MiCA Explained: Why EU Crypto Licenses Are Not All Equal
Why MiCA Compliance Does Not Always Mean Full EU Access.
Regulation | MiCA | June 2026
The MiCA Passport Gap: Why "Licensed in the EU" and "Operational Across the EU" Are Not the Same Claim
Three days before the MiCA transitional period ends across the European Union on July 1, 2026, crypto coverage has settled on a binary frame: an exchange is either MiCA-licensed or it is not. That frame hides the structural gap that actually determines whether a license functions in practice. A MiCA authorisation passports across all 30 European Economic Area states in legal theory, but the license itself is not all-or-nothing. It is built from up to ten discrete service categories, custody, exchange, execution, order routing, advice, portfolio management, transfers, placement, reception and transmission of orders, and operating a trading platform, and verified reporting confirms that of the roughly 183 to 210 entities holding full Crypto-Asset Service Provider authorisation as of late June 2026, only around 14 hold the specific permission to operate a trading platform. Kraken holds it through the Central Bank of Ireland. Bybit's EU entity does not extend to the high-leverage derivatives the exchange is known for globally. Coinbase's Luxembourg license covers custody and execution but not the rarer trading-venue permission. ESMA's own July 2025 supervisory review flagged Malta's MFSA for clearing a CASP with unresolved issues, meaning two passports can be legally identical and supervisorially unequal. This article forensically maps that gap using verified 2026 regulatory and exchange data, traces the live case of Binance's June 24, 2026 withdrawal of its Greek CASP application after roughly eighteen months in process, and introduces the DN Passport Completeness Tracker, a scoring framework that separates the legal fact of licensing from the operational fact of cross-border service delivery.
Every piece of MiCA coverage published in the past year has converged on the same sentence structure: exchange X is licensed, exchange Y is not. That sentence is true and it is also the least useful thing you can currently know about a crypto platform operating in the European Union. The license itself, a single Crypto-Asset Service Provider authorisation issued by one national regulator, carries passporting rights across all 30 states in the European Economic Area in legal theory. What the binary frame does not tell you is which of the ten services a CASP license can cover the entity actually holds, whether the regulator that issued it cleared the file with or without supervisory concerns attached, and whether the legal right to serve a market in Warsaw or Vienna has actually translated into a functioning account-opening flow there. Those three questions, not the licensed/unlicensed question, are where the real structural risk in this market currently sits, and almost nothing published so far measures them as a single, comparable number.
This matters for an unusually concrete reason right now. The MiCA transitional period, the grandfathering window that let crypto firms keep operating under old national registrations while their full license applications were reviewed, ends across the European Union on July 1, 2026, three days after this article publishes. After that date there is no intermediate status. A firm is either authorised under MiCA or it is, in the European Securities and Markets Authority's own words, in breach of EU law and required to cease offering crypto-asset services to EU clients immediately. Roughly 1,200 firms previously held national registrations across the bloc under the old patchwork of rules. As of the most recent published estimate, only around 17% had converted to full MiCA authorisation by mid-June 2026. The deadline itself is the most consensus-priced fact in European crypto right now. The gap inside the licenses that did get issued is not.
"A CASP licence is not all-or-nothing. Plenty of firms hold custody, exchange and execution but not trading-platform permission."
— Datawallet, MiCA exchange comparison methodology, June 2026.The Ten Services Nobody Mentions When They Say "Licensed"
MiCA does not issue a single, undifferentiated permission to "operate a crypto exchange." It issues authorisation across up to ten discrete service categories defined under the regulation, and a firm applies for, and is granted, only the subset its business model and capital position support. Those categories include custody and administration of crypto-assets on behalf of clients, exchange of crypto-assets for funds or for other crypto-assets, execution of orders, placement of crypto-assets, reception and transmission of orders, providing advice, portfolio management, transfer services, and, separately and more demandingly, operating a trading platform for crypto-assets. A firm holding seven of those ten services has a real, valid, EU-wide passported license. It is also a structurally different business, with structurally different risk and structurally different user experience, than a firm holding all ten, and the binary licensed/unlicensed frame currently used across almost all consumer-facing coverage treats them identically.
The clearest evidence that this gap is real and currently unmeasured at scale comes from the trading-platform permission specifically, the service category required to run an actual order book rather than a broker-style buy-and-sell screen. Independent tracking of the European Securities and Markets Authority's public register found that of the roughly 183 to 210 entities holding full CASP authorisation as of late June 2026, only approximately 14 hold the specific permission to operate a trading platform. Kraken holds it, through the Central Bank of Ireland, running two separate Irish entities, one for custody, exchange and execution, the other purely for the trading venue itself. Coinbase, whose Luxembourg license from the CSSF covers custody and order execution across all 27 member states, does not hold the rarer trading-venue permission under that entity. Both firms are, in the binary frame, simply "MiCA licensed." In the service-scope frame, they hold structurally different products under the same regulatory label.
The capital tiers that quietly create the gap
The reason service scope varies this much across otherwise comparable exchanges is not arbitrary; it is priced directly into the regulation. Under MiCA's own funding requirements, a CASP must hold own funds at all times equal to the higher of a fixed minimum tied to its service class or one quarter of its prior year's fixed overheads, and the fixed minimum rises sharply with service scope. Class 1 services, lower-risk activities that do not touch client assets such as advice, execution, and portfolio management, carry a €50,000 floor. Class 2, which adds custody and administration of client crypto-assets, raises that to €125,000. Class 3, which adds exchanging crypto for funds and, specifically, operating a trading platform, raises it again to €150,000, and the capital must be real, paid-up cash held in a segregated account, not founder loans or uncalled capital. A firm that stops short of the full trading-platform permission is not necessarily under-resourced or under-ambitious. It may simply be a different, deliberately narrower business sitting under the same headline word, "licensed," as a firm that cleared the highest capital bar in the regime.
Two Named Cases Where the Same Word Hides Two Different Products
The structural gap stops being an abstraction the moment you look at named, currently operating exchanges, because the gap is already shaping what EU users can actually do on platforms they may believe are functionally identical to the global versions of the same brand.
Bybit EU GmbH received full CASP authorisation from Austria's Financial Market Authority on May 28, 2025, passported across 29 EEA countries through the bybit.eu portal, and the license is genuinely comprehensive for spot trading: a flat 0.10% fee structure and a catalogue running past 600 assets. But the entity serving EU clients under that license is spot-first by design. The high-leverage perpetual derivatives that made Bybit one of the most recognised exchange brands globally are not offered to EEA retail clients under the MiCA-authorised entity. A user opening an account on bybit.eu in 2026 is not opening a smaller version of the exchange they may have used outside the EU; they are opening a different, narrower regulated product that happens to share a brand name and a license header.
OKX presents the inverse problem, where the scope is broad but the regulator's own supervisory record carries a flag. OKX serves the EEA through OKCoin Europe Limited under a MiCA license from Malta's Markets and Financial Services Authority, and the license covers a meaningfully broad scope including the Web3 wallet integration that lets users bridge between custodial and self-custody balances inside one app. The caveat sits one layer up, at the regulator rather than the entity: in July 2025, the European Securities and Markets Authority's own peer review found that the MFSA had cleared at least one CASP authorisation with material issues left unresolved, and called for a more thorough authorisation process. The license OKX holds is valid and passports identically to every other CASP authorisation in the union. The supervisory process that produced it has, on ESMA's own published finding, been treated as less rigorous than the process behind licenses issued in Ireland, Germany, or Austria. Two licenses, identical legal force, materially different evidentiary basis for trusting the process that issued them.
The Service-Scope Snapshot: What "Licensed" Actually Covers, June 2026
| Entity | Home Regulator | Trading-Platform Permission | Regulator Supervisory Flag | Structural Note |
|---|---|---|---|---|
| Kraken (Payward Europe) | Central Bank of Ireland | Yes | Clean | One of ~14 entities EU-wide holding full trading-venue permission |
| Coinbase (Luxembourg S.A.) | CSSF, Luxembourg | No | Clean | Custody, exchange, execution only; no order-book venue permission |
| Bybit EU GmbH | FMA, Austria | Yes | Clean | Spot-only; high-leverage derivatives excluded from MiCA entity |
| OKX (OKCoin Europe) | MFSA, Malta | Yes | ESMA-flagged Jul 2025 | Broad service scope; regulator process itself under scrutiny |
| Binance | None (withdrew Greek application Jun 24, 2026) | No license | N/A | Largest exchange globally; zero EU CASP authorisation as of Jun 28, 2026 |
Read down that table and the pattern that the binary "licensed" frame erases becomes visible immediately: no two of these five rows describe the same regulatory product, even though four of the five would currently appear on almost any "MiCA-licensed exchanges" list without further qualification.
Score = sum of four answers (0–2 each, max 8) × 12.5, gated to zero if no underlying authorisation exists. This is a structural evaluation aid built from public disclosures, not a substitute for checking the official ESMA register or a regulated entity's own license documentation before relying on it.
Service count is the number of MiCA service categories the entity is publicly confirmed to hold, out of ten. Completeness score uses the same four-question methodology as the scorer above, applied to each entity's public disclosure as of June 2026. A high completeness score means the underlying passport is broad, clean, and confirmed operationally, not that every global product feature (e.g. Bybit's high-leverage derivatives) is available under the EU entity; product-scope limitations within an otherwise complete passport are a separate, narrower question this tool does not score directly. Illustrative comparison of named, currently operating entities; re-verify against the ESMA register before relying on any single score.
Figures reflect verified reporting as of June 28, 2026 and are the verification target to re-confirm at any later read date, not a permanently fixed count; the ESMA register updates on a rolling basis as new authorisations are granted.
Binance: The Live Demonstration of What "No License" Actually Costs
If the service-scope gap is the quiet structural story, Binance's position three days before the deadline is the loud one, and it is worth separating clearly from the passport-completeness question because it is a different failure mode entirely: this is a firm with no EU passport at all, not a firm with a narrow one. After roughly eighteen months attempting to license through Greece's Hellenic Capital Market Commission, Binance withdrew that application on June 24, 2026, four days before this article's publication, and has said it expects to secure a license elsewhere within months. The friction was not, by all public reporting, a budget or technical-readiness problem; Binance has a compliance budget that dwarfs most of the field. Under MiCA, a national regulator is entitled to weigh an applicant's regulatory history, and Binance carries a heavier file than any other major exchange in this market, including its 2023 $4.3 billion settlement with US authorities and a string of earlier exits from individual European markets under the old national-registration regime.
The practical consequence for existing EU users is immediate and binary in a way the service-scope gap, for licensed entities, is not. France's Autorité des marchés financiers has gone as far as describing unlicensed crypto-asset service provision as a criminal offence, not merely a regulatory infraction. ESMA's December 2025 statement instructed national authorities to treat unauthorised continuation past the deadline with the same enforcement posture as any other breach of EU law, including verifying that firms without authorisation have orderly wind-down plans ready to execute immediately, covering client notification and the orderly transfer of crypto-assets to an authorised provider or to self-custody. Binance says it will contact affected users before July 1. Whether a license materialises in another member state before that date, or in the weeks after it, is the single most consequential open question in European crypto market structure this week, and it is a different question from anything the Passport Completeness Tracker above measures, because there is currently no passport, complete or otherwise, to score.
What the Gap Actually Means, Depending on Who You Are
For a retail user choosing where to hold euros, the practical takeaway is the one the comparison sources above have independently converged on: check the exact legal entity in the ESMA register, not the brand name, and confirm which specific services that entity holds before assuming a global product (derivatives, certain token listings, certain advanced order types) is available under the EU-regulated version of a platform you may already use elsewhere. A license is necessary information. It is not sufficient information about what you can actually do on the platform.
For a builder or operator evaluating where to seek authorisation, the capital-tier structure detailed above is the more actionable read: the gap between a Class 1 and a Class 3 authorisation is not a paperwork difference, it is a direct function of how much segregated, paid-up capital a firm can commit, and the regulator chosen matters independently of the service tier sought, given the documented variance in supervisory rigour between, for instance, Ireland or Germany and Malta's post-ESMA-flag process. Choosing a fast jurisdiction and choosing a rigorously-vetted jurisdiction are not always the same choice, and the Binance-Greece case is the clearest illustration available of what happens when a firm's own regulatory history collides with a regulator's discretion to weigh that history during review.
For DN's own readership specifically, this connects directly to two existing threads in our coverage: the institutional-adoption tracking that follows where regulated capital is actually flowing inside the EU's crypto perimeter, and the broader Africa and emerging-market regulatory-arbitrage coverage that watches which jurisdictions become the default routing points when a major bloc's rules tighten. See DN's Institutional Adoption Tracker for the wider capital-flow context this sits inside, and the DN MiCA Compliance Cost Index (forthcoming) for the capital-tier cost breakdown referenced above, modelled per service class.
What This Tracker Does Not Claim
Service-scope and supervisory-record data change. The ESMA register updates on a rolling basis as new authorisations are granted, services are added to existing licenses, or supervisory findings are published. A score generated from this article's June 2026 data should be re-verified against the live ESMA register before being relied upon for any decision.
An ESMA supervisory flag is not a finding of wrongdoing by the licensed entity. The July 2025 Malta peer-review finding concerned ESMA's assessment of the MFSA's authorisation process, not a specific allegation against any individual CASP licensed through that process. The distinction matters and this article has tried to preserve it throughout.
The Binance situation is fluid. As of this article's June 28, 2026 publication date, Binance holds no EU CASP authorisation following its June 24 withdrawal of its Greek application. This is a live, fast-moving situation and the position may have changed by the time this is read; check the current ESMA register and Binance's own public statements directly.
The Bottom Line: The License Question Is Closing. The Completeness Question Is Just Opening.
By the time this article is three days old, the binary question that has dominated European crypto coverage for the past eighteen months, licensed or not licensed, will have resolved itself almost entirely by operation of law: firms without authorisation will be required to stop serving EU clients, full stop, no further grace period, no further national discretion. That resolution is exactly why it stops being the interesting question. The question that actually determines user experience, institutional due diligence, and where regulated liquidity concentrates over the next several years is the one this article has tried to name and measure for the first time as a single comparable score: among the roughly 210 entities that clear the legal bar, which ones cleared it with the full service scope, the clean supervisory record, and the confirmed cross-border operational reality that the word "passport" implies, and which ones are running a structurally narrower or more contested version of the same headline claim. Jackson's framing of alpha as the hidden architecture beneath a market, not the asset itself, and EventHorizonIQ's framing of edge as being upstream of the moment a structural gap becomes consensus knowledge, both point at exactly this kind of gap. The license is the asset everyone is already pricing. The completeness behind it is the architecture nobody has named yet.
Frequently Asked Questions
The MiCA passporting gap is the difference between holding a legally valid EU-wide crypto license and actually offering the same scope of services across every member state that license technically covers. A MiCA authorisation grants passporting rights across all 30 European Economic Area states, but the underlying license is built from up to ten discrete service categories, and most authorised entities hold only a subset. This matters because two exchanges can both be accurately described as "MiCA licensed" while offering structurally different products, with different risk profiles and different available features.
The EU-wide MiCA transitional period ends on July 1, 2026, under Article 143(3) of the regulation. Individual member states could shorten this window, and several did: Germany and Ireland closed their national transitional periods on December 31, 2025, while the Netherlands, Poland, Latvia, Hungary and Slovenia chose six-month windows. After July 1, 2026, any entity providing crypto-asset services to EU clients without full MiCA authorisation is in breach of EU law and must cease those services immediately, with no further grace period.
Independent tracking of the European Securities and Markets Authority's public CASP register found that of the roughly 183 to 210 entities holding full authorisation as of late June 2026, only approximately 14 hold the specific service permission to operate a trading platform, the category required to run a genuine order book rather than a broker-style buy and sell screen. Kraken, through the Central Bank of Ireland, is among this smaller group; several other widely used platforms hold custody, exchange and execution permissions but not this specific one.
Binance pursued a MiCA authorisation through Greece's Hellenic Capital Market Commission for approximately eighteen months before withdrawing that application on June 24, 2026, days before the transitional deadline. Public reporting attributes the difficulty to Binance's regulatory history rather than its compliance resources, since MiCA permits national regulators to weigh an applicant's track record, and Binance carries a 2023 $4.3 billion US settlement and a series of earlier European market exits in its file. Binance has said it expects to secure authorisation elsewhere within months.
No. While every MiCA license passports identically regardless of which national regulator issued it, the regulators themselves are not subject to identical supervisory outcomes. In July 2025, the European Securities and Markets Authority's own peer review found that Malta's Financial Services Authority had cleared at least one CASP authorisation with material issues left unresolved, and called for a more thorough authorisation process. Ireland's Central Bank, Germany's BaFin and Austria's Financial Market Authority have, by contrast, clean supervisory records on their MiCA authorisations to date.
MiCA ties minimum own-funds requirements directly to the service categories a CASP is authorised for. Class 1 services such as advice, execution and portfolio management carry a €50,000 minimum. Class 2, which adds custody and administration of client crypto-assets, raises that to €125,000. Class 3, which adds exchanging crypto for funds and operating a trading platform, raises it to €150,000. The capital must be real, segregated, paid-up cash, not founder loans, which means narrower service scope is often a direct function of capital position rather than a strategic choice alone.
It must cease providing crypto-asset services to EU clients immediately, with no further grace period. National competent authorities are empowered to impose fines of up to €5 million or 5% of annual turnover for certain breaches, with some sources citing penalties up to €15 million or 12.5% of turnover depending on the specific violation, alongside cease-and-desist orders, suspension of operations, and removal from EU registers. France's market regulator has described unauthorised operation as a criminal offence. Firms without authorisation are expected to have orderly wind-down plans ready, including client notification and asset transfer arrangements.
The tracker scores four dimensions of a licensed entity's public disclosure: breadth of service-category authorisation out of ten possible categories, whether the entity specifically holds trading-platform permission, whether the home-state regulator's supervisory process has drawn any public concern such as an ESMA peer-review flag, and whether cross-border operational presence beyond the legal passport has been confirmed in a meaningful sample of other member states. Each dimension scores 0 to 2, summing to a 0 to 100 scale, gated to zero for any entity without underlying authorisation at all.
Embed grant: The DN Passport Completeness Tracker may be reproduced with attribution to decentralised.news.
DN-INTERNAL links to resolve: DN Institutional Adoption Tracker, DN MiCA Compliance Cost Index (forthcoming).
Sources: ESMA interim MiCA CASP register (ongoing), ESMA Statement on MiCA Transitional Measures (Dec 2024) and April 2026 update, ESMA peer-review statement on MFSA authorisations (Jul 2025), Datawallet "Best MiCA Licensed Crypto Exchanges for 2026" methodology (Jun 25, 2026), CASP Tracker independent ESMA register mirror (synced Jun 26, 2026), Cryptonews/Yahoo Finance "83% of Europe Crypto Firms Have Not Secured MiCA Licenses" (Jun 2026), Finance Magnates "Europe's Crypto Market After July 1" (Jun 2026), Advisers.law "Binance MiCA Licence Setback in Europe" (Jun 2026), Neobanque "Binance MiCA Licence: Why It Still Lacks EU Approval" (Jun 2026), CoinGeek "EU regulator clarifies expectations ahead of MiCA deadline" (Apr 2026), Hacken "MiCA Regulation: What Crypto Projects Must Know For 2026 Compliance."
As of: June 28, 2026. Entity counts, license statuses and the Binance situation specifically are subject to change on short notice given the proximity to the July 1, 2026 deadline; verify current status against the official ESMA register before relying on any figure in this article. Not financial, legal, or regulatory advice.
