MiCA has been making headlines lately, and in the crypto compliance world, there’s no doubt why. Three years on from the EU’s crypto law coming into force, its final deadline is almost here, and for a lot of companies, the 1 July cut-off is arriving faster than they planned for.
MiCA is essentially the European Union’s crypto law: it sets a single rulebook for every company that offers crypto services to people in the EU, across all 27 member states. To trade legally, a company needs to be licensed under it. Under the MiCA regulation, the license is called a CASP authorisation, short for Crypto-Asset Service Provider.
December 2024 saw the license requirement become legally binding, along with the conduct rules attached to it: rules against market manipulation, rules ensuring companies disclose risks clearly, and rules on how customers and their funds must be handled. Companies already operating legally under their own country’s older crypto rules have of course not been shut down overnight - a grace period has been running, known as ‘grandfathering’. An existing business can carry on under the old terms of compliance under the old terms, while it catches up on the new ones.
This grandfathering period will officially expire on 1 July, when all businesses are expected to comply with the latest MiCA laws. After this, companies serving EU clients without a CASP license will be breaking the law.
As of May 2026, only about 210 companies hold the license. Before MiCA, more than 1,200 held national registrations. This significant gap is not because companies applied and were rejected: it is that companies have not finished applying, or have barely started. Many used the grandfathering time to delay the licensing process, rather than prepare.
ESMA, the EU’s central markets regulator, has confirmed that the deadline will not move: over €540 million in fines have already been issued, and over 50 companies have lost their licenses by February 2025, mostly for weak anti-money laundering or transaction monitoring checks.
What does MiCA require?
Most of what companies deferred during this time takes months to build, rather than weeks.
One requirement comes directly from traditional financing - the Travel Rule. When amounts above a certain amount move by wire transfer, information about the seder and receiver must be recorded too. Since December 2024, crypto will work the same way: for every transfer, a company has to record who sent and received the funds, and pass this information on.
Other duties sit alongside it, including knowing who your customers are (KYC), transaction monitoring for money laundering or terror financing (KYT), and filing reports for suspicious activity. These reports go to the regulators, who can move the reports upward to units who investigate suspicious money laundering.
The licence is granted by a regulatory authority, who depends on the jurisdiction in which a company operates. The regulatory authority may wish to see proof of effective transaction monitoring and evidence that led to a decision whether to reject or accept funds.
Overall, the regulations affects token issuers who must publish detailed whitepapers and maintain reserves, crypto-asset service providers requiring authorisation to offer exchanges, custody and trading platforms, and protocols targeting users in the EU.
For failures to comply with the regulations, or effective action to prevent money laundering, Chief Compliance Officers can be fired, companies can be fined, and CEOs can be imprisoned if wrongdoing was performed knowingly.
Binance’s trouble to obtain a license
Binance applied for its MiCA license in Greece, in January 2026. In mid-June, it was reported that the Greek regulator was expected to reject the application. A rejection would shut Binance out of all 27 EU markets, the moment the deadline passes. Binance has disputed the report and argues its application was found compliant - the outcome is still open.
Industry members are most surprised by the timing of the application - the largest exchange in the world has spend 18 months on the application, and still may reach the deadline without an answer. The futures of the largest most renowned exchanges are now in the hands of the regulators, demonstrating the serious role compliance and regulation plays in the world of crypto trading.
What this means for readers
The companies that get their license in the coming weeks are the ones whose systems were already running months ago. The monitoring, the records, and the trail a regulator asks to see can’t be assembled in a rush.
MiCA is one part of a wider shift we are recognising in the crypto compliance world. Regulators across the globe are convening on the same expectations, and compliance is fast becoming the deciding factor in whether a company can operate with customers or with banks at all.
This is no longer a box to tick before a deadline: its actually the ground that everything else stands on.
The companies that build that capability into how they run and operate, rather than bolting it on each time a rule changes, are the ones that will stay standing for the next one.
For the full and current MiCA requirements, always refer to official sources such as ESMA and your national regulator.
All research content and accompanying reports are provided for informational purposes only and should not be relied upon as professional advice. Accessing these materials does not create any professional relationship or duty of care. Readers are encouraged to consult appropriately qualified professionals for guidance. We uphold the highest standards of accuracy in all the information we provide. For any questions or feedback, please contact us at contact@nominis.io.
.png)
