ESMA clarifies timeline for MiCA and encourages market participants and NCAs to start preparing for the transition

The European Securities and Markets Authority (ESMA) is preparing the implementation of the Markets in Crypto-Assets Regulation (MiCA)1, which will enhance safeguards for holders of crypto-assets and clients of crypto-asset service providers, financial stability, and integrity of markets in crypto-assets that are not currently regulated by existing common European Union (EU) financial services legislation.

The entry into force of MiCA is a fundamental development for the establishment of a single rulebook for the regulation and supervision of crypto-asset issuance, trading, and service provision2. Such activities are not currently regulated by existing common European Union (EU) financial services legislation and MiCA therefore represents an important legislative milestone for crypto-asset markets. However, ESMA reminds holders of crypto-assets and clients of crypto-asset service providers that MiCA does not address all of the various risks associated with these products. Many crypto-assets are by nature highly speculative. Moreover, crypto-assets are prone to novel operational or security risks, not least due to the underlying technology, which is still in a relatively nascent stage.3 Even with the implementation of MiCA, retail investors must be aware that there will be no such thing as a ‘safe’ crypto-asset.

During the ‘implementation phase’ of MiCA (from entry into force until the date of full application in December 2024), ESMA, together with the National Competent Authorities (NCAs)4 of the Member States and the other European Supervisory Authorities (ESAs), is preparing the technical standards and guidelines that specify how the new rules will apply to issuers, offerors, and service providers of crypto-assets.

The first public consultations on these regulatory measures (in two major packages published in July and October) are important milestones for ESMA in the implementation of the MiCA framework.5 They translate our ambition to set high regulatory standards in the EU for crypto-asset services into concrete requirements.

Full MiCA rights and protections will not apply in the implementation phase of MiCA

It is important for holders of crypto-assets and current or prospective clients of crypto-asset services in the EU to be aware that in addition to the risks inherent to crypto-assets, MiCA rules on the provision of crypto-asset services will not enter into application until December 2024. As such, holders of crypto-assets and clients of crypto-asset service providers will not benefit during that period from any EU-level regulatory and supervisory safeguards or recourse mechanisms built into the Regulation, such as the ability to file formal complaints with their NCAs against crypto-asset service providers.6 Given this timeline, holders of crypto-assets and clients of crypto-asset services should be aware of the recourse mechanisms and protections currently available in their jurisdiction (or lack thereof). In addition, if they are thinking about buying crypto-assets or related products and services, they should always ask themselves the following:

  • can you afford to lose all the money you are planning to invest?
  • are you ready to take on high risks to earn the advertised returns?
  • do you understand the features of the crypto-asset or related products and services?
  • are the firms/parties you are dealing with reputable?
  • are the firms/parties you are dealing with blacklisted by the relevant national authorities?
  • are you able to effectively protect the devices you use to buy, store or transfer crypto-assets, including your private keys?

In addition, even after MiCA becomes applicable to crypto-asset service providers, Member States have the option of granting entities already providing crypto-asset services in their jurisdictions up to an additional 18-month “transitional period” during which they may continue to operate without a MiCA license (also referred to as a ‘grand-fathering clause’). This means that holders of crypto-assets and clients of crypto-asset service providers may not benefit from full rights and protections afforded to them under MiCA until as late as 1 July 2026.7 Similarly, most NCAs will have limited powers to supervise entities benefitting from the grandfathering clause, depending on applicable local laws. In most cases, these powers are confined to those available under existing anti-money laundering regimes, which are far less comprehensive than MiCA.

The limited and uneven protections for crypto-asset holders and clients of crypto-asset service providers in the EU during the transition to MiCA is additional motivation for ESMA and its members to pursue close cooperation and foster supervisory convergence across the single market, which will also serve as a blueprint for cooperation beyond the grandfathering phase.

Promoting supervisory convergence

Until the end of the MiCA transitional phase in July 2026, it is probable that a significant number of entities already providing crypto-asset services in the EU will continue to offer those services under existing applicable laws in the jurisdictions in which they operate, should Member States make extensive use of the aforementioned grand-fathering clause.

Among these entities are global crypto firms that will continue to operate across several Member States using group structures that tend to be complex and opaque. Beyond the supervisory challenges this creates, opaque group structures may also render it difficult for clients of service providers to know which entity they are dealing with and its regulatory status. Further, these entities may lack a strong compliance culture (e.g., proper governance, organisation arrangements and effective control frameworks) and their large scale and geographic scope allow them to maintain a high level of agility in terms of where they can operate, increasing the risk of conflicts of interest, regulatory arbitrage and an unlevel playing field in the provision of crypto-asset services.

In anticipation of the risks posed by global crypto firms and to advance preparations ahead of the application of MiCA, ESMA and its members are working to promote coordinated actions across the Union by (i) facilitating the exchange of information between competent authorities on authorisation requests and real supervisory cases in their jurisdictions, (ii) encouraging the convergent application of MiCA rules as early as possible, (iii) consulting with the European Commission to provide the basis for a common understanding on MiCA provisions that may require further clarity.

The purpose of this work on convergence is to ensure alignment on supervisory expectations related to entities offering crypto-asset services across EU jurisdictions in the transitional period of MiCA and to promote, from the outset, consistent practices to be used after the entry into application of MiCA, starting with the authorisation regime.
ESMA and its members are committed to building a strong regulatory framework characterised by a consistent, effective, and forceful supervision (and enforcement where necessary) in the EU from the outset. As part of this process, NCAs should:

  • Dedicate adequate resources to implementation of the MiCA framework with the aim of initiating robust supervision (and enforcement) from the start;
  • Establish authorisation procedures and foster dialogue with potential applicants as soon as possible;
  • Align supervisory practices in relation to authorisation of crypto-asset service providers, based on common best practices across the EU, to prevent regulatory arbitrage;
  • Share information regarding authorisation demands in particular with respect to global crypto firms with complex and opaque group structures;
  • Prevent the establishment of so-called “letter-box” entities, i.e., when EU-based crypto-asset service providers rely extensively on non-EU entities for the performance of services for clients based in the EU;
  • Ensure that the simplified authorisation procedure8 is appropriate to ensure full compliance with all MiCA requirements and is not used as a tool to gain a competitive advantage vis-a-vis other jurisdictions; and
  • Subject entities engaging in unlawful provision of crypto-asset services before application and during the transitional phase of MiCA to enforcement action where possible under national applicable law.

ESMA and NCAs are determined to ensure entities involved in the provision of crypto-asset services understand that the EU is not a place for forum-shopping or illicit practices.

Market participants can already start contributing to the effective implementation of MiCA

To ensure a timely and orderly transition toward MiCA, ESMA encourages market participants to make adequate preparations that will reduce the risk of disruptive business model adjustments. These preparations should also involve early dialogue between entities currently providing crypto-asset services in the EU and the relevant competent authorities of the jurisdictions in which they operate to inform them of their transition plans.

Beyond responding to the public consultations, market participants that would fall under the scope of MiCA can already begin taking actions to ensure a smooth transition and implementation. ESMA calls on entities currently providing crypto-asset services (including already authorised financial entities) to:

  • Inform NCAs and clients of their transition plans as early as possible;
  • Inform clients about the regulatory status of the crypto-assets and/or services they are offering, clarifying whether they are offering crypto-asset services using the grandfathering clause, the type of authorisation they hold, and the country from which they operate;
  • If they are authorised under other sectoral Regulations, clarify the regulatory status of the products and/or services they are offering to avoid confusion with respect to their regulated offerings9;
  • Anticipate MiCA’s entry into application by aligning their practices to comply with incoming requirements under that Regulation;
  • Apply for a MiCA authorisation as soon as possible. Without a MiCA authorisation they will not benefit from passporting rights within the EU during the transitional period10; and
  • Engage with NCAs on questions concerning the perimeter of MiCA and the application of the framework to their current activities.

Further, entities providing crypto-asset services who are active in more than one Member State under local applicable laws must continue complying with all applicable local laws until the end of the transitional period.

ESMA also underlines that the provision of crypto-asset services or activities by a third-country firm is strictly limited under MiCA to cases where such service is initiated at the own exclusive initiative of a client (the so called “reverse solicitation” exemption).

While this exemption will be subject to further guidance by ESMA, it should be understood as very narrowly framed and as such must be regarded as the exception; and it cannot be assumed, nor exploited to circumvent MiCA. ESMA, and NCAs through their supervisory and enforcement powers, will take all necessary measures to actively protect EU-based investors and MiCA-compliant crypto-asset service providers from undue incursions by non-EU and non-MiCA compliant entities under the European MiCA framework.

Next steps

ESMA and NCAs will continue pursuing initiatives to support and promote supervisory convergence during the MiCA implementation and transitional phases. Efforts will be devoted to developing common principles and best practices in preparation for the upcoming supervisory duties, as well as building expertise on crypto market developments, including by engaging with the various crypto market participants and stakeholders.

Background information

For further context, ESMA would also like to share the previous statements and warnings with relevance to the provision of unregulated crypto-asset products and/or services in the EU:

  • See: Joint-ESA warning (here) to consumers on the risks of investing in crypto-assets
  • See: ESMA statement (here) on investment firms offering unregulated products or services, which includes information on how to mitigate the risks
  • See: ESMA statement on reverse solicitation (here)

  1. Regulation (EU) 2023/1114 on markets in crypto-assets [MiCA]
  2. The current regulatory landscape governing the crypto-asset sector is highly fragmented across the EU. Some Member States have implemented national rules to regulate certain crypto-assets and related products or services. Most of these national frameworks derive from the transposition of the fifth anti-money laundering (AML) directive (Directive (EU) 2018/843); their scope of application may vary locally, depending on national transpositions, and in most cases is limited to AML profiles.
  3. See the joint-ESA warning on crypto-assets for more information on the risks: here
  4. National authorities assigned by Member States to perform supervisory tasks in relation to crypto-assets
  5. See the ESMA website for a more details on the timing of the three ESMA public consultation packages as well as a timeline on the implementation and transitional phases of MiCA
  6. Note that such recourse may be possible in national level regulation in some jurisdictions.
  7. The exact date may vary by jurisdiction based on how each Member State chooses to apply (or not apply) the optional transitional measures. See Article 143(3) of MiCA.
  8. Article 143(6) of MiCA grants NCAs the option of allowing entities that were already authorised under national applicable law on 30 December 2024 to provide crypto-asset services under a simplified authorisation procedure.
  9. See: ESMA statement on the risks arising from the provision of unregulated products and/or services by investment firms, 25 May 2023.
  10. Cross-border activities by an entity benefiting from grand-fathering may occur only if the entity complies with relevant legislation applicable in both the home and host Member States. The provision of crypto-asset services during the transitional period should in any case always comply with the applicable national laws in the Member State where the services are provided. Entities benefiting from grand-fathering will be forbidden from conducting cross-border activities in Member States where the grand-fathering clause is not (or no longer) applicable.


Other news items

All News

We need the necessary cookies in order for the site to function properly and in order to maintain security standards as much as possible by complying with all applicable regulations.

This category of cookies can also be called so-called. third-party cookies. Statistical cookies also belong to the group of functional cookies that allow us to store previously entered information (such as username or language) on the web service and to improve the possibility of providing a better service by tracking analytics or visit statistics. We must inform you that when using this category of cookies, data is transferred to third countries.