On June 15, the Spanish National Securities Market Commission (CNMV) issued an announcement confirming that the transition period for crypto-asset service providers under the EU Markets in Crypto-Assets (MiCA) regulation will end on June 30. Starting July 1, only service providers that have obtained the necessary authorization may continue operating in Spain; after investors trade with platforms that have not completed the authorization process, they will no longer enjoy the regulatory protection provided by MiCA.
Obligations of Unauthorized Service Providers: Specific Requirements for the Migration Plan
According to the CNMV announcement, crypto-asset service providers that cannot complete authorization before July 1 must comply with the following requirements:
Develop an effective customer migration plan: must allow customers to transfer custody crypto-assets to other addresses, and withdraw funds related to cash accounts
Security and compliance requirements: the entire migration process must comply with the required security measures and anti-money laundering (AML) regulations
Cooperate with authorized authorities: may reach an agreement with another authorized service provider so that, after each customer completes identity verification, assets are transferred to the new provider and business continues
Communicate early and sufficiently: must promptly and continuously clearly inform customers of the situation, migration plan deadlines, and specific actions
Reasonable withdrawal period: the migration plan must set a reasonable period for withdrawing assets; after the period ends, assets not yet withdrawn may be transferred to an authorized entity and relevant customers must be notified
Three Unregistered Entities Named by the CNMV
CNMV confirmed this Monday that the following three entities do not appear in the official register and are not authorized to provide regulated investment services in Spain:
· Cpkey App (mobile application, disseminated via WhatsApp groups)
· JT-M (mobile application, disseminated via WhatsApp groups)
· Investing IB (website:
Investor Verification Channels: ESMA and CNMV Registers
CNMV recommends that crypto-asset investors check the authorization status of their service providers on the European Securities and Markets Authority (ESMA) and CNMV’s official registers. If a service provider is not authorized, investors should proactively request that it provide a migration plan and available options.
Frequently Asked Questions
What consequences will investors face for using unauthorized service providers after the MiCA transition period ends?
According to the CNMV announcement, starting from July 1, 2026, when investors trade with entities not authorized under MiCA, they will no longer enjoy regulatory protection mechanisms provided under MiCA, including requirements such as safe custody and segregation of customer assets. CNMV explicitly advises investors to “avoid entering into contracts or maintaining relationships with platforms or providers that have not completed the authorization process.”
How is the deadline for migration plans of unauthorized crypto service providers determined?
According to the CNMV announcement, the migration plan must set a “reasonable timeframe” for investors to withdraw assets; the specific timeframe is determined by the service provider, but the final deadline of the transition period itself is June 30, 2026. After the deadline, assets not yet withdrawn may be transferred by the service provider to an authorized entity, and relevant customers must be notified.
How can investors check whether their crypto service provider has been authorized under MiCA?
The CNMV announcement confirms that investors can check via two official channels: the authorization register of the European Securities and Markets Authority (ESMA), and CNMV’s official register. If the service provider does not appear in the registers above, it cannot legally provide regulated crypto-asset services in Spain.
