MiCA Article 68 Enforcement: What Has Changed in H1 2026

Frequently Asked Questions

01.What does MiCA Article 68 require of crypto-asset service providers?

MiCA Article 68 requires crypto-asset service providers (CASPs) to implement governance arrangements covering management body suitability, internal controls, business continuity, and AML-CFT detection systems. From December 2024, these requirements apply to all CASPs operating in the EU, with the DORA cross-compliance obligation adding ICT resilience testing on top of these baseline governance standards.

02.What happens to CASPs that miss the July 1, 2026 MiCA authorization deadline?

CASPs that have not secured MiCA authorization by July 1, 2026, the absolute outer limit set by Article 143(3), must cease all EU service provision. ESMA requires unauthorized entities to have wind-down plans that are operational, credible, and immediately executable before that date. Operating without authorization after July 1 constitutes a breach of EU law and exposes the provider and its principals to national enforcement action.

03.How does MiCA Article 68 affect capital allocators considering crypto-asset investments in the EU?

For family offices, sovereign funds, and institutional capital allocators evaluating EU-based crypto-asset exposure, MiCA Article 68 authorization status is now a due-diligence prerequisite. As of April 2026, only 199 CASPs held MiCA licenses across 23 member states, down from over 1,200 national VASP registrations. Deploying capital through an unauthorized provider after July 1, 2026 carries direct legal risk and limits client protection under EU law.