Ana Filipa Ribeiro [master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder (ref. UMINHO/BIM/2026/33)]
On 1 July 2026, the transitional period provided for under the Markets in Crypto-Assets Regulation (MiCAR)[1] will expire across the European Union,[2] meaning that providers wishing to continue serving EU clients must either hold a MiCAR authorisation, benefit from another entitlement recognised under the Regulation,[3] or cease the provision of those services.[4] This date marks a decisive moment in the legal ordering of crypto-asset markets, since it is the point at which Regulation (EU) 2023/1114 becomes a concrete legal condition for access to the European market. More specifically, it is the moment at which national authorisation begins to operate as a Union-wide market-access decision with consequences for providers, competitors, users and host Member States across the internal market.
The legal significance of this transition lies in the regulatory architecture chosen by MiCAR. The Regulation seeks to overcome the previous fragmentation of national regimes by establishing uniform rules on authorisation, governance, conduct, prudential requirements, supervision and client protection.[5] Yet, it does so through a model in which authorisation is granted by national competent authorities,[6] while the effects of that authorisation may extend throughout the internal market by means of the European passport.[7] National administrative decisions, thus, acquire a Union-wide market-access function, insofar as an authorisation granted by one competent authority may determine the ability of a crypto-asset service provider to operate across several Member States.
That structure gives rise to a central tension in the legal ordering of EU crypto-asset markets. MiCAR presupposes that decentralised authorisation can coexist with integrated market access, provided that national supervisory practices remain sufficiently convergent.[8] The expiry of the transitional period places that assumption under practical scrutiny. If national authorities apply authorisation requirements with materially different levels of intensity, speed or interpretative strictness, operators subject to the same Regulation may enter the internal market under unequal supervisory conditions.[9] Hence, the concern extends beyond administrative coordination and reaches the conditions of competitive neutrality within the market framework that MiCAR is intended to create.
The transitional regime under Article 143(3) was designed to manage the passage from national fragmentation to European authorisation. Providers that had supplied crypto-asset services in accordance with applicable national law before 30 December 2024 could continue to do so until 1 July 2026, or until the granting or refusal of a MiCAR authorisation, whichever occurred first. That regime was conceived as temporary and instrumental, with the purpose of avoiding abrupt disruption to the market while affording providers and supervisory authorities the time necessary to adjust to the new legal framework.[10] Once it expires now, MiCAR will transition from transitional harmonisation instrument into a definitive gatekeeping regime.
The relevance of this transformation lies in the position occupied by crypto-asset service providers within the digital financial ecosystem. Far from operating at its margins, they perform a gatekeeping function by mediating access to custody, trading, exchange, execution, transfer and, in certain cases, the practical use of crypto-assets as instruments of payment, investment or participation in decentralised applications. Their role is, therefore, capable of shaping both the conditions under which users access digital assets and the competitive environment in which undertakings operate within a regulated space of financial innovation.[11]
Under Article 59, crypto-asset services may be provided within the Union only by authorised crypto-asset service providers or by certain financial entities entitled to provide such services under the Regulation. Article 63 sets out the authorisation procedure, while Article 65 enables the cross-border provision of services through passporting. Taken together, these provisions define the boundary between lawful participation in the European crypto-asset market and unauthorised activity, while they also make public authorisation a constitutive element of competition. Market access is now structured by a regulatory framework in which technological capacity, liquidity, reputation and commercial reach are assessed alongside the provider’s ability to obtain and preserve the legal status required for participation.
This has important consequences for understanding competition in crypto-asset markets. In regulated sectors, the competitive process begins at the level of market access, where entry conditions play a constitutive role in shaping the market structure in which undertakings operate.[12] Authorisation requirements, supervisory expectations, procedural timelines, prudential obligations and enforcement practices shape the competitive environment before any service is offered to users. A provider that obtains authorisation earlier, under a less burdensome supervisory approach, or with a broader practical interpretation of its permitted activities, may acquire a competitive advantage that derives from regulatory conditions rather than from merit, efficiency, or innovation.[13]
The European passport[14] intensifies this concern. As an essential instrument of the internal market, the European passport prevents the re-emergence of duplicative national authorisation procedures and gives practical effect to the freedom of establishment[15] and freedom to provide services,[16] allowing an authorised provider to conduct cross-border activity beyond its home Member State within a harmonised legal framework.[17] Nevertheless, when passporting rights are triggered by a national authorisation, the legitimacy of their cross-border effects depends on the reliability of the supervisory assessment carried out by the home Member State authority. If the authorisation granted in one Member State is perceived as insufficiently rigorous, the passport risks becoming a vehicle for regulatory arbitrage rather than an instrument of mutual trust.[18]
Administrative discretion and institutional variation are inherent in a decentralised supervisory system, although they become legally problematic where they affect the substantive conditions of market entry and the competitive position of providers across the internal market. Divergent supervisory practices may encourage providers to seek authorisation in jurisdictions perceived as faster, more predictable or less demanding, with a view to using that authorisation as a gateway to the entire Union. Such incentives are capable of undermining the level playing field between providers, placing pressure on authorities that apply stricter scrutiny and generating a form of competition between supervisory jurisdictions beneath the formal unity of the Regulation.
This risk is particularly acute in markets marked by speed, scale and network effects.[19] Given the capacity of crypto-asset service providers to rapidly consolidate market positions through user acquisition, liquidity concentration, brand recognition and integration with other digital services, an earlier authorisation (or one granted under more favourable administrative conditions) can generate effects beyond the provider’s immediate legal position by facilitating the accumulation of a first-mover advantage that later proves difficult to contest. If that advantage is grounded in better compliance, stronger governance or superior service quality, it belongs to the normal dynamics of lawful competition. If it is grounded in divergent supervisory practice, the competitive result becomes more problematic from the perspective of the internal market.
In this sense, the end of the transitional period reveals a deeper question of EU economic law. The internal market requires more than the formal harmonisation of legal rules, since its effective operation also depends on consistent administrative application, particularly where national decisions produce cross-border effects. The effectiveness of the MiCAR passport as an instrument of economic freedoms and market integration depends on sufficient convergence in authorisation practices, because divergences in supervisory assessment can allow practical asymmetries capable of affecting competition to persist beneath the formal appearance of harmonisation.
The link with economic freedoms is, therefore, twofold. For unauthorised providers, the expiry of the transitional period functions as a market-access restriction justified by legitimate objectives, including client protection, market integrity, financial stability and the orderly development of crypto-asset activity. The freedom to conduct a business under Article 16 of the Charter of Fundamental Rights of the European Union[20] does not confer an unconditional right to provide crypto-asset services, but any restriction on lawful economic activity must be framed by clear, foreseeable and proportionate rules enabling providers to identify the conditions for authorisation, understand the reasons for refusal and challenge adverse administrative decisions through effective procedures.[21]
For authorised providers, MiCAR operates as an enabling framework, granting the regulatory status through which cross-border activity becomes legally possible and participation in the internal market is secured. Yet, that status remains conditional.[22] Authorisation should be understood as a continuing public-law position, grounded in ongoing supervision and sustained by compliance with organisational, prudential and conduct obligations. The freedom to provide services is, thus, mediated by a regulatory relationship between the provider and the competent authority, where the credibility of that relationship determines whether passporting operates as a legitimate expression of economic freedom or as a channel through which divergent national practices are exported to the wider Union market.
The position of users adds a further constitutional dimension. The end of the transitional period may require non-authorised providers to wind down operations, cease serving EU clients, migrate users to authorised entities, or facilitate the transfer of crypto-assets to other providers or to self-hosted wallets. These processes affect more than contractual convenience, as they may interfere with access to assets, continuity of services, patrimonial interests and legal certainty. In crypto-asset markets, the dependence of the market architecture outlined above on private platforms means that regulatory changes can have immediate effects on the effective enjoyment of legally protected interests.[23]
Article 17 of the Charter[24] may be relevant where users face restrictions on access to crypto-assets or funds held through a platform. Even though the classification of crypto-assets may vary according to their legal and technical characteristics, the patrimonial interests attached to them cannot be ignored. Article 47 of the Charter[25] is also engaged where users need to contest account closures, transfer delays, blocked withdrawals or unclear migration arrangements, since effective judicial protection requires that affected persons be able to identify the responsible entity, understand the basis of the decision affecting them and access meaningful complaint or redress mechanisms. Article 38[26] further reinforces the public interest in ensuring a high level of consumer protection, particularly where users may have difficulty distinguishing between authorised EU entities, third-country entities and other companies operating under the same commercial brand.
The institutional role of European Securities and Markets Authority (ESMA) is consequently significant. A decentralised system of authorisation with European effects requires mechanisms capable of preventing fragmentation in practice. Guidance, peer scrutiny, supervisory coordination and common expectations are necessary to ensure that national authorities apply MiCAR in a manner compatible with the objectives of the Regulation. Accordingly, the central question lies in the capacity of the existing supervisory architecture to secure sufficient convergence across national authorities, so that the passport can operate on a credible basis while safeguarding users and preserving equal competitive conditions.[27]
Centralisation can strengthen uniformity in the supervision of large cross-border providers whose activities produce systemic or quasi-systemic effects in crypto-asset markets, while also raising questions of subsidiarity, administrative capacity and proximity to local market knowledge. Decentralisation, by contrast, preserves the role of national competent authorities and allows closer engagement with operators established within their jurisdiction. Nonetheless, it requires stronger coordination precisely because its decisions produce effects beyond national borders. The legal issue is, therefore, one of supervisory legitimacy, namely whether national decisions can be trusted as functionally equivalent within a Union-wide market.
The termination of the MiCAR’s transitional period, therefore, operates as a legal stress test for EU crypto-asset governance: (1) it tests whether harmonised regulation can produce an integrated market without allowing national differences in supervision to distort competition; (2) it tests whether the freedom to provide services can coexist with strict and credible authorisation standards; (3) it tests whether users’ fundamental rights and patrimonial interests can be protected during the withdrawal, migration or regularisation of providers; (4) it tests whether private digital infrastructures, once brought within a public regulatory framework, can be subjected to constraints that make their power legally accountable.
The success of MiCAR will be measured by the Union’s ability to translate regulatory harmonisation into a genuinely contestable, rights-sensitive and effectively supervised internal market for crypto-asset services. Where supervisory convergence remains insufficient, the European passport risks facilitating cross-border activity while preserving asymmetries capable of affecting competition, economic freedoms and user protection. On the other hand, where convergence is effective, MiCAR can operate as more than a regulatory response to the risks of crypto-assets, becoming an instrument for the constitutional ordering of a European digital financial market open to economic activity, disciplined by public supervision and constrained by fundamental rights.
[1] Regulation (EU) 2023/1114 of 31 May 2023 on markets in crypto-assets and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937, CELEX:32023R1114.
[2] Regulation (EU) 2023/1114, Article 143(3). See European Securities and Markets Authority (ESMA), Statement on the End of Transitional Periods under MiCA, ESMA75-113276571-1679 (April 17, 2026), 1, accessed May 27, 2026, https://www.esma.europa.eu/sites/default/files/2026-04/ESMA75-113276571-1679_Statement_on_the_end_of_transitional_periods_under_MiCA.pdf.
[3] Regulation (EU) 2023/1114, Article 60.
[4] Regulation (EU) 2023/1114, Articles 59 to 63 and recital 76.
[5] Regulation (EU) 2023/1114, Recital 6 and 73.
[6] Regulation (EU) 2023/1114, Article 3(1)(35).
[7] Regulation (EU) 2023/1114, Articles 59(7) and 65.
[8] Article 63 provides for authorisation by the competent authority of the home Member State, while Articles 59(7) and 65 enable authorised crypto-asset service providers to provide services throughout the Union through the right of establishment or the freedom to provide services. On the need for supervisory convergence during the transitional phase and full application of MiCAR see ESMA, ESMA75-113276571-1679, 1-2, and ESMA, ESMA clarifies timeline for MiCA and encourages market participants and NCAs to start preparing for the transition, ESMA74-449133380-441 (October 17, 2023), 1, accessed May 27, 2026, https://www.esma.europa.eu/sites/default/files/2023-10/ESMA74-449133380-441_Statement_on_MiCA_Supervisory_Convergence.pdf.
[9] These concerns have also emerged in recent supervisory and policy debate, as reflected in Reuters’ reporting on statements by the President of the French AMF concerning unauthorised crypto-asset activity after the MiCAR deadline and the possibility of opposing passporting where France disagreed with another Member State’s licensing decision. See Elizabeth Howcroft, “Crypto companies without EU licences face prosecution, French regulator warns”, Reuters, 28 May 2026, accessed May 28, 2026, https://www.reuters.com/business/finance/crypto-companies-without-eu-licences-face-prosecution-french-regulator-warns-2026-05-28/.
[10] Regulation (EU) 2023/1114, recitals 113, 114 and 119.
[11] A more detailed analysis of the position occupied by crypto-asset service providers can be found in our previous article published on this blog, which forms part of the same broader research. See Ana Filipa Ribeiro, “Quasi-public powers in private crypto governance: a question of legitimacy”, The Official Blog of UNIO – Thinking and Debating Europe, April 11, 2026, accessed May 28, 2026 https://officialblogofunio.com/2026/04/11/quasi-public-powers-in-private-crypto-governance-a-question-of-legitimacy/
[12] See Organisation for Economic Co-operation and Development (OECD), “Competition Assessment Toolkit: Principles”, vol. I, version 4.0, Report, 2019, 9–13, accessed May 28, 2026, https://www.oecd.org/en/publications/competition-assessment-toolkit-principles-version-4-0-volume-i_5f9fa6ca-en.html, explaining that regulation may restrict competition by limiting the number or range of suppliers, including through licensing, permit or authorisation requirements.
[13] See ESMA, Fast-track Peer Review on a CASP Authorisation and Supervision in Malta, ESMA42-2004696504-8164 (July 10, 2025), 1-8, accessed May 28, 2026, https://www.esma.europa.eu/sites/default/files/2025-07/ESMA42-2004696504-8164_Fast-track_peer_review_on_a_CASP_authorisation_and_supervision_in_Malta.pdf. ESMA found that the Malta Financial Services Authority’s authorisation process only partially met supervisory expectations, while also noting adequate expertise and supervisory engagement. The example is used here to illustrate concerns regarding the timing, depth and quality of national authorisation processes under MiCAR, but not to question the legal validity of any specific authorisation. See also Elizabeth Howcroft, “EU regulator criticises Malta’s crypto licensing process”, Reuters, 10 July 2025, accessed May 28, 2026, https://www.reuters.com/legal/government/eu-regulator-criticises-maltas-crypto-licensing-process-2025-07-10/.
[14] See Marcin Szczepański, “Understanding equivalence and the single passport in financial services: third-country access to the single market”, European Parliamentary Research Service Briefing, PE 599.267 (February 2017), 3, https://www.europarl.europa.eu/RegData/etudes/BRIE/2017/599267/EPRS_BRI%282017%29599267_EN.pdf. The briefing explains that the freedom to provide financial services across the Union derives from the Treaties and secondary legislation, and that companies established in an EEA Member State have access to the single market for financial services under single passport rights, allowing them to establish branches or provide services across the EEA without further authorisation. On the corresponding mechanism under MiCAR, see Regulation (EU) 2023/1114, Articles 59(7) and 65.
[15] In the case of crypto-asset service providers and their authorisation, the freedom of establishment is directly engaged, understood as the right of natural or legal persons of one Member State to participate, on a stable and continuous basis, in the economic life of another Member State and to benefit from that participation, thereby contributing to economic and social interpenetration within the Union. See Judgment of the Court Reyners v. The Belgian State, 21 June 1974, case C-2/74, para. 21. See also article 49 of the Treaty on the Functioning of the European Union (TFEU).
[16] The freedom to provide services enables nationals of a Member State to provide and/or receive services in the territory of another Member State, while prohibiting any measures, irrespective of their source or form, which are liable to hinder the exercise of that freedom. See article 56 TFEU and also Luís Pinto Monteiro, “Liberdade de prestação de serviços”, in Enciclopédia da União Europeia, ed. Ana Paula Brandão, et al. (Lisbon: Petrony, 2017), 235-237.
[17] This requirement is consistent with the logic of the internal market in which the removal of regulatory fragmentation and the facilitation of cross-border economic activity presuppose a degree of mutual reliance between national authorities and a harmonised framework capable of preventing the re-emergence of national barriers to market access. See articles 26, 49 and 56 TFEU. See also Pedro Madeira Froufe, “Mercado Interno”, in Enciclopédia da União Europeia, ed. Ana Paula Brandão, et al. (Lisbon: Petrony, 2017), 254-256.
[18] Reuters reports the French AMF’s concern that crypto platforms were engaging in “regulatory shopping” across the Union, seeking a jurisdictional “weak link” capable of granting a licence subject to fewer requirements, and refers to France’s possible opposition to the passporting of licences granted by other Member States. See Mathieu Rosemain and Elizabeth Howcroft, “France threatens to block crypto licence “passporting” in EU regulatory fight”, Reuters, 15 September 2025, accessed May 30, 2026, https://www.reuters.com/sustainability/boards-policy-regulation/france-threatens-block-crypto-licence-passporting-eu-regulatory-fight-2025-09-15/.
[19] On concentration and liquidity in crypto trading, see ESMA, Crypto Assets: Market Structures and EU Relevance, TRV Risk Analysis (April 10, 2024), 4-12, accessed May 30, 2026, https://www.esma.europa.eu/sites/default/files/2024-04/ESMA50-524821-3153_risk_article_crypto_assets_market_structures_and_eu_relevance.pdf, noting that trading is highly concentrated, with the top ten exchanges processing around 90% of trades. On network effects in crypto-asset markets, see Konstantinos Stylianou et al., “Cryptocurrency competition and market concentration in the presence of network effects”, Ledger, vol. 6 (September 2021): 81-101, https://doi.org/10.5195/ledger.2021.226.
[20] For a more comprehensive discussion of this provision, see Pedro Madeira Froufe, “Article 16”, in The charter of fundamental rights of the European Union: A commentary, ed. Alessandra Silveira, et al. (Braga: JusGov/ UMinho Law School, 2024), 176-180.
[21] This follows from the general limitation clause laid down in Article 52(1) of the Charter, according to which any limitation on the exercise of Charter rights must be provided for by law, respect the essence of those rights and, subject to the principle of proportionality, be necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others. See Alessandra Silveira, “Article 52”, in The charter of fundamental rights of the European Union: A commentary, 477-486.
[22] Regulation (EU) 2023/1114, articles 24, 64 and 68.
[23] See ESMA, ESMA75-113276571-1679, 1–3. ESMA expects unauthorised CASPs to implement orderly wind-down plans, including client offboarding and the transfer of crypto-assets to an authorised CASP or to a self-hosted wallet, without causing undue economic harm to clients. ESMA also warns consumers that MiCAR protections apply only to the specific authorised EU legal entity and that remaining with an unauthorised provider may entail less legal protection and a greater risk of losing access to assets.
[24] Luís Couto Gonçalves e Maria Miguel Carvalho, “Article 17”, in The charter of fundamental rights of the European Union: A commentary, 181-189.
[25] Maria José Rangel Mesquita, “Article 47”, in The charter of fundamental rights of the European Union: A commentary, 439-446. See also Joana Covelo de Abreu, “Princípio da tutela jurisdicional efetiva”, In Enciclopédia da União Europeia, ed. Ana Paula Brandão, et al., (Lisbon: Petrony, 2017), 329-332.
[26] Fernando de Gravato Morais, “Article 38”, in The charter of fundamental rights of the European Union: A commentary, 377-382.
[27] As already reflected in several footnotes throughout this text, ESMA has taken an active role in supporting the transition to the MiCAR authorisation regime by issuing supervisory guidance, setting common expectations and promoting convergence among national competent authorities. This institutional intervention confirms that the credibility of the passport depends not merely on formal harmonisation, but on the consistent administrative application of MiCAR across the Union.
Picture credit: by DS Stories on pexels.com.
Official Blog of UNIO 