Blog
/
KYC Compliance

The MiCA Grace Period Is Over: What July 1, 2026 Means for Crypto Compliance in Europe


Written by
Nutsa Maisuradze
Subscribe to newsletter
Oops! Something went wrong while submitting the form.
Share this article

Two days ago, the last safety net under Europe’s crypto industry was quietly removed.

On July 1, 2026, the transitional (“grandfathering”) period under the EU’s Markets in Crypto-Assets Regulation (MiCA) expired across all 27 EU Member States and the 30 EEA countries.

As of this week, any company providing crypto-asset services to EU clients without a MiCA licence is not simply “behind on compliance.” According to the European Securities and Markets Authority (ESMA), it may be in breach of EU law.

If your business touches crypto and serves European users in any way - whether as an exchange, wallet provider, stablecoin issuer, or fintech adding crypto features - here is what has changed and what it means for your compliance and identity-verification stack.

A quick refresher: what MiCA is

MiCA - formally Regulation (EU) 2023/1114 - is the EU's comprehensive rulebook for crypto-assets that fall outside existing financial services legislation. As a directly applicable regulation, it replaced the old patchwork of national regimes with a single set of EU-wide rules and a single licence, passportable across the entire bloc.

The regulation rolled out in phases:

  • June 30, 2024 - the stablecoin rules went live. Asset-referenced tokens (ARTs) and e-money tokens (EMTs) became subject to authorisation, full reserve backing, guaranteed redemption rights, and a ban on paying interest to holders.
  • December 30, 2024 - everything else applied: white paper rules for token offerings, the market-abuse regime, and the licensing framework for crypto-asset service providers (CASPs) - exchanges, custodians, brokers, advisors, transfer services. At the same date, the EU's recast Transfer of Funds Regulation brought the "Travel Rule" to crypto transfers.
  • July 1, 2026 - the transitional period ended. Under Article 143(3) of MiCA, firms already operating under national law before 30 December 2024 could continue for up to 18 months while pursuing MiCA authorisation - but that window has now closed everywhere. ESMA's position is unambiguous: after this date, any entity providing crypto-asset services to EU clients without a MiCA licence is in breach of EU law and must cease offering those services.

There is no extension and no national carve-out. Member states chose different transitional windows - some closed theirs as early as 2025 - but July 1, 2026 was the hard outer boundary for all of them, and national regulators are expected to verify wind-down plans of unauthorised firms and take enforcement action where services continue.

What the deadline has already done to the market

The past 18 months have been a live stress test, and the results are visible:

Stablecoins split into compliant and excluded. Only EMTs and ARTs issued by authorised entities can be offered or admitted to trading in the EU. Compliant euro and dollar tokens from licensed issuers now anchor the regulated market, while the world's largest stablecoin, USDT, has been progressively delisted for EU users by major licensed venues after its issuer chose not to pursue MiCA authorisation. Holding a non-compliant token privately remains legal - but no MiCA-licensed platform can offer it anymore.

Licensing became the market boundary.
According to an April 2026 analysis published by Spain's Agencia Tributaria, citing the register kept by ESMA, more than 185 crypto-asset market operators had obtained MiCA authorisation across the EU by April 2026. The same analysis describes the shift firms have undergone: from simple entries in national anti-money-laundering registers to a full licence regime with a European passport - redesigning business models, investing in compliance, risk, and IT, and reorganising group structures around where the licence sits - with many issuers and platforms that couldn't or wouldn't make that investment exiting the EU market.

Regulators built the plumbing. ESMA maintains a public MiCA Register listing authorised CASPs, approved stablecoin issuers and white papers - and, notably, non-compliant entities. Checking a counterparty's regulatory status in Europe is now a lookup, not a guess.

Why this is fundamentally an identity story

Here's the part that often gets lost in the licensing headlines: MiCA's most demanding requirements, day to day, are about knowing exactly who is on the other side of every transaction.

The Travel Rule applies to every transfer. Under Regulation (EU) 2023/1113, which works in tandem with MiCA, CASPs must collect, verify, and transmit information about the originator and beneficiary of qualifying crypto-asset transfers - regardless of amount. For most firms, this has been among the hardest operational requirements of the whole regime, and it lives or dies on the quality of customer identification data.

Onboarding is now a regulatory chokepoint. In its April 2026 statement, ESMA said it expects authorised CASPs to take the necessary steps to onboard existing EU clients before the end of the transitional period - and, in doing so, to apply robust onboarding processes that ensure full compliance with applicable AML/CFT requirements. Right now, licensed platforms across Europe are absorbing users from firms that lost market access this week. Every one of those users needs to be verified, screened, and risk-scored at scale, quickly, without creating friction that pushes them toward non-compliant alternatives.

Non-EU firms have no back door. Outside the narrow reverse-solicitation exception, entities established outside the EU may not provide MiCA services to EU investors or solicit EU clients - and MiCA even prohibits licensed CASPs from outsourcing certain functions, such as custody, to non-authorised entities. Counterparty due diligence now extends to your vendors and partners.

For compliance teams, the practical checklist looks like this:

  1. Verify your own status and your partners'. Confirm your entry (and your counterparties') in the ESMA Interim MiCA Register.
  2. Close Travel Rule gaps. Ensure originator and beneficiary data is collected and verified at onboarding and transmitted with every qualifying transfer, per Regulation (EU) 2023/1113.
  3. Scale onboarding without scaling risk. Automated identity verification, document authentication, liveness detection, and sanctions/PEP screening are what make ESMA's expected "robust onboarding" achievable at migration-wave volumes.
  4. Prepare for supervision, not just authorisation. With the rulebook complete, the emphasis shifts to ongoing oversight and enforcement against unauthorised provision - the direction ESMA signalled in its transitional-period statement. The licence was the entry ticket; ongoing compliance is the game.

How Identomat delivers what MiCA demands - without harming your customers

MiCA sets a high bar on purpose. Robust identity verification, full AML/CFT compliance, verified Travel Rule data on every transfer - these are the safeguards that make the regulated European crypto market trustworthy. The challenge for firms isn't whether to meet that bar; it's how to meet it without turning onboarding into an obstacle course that frustrates the very customers the regulation is designed to protect.

That balance - full compliance, zero unnecessary friction - is exactly what Identomat is built for.

Identomat combines ID document verification, biometric matching with liveness detection, transaction monitoring, risk assessment and AML screening - sanctions, PEP, and adverse media - in one automated pipeline. Automated decisioning completes verification in seconds, not days.

Every verification produces a complete, timestamped evidence trail. When your national competent authority asks how a client was onboarded, the answer is one export away.

Identomat is fast to deploy and flexible to fit: web, mobile SDK, or API, it drops into your existing onboarding flow, with coverage for identity documents worldwide - so every legitimate customer, wherever their ID was issued, gets the same smooth experience.

MiCA has made trust the foundation of European crypto. Identomat lets you honour that standard fully - while giving your customers the effortless onboarding they expect.

Ready to make MiCA-grade onboarding your advantage? Explore Identomat's crypto compliance solutions for exchanges, wallets, and VASPs - or book a customized demo with our team.

Ready to get started?
Empower your platform with Identomat's cutting-edge KYC and AML ID verification.
Book a demo

Frequently asked questions

What is MiCA in simple terms?

MiCA (Regulation (EU) 2023/1114) is the European Union's comprehensive rulebook for crypto-assets. It sets uniform requirements for issuing tokens, offering stablecoins, and providing crypto services - exchange, custody, brokerage, advice, transfers - across all 27 member states, under a single licence that works throughout the EU.

What is the Travel Rule and how does it relate to MiCA?

The Travel Rule comes from Regulation (EU) 2023/1113, which applies alongside MiCA from December 30, 2024. It requires CASPs to collect, verify, and transmit information about the originator and beneficiary of crypto-asset transfers, regardless of amount. In practice, it makes high-quality identity verification at onboarding the foundation of every subsequent transaction.

Does MiCA cover DeFi and NFTs?

Largely no, for now. Services provided in a fully decentralised manner without any intermediary fall outside MiCA's scope, and genuinely unique, non-fungible tokens are excluded - though fractionalised NFTs or large fungible-in-substance series can be caught. The regulation requires the European Commission to keep these areas under review.
In this article