MiCA CASP Authorization: Germany Leads the EU Race as July 1 Deadline Arrives
As of July 1, 2026, the Markets in Crypto-Assets Regulation transitional period has closed. Any crypto-asset service provider operating in the EU or EEA without a MiCA authorization is now doing so outside the legal framework. The ESMA interim register, updated as of June 26, counted 244 approved CASPs across the bloc, but the distribution is anything but uniform: Germany holds roughly one in four licenses, five member states have issued none at all, and Italy accounts for nearly every entry on the non-compliant register.
How Authorizations Are Distributed Across Member States
Germany's Dominant Position
Germany leads the ESMA register with 57 MiCA-authorized CASPs, representing approximately 23% of all approvals. BaFin, the country's Federal Financial Supervisory Authority, attributes this partly to the scale of Germany's financial sector: a large number of credit institutions already had the regulatory infrastructure to add crypto-asset services under MiCA. The pre-existing national licensing regime for crypto custody and related activities also created a simplified transition pathway for firms that had already been supervised under domestic law, which likely accelerated the authorization count.
BaFin was candid about the limits of its own projections, noting that whether Germany retains its dominant share will depend on market developments, innovation trends, and the pipeline of pending applications in other jurisdictions. Approvals elsewhere are expected to grow as implementation matures and national financial sectors catch up.
France Accelerates in the Final Weeks
France sits in second place with 26 approvals, accounting for roughly 11% of total EU and EEA licenses, placing it alongside the Netherlands as the bloc's second-largest hub. Notably, France was the most active issuer in the final sprint: between June 18 and June 22, the Autorité des marchés financiers issued five CASP authorizations, the highest count of any single jurisdiction in that window. Eleven approvals were issued across the EU and EEA during that period, with Malta contributing two.
Named recipients of recent French authorizations include Bpifrance Investissement, RCUBE Asset Management, Paymium, Leonod, and Meria, a mix of institutional asset management and retail-facing crypto platforms that reflects the breadth of activity MiCA is designed to govern. French firms and advisers should note that the authorization pipeline has moved faster than anticipated at year-start: firms still in application should ensure their compliance documentation reflects that the transitional period has now formally ended.
The Member States That Issued Zero Licenses
As of June 26, five EU member states had not issued a single MiCA authorization: Greece, Hungary, Poland, Portugal, and Romania. Poland is particularly notable. Delays in transposing MiCA implementation legislation left the country without an active licensing framework in place by the time the EU deadline arrived. Greece is also significant: having initially established a licensing process, the country later changed course and redirected its licensing activity toward another MiCA jurisdiction, leaving it absent from the ESMA register entirely.
For firms and their advisers operating in or through these markets, the practical implication is immediate: without a domestic competent authority issuing authorizations, the passporting benefit that MiCA is designed to provide cannot originate from these jurisdictions. Firms headquartered there will need to assess whether a cross-border structure, or authorization in a jurisdiction with an active regime, is required to continue serving EU clients lawfully. This connects directly to the MiCA transitional period expiry and what it means for CASPs operating across the EU, covered in our earlier analysis.
Italy and the Non-Compliant Register
A Disproportionate Concentration of Non-Compliant Entries
While the authorized register tells one story, the non-compliant CASP register tells another. As of June 26, Italy accounted for 160 out of 162 entries on the ESMA non-compliant register. The Netherlands and Slovakia each recorded one entry, linked to MEXC and LWEX respectively.
The concentration in Italy is striking. It suggests a large volume of firms that were operating under the Italian registration or notification regime have not converted to, or obtained, a MiCA authorization ahead of the deadline. Compliance officers and auditors advising Italian crypto businesses need to treat this as an urgent matter: entities on the non-compliant register are identifiable to supervisors across all EU member states, and the regulatory exposure is no longer theoretical.
For accounting firms with Italian CASP clients, this is also a financial reporting and audit risk flag. A firm operating without authorization after July 1 may face enforcement action that affects going concern assessments, contingent liability disclosures, and the reliability of revenue recognition for services that are no longer legally provided.
What Fragmentation Means for Compliance Teams
Passporting, Substance, and Regulatory Arbitrage Risk
MiCA was designed to eliminate the need for firms to obtain separate national licenses by creating a single EU-wide passport. The uneven authorization data raises a practical concern that is already familiar from other financial regulation contexts: firms seeking the path of least resistance may gravitate toward jurisdictions with faster or lighter-touch authorization processes, creating a de facto hub-and-spoke structure that the single market design was intended to prevent.
Substance requirements matter here. Authorizations issued in Germany or France do not, on their own, permit a firm to relocate its commercial center of gravity to a jurisdiction where it has no real presence. Competent authorities in the member state of authorization are expected to scrutinize whether the firm genuinely operates from that jurisdiction. Compliance teams advising CASPs on cross-border structures should document substance carefully and anticipate supervisory scrutiny as national regulators bed in their MiCA oversight functions.
The regulatory patchwork also creates an ongoing monitoring obligation. The ESMA register is updated as new authorizations are issued and as non-compliant entries are added or removed. Firms that have counterparty relationships with CASPs, whether as liquidity providers, custodians, or technology partners, should build register checks into their third-party due diligence cycles. For context on how the Netherlands' AFM is approaching its own obligations toward crypto service providers in this environment, see our coverage of the AFM's distance marketing and online interface requirements for crypto-asset service providers.
Audit and Financial Reporting Implications
For auditors and CFOs, the authorization divide has direct balance sheet implications. A CASP that is not yet authorized, or that operates in a jurisdiction that has not established a licensing regime, faces potential revenue disruption: services provided to EU clients after July 1 without authorization may not be legally billable, and any associated revenue could be subject to regulatory challenge or disgorgement. Auditors conducting year-end work for crypto-facing entities should confirm authorization status as a preliminary matter, particularly for clients in the five zero-license jurisdictions and for any Italian entity whose status on the non-compliant register has not been resolved.
Firms operating in Germany's large credit institution sector should also confirm whether their authorization correctly covers all the crypto-asset service categories they intend to provide. BaFin's comment that credit institutions can provide crypto-asset services under MiCA is accurate, but the scope of services permitted depends on the specific authorization granted. Assuming that an existing banking license automatically covers all MiCA service categories would be an error.
Key Data Points from the ESMA Interim Register
The table below summarizes the authorization counts referenced in the ESMA interim register as of June 26, 2026, alongside non-compliant entries where reported.
| Jurisdiction | Authorized CASPs | Non-Compliant Entries |
|---|---|---|
| Germany | 57 | Not reported |
| France | 26 | Not reported |
| Netherlands | Not specified | 1 (MEXC) |
| Italy | Not specified | 160 |
| Slovakia | Not specified | 1 (LWEX) |
| Greece | 0 | Not reported |
| Hungary | 0 | Not reported |
| Poland | 0 | Not reported |
| Portugal | 0 | Not reported |
| Romania | 0 | Not reported |
| Total (EU/EEA) | 244 | 162 |
All figures are drawn from the ESMA interim register as reported on June 26, 2026. The register is updated on a rolling basis as national competent authorities submit new data.
Immediate Actions for Firms and Advisers
A Short Checklist for July 2026
Given where the authorization landscape stands as of the deadline, compliance teams and advisers should address the following without delay:
- Confirm your client's or employer's CASP authorization status on the ESMA interim register and verify that the listed service categories match actual business activities.
- For clients in zero-license jurisdictions, assess whether operations need to be restructured around an authorized entity in another member state and document substance accordingly.
- For Italian entities appearing on the non-compliant register, quantify the regulatory exposure and consider its impact on going concern, contingent liabilities, and revenue recognition in the next reporting period.
- Build ESMA register checks into counterparty and third-party due diligence workflows on a recurring basis, not as a one-time exercise.
- Revisit any assumption that a credit institution license in Germany or elsewhere automatically covers all MiCA crypto-asset service categories.
The ESMA register and the underlying MiCA framework documentation are available directly from ESMA's official website. BaFin's MiCA guidance is published on its official portal. For the white paper and disclosure obligations that sit alongside authorization requirements, our earlier piece on ESMA's MiCA white paper exemption clarification for non-ART and non-EMT offerings covers the key distinctions firms need to understand.
Source: Cointelegraph
FAQ
The ESMA interim register recorded 244 authorized crypto-asset service providers across EU and EEA jurisdictions as of June 26, 2026. Germany leads with 57 approvals, representing approximately 23% of the total. France and the Netherlands are the next largest hubs, with France holding around 26 authorizations.
As of June 26, five member states had issued zero MiCA authorizations: Greece, Hungary, Poland, Portugal, and Romania. Poland and Greece are particularly notable: Poland faced delays in transposing MiCA implementation legislation, while Greece redirected its licensing activity to another MiCA jurisdiction after initially establishing a domestic process.
Italy held 160 of the 162 entries on the ESMA non-compliant CASP register as of June 26. This reflects a large volume of firms that operated under Italy's previous national registration or notification regime but have not converted to a full MiCA authorization. Firms in this position are now operating outside the legal framework, with potential exposure to enforcement action from competent authorities across the EU.
No. BaFin confirmed that credit institutions in Germany can provide crypto-asset services under MiCA, and the country's pre-existing national licensing regime may have simplified the transition for some firms. However, the specific crypto-asset service categories a firm is permitted to offer depend on the scope of its individual MiCA authorization. Assuming blanket coverage from an existing banking license would be an error that compliance officers should flag and verify.
Auditors should treat the absence of a domestic authorization pathway as a material fact affecting the engagement. Key considerations include: whether the client is generating revenue from EU clients without a valid authorization (which could affect revenue recognition), whether regulatory enforcement creates a going concern or contingent liability issue, and whether the client needs to restructure around an authorized entity in another member state. These assessments should be documented in the audit file and discussed with management.
