MiCA: Transition period for virtual asset service providers ended on 1 July 2026
The CSSF informs consumers about precautionary measures
On 1 July 2026, an important transition period for virtual asset service providers (VASPs) in the European Union ended. These providers are no longer permitted to offer their services without authorisation as crypto-asset service providers (CASPs).
Therefore, customers who hold crypto assets such as Bitcoin, Ether, stablecoins or other digital assets via an app or online platform should now check whether their provider is still allowed to offer its services in the EU.
What customers of crypto providers should do now
- Check your provider’s website. Information on the provider’s official name and authorisations can usually be found in the legal notice or in the general terms and conditions;
- Consult the ESMA register. There, consumers can check whether a provider is listed as a CASP in the European Union;
- The CSSF register lists the providers supervised in Luxembourg.
If a provider cannot be found or does not provide clear information, customers should contact the provider directly. Information on the CASP authorisation, the competent supervisory authority and the possibilities for continuing to offer services related to crypto-assets is particularly important.
Is ‘reverse solicitation’ a loophole for crypto-asset service providers not based in the EU?
Crypto-asset service providers from third countries who actively offer their services to customers based in the EU also require authorisation as a CASP within the EU.
Such an authorisation may not be required in cases of so-called ‘reverse solicitation’, where the customer contacts the service provider on its own initiative. However, third-country crypto-asset service providers are not permitted to solicit customers within the EU, for example through online advertising, brochures, telephone calls, emails, advertising banners, pop-ups and/or similar means on websites or on social media.
Crypto-asset service providers that do not yet hold the necessary authorisations in the EU but are already serving EU customers may increasingly rely on this exemption in order to be able to continue their activities. Service providers that wrongly rely on this exemption may be prohibited from providing services. This may constitute a risk for consumers in particular when service providers are obliged to close customer accounts at short notice.
What happens if customers of crypto-asset service providers do not react?
With the end of the transition period, crypto-asset services in the EU may only be provided by providers that are authorised as CASPs. Providers without the appropriate authorisation must wind down their activities in the EU in an orderly manner.
This may have concrete consequences for customers. A service provider without the appropriate authorisation may now no longer onboard new customers in the EU, open new accounts or wallets, advertise or distribute its products. It may only allow the following actions that are necessary for customers to exit in an orderly manner:
- exchange crypto-assets for currencies that are recognised as legal tender, such as the euro;
- transfer crypto-assets to another platform operated by a provider that has the required authorisations; or
- transfer crypto-assets to a wallet managed by the customer under their own responsibility.
Further information and explanations on this topic, and in particular on crypto-assets, services and required authorisations, are available on Lëtzfin.