This Week in Compliance: MiCA Transitional Period Ends 1 July 2026
newsVerifyo Editorial TeamJuly 7, 2026

This Week in Compliance: MiCA Transitional Period Ends 1 July 2026

For the EU's crypto-asset service providers, 1 July 2026 is not another consultation milestone. It is the day the mica transitional period end stops being a date on a roadmap and becomes an operating fact. From that morning, any firm serving EU clients without a full CASP licence — or a live application running under a member-state transitional regime — is operating in breach and must wind down. ESMA has confirmed there is no blanket extension (1).

This was the week the EU crypto rulebook stopped being a paper regime and became an enforced one, and it did not happen in isolation. In the same window, FATF's June Plenary tightened the global standard, AMLA moved to finalise the due-diligence rules that sit underneath MiCA, and the UK confirmed both an incoming FATF presidency and its own cryptoasset gateway. The thread tying all four together is a single shift: authorisation is no longer a roadmap item. It is a binary gate.

The MiCA transitional period ends — what changes on 1 July

The MiCA transitional period was a grandfathering bridge. It let firms that already held national registrations as a crypto-asset service provider (CASP) keep operating while they worked through full authorisation under the Markets in Crypto-Assets Regulation. That bridge closes on 1 July 2026. After the deadline, the only firms that may serve EU clients are those holding a full CASP licence or running a live application under a member state's transitional regime. The mica transitional period end is therefore not a presentational change — it is the point at which the grandfathering protection simply stops. For the full structure of the regime behind it, see how the MiCA regime is structured.

Enforcement falls to the national competent authorities, which act from the deadline. ESMA, in its 23 June 2026 public statement, calls on unauthorised CASPs to wind down their EU activities in an orderly manner — stop onboarding new EU clients, cease marketing and solicitation, and protect existing investors through the wind-down (1). The statement is explicit on the point firms have been waiting on: there is no blanket extension. ESMA and the NCAs can take coordinated action after the transitional period, and clients of unauthorised CASPs do not benefit from MiCA's investor safeguards.

The reframe is the part worth holding on to. MiCA authorisation is not a roadmap milestone any more. It is a gate. There is no soft-landing tier between "authorised" and "in breach", and the calendar decides which side a firm is on.

The MiCA CASP shakeout: roughly 75% face the 1 July exit

The numbers put a scale on the cliff. By trade-press estimates, roughly 210 firms had secured full casp authorisation mica across the member states, out of more than 1,200 that previously held national registrations — leaving an estimated 75–80% still facing forced exit, consolidation, or a last scramble to finish authorisation (4). Those figures are estimates from trade press, not regulator-confirmed conversion data. The one hard-sourced datum is the register itself: ESMA's Interim MiCA Register, the authoritative list of who is actually authorised, was updated on 19 June 2026 (2)(3).

What "forced exit" means operationally is narrow and unforgiving. A firm without a CASP licence by 1 July must stop serving EU clients. From there the options are to wind down, consolidate into an already-authorised entity, or acquire a licence and passport in — the EU passporting mechanism that lets an authorised CASP operate across member states from a single national competent authority. None of those routes completes overnight, which is why the gap between "operating" and "authorised" is the real story of the deadline.

The capstone is the consumer angle. Customers holding assets on a platform that loses its authorisation face withdrawal queues, migration friction, and the disruption of moving balances to a licensed venue under time pressure. This is where "authorised versus operating" stops being an abstraction. The cliff is not only a platform's problem — it lands on the people whose funds sit on it.

FATF's June Plenary tightens the global picture

Grey-list churn

FATF's June Plenary, meeting 17–19 June 2026, reworked its list of jurisdictions under increased monitoring — the grey list. Bosnia and Herzegovina was added following a MONEYVAL mutual evaluation, and Iraq returned to increased monitoring; Algeria and Namibia were removed after on-site reviews, leaving 22 jurisdictions on the list (5)(6)(7)(8). The grey list is the practical instrument here: a listing tells obliged entities worldwide to apply enhanced scrutiny to flows touching those jurisdictions, so each addition and removal moves real compliance obligations.

Recommendation 16 and the UK presidency

The Plenary also approved a public consultation on new guidance supporting the strengthened standard on cross-border payment transparency — Recommendation 16, the basis for the Travel Rule that requires originator and beneficiary information to travel with a transfer (5)(6). It is the international standard-setter tightening the rules on how money — including virtual assets — moves across borders, in the same week MiCA bites at home. The EU and global pictures rhyme.

The continuity signal sits in the chair. The United Kingdom assumes the FATF presidency from 1 July 2026 under Giles Thomson, for a term running to mid-2028 (5)(6). A UK presidency points to the crypto-AML agenda carrying into the next cycle — and it rhymes neatly with the UK's own moves on the domestic side, which is where the week's fourth thread sits.

The CDD rulebook underneath MiCA is being written now

Authorisation decides whether a firm can operate. The customer-due-diligence rules decide how it must verify the people it onboards — and those rules are being written now. AMLA, the EU's Anti-Money Laundering Authority, ran its consultation on the draft RTS for customer due diligence under Article 28(1) AMLR from 9 February to 8 May 2026, with a first public hearing on 24 March (9). AMLA is expected to submit the final draft RTS to the European Commission by 10 July 2026, with an application date of 10 July 2027. These are the regulatory technical standards that every obliged entity — CASPs included — will be measured against, and they sit directly underneath MiCA.

The UK is moving on the same axis. Its cryptoasset authorisation regime opens pre-application ("PASS") meetings from July 2026, with the application window running from 30 September 2026 to 28 February 2027 and the regime expected in force on 25 October 2027 (10). Two jurisdictions, the same direction: tightening UK cryptoasset authorisation and EU due-diligence standards within the same window. The UK side is the exact subject of our earlier analysis of the UK's cryptoasset authorisation gateway.

Sharpening how a firm must verify forces a second question that the RTS does not answer directly: what happens to the personal data a firm collects to prove it verified? The conventional answer — warehousing the raw identity documents and PII behind every check — turns each compliance record into a breach honeypot. This is the problem we built Verifyo to solve. A verifier-private Zero-Knowledge KYC attestation proves the KYC and AML screening was completed — identity, age, sanctions, PEP, criminal, barred, military and adverse-media screening, with the wallet bound to the verified identity — without the receiving platform ever holding the raw documents behind it. The platform gets proof the check was done; it does not get a copy of the customer's file to defend, store, and eventually lose.

What the market is saying

The vendor side moved in step with the deadline. Sumsub launched a Model Context Protocol integration on 18 June 2026, letting AI agents translate a written compliance policy into a configured verification environment — speed-to-deploy tooling for firms standing up verification under time pressure (11). The week's sharpest line came from the other direction: OKX founder Star Xu's framing that real compliance effectiveness comes from governance, transparency and accountability, not headcount alone — a reminder that you cannot buy compliance off a shelf (12). Incode and Discord also announced an age-assurance partnership on 22 June, a smaller signal in the same crypto compliance tooling current.

The week in one line

This was the week the question stopped being "when will you be licensed?" and became "are you authorised, and can you prove how you verify?". The cliff, the CASP shakeout, FATF's tightening, and the CDD rulebook being drafted now all point at the same operating reality: proof of compliance is now the asset, and the firms that clear the deadline are the ones that can produce it on demand.

As the standards for how firms verify get written, the cost of how they store what they verified becomes the next exposure. A verifier-private Zero-Knowledge KYC attestation lets a platform prove a customer cleared KYC and AML screening without holding the raw documents behind it — which is the difference between a compliance record and a breach liability. The deadline decides who is authorised; the architecture decides who can prove it without becoming the next headline.

Sources

(1) ESMA. Public Statement: ESMA calls on unauthorised crypto-asset service providers to wind down in an orderly manner as the MiCA transitional period ends (ESMA75-113276571-1710). 23 June 2026. https://www.esma.europa.eu/sites/default/files/2026-06/ESMA75-113276571-1710_Public_Statement_MiCA_transitional_period_ends.pdf

(2) ESMA. Statement on the end of transitional periods under MiCA (ESMA75-113276571-1679). 17 April 2026. https://www.esma.europa.eu/sites/default/files/2026-04/ESMA75-113276571-1679_Statement_on_the_end_of_transitional_periods_under_MiCA.pdf

(3) ESMA. Markets in Crypto-Assets Regulation (MiCA) hub / Interim MiCA Register (register updated 19 June 2026). https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica

(4) Coinpaprika. MiCA Transitional Period Ends 1 July 2026 With No Extensions, ESMA Confirms. 14 June 2026. https://coinpaprika.com/news/mica-transitional-period-ends-1-july-2026/

(5) ComplyAdvantage. FATF plenary June 2026: Grey list changes, a payment transparency consultation, and the incoming UK Presidency. 22 June 2026. https://complyadvantage.com/insights/fatf-plenary-june-2026-outcomes/

(6) FATF. Outcomes FATF Plenary, 17–19 June 2026. 19 June 2026. https://www.fatf-gafi.org/en/publications/Fatfgeneral/outcomes-fatf-plenary-june-2026.html

(7) FATF. Jurisdictions under Increased Monitoring — 19 June 2026. 19 June 2026. https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/increased-monitoring-june-2026.html

(8) AML Intelligence. BREAKING: Iraq and Bosnia/Herzegovina added to FATF grey list, Algeria and Namibia removed. 19 June 2026. https://www.amlintelligence.com/2026/06/breaking-iraq-and-bosnia-herzegovina-added-to-fatf-grey-list-algeria-and-namibia-removed/

(9) AMLA. Consultation on the draft RTS on Customer Due Diligence (Article 28(1) AMLR). Consultation paper dated 9 February 2026. https://www.amla.europa.eu/policy/public-consultations/consultation-draft-rts-customer-due-diligence_en

(10) FCA. A new regime for cryptoasset regulation. 2026. https://www.fca.org.uk/firms/new-regime-cryptoasset-regulation

(11) PR Newswire / Sumsub. Sumsub Becomes First Verification Platform to Enable AI Agents to Build Compliance Setup. 18 June 2026. https://www.prnewswire.com/news-releases/sumsub-becomes-first-verification-platform-to-enable-ai-agents-to-build-compliance-setup-302804191.html

(12) Crypto Briefing. OKX CEO on compliance culture. 24 June 2026. https://cryptobriefing.com/okx-ceo-questions-binance-compliance-culture/

Tags:mica transitional period endcasp authorisation micafatf june plenary 2026amla cdd rts 2026crypto compliancecomplianceweekly recap

Want to learn more?

Explore our other articles and stay up to date with the latest in zero-knowledge KYC and identity verification.

Browse all articles