July 1, 2026 marks a pivotal moment for the crypto market in the European Union: the end of the transitional period provided for in Regulation (EU) 2023/1114 on crypto-asset markets, known as MiCA. After this date, crypto-asset service providers serving EU clients will no longer be able to operate under previous national regimes, but only if they hold a valid MiCA authorization.

In Romania, according to the latest estimates, the measure directly affects approximately 600,000 cryptocurrency investors. The Financial Supervisory Authority (ASF) is the institution designated to manage this transition process at the local level.

The Romanian Legal Framework

Emergency Ordinance 10/2025, in force since March 13, 2025, transposed MiCA into Romanian law and designated the ASF as the primary regulatory authority for crypto-asset service providers (CASP).

Entities that were registered with the ONPCSB before December 30, 2024, under the old pre-MiCA notification regime, may continue to operate under national rules until July 2026, but must already comply with MiCA standards for governance, AML, and cybersecurity. The established timeline stipulates that the notification to the ASF regarding the intention to continue operations under the transitional regime had to be submitted by November 30, 2025, and the formal application for a MiCA license must be submitted between December 2025 and July 2026.

A distinctive feature of the local market is the supervisory fee charged by the ASF: 0.5% of the monthly operating revenue of authorized providers, payable by the 15th of the following month—a specific cost that does not exist in this form in other MiCA jurisdictions within the EU.

What will change as of July 1, 2026?

According to ESMA, the MiCA transitional period will expire on July 1, 2026. From that date, crypto service providers that have not obtained MiCA authorization will no longer be able to continue operating with EU clients. The mere existence of an authorization application still under review is not sufficient to continue providing services after the transitional period expires.

ESMA emphasizes that unauthorized providers must have orderly wind-down plans prepared and implemented. These plans must enable an orderly exit from the market without causing undue economic harm to clients—through prior notification of clients, the transfer of crypto-assets to a MiCA-authorized provider or to a self-hosted wallet, as well as the closure of positions or accounts under transparent conditions.

At the European level, on February 27, 2026 (public information released on May 28, 2026), ESMA provided stricter clarifications regarding how crypto platforms must manage and protect client assets, prohibiting certain practices that could diminish users’ control over digital assets.

Customer migration and the obligations of authorized providers

An important point highlighted by ESMA concerns the migration of clients to authorized entities. Providers that have obtained MiCA authorization must actively manage the process of taking over existing clients before July 1, 2026, by applying robust onboarding procedures, including conducting the necessary checks from an AML/CFT perspective.

This migration must not be used to allow unauthorized entities to indirectly continue their activities. National authorities will ensure that unauthorized providers, including entities within the same group, do not continue “business as usual” activities after the transitional period expires.

ESMA also draws attention to entities established outside the European Union. Apart from the limited exception for reverse solicitation, they may not provide crypto services falling under MiCA to EU investors and may not solicit EU clients for the provision of such services. This rule applies to business-to-business relationships as well.

Risks for Unauthorized Providers

Providing crypto services without the necessary authorization may result in administrative measures and significant penalties. Depending on the nature of the violation and applicable national legislation, these may include cease-and-desist orders, public statements regarding the violation, as well as hefty administrative fines.

Furthermore, the lack of authorization can have immediate commercial consequences: the inability to serve EU customers, damage to relationships with banking and institutional partners, as well as significant reputational risks.

Passporting of Services in the EU and Romania

The MiCA regime provides a significant advantage for authorized providers: the “passporting” mechanism. An authorized provider in one Member State may provide services in other EU Member States without having to apply for separate authorizations in each jurisdiction. In practice, large platforms already operating in Romania use this mechanism—a platform fully licensed under MiCA in a Member State such as Ireland or Luxembourg can automatically use it to serve customers in Romania.

At the same time, all platforms active with Romanian users, regardless of where they are licensed, are required to report transactions annually to ANAF.

For Crypto ATM terminal operators, ASF authorization also requires obtaining two additional technical approvals: one regarding the physical model of the terminal, issued by the National Institute for Research and Development in Informatics (ICI Bucharest), and another regarding the IT system, issued by the Romanian Digitalization Authority (ADR).

At the same time, authorization entails substantial requirements: adequate internal governance, compliance procedures, prudential requirements, policies regarding conflicts of interest, protection of client assets, complaint resolution mechanisms, as well as business continuity and orderly winding-down plans.

What does this deadline mean for users?

For users of crypto services, July 1, 2026, may have direct consequences. If the service provider they use is not MiCA-authorized, it may be required to suspend services, restrict access for EU customers, transfer assets to an authorized entity, or terminate the contractual relationship.

ESMA recommends that investors verify whether the provider is listed in the relevant official registers and, above all, identify exactly which legal entity they are contracting with. The protection provided by MiCA applies to the authorized entity within the Union, not automatically to all companies within the same group or to entities outside the EU operating under the same brand.

If the provider is not authorized, users should act promptly, including by transferring crypto-assets to an authorized provider or to a self-hosted wallet, or by closing positions, as appropriate. Continuing the relationship with an unauthorized provider may entail a lower level of legal protection and a higher risk of losing access to assets.

Conclusion

Starting July 1, for crypto operating entities, MiCA authorization—including compliance with specific ASF requirements, such as the 0.5% supervisory fee—becomes an essential condition for conducting business legally and sustainably in Romania and the EU. For users, verifying the status of the provider and the contracting legal entity becomes a necessary practical measure to protect their assets and rights.

Authors:
Ioana Chiper Zah
Tatiana Țapu