Entries on ESMA’s register of non-compliant entities providing crypto-asset services.
Authorised crypto-asset service providers on the companion MiCA register.
National competent authorities have contributed entries: CONSOB (162), AFM (1), NBS (1).
In the register update dated 16 July 2026, two entities were added to the non-compliant register following action by Italy’s Commissione Nazionale per le Società e la Borsa (CONSOB), bringing the total to 164 entries. In the same update ESMA added 14 crypto-asset service providers to the authorised register, bringing that total to 294.
- Reversal Investment Group — listed by CONSOB (IT). Decision date 8 July 2026; record last updated 13 July 2026.
- Kortex — listed by CONSOB (IT). Decision date 8 July 2026; record last updated 13 July 2026.
Source: ESMA interim MiCA register, non-compliant entities file (NCASP.csv), update dated 16 July 2026; corroborated by Cointelegraph, 17 July 2026. Naming an entity here reproduces a published regulatory listing — it is not an allegation of wrongdoing by NorthPoint.
What this register is.
MiCA requires ESMA to maintain a central register. Articles 109 and 110 cover crypto-asset white papers, authorised crypto-asset service providers, and non-compliant entities. ESMA publishes it as an interim register: five CSV files, republished weekly, pending integration into ESMA’s IT systems. The fifth file is the one this page tracks. ESMA labels it, verbatim:
“Non-compliant entities providing crypto-asset services.”
“Records displayed in each of the five interim MiCA register files reflect information received by the authorising (or notified) competent authority.”
“ESMA will publish the latest version of the register on weekly intervals. As such, information that may be reported to ESMA by competent authorities or listed in a national register will not be immediately displayed.”
Two things follow from that, and they matter for how you read any row. First, the entries are the national authority’s, not ESMA’s — ESMA is the publisher, and the substantive decision sits with the competent authority named in the row. Second, the file lags: a decision taken by an authority appears only in the next weekly republication, so the register is a trailing record, not a live one.
The machine-readable version of everything on this page is published at /data/esma-non-compliant.json, with the source URL and as_of date on every figure.
What the register records, field by field.
ESMA publishes a field description alongside the register. Reading a row correctly depends on it — particularly the infringement field, which is routinely misread.
| Field | ESMA’s own description | How to read it |
|---|---|---|
| Competent Authority | “Full name of the Competent Authority that declared the non compliant entity.” | The national authority that made the decision. ESMA publishes; the authority decides. |
| Non compliancy reason | “Non compliancy reason.” Free text. | Often empty. Where an authority supplies wording, this page reproduces it verbatim rather than paraphrasing. |
| Decision date | “Decision date, decided by the authority, of crypto-asset services in violation of Article 59 or 61.” | When the authority decided — not when ESMA published it. The two differ by days to weeks. |
| Case of infringement identified by ESMA | “Case of infringement identified by ESMA in accordance with Article 17 of Regulation (EU) No 1095/2010.” Yes / No. | Recorded as “No” for all 164 entries. This records that ESMA has not opened an Article 17 breach-of-Union-law case — it does not mean no national action was taken, and it does not qualify the authority’s own listing. |
| Last update | “Last update of the record.” | When the row itself last changed. Useful for spotting amendments. |
The register at a glance.
Aggregated from ESMA’s published file. These counts describe the register as a whole and are not a determination about any individual firm.
| Listing authority | Member state | Entries |
|---|---|---|
| Commissione Nazionale per le Società e la Borsa (CONSOB) | Italy | 162 |
| Netherlands Authority for the Financial Markets (AFM) | Netherlands | 1 |
| National Bank of Slovakia (NBS) | Slovakia | 1 |
| Total | 164 | |
By decision year: 102 entries carry a 2025 decision date, 62 a 2026 one. The concentration in a single member state is a fact about enforcement publication practice, not about where non-compliance occurs — CONSOB routinely publishes website-blocking orders, and those flow into this file. Read the register as a partial picture of national action, not a complete map of the market.
Named entries.
NorthPoint reproduces individually only the entries it can verify field-by-field against ESMA’s own file: the two listed by an authority other than CONSOB, and the two most recent additions. The remaining 160 entries are CONSOB listings, carried in the aggregate counts above and not reproduced here. The register itself is the complete and authoritative list — this table is a reading aid, not a substitute. Without JavaScript the table below still renders in full — the controls are an enhancement, not a requirement.
| Entity as listed | Listed by | Decision date | Authority’s wording | Source |
|---|---|---|---|---|
| MEXC Global |
Netherlands Authority for the Financial Markets (AFM) |
16 Sep 2025 |
“MEXC Global provides crypto-asset services in the Netherlands without the required MiCAR license. MEXC is in breach of section 59 MiCAR.” |
ESMA register → AFM warning → |
| Reversal Investment Group | Commissione Nazionale per le Società e la Borsa (CONSOB) |
8 Jul 2026 |
No reason text published in ESMA’s file for this entry (field recorded as “None”). |
ESMA register → |
| Kortex | Commissione Nazionale per le Società e la Borsa (CONSOB) |
8 Jul 2026 |
No reason text published in ESMA’s file for this entry (field recorded as “None”). |
ESMA register → |
| LWEX | National Bank of Slovakia (NBS) |
10 Feb 2025 |
No reason text published in ESMA’s file for this entry (field recorded as “None”). |
ESMA register → |
A row here says: this authority listed this entity on ESMA’s non-compliant register on this date, in these words. It says nothing more. It is not NorthPoint’s assessment, not a court finding, and not a statement about a firm’s conduct beyond the authorisation point the authority recorded. Check the live register before acting.
What being on this list means — and what it does not.
ESMA set out its expectations in its Statement on the End of Transitional Periods under MiCA (ESMA75-113276571-1679), dated 17 April 2026. That statement, quoted below, is the clearest available answer to what a listing implies operationally.
“The MiCA transitional period will officially expire across the EU on 1 July 2026. After this date, any entity providing crypto-asset services to EU clients without a MiCA licence will be in breach of EU law and must cease offering such services.”
“By 1 July 2026, when the transitional period ends across the EU, any unauthorised CASP must have implemented its wind-down plan.”
“Wind-down plans enable an orderly exit without causing undue economic harm to clients, including by arranging the offboarding of clients – for example by organising the transfer of crypto-assets held on their behalf to an authorised CASP or to a self-hosted wallet.”
“ESMA reminds market participants that entities established outside the EU are, outside the narrow exception of reverse solicitation, not permitted to provide crypto-asset services that qualify as MiCA services to EU investors or to solicit EU clients with a view to provide MiCA services to them.”
What it means, in practice.
| It does mean | Grounded in |
|---|---|
| Stop onboarding EU clients. An entity without a MiCA licence cannot take on new EU clients after 1 July 2026. | ESMA: any entity serving EU clients without a licence “must cease offering such services.” |
| Stop opening accounts and implement the wind-down plan. The plan was to be operational by 1 July 2026, not drafted after it. | ESMA: “any unauthorised CASP must have implemented its wind-down plan.” |
| Cease marketing and solicitation into the EEA. Soliciting EU clients is expressly covered, and reverse solicitation is a narrow exception, not a workaround. | ESMA: non-EU entities are “not permitted … to solicit EU clients.” |
| Offboard clients without undue harm. Transfer assets to an authorised CASP or a self-hosted wallet, with prior notice. | ESMA: wind-down plans “enable an orderly exit without causing undue economic harm to clients.” |
What it does not mean.
| It does not mean | Why |
|---|---|
| A finding of fraud, criminality, or dishonesty. | The register records a decision about authorisation under MiCA Articles 59 and 61. It is not a criminal or civil finding, and nothing on this page alleges one. |
| That ESMA itself investigated the entity. | The listing is the national authority’s. ESMA’s own Article 17 infringement field is recorded as “No” for all 164 entries. |
| That the position is current. | The file is republished weekly and lags the underlying decisions. Entries are added, amended, and removed — check the live register. |
| That the list is exhaustive. | 162 of 164 entries come from a single authority. Absence from the register is not evidence that an entity is authorised — for that, check the authorised-CASP register instead. |
| Anything about an entity’s status outside the EU. | MiCA governs the provision of crypto-asset services to EU clients. A listing says nothing about other jurisdictions. |
If you are a user.
ESMA’s consumer guidance in the same statement is direct, and worth quoting rather than paraphrasing:
“Verify your provider. Check that the company you are using is listed as authorised in the ESMA Interim MiCA Register before you invest or transfer funds.”
“Know exactly who you are dealing with. MiCA protections only apply to the specific authorised legal entity in the EU – not to other companies of the same group, and not to non-EU entities.”
“Take action if needed. If your provider is not authorised, act promptly – transfer your crypto assets to an authorised provider or a self-hosted wallet, or consider closing your positions. Staying with an unauthorised provider may mean less legal protection and a greater risk of losing access to your assets.”
If you market a crypto service into the EU.
The register is the downstream consequence of the authorisation gate — and marketing is usually the most visible surface an authority looks at. Under Article 88, every customer-facing message must be clear, fair, and not misleading, and claims about your own authorisation are exactly the statements that have to be accurate. If you are outside the EU and relying on being “outside,” the reverse-solicitation test is narrower than most teams assume.
| If you are… | The immediate move | Start here |
|---|---|---|
| Checking whether you may be marketing into the EEA at all Non-EEA entity, EU visitors landing on your surfaces. |
Run the targeting test on your live banners, pages, and posts before relying on being “outside.” | Free non-EEA targeting check → |
| Unsure whether a live asset still passes A banner, landing page, or availability claim running into the EU. |
Paste the copy or URL and get a verdict against the MiCA marketing rules in seconds. | Free MiCA check → |
| Facing a licence change or a whole asset-set review A migration, a wind-down, or a high-stakes launch. |
A signed, whole-asset-set review across your EU markets against MiCA, FCA, and GDPR in five business days. | Launch Audit → |
Related rules.
-
The other half of the picture: who is authorised. Absence from the non-compliant register is not evidence of authorisation — check the authorised side here.
-
The wind-down statement in plain language: what “orderly” means for your marketing surface, and the two paths still open.
-
Why the “own exclusive initiative” exemption cannot be relied on systematically, and what counts as marketing into the EEA.
-
The obligations that follow when authorisation was not obtained — the context in which a register listing arises.
-
What the end of the transitional period changed, and what it means if a provider is not authorised.
-
Every MiCA marketing rule NorthPoint tracks, quoted and explained.
This page is general, educational information for EU users and marketing teams, not legal, financial, or investment advice, and not a determination of any firm’s status or any authority’s intentions. Every named entry reproduces what a national competent authority recorded in ESMA’s public register of non-compliant entities providing crypto-asset services at a point in time, with the listing authority, the decision date, and a link to the source. Appearing on that register is a published regulatory listing concerning authorisation under MiCA — it is not a finding of fraud, criminality, or other wrongdoing, and NorthPoint makes no such allegation about any entity named here. Entries can be added, amended, or removed, and the register is republished weekly. NorthPoint reproduces individually only entries it can verify field-by-field against ESMA’s own published file, and does not name the remaining entries. Confirm the current position on the ESMA register and with the relevant national competent authority, and consult qualified counsel for your situation. As of 16 July 2026; retrieved 19 July 2026.