Official End of MiCA Transition Period: ESMA to Focus on Crypto-Asset Custody Security and Third-Party Dependency Risks
As the MiCA transition period for the European crypto-asset market ends on July 1, 2026, the European Securities and Markets Authority (ESMA) has announced high-intensity supervision of crypto-asset custody risks, pressuring unauthorized service providers to exit the market.
As of July 8, 2026, the grace period for the European crypto-asset market has officially ended. Following the expiration of the Markets in Crypto-Assets (MiCA) transition deadline on July 1, the European Securities and Markets Authority (ESMA) has moved from the policy-making phase to a full-scale supervisory regime. In particular, ESMA is tightening its oversight of systemic risks arising from the crypto-asset custody process, specifically key management and reliance on third-party technology.
ESMA is strongly urging unauthorized Crypto-Asset Service Providers (CASPs) to wind down their operations in an orderly manner, prioritizing investor protection.
With the 'grandfathering' clause under MiCA Article 143(3) having expired a week ago on July 1, 2026, it is now a clear violation of the law for firms without formal authorization to continue standard operations within the European Union. Firms that have failed to obtain authorization must immediately stop attracting new customers and begin procedures to return assets to existing customers.
Three Core Pillars of Custody Risk
ESMA's current supervision focuses on three main areas. First is the security of private key management, and second is the robustness of incident response plans in the event of a security breach. Finally, it is closely examining the impact of reliance on external technology vendors on the stability of the overall system. Regulators believe that if these core elements are not properly managed, investor assets could be at serious risk.
- Ceasing onboarding of new EU customers and establishment of new relationships
- Stopping all marketing and solicitation activities within the EU
- Limiting services to those necessary for asset transfers or position closures
- Maintaining immediately executable wind-down plans
Operational resilience and third-party dependency issues are also key points of contention. ESMA is concerned that the concentration of risk in a small number of technology providers could undermine the stability of the entire European crypto-asset ecosystem. Since a failure in specific infrastructure could cause simultaneous damage to multiple custodians, regulatory authorities are closely examining how companies have established due diligence and risk management systems for external vendors.
The fact that MiCA application methods varied by country also added to market confusion. Some countries, such as France, Malta, Luxembourg, and Estonia, fully applied an 18-month grace period, but the setting of different deadlines by country created a complex regulatory map for service providers. With the arrival of the unified deadline of July 1, 2026, the market has now entered a full-scale regulatory integration phase.
Protection of Customer Interests and Market Reorganization
Communication obligations for protecting customer interests are also emphasized. Unlicensed firms must clearly and repeatedly inform customers about schedules for asset transfers and position closures. This is an essential measure to prevent investor losses caused by the automatic liquidation of remaining positions. ESMA specified that firms should review all possible scenarios that may occur during the asset return process and ensure that investors are not disadvantaged.
ESMA plans to crack down on the illegal operations of unlicensed firms through cooperation with National Competent Authorities (NCAs). This is interpreted as a commitment to strengthen enforcement power in the actual market, going beyond mere paperwork regulations. Regulatory authorities are warning of strong sanctions against unlicensed firms that still market to EU customers or open new accounts.
In the future, the European crypto-asset market is expected to undergo a major reorganization along with the exit of non-compliant firms. As small-scale firms leave the market due to their inability to bear regulatory costs, an oligopolistic system centered on large licensed firms is likely to be strengthened. While this may reduce market diversity, it is projected that overall investor confidence and system stability will improve.



This content is for information and commentary only and is not investment advice.
Join the reader conversation
Read reactions to this article and leave your own note.