Sign up
Subscribe
Home / news / ESMA Says Unauthorised CASPs Must Stop Onboarding EU Clients After 1 July 2026 as MiCAR Transitional Period Ends
news

ESMA Says Unauthorised CASPs Must Stop Onboarding EU Clients After 1 July 2026 as MiCAR Transitional Period Ends

ESMA Says Unauthorised CASPs Must Stop Onboarding EU Clients After 1 July 2026 as MiCAR Transitional Period Ends

On 23 June 2026, ESMA set out what it expects from crypto-asset service providers that will not have MiCAR authorisation by 1 July 2026 but are still servicing EU clients under national regimes. The message is blunt enough for anyone in payments and crypto infrastructure: the transitional period is ending, and “wind-down” does not mean “keep operating and call it something else.”

  1. ESMA’s public statement, ESMA75-113276571-1710, builds on its earlier statement of 17 April 2026 and applies to CASPs that remain unauthorised when the MiCAR transitional period ends across the Union on 1 July 2026. ESMA notes that some providers have already obtained authorisation, while other significant providers serving EU clients have not.
  2. The first operational constraint is simple: no further client acquisition. Unauthorised CASPs must immediately stop onboarding new EU clients, stop opening new client relationships or accounts, and cease all marketing and solicitation aimed at the EU market. For PSPs and banking partners, that is the point where “business as usual” starts looking a lot like servicing an unauthorised flow.
  3. ESMA says activity is restricted to wind-down only. That means actions necessary to sell or transfer crypto-assets, reallocate client assets, or close open positions. Custody of client crypto-assets may continue only for the period strictly necessary to complete an orderly exit. It is not a basis for continued operation of the business.
  4. Client communication is part of the obligation set. ESMA expects unauthorised CASPs to communicate clearly, promptly, and repeatedly with both retail and institutional clients about the safeguards being taken and the wind-down timeline. Those communications must include a deadline for automatic closure of any residual client positions and information on what client protections apply, or no longer apply, during the wind-down.
  5. ESMA also ties the wind-down to AML/CFT obligations. The statement says wind-down arrangements must comply with relevant EU and national conduct laws, including anti-money laundering and counter-terrorist financing requirements. For payment providers, that is the practical reminder that closing a crypto relationship is not a shortcut around controls; the last transaction still has to clear the same compliance bar.

The useful takeaway for high-risk PSPs is not just that MiCAR authorisation is now the dividing line. It is that ESMA has made the post-deadline state explicit: no new EU clients, no fresh accounts, and no “temporary” continuation of business dressed up as an exit plan. If you service crypto merchants, this is the kind of statement that can turn a tolerable risk into a cleanup project overnight.

Weekly high-risk digest

Regulation, sanctions and payment news across your verticals — once a week, free.

Please check your inbox and click the link to confirm your subscription.

Please enter a valid email address!