Back to Policy Briefs
DCM Core Policy Brief | PB-2026-01

MiCA Phase 2: Transitional Provisions for CASPs

DCM Core Regulatory Intelligence Unit
Publication: March 2026 | Format: 6-Page Standard

01 Executive Summary

The activation of the Markets in Crypto-Assets (MiCA) regulation's second phase introduces a unified licensing regime for Crypto-Asset Service Providers (CASPs). This brief analyzes the transitional rules established under Article 143, which allow existing Virtual Asset Service Providers (VASPs) to continue operating under national frameworks while preparing for CASP passporting. We examine the operational friction points and passporting schedules across different jurisdictions.

While the transitional provisions aim to prevent market disruption, varying national interpretation of the 'grandfathering clause' creates regulatory fragmentation. Successful CASP alignment requires early security audits, compliance restructurings, and proactive engagement with National Competent Authorities (NCAs) before the transitional window closes in 2026.

02 Problem Statement

Prior to MiCA, crypto-asset service providers faced a fragmented regulatory landscape, operating under diverse national anti-money laundering (AML) registration regimes. This lack of harmonization resulted in regulatory arbitrage, increased compliance overhead for cross-border operations, and limited investor protection. CASPs seeking to expand globally had to obtain separate registrations in each EU member state.

"The core challenge of the MiCA transition is not just acquiring a license, but managing the operational divergence between grandfathered national registries and the strict, centralized requirements of the new CASP passport."

As member states implement their own transitional timelines (ranging from zero to 18 months), CASPs face legal uncertainty regarding their ability to passport services during the interim period. This creates a critical risk for firms that rely on cross-border business models without a fully approved CASP license.

03 Policy Context

Under MiCA Article 143, member states may allow VASPs already providing services in accordance with national law to benefit from a transitional period. However, this grandfathering is optional and subject to national discretion. For example, some jurisdictions have opted for a simplified CASP licensing procedure for registered VASPs, while others require a full application from day one.

Furthermore, the cross-border provision of services (passporting) is explicitly prohibited for grandfathered VASPs until they obtain a full CASP authorization. This restriction creates a clear division between local operations and the wider EU single market, driving consolidation.

04 Analysis & Operational Impact

The operational transition from a national VASP registry to a fully licensed CASP involves significant upgrades in governance, capital adequacy, and custody infrastructure. Under MiCA, CASPs must hold minimum prudential safeguards (ranging from EUR 50,000 to EUR 150,000 depending on service type) or equivalent professional indemnity insurance.

In addition to capital requirements, CASPs face strict rules regarding the segregation of client assets. Customer funds must be held with credit institutions or qualified third-party custodians, completely isolated from the CASP's operational assets. This prevents the commingling of funds that led to major market failures in previous cycles.

Finally, the transition requires implementing comprehensive ICT security frameworks aligned with the Digital Operational Resilience Act (DORA), introducing mandatory penetration testing and incident reporting mechanisms that VASPs previously bypassed.

05 Policy Recommendations

To ensure a smooth transition and maintain operational continuity across the EU, we recommend that CASPs and regulators adopt the following measures:

Actionable Guidelines for Transitioning CASPs:

  • Conduct immediate gap analyses matching current VASP compliance policies against the ESMA CASP draft guidelines.
  • Establish bilateral dialogues with host and home regulators to clarify passporting timelines and grandfathering rules.
  • Upgrade asset custody architectures to support multi-signature, air-gapped security, and cryptographically segregated client accounts.

06 References & Citations