1 cut-off, so the true conversion rate is somewhat above 17.5% but almost certainly below 25%. Second, “more than 1,200 national registrations” counts registrations, not firms — a single group holding registrations in several member states may appear multiple times, which flatters the attrition rate. The direction is not in doubt; the precise magnitude is.
What the rule actually requires
MiCA’s core provisions took effect at the end of 2024, with a transitional window that allowed firms holding national registrations to keep operating while they sought full authorisation. That window is now shut. A CASP must hold a MiCA licence from a national competent authority in one member state, and that licence then passports across all 27 — the mechanism that makes the regime worth the compliance cost.
Authorisation is not a formality. Applicants must satisfy requirements on minimum capital, governance and fit-and-proper management, segregation and safeguarding of client funds, complaints handling, conflict-of-interest management, and anti-money-laundering controls. For a mid-sized exchange that had been operating on a light-touch national registration, the gap between that regime and MiCA is not a matter of paperwork; it is a rebuild of the control environment, and it takes 12 to 18 months and a compliance headcount most such firms never carried.
That is the honest explanation for the sub-20% conversion rate. It was not that most firms failed the test. It is that most firms never sat it.
“What emerges is a genuine single market replacing the old patchwork of 27 national regimes.”
— Yamal Kalaf, Co-Founder, MiCAR Whitepapers Europe (Euronews)
Kalaf is right, and the point should not be dismissed as spin. A firm authorised in Ireland can now serve customers in Portugal, Poland and Finland on one licence, which was impossible under the old patchwork. Coinbase took its authorisation in Ireland, Kraken in Ireland and Luxembourg, and Revolut secured its licence from Cyprus’s regulator in late 2025. Those are three of the largest consumer-facing platforms in Europe, and all three now operate on a single passported permission. The single market is not theoretical.
The question is who else is in it.
How five jurisdictions now compare
| Jurisdiction | Regime | Status as of July 2026 | Authority | Defining feature |
|---|---|---|---|---|
| European Union | MiCA | Live; transition closed July 1, 2026 | ESMA + 27 national competent authorities | ~210 authorised CASPs; single passport across 27 states |
| United States | CLARITY Act (pending) + SEC/CFTC MoU | Legislation advancing in the Senate | SEC and CFTC | Agencies signed a coordination MoU on March 11, 2026, ending the turf war |
| United Kingdom | FCA cryptoasset regime | Rules final; gateway opens October 2027 | Financial Conduct Authority | Explicitly declines to copy MiCA; separate authorisation gateway |
| Japan | FIEA reclassification | In progress | Financial Services Agency (JFSA) | Crypto reclassified as financial instruments, not payment means |
| Singapore | Digital Payment Token licensing | Live | Monetary Authority of Singapore (MAS) | Narrow licensing; strict retail restrictions |
Sources: ESMA statements on the end of the MiCA transitional period (April and June 2026); SEC/CFTC Memorandum of Understanding, March 11, 2026; FCA final cryptoasset rules; JFSA reclassification proposals; MAS DPT framework.
The divergence is the story, and it runs deeper than differing rulebooks. The EU has chosen a high-barrier, single-passport model that trades breadth of participation for depth of protection — and has now demonstrated, empirically, what that trade costs: roughly four in five registered providers gone.
The United States is moving the other way. The CLARITY Act is advancing through the Senate as the most serious attempt yet to allocate statutory authority over digital assets, and on March 11, 2026, SEC Chair Paul Atkins and CFTC Chair Michael Selig signed a Memorandum of Understanding to coordinate crypto oversight — ending years of jurisdictional conflict that had made regulation-by-enforcement the default. Where the EU has a finished rulebook and a shrunken market, the US has a growing market and an unfinished rulebook. Neither is obviously the better outcome; they are simply different bets about sequencing.
The UK has taken the third path, and it is the most instructive for firms doing capacity planning. The FCA has finalised its rules while explicitly refusing to copy MiCA, with an authorisation gateway that does not open until October 2027. A firm that missed MiCA has, in effect, been handed a 15-month runway to reposition into a UK licence — and the FCA now knows that a cohort of experienced, capitalised, EU-rejected applicants is coming. That is a supervisory problem the UK has not yet publicly addressed.
Enforcement context: what happens to the 990
ESMA has called on unauthorised providers to cease operating. In practice, the obligation on a firm that did not obtain a licence is an orderly wind-down: stop offering services to EU clients, and transfer customer assets either to an authorised platform or back to the customer’s own self-custody wallet.
The largest single casualty is instructive. Binance withdrew its Greek licence application after 18 months of process, stating that “we will take the necessary steps before 1 July to remain compliant with applicable requirements”. An 18-month application that ends in withdrawal is not a firm that failed a capital test; it is a firm that concluded the authorisation was not obtainable on acceptable terms in that jurisdiction. When the largest exchange in the world reaches that conclusion, the barrier is doing exactly what it was designed to do — and the market should be honest that this is a policy choice with a cost, not a costless upgrade.
The asset-transfer mechanic is where the consumer-protection theory meets reality. We have already seen the empirical answer: Binance reported that 70% of affected EU users moved to self-custody rather than migrating to an authorised platform. That is the outcome MiCA’s drafters would least have wanted. A regime built to bring users inside a supervised perimeter has, at the margin, pushed the majority of one large cohort outside any perimeter at all — into wallets where there is no complaints procedure, no segregation requirement, and no regulator to call.
“We will see consolidation and transfer of clients as the deadline will not be met by all currently operating entities.”
— Floortje Nagelkerke, Partner, Norton Rose Fulbright (Euronews via Yahoo Finance)
Nagelkerke’s phrasing is lawyerly but the implication is direct: the client base of 990 firms has to go somewhere, and the authorised 210 are the only compliant destination. Concentration is not a side-effect of this regime. It is the mechanism.
What this means for firms
For the authorised 210, the practical consequence is a demand shock. They inherit the customers, the volumes and the custody obligations of the firms that exited, without having planned capacity for them. Safeguarding, complaints handling and AML screening all scale with client count, and a platform that sized its compliance function for its own book is about to discover what onboarding a competitor’s customers costs. The firms best placed are those that took licences early in the smaller member states — Ireland, Luxembourg, Cyprus and Malta — precisely because those regulators had the bandwidth to process applications while larger authorities were still building teams.
For the roughly 990 that did not convert, there are three routes. Wind down and exit the EU entirely. Seek acquisition by an authorised entity, which is the outcome Nagelkerke is describing and which will define the next 12 months of European crypto M&A. Or reposition toward a jurisdiction whose gateway is still open — which, given the FCA’s October 2027 timetable, means the UK is about to receive a wave of applicants it did not forecast.
For institutions and B2B infrastructure providers, the compliance question has shifted from “is my counterparty registered?” to “is my counterparty on the ESMA register?” — a materially higher bar, and one that now has a definitive answer rather than 27 partial ones. That is a genuine operational improvement, and it is the strongest argument for the regime as designed.
For stablecoin issuers and payment firms, MiCA now sits alongside a thickening stack of overlapping obligations — including the FinCEN PPSI rules landing on July 18 in the US, which push stablecoin issuers toward bank-like supervision. A firm serving both blocs is now managing two rulebooks with different perimeters, different capital treatments and different definitions of the same product.
What’s next
Three things to watch over the next two quarters.
First, the enforcement posture. ESMA has told unauthorised firms to stop; national competent authorities have to actually make them. The test is whether an NCA in a smaller member state brings a visible action against a firm still serving local clients without a licence. Until that happens, the July 1 deadline is a statement of law rather than a demonstration of it, and firms operating in the grey will price the risk accordingly.
Second, the M&A wave. The 990 have client books, and the 210 have licences. That is the cleanest arbitrage in European financial services right now, and the transactions will be small, numerous and fast. Watch the Irish and Luxembourg registers for the acquirers.
Third, the self-custody drift. If the Binance figure — 70% of affected users moving to self-custody — proves representative rather than exceptional, MiCA will have achieved the opposite of its consumer-protection objective for a substantial share of the retail population it was written to protect. That is the finding that would force a review, and it is the number the Commission will be least keen to publish.
The UK’s October 2027 gateway is the release valve for all of this, and its design will be shaped by what Europe has just learned. The FCA has watched the EU convert fewer than one in five registrants and has 15 months to decide whether that is a feature or a warning.
TL;DR
MiCA’s transitional period closed on July 1, 2026. Roughly 210 firms hold full authorisation against more than 1,200 prior national registrations — a conversion rate under 20%, per ESMA. The EU has a genuine single market with a passportable licence, and it is far more concentrated than intended: Coinbase, Kraken and Revolut are in; Binance withdrew its Greek application after 18 months. The ~990 firms that did not convert must wind down and transfer client assets, and the early evidence is that most affected users move to self-custody rather than to an authorised platform — the opposite of the regime’s stated purpose. Expect a fast, small-ticket M&A wave and a wave of applicants toward the UK’s October 2027 gateway.
FAQ
What happened on July 1, 2026?
MiCA’s transitional period ended across the EU. Firms that had been operating on legacy national crypto registrations lost the ability to do so. Any crypto-asset service provider serving EU clients without MiCA authorisation from that date is in breach of EU law and must cease operating or wind down.
How many firms are MiCA-authorised?
Approximately 210 firms held full authorisation as of May 2026, against more than 1,200 that previously held national registrations — a conversion rate below 20%, according to ESMA, which confirmed in April that no extension would be granted.
Which major platforms obtained licences, and where?
Coinbase is authorised in Ireland; Kraken in Ireland and Luxembourg; Revolut secured its licence from Cyprus’s regulator in late 2025. All three can now passport across the 27 member states. Binance withdrew its Greek application after 18 months of process.
What happens to customers of firms that did not get authorised?
Unlicensed providers must run an orderly wind-down and transfer client assets either to an authorised platform or to the customer’s own self-custody wallet. Binance reported that 70% of its affected EU users chose self-custody rather than moving to a licensed venue.
How does MiCA compare with the US approach?
The EU finished its rulebook first and accepted a smaller market. The US is doing the reverse: the CLARITY Act is still advancing through the Senate, while the SEC and CFTC signed a coordination Memorandum of Understanding on March 11, 2026 to end their jurisdictional conflict. Different bets about sequencing rather than different destinations.
Can a firm that missed MiCA still operate in Europe?
Not in the EU without authorisation. The realistic routes are acquisition by an authorised entity, exit, or repositioning toward the UK, whose FCA authorisation gateway does not open until October 2027 and which has explicitly declined to replicate MiCA.
This article is informational analysis only and is not legal, regulatory, investment, or tax advice. Regulatory requirements vary by jurisdiction and change frequently; the positions described here reflect the state of play at the time of writing and may be superseded. Firms should obtain advice from qualified counsel admitted in the relevant jurisdiction before making any authorisation, licensing, or compliance decision.