The transitional period provided for under the European Regulation on markets in crypto-assets (MiCA) will definitively expire on 1 July 2026. As from that date, the provision of crypto-asset services to clients in the European Union will be reserved exclusively to entities authorised under the Regulation.

The European Securities and Markets Authority (ESMA), in a communication issued on 17 April ahead of the July deadline, reiterated the obligations of crypto-asset service providers (CASPs) and the supervisory expectations for national authorities, while also providing guidance to investors on the risks associated with the activities of unauthorised entities and on the safeguards available to them.

ESMA requests entities that have not yet been authorised as crypto-asset service providers to have orderly wind-down plans ready for implementation, ensuring the transfer of clients’ crypto-assets to authorised operators or to self-custody wallets without causing economic harm to clients, and to implement such plans by 1 July 2026. These plans must be operational, credible and immediately actionable, as well as compliant with applicable obligations, including those relating to conduct of business, prudential requirements and anti-money laundering. Authorised CASPs, for their part, are required to manage in an orderly manner the updating of contractual relationships with existing clients before the above-mentioned date of 1 July, ensuring the adoption of onboarding procedures that comply with the applicable legislation.

ESMA also recalls that non-EU operators are not authorised to provide MiCA services to European investors, except under the narrow exemption of reverse solicitation, and that this prohibition also extends to business-to-business relationships. In particular, MiCA expressly prohibits CASPs from outsourcing or delegating certain services, such as custody, to entities that are not authorised as CASPs, even where they belong to the same corporate group. This requires all operational chains to be fully compliant and not to involve the indirect provision of services through unauthorised entities. In this context, ESMA, addressing national competent authorities, stresses the importance of issues relating to wind-down plans for unauthorised CASPs and the risk of unauthorised provision of services after the end of the transitional period.

Lastly, ESMA issues a specific warning to investors: not all crypto-asset service providers operating after 1 July will be authorised under MiCA, and the level of protection depends on the entity with which the relationship is maintained.

Investors are therefore invited to:

• verify their provider, ensuring that it is authorised and included in the MiCA Register published by ESMA before making investments or transferring funds;
• precisely identify the legal entity providing the service, as MiCA protections apply exclusively to the specific entity authorised in the EU and not to other companies belonging to the same group or to non-EU entities, even where they operate under the same brand;
• carefully review contractual documentation in order to understand which entity is actually providing the service;
• act promptly by transferring crypto-assets to an authorised operator or to a self-custody wallet, or by considering the closure of their positions where necessary, bearing in mind that remaining with unauthorised operators may entail a lower level of legal protection and a greater risk of losing their crypto-assets.

Consob will continue to carry out its supervisory and public information activities, in coordination with ESMA and with the other national competent authorities, in order to ensure the consistent application of MiCA and an adequate level of investor protection.