The transitional window closed on 1 Jul, and the grace period that let nationally registered firms keep operating while they sought full authorisation closed with it. Firms that missed the deadline must now stop serving EU clients, transfer customers to licensed providers, or restructure around activities that fall outside MiCA's scope.
Europe's MiCA Deadline Leaves Four in Five Crypto Firms Without a Licence
More than 1,200 firms once held national registrations as virtual asset service providers across the European Union. Just 242 firms held Crypto-Asset Service Provider (CASP) authorisation under MiCA as of the European Securities and Markets Authority's (ESMA) 26 Jun update, according to ESMA's register – laying bare the scale of the shift from national regimes to the bloc's single licensing framework.
This is a collapse of roughly four in five, according to figures from Pierre d'Ormesson, a partner in the finance practice at DLA Piper in Paris. "If you don't have the licence, you have to stop servicing," d'Ormesson said.
The shift had been visible for more than a year, he added, and most serious operators long ago triggered contingency plans, telling clients to offboard and migrate to a licensed platform rather than gamble on a last-minute approval. "If you wake up right now, it's too late."
A market several times smaller
Others put the cull even higher. Dea Markova, director of policy at digital-asset infrastructure provider Fireblocks, estimates that 3,000 to 4,000 crypto intermediaries once operated in the EU under the old anti-money laundering registration regime, which often required little more than AML registration at a national level. She expects the licensed market eventually to settle at roughly 400 entities. "We expect the market to be 10 times smaller," she said.
The two sets of figures are not directly comparable – national registration regimes varied across member states, and some counts include firms operating across multiple jurisdictions – but they point the same way: a sharply smaller field serving the European market.
The consolidation is happening at the entity level, not necessarily in trading volumes, Markova stressed, and the largest exchanges have already secured licences and are generating MiCA-compliant business. Banks are setting up dedicated legal entities for digital-asset services, stablecoin issuers represent an entirely new category of regulated activity, and firms from the Middle East and Hong Kong are increasingly entering Europe through authorised channels.
The firms that remain, Markova said, have effectively "sharpened their game" through higher compliance, risk-management and operational standards. "It's a collective sort of upskill," she said.
Cost problem
For everyone else, cost is the obstacle. MiCA is "not a paperwork exercise," said Jody Mettler, chief operating officer of regulated custodian BitGo. It forces firms to operate more like regulated financial services businesses, with governance structures, customer-asset segregation, anti-money laundering (AML) and sanctions controls, cybersecurity frameworks, incident reporting and ongoing supervisory engagement.
D'Ormesson estimates that implementing a MiCA licence in France can cost around €500,000, before the recurring expense of maintaining compliance.
And the running cost, Mettler argues, is the real test. "The strategic question should go beyond 'Can we get licensed?'" he said. "It is, 'Can we operate as a licensed business over time?'" The firms that struggle most, in his telling, are not short on ambition but on regulated infrastructure: the systems, controls and personnel supervisors expect to withstand scrutiny.
Escape routes, their limits
That infrastructure gap has created a market of its own. Providers such as BitGo and Fireblocks are promoting infrastructure-as-a-service models that let smaller firms plug regulated custody, transfer and trading capabilities into their own customer experience without building an entire compliance stack from scratch. Demand is rising, Mettler said, "because the timeline is compressed, and the requirements are substantial."
But he is candid about the limits. "Compliance cannot be outsourced completely, and no responsible provider should suggest otherwise," he said. A provider can take responsibility for the services it is authorised to deliver, but the client retains obligations around governance, conduct, marketing, customer communications and oversight. The workable arrangement, Mettler said, is "shared accountability."
Not every firm will partner, and some are repurposing entirely. D'Ormesson says he is seeing operators pivot into decentralised finance (DeFi), which MiCA does not currently regulate directly, or retreat into back-end software businesses that stop short of providing regulated services. A handful are eyeing relocation to Switzerland, the UAE or the UK, though he cautions that serving EU clients from outside the bloc often relies on reverse solicitation, a narrow carve-out that "is not a business model."
Where licences are landing
Malta and Lithuania moved early to attract applicants. Lithuania has actively promoted itself as a digital-assets hub, while Malta has drawn scrutiny from ESMA over the rigour of its licensing process. The jurisdictions attracting the most serious business, both d'Ormesson and Markova said, share a less glamorous advantage: experienced regulators and well-staffed licensing departments.
Germany, the Netherlands and Luxembourg have emerged as leading destinations. The Dutch regulator conducted extensive pre-application discussions with industry participants before approvals began, while Luxembourg has drawn a disproportionate share of larger institutional players. "Most regulators will not welcome an entity that doesn't have a meaningful footprint in their own country," Markova noted.
Shakeout or maturation
The transition is already painful for thinly capitalised firms whose models depend on regulatory fragmentation, and there is a genuine risk that overly rigid implementation pushes some early-stage innovation elsewhere. A revision of MiCA, potentially extending to areas such as DeFi, is already being discussed in Brussels.
But the end of the transitional period should not be measured simply by the number of firms that disappear, argues Isadora Arredondo, vice-president of global policy at Hedera. "The end of MiCA's transitional period should not be read as a simple exodus story. Instead, I see it as more of a filtering moment for the European digital asset market," she said.
Authorisation counts and exit numbers are useful indicators, Arredondo argued, but they do not tell the whole story. "A high number of applications doesn't automatically mean a healthy market, and a smaller number of authorised firms does not necessarily mean the regime has failed."
The more important question, she said, is whether MiCA can create a market where well-governed firms operate consistently across Europe. "It is one thing to write a harmonised rulebook; it is another to make sure national supervisors, exchanges, custodians, payment providers and market infrastructure providers are applying and operating under it consistently in practice day-to-day."
"Authorisation alone does not create an effective market. You still need to understand how these markets actually work in practice: how assets settle, how custody is managed, how resilient the underlying technology is, and whether different tokenised assets and forms of money can interact without creating new points of friction," Arredondo said.
Europe has gained an early regulatory advantage, Arredondo said, but consistency will determine whether the lead endures. "If the regime is applied consistently and proportionately, it can support a more credible digital asset market in Europe. If implementation becomes fragmented across member states, firms may comply in Europe while choosing to scale parts of their activity elsewhere."
For longer-term industry participants, the mood is sanguine. "I would not frame MiCA only as a shakeout; it is also a maturation," Mettler said.