The European crypto licensing market is now entering its first serious test under MiCA. For several years, many crypto-asset service providers operated under national registration regimes, transitional arrangements, or offshore models that were commercially effective but not equivalent to full prudential supervision. That period is ending.
MiCA's CASP provisions took full effect on 30 December 2024. The EU-wide transitional window under Article 143(3) runs until 1 July 2026, after which any CASP without a full authorisation must cease operations or face enforcement.
The question is no longer whether Europe has a crypto rulebook. It does. The more relevant question is who can actually pass through it.
Related: CySEC Chairman on MiCA and more...
Cyprus Is the Canary in the Coal Mine
From the standpoint of regulatory compliance, the answer is becoming clearer: the successful cohort increasingly looks like firms that already understand regulated financial services. In Cyprus, this is particularly visible. The first wave of authorised CASPs includes a meaningful number of groups with existing broker, investment firm, or financial services infrastructure.
Based on matters we see in the market, the current public number of authorised CySEC CASPs should not be read as the final shape of the market. Several applications are still progressing close to the 1 July 2026 transition deadline, and it would not be surprising if the authorised population increases materially, or even doubles, after that cut-off.
Read more: XM’s Sister Brand Trading.com Secures MiCA License in Cyprus
As of February 2026, over 40 CASPs were fully authorised under MiCA across all EU member states, with the Netherlands, Germany, and Malta leading in issuances. CySEC set a hard internal filing deadline of 27 February 2026 - existing CASPs that missed it lost their transitional cover and had to submit a wind-down plan. Those that filed in time are still in review and can continue operating under national rules until CySEC decides their application or the 1 July 2026 deadline arrives.
That is not because regulators are lowering the bar. It is because the applicants still standing tend to be the ones that can evidence governance, substance, capital, operational resilience, AML controls, client asset arrangements, outsourcing oversight, complaints handling, and senior management accountability in a way that resembles regulated finance rather than early-stage crypto entrepreneurship.
This is the filter regulators are applying in 2026.
A crypto-native applicant may have strong technology, liquidity, product design, and user acquisition. But those are not enough. Regulators want to see who controls the firm, who makes decisions, where the mind and management sit, whether compliance has authority, whether the business model is properly documented, whether client assets can be protected, whether outsourcing is controlled, whether financial promotions are fair, and whether the firm can survive operational stress without harming clients.
This is where broker-flavoured applicants often have an advantage. CFD and investment firms have spent years operating under MiFID-style expectations: board oversight, policies and procedures, capital monitoring, complaints processes, reporting lines, fit-and-proper assessments, AML frameworks, and regulatory engagement. They may not automatically understand crypto, but they understand supervision. In MiCA, that matters.
- XM’s Sister Brand Trading.com Secures MiCA License in Cyprus
- EU to Review MiCA, as 80% of Crypto Firms Vanish in Compliance Cull
- Just2Trade Joins MiCA Ranks, but Is the Market Moving Beyond Crypto?
Article 60: The MiFID Perimeter Becomes a Strategic Asset
Article 60 of MiCA has accelerated this convergence. It allows certain already-regulated financial entities, including investment firms, to provide crypto-asset services that are equivalent to the investment services and activities for which they are authorised, subject to notification to the competent authority. In practical terms, this has made the MiFID perimeter strategically more valuable.
For existing CFD and investment firms, it can be more convenient to assess a dual MiFID/MiCA strategy than to build a standalone CASP from scratch. For international crypto groups, acquiring or establishing a MiFID-regulated platform may also become part of the European market-access strategy, provided the permissions, substance, governance, and notification requirements genuinely align.
This should not be misunderstood as a loophole. Article 60 is not a way to avoid regulation. It is a recognition that some firms are already supervised under EU financial services law and may provide equivalent crypto services through a structured notification route. The regulatory question remains the same: does the firm have the permissions, controls, people, systems, and risk management to deliver the services safely?
The commercial result is that the old distinction between “CFD broker” and “crypto platform” is becoming less useful.
On the one hand, investment firms and brokers are adding crypto exposure to their product offerings. IG Europe’s partnership with Bitpanda is a recent example of a traditional broker expanding EU crypto access through regulated infrastructure. A key driver of the deal was Bitpanda’s MiCA licence, with Bitpanda having secured MiCA authorisations in both Germany and Malta. The EU expansion follows IG’s earlier launch of spot crypto trading in the UK through a separate partnership with Uphold.
eToro is another example of a multiasset platform where crypto, equities, CFDs, and social investment features sit under a broader regulated financial services proposition.
On the other side, crypto-native platforms are moving toward products that look increasingly like capital markets. Bitpanda’s expansion into stocks and ETFs, Robinhood Europe’s combination of crypto and stock-token product, and the broader interest in tokenised securities all point in the same direction.
The customer does not necessarily care whether the platform began life as a broker or a crypto exchange. The customer wants access to risk assets in one interface. Regulation, however, still cares very much about what the product legally is, who issues it, who holds client assets, what disclosures are made, and which authorisation perimeter applies.
INSIGHT: MiCA alone won't make you profitable in Europe. @Bybit_Official CEO @benbybit says firms also need MiFID and EMI licenses, and warns consolidation is coming when the grandfathering period ends in June. pic.twitter.com/kvLallKjNZ
— CoinDesk (@CoinDesk) April 27, 2026
MiCA Is Not the End - It Is the Starting Gun
The market should expect further tightening, not relaxation. The European Commission’s review of MiCA is not a signal that the framework has failed. It is a signal that the market is evolving faster than the legislative cycle. Stablecoins, staking, DeFi, tokenised securities, custody models, cross-border group structures, and hybrid MiFID/MiCA propositions will all require more supervisory clarity.
The European Commission launched public and targeted consultations on MiCA on 20 May 2026, with both running until 31 August 2026. The feedback is intended to support a formal review of the regulation and could shape a second phase of EU crypto rules. The review focuses on major policy questions, including the treatment of tokenised financial instruments, the regulation of stablecoins, and the adequacy of the framework for CASPs, with participants also considering whether activities such as DeFi, staking, lending, and tokenised deposits should be brought within a broader EU regulatory regime.
For applicants, the lesson is practical. A successful CASP application in 2026 is not won by a set of questionnaires and policies alone. It is won by evidence. Evidence of governance. Evidence of capital. Evidence of local substance. Evidence of operational resilience. Evidence that compliance can challenge the business. Evidence that client assets are protected.
The firms most likely to succeed are those that can combine crypto capability with regulated-market discipline. That is why the successful cohort looks increasingly familiar to those of us who have worked for years with investment firms, CFD brokers, payment institutions, and other supervised entities. The next phase of crypto in Europe will not be defined by who adopted the word “MiCA” fastest. It will be defined by who can operate crypto services with the same seriousness that regulators already expect from the rest of financial services.
