The MiCA Deadline Map — Who's Licensed, Who Has Six Weeks, Who's Already Out

**Closed before May 2026:** - **Germany (BaFin)** — closed December 31, 2025. Any unlicensed CASP serving German clients from January 1, 2026 is operating illegally under the KMAG (Kryptomärkteaufsichtsgesetz). BaFin is operating an active "name-and-warn" tool; roughly 18 CASPs have received full MiCA authorization in Germany. - **Hungary** — closed December 30, 2025. Hungary layered additional national requirements (criminal liability + SARA validator certificate) on top of MiCA, prompting the European Commission to open formal **infringement proceedings**. Hungary's two-month response window expired in early April 2026; the next stage is a reasoned opinion from the Commission.

**Closing June 30, 2026:** - **Italy (CONSOB + Bank of Italy)** — One day before the absolute ceiling. CONSOB published its supervisory fee schedule on December 17, 2025: €20,000 per application plus €10,000 per notified service. Bank of Italy handles the AML/CFT side. - **Spain (CNMV)** — Single-authority regime since December 30, 2024. Bank of Spain stopped accepting new VASP registrations on the same date and now holds the historical registry only. CNMV's posture is "comply or quit."

**Closing July 1, 2026 (EU absolute ceiling):** - **France (AMF + ACPR)** — 79 fully authorized CASPs and a separate 90 firms registered under the transitional period as of January 2026. AMF issued a formal reminder in February 2026 that firms unable to obtain MiCA authorization must file an orderly wind-down plan by March 30, 2026. Criminal exposure for unauthorized service: two years' imprisonment plus €30,000 fine. - **Netherlands (AFM)** — 11 CASPs authorized. - **Malta (MFSA)** — 5+ authorized, but under ESMA peer-review censure. A July 10, 2025 fast-track peer review by ESMA found that Malta authorized a major CASP (widely understood to be OKX) without adequately assessing material AML/CFT, conflicts, ICT, custody, and Web3-service controls. Malta has clashed publicly with ESMA over centralisation through March-April 2026. - **Luxembourg, Estonia** — full 18-month transition, closing July 1.

CryptoSlate's tracking puts the total at roughly 53 fully MiCA-authorized firms across the EU as of February 2026. Aggregated NCA reporting brings the May number to 60+. Notable authorizations:

- **Coinbase** — Luxembourg (CSSF). EU passport active. - **Kraken** — Ireland (Central Bank of Ireland). EU passport active. - **Bitstamp** — Luxembourg, authorized May 2025. - **Bybit EU** — Austria (FMA). - **OKX** — Malta (MFSA) plus Malta payment-institution license February 2026. - **Bitpanda** — Triple authorization: Germany (BaFin), Austria, Malta. - **Gemini** — Malta. - **BVNK** — Malta (February 2026). - **Crypto.com** — Continuing transition from pre-MiCA Malta VFA + EMI structure.

**Conspicuously absent: Binance.** Binance has no MiCA authorization. The company applied via a newly formed subsidiary, Binary Greece, with base €25,000 capital. AMF specifically named Binance among the 90 unlicensed firms operating in France in its January 2026 register.

The gap is not a technicality. Binance, the largest exchange by global volume, is operating in the EU without the regulatory framework every other major exchange has adopted. Member-state action against Binance has been politically constrained, partly by the company's ongoing DOJ monitorship (close to ending per Bloomberg reporting in April 2026) and partly by the practical difficulty of enforcement against a company with no settled EU domicile.

Authorized euro-denominated Electronic Money Tokens (EMTs) as of May 15, 2026:

- **EURC** (Circle, French EMI authorization since July 2024) — dominant, ~50% market share of EU euro stablecoin volume. - **EURI** (Banking Circle, Luxembourg EMI) — MiCA-compliant since August 2024 launch. - **EURCV** (Société Générale-FORGE) — tokenized bond settlement focus, +340% YoY transaction growth. - **EUROe** (Membrane Finance, Finland). - **EURQ** (Quantoz, Netherlands). - **EURS** (Statis, Malta).

Plus **USDC** under the same Circle French authorization (USD-denominated EMT).

**Tether (USDT) is not authorized.** Tether did not file. MiCA Article 36 requires 60% of EMT reserves in EU-domiciled credit institutions — Tether's reserves architecture does not meet this threshold and the company elected not to restructure for the EU market.

Binance ended EEA spot trading pairs for USDT, FDUSD, TUSD, USDP, DAI, and PAXG on March 31, 2025. Kraken EEA moved USDT to sell-only the same month. USDT remains held and transferable in self-custody but cannot be acquired through MiCA-regulated venues except in derivatives or specific professional-trader segments.

The result is a bifurcated stablecoin market in Europe. Retail flows through EURC, EURI, and USDC. USDT continues to dominate non-EU and self-custody flows. Sumsub's February 2026 analysis put regulated EMTs at approximately 25 percent of all EU stablecoin volume — an enormous shift from the pre-MiCA baseline.

MiCA is the licensing layer. AMLR — Regulation (EU) 2024/1624 — is the AML/CFT layer, effective July 10, 2027. The two stack: every MiCA-authorized CASP becomes subject to AMLR's customer due diligence, transaction monitoring, and self-hosted-wallet provisions.

The AMLR provisions worth knowing now:

- **€1,000 self-hosted-wallet enhanced-CDD trigger.** A CASP sending or receiving a single transaction over €1,000 to or from a self-hosted wallet must apply enhanced due diligence — risk-based identity verification of the wallet owner. The threshold is per-transaction, not aggregate, and applies to both directions of flow. Sanctuary's wallet-screening output is one of the components that feeds the enhanced-CDD decision. - **Direct supervision by AMLA.** From July 1, 2027, the Anti-Money Laundering Authority headquartered in Frankfurt's MesseTurm will directly supervise approximately 40 obliged CASP entities (at least one per member state). The first selected entities will be announced ahead of that date. Chair Bruna Szego (ex Bank of Italy, appointed January 21, 2025) and Marcus Pleyer (former FATF President, on the Executive Board) lead the agency. - **40-mandate technical workstream.** AMLA must deliver approximately 24 of 40 technical standards in 2026, including 11 consultations in Q2 2026 and 8 more in H2 2026. The standards cover customer due diligence (RTS), group-wide policies, supervisor cooperation, central database, and AML data exchange formats.

The practical implication for CASPs is that 2026 is the licensing year. 2027 is the AML operating year. A CASP that lands authorization in time but is not operationally ready for AMLR in 2027 will face a second compliance cliff.

If you are a buyer of CASP services — a corporate treasury, an institutional desk, a fintech building on crypto rails — these are the questions to ask your CASP vendor in the next six weeks:

1. **Which competent authority issued your MiCA authorization?** The answer should be a single specific NCA (BaFin, AMF, CSSF, CONSOB, CNMV, CBI, FMA, MFSA, etc.). If the answer is "we are operating under transitional provisions," verify the member state and the local deadline. 2. **Do you have EU passport rights?** Yes if MiCA-authorized; passport rights extend to all 27 member states plus Norway, Iceland, Liechtenstein. No if operating under transitional provisions only. 3. **What is your Travel Rule (Regulation 2023/1113) implementation?** Specifically: do you use a Travel Rule protocol provider (OpenVASP, TRP, TRISA, VerifyVASP)? How do you handle missing originator data? How long do you hold transfers pending data? 4. **What is your screening stack for the EU 20th sanctions package?** Specifically: A7A5, RUBx, Russian/Belarusian digital ruble, the four named payment agents, and CASPs "established in Russia/Belarus" under Article 5bb. 5. **What is your readiness plan for the AMLR €1,000 self-hosted-wallet enhanced-CDD?** This becomes operationally live in July 2027 but should already be in your roadmap. 6. **Are you on the AMLA direct-supervision shortlist?** If yes, you will be supervised directly from July 1, 2027. Your audit cadence will change.

A CASP that cannot answer these questions cleanly in May 2026 is unlikely to be in good standing by July 1.

The market consensus, per various law-firm projections and trade-body estimates, is that 60 to 75 percent of pre-MiCA EU VASPs will not survive the transition. The number is concentrated in small Estonian, Lithuanian, Czech, and Maltese firms operating below €10M annual revenue, which cannot absorb the projected €540M in aggregate compliance costs across the EU CASP universe.

Lithuania declared a "war on unlicensed crypto firms" earlier in 2026. Bybit's CEO publicly stated MiCA alone is "not enough for profitability." Specific named shutdowns have been sparse in coverage — most casualties are sub-tier-one firms whose absence does not generate headlines.

The visible 2026 sorting is happening at the listing level rather than the firm level. Exchanges that hold MiCA authorization are continuing to delist tokens that cannot be cleanly serviced under MiCA's market integrity framework, particularly privacy coins and tokens with insufficient white-paper-equivalent disclosure.

MiCA is a sorting mechanism. The CASP that survives July 1 is, by definition, the CASP that has invested in EU compliance infrastructure. The CASP that does not survive is also, by definition, the one whose business model could not absorb the cost.

The compliance officer's job in the next six weeks is to know which side of the sort their vendors are on, and to have a wind-down or migration plan for the ones who land on the wrong side. The sort itself is structural and finished.