
MiCA transition ends, putting unauthorized crypto firms on notice across the EU
National regulators are expected to begin action from July 1, with multimillion-euro penalties and uneven early enforcement likely.
The EU has moved MiCA from transition into enforcement, turning EU client access into a licensing problem for any crypto firm still operating without authorization. The next market question is how quickly national regulators act, and whether stablecoin oversight creates additional friction.
Key Takeaways
- Crypto companies without MiCA authorization can no longer legally serve EU clients and are expected to wind down or face enforcement and multimillion-euro fines.
- Day-to-day supervision sits with national competent authorities, while ESMA coordinates supervisory convergence and runs a public register of authorized providers.
- ESMA signaled national regulators were expected to act against unauthorized providers from July 1, but early enforcement intensity is likely to vary by country.
- Post-deadline notices have already been issued in several jurisdictions, and the Czech National Bank outlined fines up to 118.5 million CZK (~$5.6 million), 5% of turnover if higher, or twice the unlawful benefit.
MiCA’s Transition Is Over: Unauthorized EU Crypto Services Must Wind Down
MiCA’s transition period has ended, shifting the EU’s crypto rulebook from preparation to enforcement. The practical implication is binary for any crypto-asset service provider with EU client exposure. Without MiCA authorization, serving EU clients is no longer legal.
That change matters less as a headline and more as a market-structure constraint. Firms that kept EU access live while waiting on licensing now face explicit enforcement and fine risk, not just a compliance backlog. For traders and market makers, the immediate transmission channel is counterparty risk and potential venue access disruptions, especially where platforms choose to geofence or wind down rather than test regulators.
The Compliance Bill vs. the Penalty Table Under MiCA
The cost-benefit math being cited by legal and industry sources is lopsided. Nicola Massella, a partner at Legal & Resilience, estimated MiCA implementation costs for many crypto companies at 350,000 euros ($400,000) to 600,000 euros ($690,000). Brickken CEO Edwin Mata said costs can reach 2 million euros ($2.3 million), depending on company size, services, and compliance readiness.
On the other side of the ledger, Eckehard Stolz, managing director of Amina EU, said MiCA penalties start at 5 million euros or 5% of annual turnover for some violations. Massella also pointed to a European Banking Authority proposal dated June 26 that could increase penalties under certain regulatory regimes, including as much as 12.5% of annual turnover for some stablecoin-related breaches.
For firms still weighing delay versus compliance, those numbers skew the risk-reward. The implementation bill is meaningful, but the penalty framework is designed to make unauthorized operation an asymmetric bet.
Who Actually Enforces MiCA: NCAs, ESMA’s Register, and the EBA’s Stablecoin Role
MiCA is a single rulebook, but enforcement is not a single switch. Day-to-day authorization, supervision, and enforcement are handled by national competent authorities (NCAs) in each member state. ESMA coordinates supervision across member states and maintains a public register of authorized crypto-asset service providers. The EBA directly oversees significant stablecoin issuers.
Ivo Grlica, founder of GrlicaLaw and G LAB Advisors, described ESMA’s role this way: “At the EU level, ESMA plays an important coordination and supervisory-convergence role, especially to avoid regulatory arbitrage between member states,” and warned that consequences can escalate beyond regulators: “National regulators are only the first line of MiCA enforcement, but the legal consequences can spread into national courts and criminal-law systems if the underlying conduct causes harm.”
For traders, the confirmation signals are procedural, not narrative. ESMA’s register is the cleanest public reference point for who is authorized, while stablecoin-related developments can route through the EBA’s oversight of significant issuers.
Early Enforcement May Diverge by Country as July 1 Action Expectations Kick In
ESMA’s expectation is that NCAs act against unauthorized providers from July 1. Stolz framed the near-term uncertainty bluntly, saying enforcement intensity “will depend on local resourcing and priorities.” That sets up an uneven first phase, even if the end-state goal is harmonized supervision.
Country-level signals are already emerging. Regulators in the Czech Republic, Bulgaria, Luxembourg, and Italy issued notices reminding firms the transition period has ended and urging providers without authorization to wind down.
The Czech Republic provided one of the clearest penalty frameworks. The Czech National Bank said the Financial Market Digitization Act allows sanctions for MiCA-related violations, including operating without authorization, unlawful token offerings, and failing to cooperate with supervisors. For unauthorized crypto services, it cited fines up to 118.5 million Czech koruna (about $5.6 million), 5% of annual turnover if higher, or twice the unlawful benefit obtained, whichever is greater.
The next tells are ESMA register updates, any public supervisory communications tied to unauthorized activity, and post-July 1 enforcement actions such as fines, cease-and-desist orders, or public warnings from major NCAs. Stablecoin enforcement is a separate lane to monitor, given the EBA’s direct role and the referenced proposal to raise penalties for some breaches.
Major-market posture remains an open variable. France’s AMF, the Netherlands’ AFM, and Germany’s BaFin had not responded by publication to questions about their post-deadline approach, leaving uncertainty about how quickly enforcement tightens in the bloc’s most consequential jurisdictions.
The Tradeable Risk Is Venue Access and Stablecoin Friction, Not a Single EU ‘Switch’
I treat this as a market-structure story, not a one-day regulatory event. The threshold that matters is whether EU-facing venues start making access decisions based on ESMA-register status, because that is when liquidity fragments and counterparty selection gets forced.
If enforcement stays uneven, the setup starts to look structural rather than narrative-driven. The real test is whether major NCAs in France, the Netherlands, and Germany move from silence to visible actions, and whether the EBA’s stablecoin lane introduces additional friction through penalty escalation and issuer oversight. This matters in practical terms if it changes where EU flow can legally clear and which stablecoin rails remain operational at scale.