← Back to Home News · EU

AMLA, AMLR, Customer Due Diligence, Business-Wide Risk Assessment, Transaction Monitoring, EU AML Package

Make RegTech.com preferred on Google
AMLA, AMLR, Customer Due Diligence, Business-Wide Risk Assessment, Transaction Monitoring, EU AML Package
MiCA's Article 143 transitional regime — the "grandfathering" period that allowed crypto-asset service providers (CASPs) registered under pre-existing national rules to continue operating while their full authorisation was processed — reached its end on 1 July 2026. From that date, only firms holding full CASP authorisation across the EU and EEA may lawfully offer crypto services to European users.

Industry reporting paints a stark picture of readiness. According to coverage from CoinDesk and others, only around 244 CASPs held full authorisation by the deadline, leaving a large majority of previously registered firms without a licence. The knock-on effect, those reports estimate, is that more than 10 million users could be forced to move to an authorised platform as unlicensed venues suspend or restrict services. These are press estimates rather than figures published by the European Securities and Markets Authority, and should be treated as directional until confirmed against ESMA's own CASP register.

The stablecoin market has felt the change most visibly. Under MiCA, only authorised e-money tokens and asset-referenced tokens may be offered to the public or admitted to trading on EU-regulated platforms. Tether did not seek MiCA authorisation for USDT, and as a consequence USDT has been removed from MiCA-licensed European exchanges, leaving authorised tokens such as USDC and EURC to occupy the regulated market. For a market segment built on the assumption that the most liquid stablecoin would always be available, that adjustment has turned out to be structural, rather than just cosmetic.

Less visible, but arguably more consequential for compliance functions, is the identity dimension. Every transfer routed through a licensed exchange now carries full originator and beneficiary identity data under the Travel Rule, applied at a zero-euro threshold. This means that no transaction is too small to fall within the scope. In practice, MiCA has now pulled crypto firmly into the same identity-data and financial-crime perimeter that governs traditional payments without a de minimis carve-out that firms in other rails often rely on.

The regime is not static. The European Commission opened a public consultation in May 2026, with responses due by 30 September, explicitly contemplating an extension of MiCA's reach to tokenisation and to a broader set of stablecoin arrangements. That feedback is expected to shape revisions that could arrive as early as 2027. In other words, firms that have just cleared the authorisation bar are already facing the prospect of a moving one.

Why the authorisation shortfall is the real headline

The instinct is to frame this as a crypto-market disruption story: exchanges are going dark, users scrambling, USDT delisted. Those are all important developments, but they are symptoms of a bigger shift.
The more revealing figure is the number of firms that failed to secure authorisation. If the industry estimates are broadly accurate, most providers that once operated under national registration did not make the transition to MiCA. Whether that reflects supervisory capacity, firms choosing not to apply, or businesses falling short of the new standard remains unclear.

Above all, it says something about MiCA itself. A backlog points to pressure on supervisors. A wave of unsuccessful or withdrawn applications suggests the regime has raised the bar exactly as intended. That is the question worth putting to Europe's competent authorities.

Regulatory Implications


For compliance teams, the immediate impact is operational rather than strategic.

The Travel Rule now applies to every transfer, regardless of value, making complete and accurate identity data a baseline requirement rather than a threshold obligation. Firms onboarding customers from platforms that lost authorisation should also assume a higher level of scrutiny, particularly where the origin of assets or previous compliance controls are less certain.

MiCA's stablecoin rules deserve the same attention. Product and treasury teams should regularly review which tokens remain authorised, as the current list is unlikely to stay static.

More broadly, MiCA should no longer be viewed primarily as a licensing regime. Authorisation may have dominated the headlines, but day-to-day compliance will increasingly be shaped by identity,
Link copied to clipboard
AI Bot
AI Bot
Hi! I'm the RegTech.com assistant. How can I help you today?
Ask me anything — top trending news, latest regulatory changes in the EU, or simply search for topics.