MiCA to RegRally: Transition Ended, ESMA Clarifies Key Rules, Baltic CASP Licensing Boom, July 2026

MiCA to RegRally: The Crypto Guide – MiCA Transition Ends, ESMA Clarifies Key Rules and Baltic CASP Licensing Continues (July 2026)

MiCA to RegRally: The Crypto Guide – MiCA Transition Ends, ESMA Clarifies Key Rules and Baltic CASP Licensing Continues (July 2026)

This edition of the MiCA newsletter highlights key regulatory developments shaping the European crypto-asset market following the end of the MiCA transitional period. Regulators continue to provide greater clarity on the application of the framework while increasing supervisory scrutiny of governance, AML compliance and operational resilience.

This month, we cover Latvia’s growing CASP market, new ESMA guidance on crypto-asset services, the EBA’s proposed methodology for MiCA administrative fines, AMLA’s expectations for customer migration and AML controls, as well as enforcement actions aimed at ensuring consistent MiCA implementation across the EU. We also look at how the UK’s emerging crypto regime may influence firms operating across multiple jurisdictions.

Together, these developments reinforce that MiCA compliance is becoming increasingly focused on effective implementation, sound governance and robust risk management as the EU crypto market continues to mature.

Latvia Continues to Expand Its MiCA-Licensed Crypto Market

Latvijas Banka continued to actively authorise crypto-asset service providers (CASPs) under the Markets in Crypto-Assets Regulation (MiCA), issuing licences to four firms during June 2026.

AS TWINO Investments became authorised to provide custody and administration of crypto-assets, exchange services and execution of orders, building on its existing MiFID investment firm licence. AlphaRoute received a broad MiCA authorisation covering custody, trading platform operation, exchange, placing and transfer services. Hodleris obtained authorisation for custody, exchange and transfer services, while Bleap received a more limited licence covering crypto-to-fiat and crypto-to-crypto exchange services.

Latvijas Banka also confirmed that nine companies have now received CASP authorisation since the introduction of the harmonised EU framework.

Why does it matter?

The Latvian market continues to demonstrate active implementation of MiCA and provides useful regulatory precedents for firms considering authorisation in the Baltic region.

The recent decisions illustrate that MiCA authorisations are tailored to the specific services requested by applicants, while authorised CASPs may subsequently passport their services throughout the EU under the MiCA cross-border notification framework.

The authorisation granted to TWINO Investments also demonstrates that existing MiFID investment firms may benefit from a more streamlined route when expanding into crypto-asset services.

Recommended actions

  • Investment firms holding a MiFID licence should assess whether their existing permissions could support a streamlined MiCA authorisation route for planned crypto-asset services.
  • Firms seeking broader authorisation (including trading platform operation) should consider AlphaRoute as a recent example of a full-scope MiCA licence.
  • Monitor the expanding Latvian CASP register when assessing Baltic passporting opportunities and competitor positioning.
  • Ensure MiCA licence applications accurately reflect the intended scope of crypto-asset services, as authorisations are granted only for the services applied for.

Source: Latvijas banka
Link
Link
Link
Link

EBA Consults on Methodology for MiCA Administrative Fines

The European Banking Authority (EBA) launched a public consultation on a draft methodology for calculating administrative fines imposed under MiCA on issuers of significant asset-referenced tokens (ARTs) and e-money tokens (EMTs).

The proposed methodology aims to ensure that enforcement is transparent, proportionate and consistent where infringements are committed intentionally or negligently. It also expressly addresses liability of members of the management body.

The consultation remains open until 28 September 2026, with a public hearing scheduled for 16 July 2026.

Why does it matter?

The consultation provides early insight into how supervisory enforcement may operate for issuers of significant tokens under MiCA.

Beyond financial exposure, the proposal highlights increasing regulatory focus on governance and individual management accountability for MiCA compliance.

Recommended actions

Businesses should:

  • Issuers of existing or potentially significant ARTs and EMTs should assess their potential exposure under the proposed methodology and consider participating in the consultation before 28 September 2026.
  • Review governance arrangements and management body accountability in light of the proposed approach to individual liability.

Source: EBA | Date: 2026-06-26
Link

First DORA Incident Report Highlights Operational Resilience Priorities

The European Supervisory Authorities (EBA, EIOPA and ESMA) published their first annual report on major ICT-related incidents under DORA.

The report analysed 3,383 major incidents reported by EU financial entities. Approximately one-third had cross-border implications, while direct impacts on customers were generally limited.

System failures and external events were identified as the most common causes, highlighting the importance of ICT outsourcing oversight and third-party risk management. Although only around 10% of reported incidents were cybersecurity-related, the ESAs noted that increasingly sophisticated AI-driven threats require organisations to maintain the highest cybersecurity standards.

Why does it matter?

The report offers valuable benchmarking for CASPs and other DORA-regulated entities by identifying common operational resilience weaknesses observed across the financial sector.

It also reinforces supervisory expectations regarding ICT governance, incident management and third-party oversight.

Recommended actions

Businesses should:

  • Benchmark incident classification and reporting procedures against the report’s findings.
  • Strengthen oversight of ICT service providers and outsourced functions.
  • Review cybersecurity controls and incident response arrangements in light of increasingly sophisticated AI-driven threats.

Source: ESMA | Date: 2026-06-03
Link

AMLA Highlights AML Risks Following the End of the MiCAR Transitional Period

AMLA published an Advisory Note addressing money laundering and terrorist financing risks arising from the end of the MiCAR transitional period on 1 July 2026.

The Authority expects significant structural changes across the crypto sector as unauthorised VASPs exit the market and activity becomes concentrated among authorised CASPs.

AMLA emphasised that firms should avoid blanket de-risking of customers migrating from former VASPs and instead apply individual risk assessments based on a risk-based approach.

Why does it matter?

As the European crypto market consolidates under MiCA, regulators expect firms to balance customer onboarding with robust AML controls and appropriate risk assessment.

The guidance also underlines the importance of maintaining effective AML processes during business wind-downs and customer migration.

Recommended actions

Businesses should:

  • CASPs onboarding transitioning customers should strengthen transaction monitoring and document proportionate onboarding decisions.
  • Where a related entity is winding down unauthorised crypto activities, ensure AML controls remain effective throughout the transition.

Source: AMLA | Date: 2026-06-29
Link

FCA Sets Out New UK Crypto Regulatory Framework

The UK Financial Conduct Authority (FCA) announced a new regulatory framework for crypto-assets, introducing standards for firms offering crypto buying, trading and custody services.

The initiative forms part of the UK’s broader strategy to position itself as a global hub for digital assets while strengthening consumer protection and market integrity.

Why does it matter?

Although MiCA establishes a harmonised framework within the EU, firms operating internationally should be aware that the UK is developing its own regulatory approach.

Businesses providing services across both jurisdictions will increasingly need to manage compliance with two evolving regulatory regimes.

Recommended actions

Businesses should:

  • UK-facing crypto firms should compare the new FCA standards with existing MiCA obligations to identify potential compliance gaps.
  • Non-UK CASPs should consider regulatory divergence when structuring cross-border crypto services.

Source: FCA | Date: 2026-06-30
Link

ESMA Clarifies the Scope of Crypto-Asset Advice Under MiCA

ESMA published new Q&As clarifying when recommendations relating to crypto-assets or crypto-asset services constitute “advice on crypto-assets” under MiCA.

The guidance confirms that the concept is broader than investment advice under MiFID II and may also capture certain referral, introducer or affiliate arrangements where recommendations are personalised or presented as suitable for a particular client.

By contrast, neutral references to a CASP that are equally available to all potential investors generally fall outside the definition.

The clarification may affect firms using referral programmes, affiliate marketing or personalised client onboarding journeys. Businesses should carefully assess whether existing commercial arrangements inadvertently fall within regulated crypto-asset advice.

Recommended actions

Businesses should:

  • Review referral, introducer and affiliate arrangements to determine whether they constitute personalised recommendations.
  • Where services involve suitability assessments or personalised recommendations, ensure the relevant MiCA authorisation and conduct requirements are met before continuing those activities.

Source: ESMA | Date: 2026-06-18
Link

ESMA Confirms Direct Token Issuance Does Not Trigger CASP Authorisation

ESMA confirmed that issuers conducting a primary public offering of crypto-assets may transfer tokens directly from the issuance smart contract to purchasers’ wallets without requiring CASP authorisation.

The clarification applies where the issuer transfers tokens as part of its own issuance rather than providing custody or transfer services on behalf of another person.

Why does it matter?

The Q&A provides welcome legal certainty for token issuers by distinguishing primary issuance activities from regulated crypto-asset services under MiCA. However, the clarification does not extend to secondary market activities or post-issuance custody arrangements.

Recommended actions

Businesses should:

  • Confirm that direct smart-contract-to-wallet transfers qualify as self-issuance and document the supporting legal analysis.
  • Assess separately whether secondary market activities or post-issuance custody arrangements require CASP authorisation.

Source: ESMA | Date: 2026-06-18
Link

European Commission Continues MiCA Enforcement Against Poland and Romania

The European Commission issued additional letters of formal notice to Poland and Romania for failing to fully implement MiCA-related legislative amendments and administrative penalty regimes.

Both Member States have two months to respond before the Commission may proceed with reasoned opinions.

The infringement proceedings demonstrate the Commission’s continued focus on ensuring consistent MiCA implementation across all Member States. Businesses operating across multiple jurisdictions should remain aware that implementation timelines may differ while infringement proceedings remain ongoing.

Recommended actions

Businesses should:

  • CASPs with a Polish or Romanian nexus should confirm with local counsel whether administrative penalties for MiCA infringements are currently enforceable.
  • Continue monitoring developments as the infringement procedures progress.

Source: European Comission| Date: 2026-06-4
Link

ESMA Sets Expectations for CASPs Following the End of the MiCA Transition

ESMA issued a public statement outlining supervisory expectations for unauthorised CASPs following the expiry of the MiCA transitional period on 1 July 2026.

Unauthorised firms must immediately cease onboarding new EU clients, stop marketing activities and limit their operations to those strictly necessary to complete an orderly wind-down. ESMA also confirmed that AML/CFT obligations remain fully applicable throughout the wind-down process.

The statement further reiterates that non-EU CASPs may not actively provide or solicit MiCA services within the EU without the required authorisation.

Recommended actions

Businesses should:

  • Firms operating under national transitional regimes without MiCA authorisation should urgently confirm their regulatory status and implement an orderly wind-down plan where required.
  • CASPs onboarding customers from unauthorised providers should complete full customer due diligence and AML/CFT onboarding checks before accepting transferred positions.

The statement provides a clear supervisory roadmap for firms that have not obtained MiCA authorisation and confirms that coordinated enforcement by ESMA, AMLA, EBA and national regulators should be expected. It also reinforces the importance of robust customer communication and continued AML compliance during market exits.

Source: ESMA | Date: 2026-06-23
Link

Need assistance?

As your legal advisors, we would be pleased to assist you with all matters related to MiCA and crypto-asset regulation, including:

  • MiCA authorisation and CASP licensing
  • Regulatory gap assessments and compliance reviews
  • Internal policies, procedures and governance documentation
  • Cross-border passporting and expansion strategies
  • Regulatory investigations and supervisory matters
  • Legal advice on crypto-asset offerings, token issuance and crypto services

Contact us to discuss how these regulatory developments may affect your business.

About the Author:


Inga Karulaitytė is an attorney-at-law, Partner, and Head of Banking, Finance & FinTech at ECOVIS ProventusLaw — a recognised expert in FinTech and digital finance regulation in Lithuania and the Baltics. She is consistently ranked in FinTech Legal by Chambers and Partners and recognised as a Highly Regarded lawyer in Banking and Finance by IFLR1000, Chambers and Partners, and The Legal 500.

Inga is a Certified Anti-Money Laundering Specialist (CAMS), a Certified Global Sanctions Risk Management Specialist, a certified board member (Corporate Governance Certificate by BICG), and a Certified Internal Auditor.

Connect on LinkedIn →

Newsletter SubscriptionGet in touch