The EU’s MiCA regime has entered its first true enforcement stretch now that the regulation’s transition period has ended. Crypto-asset service providers that were operating under that grace window but have not obtained MiCA authorization can no longer legally serve clients in the European Union, pushing many firms toward either rapid compliance or an orderly wind-down.
Industry lawyers and executives told Cointelegraph that the initial challenge won’t just be understanding the rules—it will be how consistently national regulators apply the bloc’s “single rulebook.” Although MiCA harmonizes the framework, day-to-day supervision is still handled by national competent authorities, and their enforcement posture may differ at first.
Key takeaways
- The MiCA transition deadline has passed, meaning unauthorized crypto companies are now exposed to enforcement action and legal consequences across the EU.
- Compliance costs can be substantial—often hundreds of thousands of euros—but operating without authorization carries higher regulatory and financial risk.
- National regulators (NCAs) conduct authorization and day-to-day supervision, while ESMA coordinates and helps drive supervisory consistency.
- Early enforcement may not look identical in every member state due to differences in resources and priorities, creating potential for regulatory divergence.
- Penalties for MiCA violations can be severe, including multimillion-euro fines and turnover-based calculations proposed by EU bodies.
From transition to enforcement: what changes on July 1
MiCA’s transition period was designed to give the industry time to adapt to a new licensing and compliance framework. With that window closed, the practical effect is immediate: crypto firms without MiCA authorization should stop serving EU clients, and regulators are expected to treat continued activity as non-compliant.
Cointelegraph reported that executives and lawyers view this as MiCA’s first major enforcement test—an inflection point where regulators begin applying the EU crypto rulebook not just on paper, but through formal supervision and penalties.
What MiCA compliance costs can look like—and why firms may still pay
While MiCA compliance can be expensive, experts argue it is often less costly than the alternative. Legal and compliance implementation can range from several hundred thousand euros to multi-million-euro budgets depending on a firm’s size and the services it provides.
According to Nicola Massella, partner at Legal & Resilience, many cryptocurrency companies face MiCA implementation costs estimated around €350,000 to €600,000. Brickken CEO Edwin Mata told Cointelegraph that costs can rise to €2 million depending on a company’s business model and readiness.
Penalty exposure can also start at a high floor. Eckehard Stolz, managing director of Amina EU, said MiCA penalties begin at €5 million or 5% of annual turnover for certain violations. Separately, Massella said the European Banking Authority (EBA) proposed, on June 26, increasing penalties under certain regulatory regimes—at levels that could reach up to 12.5% of annual turnover for some stablecoin-related breaches. The EBA’s consultation is linked in Cointelegraph’s reporting.
For investors and operators, the key takeaway is that MiCA is not only a licensing hurdle; it is also a regime where financial penalties are calibrated enough to make continued unauthorized activity a board-level risk rather than a “wait and see” option.
How MiCA is supervised: ESMA coordination, NCAs enforcement, EBA stablecoin oversight
MiCA establishes a single set of rules across the EU, but its enforcement relies on a distributed supervisory structure. National competent authorities (NCAs) authorize, supervise, and enforce rules for crypto-asset service providers at the local level.
At the EU level, ESMA coordinates supervision across member states and maintains a public register of authorized crypto-asset service providers. In addition, the EBA directly oversees significant stablecoin issuers.
In comments shared with Cointelegraph, Ivo Grlica, founder of GrlicaLaw and G LAB Advisors, said ESMA’s coordination role is especially important to avoid regulatory arbitrage between member states. He also noted that while NCAs are the first line of enforcement, the consequences of underlying harmful conduct can extend beyond supervision into national courts and even criminal-law systems.
Early enforcement is expected to be uneven—at least initially
Even with a harmonized rulebook, enforcement intensity may vary in the short term. Stolz told Cointelegraph that ESMA has made clear it expects NCAs to act against unauthorized providers from July 1, but how aggressively each regulator moves will depend on local resourcing and supervisory priorities.
Peter Bidewell, vice president of institutional product adoption at Parfin, warned that differences in supervisory approaches could create opportunities for regulatory arbitrage—undermining MiCA’s goal of consistent application across the EU.
Grlica, however, suggested that enforcement could become more systematic over time as regulators identify unauthorized providers and share information across member states. The longer-term implication is that companies considering delay may face a shrinking window: continued non-compliance could make later authorization harder as regulators develop clearer patterns and intelligence.
Cointelegraph also noted that multiple regulators have already issued public reminders that the transition period ended and that providers without authorization should wind down. Reported examples include notices from authorities in the Czech Republic, Bulgaria, Luxembourg, and Italy, with the Czech National Bank also outlining its sanction framework.
Examples of national sanction frameworks and enforcement posture
In the Czech Republic, Cointelegraph said the Czech National Bank stated that the Financial Market Digitization Act gives it authority to impose sanctions for MiCA-related violations. According to the reported details, sanctions can be levied for operating without authorization, unlawful token offerings, and failure to cooperate with supervisors.
The law, as described to Cointelegraph, allows fines up to 118.5 million Czech koruna (about $5.6 million), or 5% of annual turnover if higher, or twice the unlawful benefit obtained, whichever is greater. This matters for market participants because it illustrates how MiCA enforcement may be backed by specific domestic legal tools and maximum penalty thresholds.
Cointelegraph contacted France’s Autorité des marchés financiers (AMF), the Netherlands’ Authority for the Financial Markets (AFM), and Germany’s Federal Financial Supervisory Authority (BaFin) to ask about their planned enforcement approach after the transition deadline. None had responded by the time of publication.
Meanwhile, ESMA’s ongoing work to maintain and update its register of authorized providers has been highlighted in related coverage referenced by Cointelegraph. For firms trying to comply quickly, the register functions as a public signal of who is authorized—and a starting point for counterparties and platforms assessing MiCA status.
Over the coming weeks, companies and investors should watch two things closely: whether NCAs demonstrate consistent escalation against unauthorized providers, and how quickly public compliance information—especially ESMA register updates—filters into business decisions across exchanges, custodians, and other market intermediaries. The legal outcome of continued unauthorized activity may vary at first, but the direction is clear: MiCA’s licensing wall is no longer optional.





Be the first to comment