1,200 crypto licences. 210 survived MiCA. What the numbers actually tell us about where this industry is going and why Q4 2026 is the moment that decides it.
82.5% of crypto operators in Europe did not make it through.
In 2018, I sat in a room in Malta with lawyers, technologists, and regulators trying to do something that had never been done before: write a law for an infrastructure that didn’t fully exist yet.
The blockchain was real. The applications were proliferating faster than anyone could categorise them. The companies building on it were either too early to have business models or too ambitious to be constrained by the ones they had. And the regulators, serious, well-intentioned people, were being asked to create legal certainty for something that was, by its very design, built to resist it.
The question we kept returning to was not a legal one. It was architectural: how do you regulate the plumbing while it is still being laid?
The answer Malta landed on, regulating principles and outcomes, not technical architectures, has since been amended, refined, and partially superseded by the larger European framework it helped inspire. That is not a failure. That is precisely how infrastructure governance is supposed to work.
I am thinking about that room again now, because the industry is in the middle of another version of the same moment. Larger in scale. Higher in stakes. And widely misread.
The Numbers Nobody Is Talking About
Before the Markets in Crypto-Assets Regulation became enforceable law across the European Union, there were over 1,200 VASP entities Virtual Asset Service Providers, holding national crypto licences across EU member states.
As of May 2026, approximately 210 CASPs have been authorised under MiCA across 23 EU member states.
On July 1, 2026, 34 days from the date I am writing this, the transitional period ends. ESMA confirmed in April that there are no extensions, informal arrangements, or national carve-outs. Any unauthorised CASP serving EU clients after that date is, by definition, operating illegally in the world’s largest single market.
That is an 82.5% reduction in licensed operators in under two years.
The market has barely covered it. The narrative has been absorbed into the broader story of crypto volatility, layoffs, and regulatory friction, treated as background noise rather than as the structural signal it actually is.
It is not background noise. It is the industry telling you, with statistical precision, exactly who built something real.
Why the Shakeout Was Always Inevitable and Healthy
To understand what the 1,200 to 210 number actually means, you have to understand what those 1,200 entities were.
The pre-MiCA European crypto licensing landscape was a patchwork of national AML-registration regimes assembled in a hurry between 2018 and 2022, as governments scrambled to implement the EU’s Fifth Anti-Money Laundering Directive. Lithuania, Estonia, Poland, and the Czech Republic issued crypto registrations in volume at the height of the cycle, many to entities with no material operations, no real customer books, and no serious intent to build regulated services at scale. They were, in the most honest reading, regulatory options: certificates of possibility held at low cost by operators waiting to see which jurisdiction would offer the most favourable long-term path.
The compliance bar was minimal. In some jurisdictions, a crypto registration required little more than a registered address, a named compliance officer, and a filing fee. The entities existed on paper. The businesses, in many cases, did not.
MiCA eliminated that arbitrage. A CASP authorisation under MiCA requires genuine organisational substance: governance structures with defined accountability, capital adequacy requirements, cybersecurity frameworks, market abuse surveillance systems, custody asset segregation, and consumer protection disclosure mechanisms. The compliance infrastructure required to obtain and maintain a MiCA licence is not something that can be assembled quickly or cheaply. It requires real investment, real expertise, and real commitment to operating as a regulated financial services firm.
The 990 entities that have not transitioned are not 990 businesses that have been destroyed by regulation. The majority of them were never real businesses in the sense that MiCA is now defining. They were placeholders in a pre-regulated market that no longer exists.
The firms that matter, the ones serving real customers, processing real volume, building real products with real regulatory exposure, are the 210 going through authorisation and the substantive cohort still in the queue. Germany leads with 53 authorised CASPs. France, Ireland, Luxembourg, and Malta are processing applications from operators with genuine substance behind them.
The market is not shrinking. It is stratifying. And stratification, the separation of serious operators from paper entities, is exactly what a maturing infrastructure is supposed to produce.
The Regulatory Iteration Was Always Part of the Design
Here is the deeper structural point that gets lost in the compliance anxiety of the current moment.
Satoshi’s white paper, published in 2008, was architecturally correct. The principles of trustless, permissionless, peer-to-peer value transfer without reliance on a trusted intermediary have proven durable. But the mechanics that followed the white paper: the forks, the Layer 2 scaling solutions, the smart contract platforms, the oracle networks, the automated market maker protocols, the stablecoin mechanisms, none of that was in the original document. It couldn’t have been. The technology set the direction. The infrastructure grew around it iteratively, shaped by real-world friction, catastrophic failures, and the relentless pressure of use cases that the original design had not anticipated.
Regulation follows the same logic. It is not, and has never been, designed in advance of the technology it governs. It is built in response to it and then rebuilt as the technology evolves beyond what the first draft could anticipate.
The Malta DLT framework of 2018 was amended. The FATF guidance on virtual assets has been revised multiple times. MiCA itself is the most comprehensive and sophisticated crypto regulatory framework yet written, but it already has known gaps. The DeFi provisions are explicitly unresolved. NFTs exist in a classification grey zone. The staking rules are generating opposing legal opinions from compliance counsel across 27 member states. A second MiCA revision is not a question of if, but when.
This is not a design failure. It is the nature of governance for a living infrastructure. The regulation catches up to the technology, codifies what has been proven, and then finds itself behind again as the technology moves forward. The cycle is the point.
What this means practically for anyone building in this space: treat every regulatory update as a signal, not a threat. Where regulation crystallises around a technology or a use case, it is telling you that institutional capital is preparing to enter that space. Where it remains ambiguous as it does today with DeFi and NFTs, it is telling you that the infrastructure is still proving itself, and that the window for first-mover positioning remains open.
Two Geographies. One Industry. A Structural Choice.
The most consequential shift in global crypto right now is not a price movement. It is not a protocol upgrade. It is a geographic bifurcation that is quietly but decisively reshaping where innovation happens and where distribution happens, and most founders are not yet building their corporate architecture around it deliberately.
Europe is becoming the compliance and custody layer.
MiCA’s passporting mechanism creates, for the first time in history, a genuinely unified European crypto market. A single CASP authorisation is valid across all 27 EU member states. For institutional capital asset managers, pension funds, banks cautiously entering digital assets, and tokenised instrument issuers looking for regulatory clarity, this is an extraordinarily valuable structure. The EU has built the legal infrastructure for a €450 trillion addressable market to interact with digital assets in a regulated, auditable, cross-border manner. The winners in European crypto will be custody providers, regulated exchanges, tokenised fund operators, and the compliance infrastructure firms that serve all of them.
The UAE and MENA, more broadly, are becoming the innovation and issuance layer.
The UAE now operates five concurrent regulatory frameworks for digital assets: the federal Capital Market Authority for mainland and free zone operations, VARA in Dubai, FSRA/ADGM in Abu Dhabi, DFSA in DIFC, and CBUAE for payment token oversight. Federal Decree-Law №33 of 2025 placed virtual assets on equal regulatory footing with traditional securities, not to restrict them, but to integrate them into the capital markets infrastructure of a jurisdiction that is actively, deliberately competing for global financial leadership.
Operators have until January 2027 to regularise under the new CMA framework. That runway alongside the genuine pro-innovation orientation of UAE regulatory design is attracting the kind of product development, token issuance, and DeFi experimentation that MiCA’s ambiguity has made difficult to pursue from a European base.
The result is a functional division of labour that is already operating in practice, even if most industry commentary has not yet named it explicitly. Product development and innovation concentrating on the Gulf. Regulated distribution, institutional custody, and cross-border settlement are consolidating in the EU.
The founders who map this split deliberately and build their corporate and product architecture around it with intention will have structural advantages that cannot be bought back by those who arrive late to the decision.
Turkey sits as an underappreciated bridge in this geography. Ranked 7th globally by on-chain volume, processing $136.8 billion in on-chain value, it represents MENA’s largest crypto market by user base, driven by lira-denominated inflation hedging and a growing domestic Web3 ecosystem. Its regulatory framework is still forming. For founders with cross-border payment infrastructure ambitions, it is the market hiding in plain sight.
What the Layoffs Are Actually Telling You
Coinbase cut 14% of its global workforce in May 2026, approximately 700 roles, citing both market volatility and the acceleration of AI across its operations. CEO Brian Armstrong was explicit: this is a structural rebuild, not a retreat. “We are fundamentally changing how we operate.”
The broader technology and crypto sector has shed over 92,000 jobs in 2026. PayPal, Cognizant, and others made parallel announcements in the same week.
The instinct is to read this as distress. It is more usefully read as an industry shedding the organisational architectures built for a cycle that has ended, the headcount-heavy, growth-at-any-cost structures that made sense when capital was free, regulatory overhead was minimal, and market share was the only metric that mattered to investors who had not yet been through a full correction.
What is replacing those structures will be leaner, AI-augmented, and built for a market where compliance is non-negotiable, margins require genuine discipline, and sustainable unit economics are the only numbers that attract serious capital.
There is also, for builders who are paying attention, an unusual talent opportunity embedded in this restructuring. The senior professionals coming out of this wave of compliance leads, cross-border payment architects, and product strategists who have operated at scale inside regulated crypto environments are available in a way they have not been since the industry’s earliest years. The firms that are moving seriously into the regulated market with genuine infrastructure ambitions have a window to build teams that would not have been possible twelve months ago.
Q4 2026: Not a Prediction. A Measurement.
The full picture will not be visible until the fourth quarter of this year. By then, the post-July MiCA enforcement landscape will have settled enough to see which firms actually completed the transition, which jurisdictions processed applications efficiently, and which operators chose to restrict their European operations rather than absorb the compliance cost. The UAE’s CMA transitional period will be six months in, with its own consolidation dynamics becoming legible. The UK Financial Conduct Authority will have published its final crypto rules, introducing a third major regulatory framework into the European and broader Western market. And the stablecoin market, currently at $310 billion in total value and projected toward $1 trillion, will have its first real operational test of what compliant cross-border infrastructure looks like, running simultaneously across three concurrent regulatory regimes.
Q4 2026 will not tell us whether crypto was a good idea. That question was answered a long time ago.
It will tell us whether the industry has built the infrastructure to support the institutional market that has been waiting for regulatory clarity to enter at scale.
The Construction Site and the Crisis
I want to end where I started in that room in Malta in 2018, with people trying to write rules for something that wasn’t finished yet.
What we understood then, and what I think the market is struggling to hold onto now, is that you do not wait for the infrastructure to be complete before you begin governing it. You govern it as it grows. You make the best rules you can with the technology and the evidence available. You build in review mechanisms. You accept that the first draft will require amendment. And you treat every iteration, every revision, every update, every expanded scope not as evidence of failure but as evidence that the infrastructure is alive and developing.
MiCA is not the final word. It is the best word yet written. It will be followed by a better one.
The industry is not in panic. The infrastructure is not broken.
It is being built as it has always been built iteratively, under pressure, ahead of the governance that will eventually formalise it.
Stop mistaking the construction site for a crisis.
The foundations are more solid than the noise suggests. And the window to build on them, deliberately and with clarity about this specific moment, is open right now.
Joseph Zammit is a marketing and strategy executive with 25 years at the intersection of fintech, crypto, and regulation. He contributed to the design of Malta’s DLT legislative framework, among the first of its kind globally and has since led market strategy for neobanks and Web3 infrastructure companies across Europe, MENA, and Asia. He advises founders and CEOs as a fractional CMO and CSO.
The Infrastructure Was Never the Problem was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.