Reverse Solicitation Under MiCA Article 61: Scope, Limits, and Strategic Implications

What Reverse Solicitation Is Under MiCA Article 61

Reverse solicitation under MiCA Article 61 is the only narrow exception to the Article 59 requirement that crypto-asset services to clients in the Union be provided by a CASP authorised by an EU or EEA national competent authority.^[3][4] A third-country firm without CASP authorisation may serve an EU client only where that client has initiated the provision of the crypto-asset service or activity at their own exclusive initiative. Article 61(2) separately prohibits the third-country firm from using that initial exclusive initiative to market new types of crypto-assets or crypto-asset services to the same client. The exception was tightened by ESMA’s Guidelines on reverse solicitation under MiCA (ESMA35-1872330276-2030) published 26 February 2025, applicable from 27 April 2025.^[1]

Relationship to Article 59 (Authorisation Requirement)

Article 59 of MiCA establishes the default position: any person providing crypto-asset services in the Union must be authorised as a CASP by an EU or EEA national competent authority (NCA) under Article 63 of MiCA, and the resulting authorisation passports across all 30 EEA states under Article 65.^[3] Article 61 then carves out a single, narrowly drafted permission: where a client established or located in the Union initiates contact at their own exclusive initiative, a third-country firm may provide the specific crypto-asset service the client requested. The exception does not modify Article 59; it sits inside Article 59’s authorisation perimeter as a limited tolerance for genuinely unsolicited contacts.

Definition: Reverse Solicitation

Scope: EU and EEA

The geographic scope of Article 61 covers the full MiCA passport regime: the 27 EU Member States plus Iceland, Liechtenstein and Norway via EEA Joint Committee Decision No 41/2025 of 20 February 2025, with supplementary regulatory technical standards via JCD 138/2025 of 13 June 2025.^[5][6] The non-EU and non-EEA jurisdictions in geographical Europe (the United Kingdom, Switzerland, Gibraltar) sit outside the MiCA passport and require local authorisation for local clients; the Article 61 analysis governs only the EU and EEA legs of a third-country firm’s activity.

Why the Exemption Is Narrow (Not a Carve-Out)

Reverse solicitation under MiCA Article 61 was tightened by ESMA Guidelines published 26 February 2025 and is the exception, not the rule. ESMA’s Guidelines paragraph 23 state that the exception should be construed narrowly; the Final Report paragraph 11 describes the exception as very limited and very narrowly framed. Two structural features make the exception operationally narrow.

First, an illustrative, non-exhaustive list of solicitation indicators defeats the exemption:

• Targeted advertising into the EU.
• EU-language websites.
• Country-code top-level domains for EU Member States.
• Country sub-directories on the firm’s website.
• SEO targeting of EU traffic.
• Sponsorship of EU- or Member-State-centric events.
• EU-based influencers.
• Affiliate or referral programmes that direct EU traffic.
• App-store availability in EU jurisdictions.
• Push notifications cross-selling new products.
• Bundling of services.
• EU-regulated intermediaries redirecting clients to a third-country group affiliate.

Second, Article 61(2) prohibits the third-country firm from using the client’s initial exclusive initiative to market new types of crypto-assets or crypto-asset services to that client; even same-type marketing is permitted only in the context of the original transaction. An offshore entity cannot rely on Article 61 as a market-entry strategy: the firm cannot acquire EU clients through any of the solicitation indicators, and the firm cannot use a reverse-solicited client as a beachhead for expanding into new services or asset exposures.^[1][2]

Solicitation Indicators (Illustrative, Non-Exhaustive)

ESMA’s Guidelines set out an illustrative, non-exhaustive list of conduct that defeats the Article 61 exemption. Guidelines paragraph 12 alone names at least fifteen examples; the Annex adds further examples.^[1] Each is assessed on its own facts; reliance on Article 61 does not survive any of them. The list below groups the most material indicators for third-country crypto-asset firms.

• Targeted advertising into the EU. Paid placements on search and social platforms, geo-targeted impressions, retargeting, and any advertising creative referencing EU products, EU jurisdictions, EU regulators, or EU consumer protections. The test is not whether the advertising mentions a Member State explicitly; geo-targeting alone is sufficient.
• EU-language sites and content. Translations into French, German, Italian, Spanish, Dutch, Polish, Portuguese, Greek, Czech and other Union languages. The presence of a translated landing page, sign-up flow, T&Cs, KYC interface or marketing copy in an EU language is treated as solicitation regardless of the third-country firm’s stated intent. ESMA’s Final Report paragraph 31 treats English as customary in the sphere of international finance, which makes English a weaker indicator on its own; it is not a safe harbour, and an English-only site combined with other indicia (EU-targeted SEO, country sub-directories, EUR-denominated pricing, EU-customer testimonials) will defeat the exemption.^[2]
• Country-code top-level domains for EU Member States. A site at .fr, .de, .es, .it, .nl, .pl, .pt, .ie, .lt, .lv, .ee, .cy, .mt or any other EU ccTLD is treated as targeting the corresponding Member State. The same analysis applies to country sub-directories presenting Member-State-specific content under a generic domain (for example, /fr/ or /de/ paths on a .com).
• Search-engine optimisation targeting. Regional or country-specific SEO, geo-targeted link building, geographic targeting in SEO tools and any signal designed to surface the firm’s site to EU users for EU-specific queries. SEO is an explicit Annex example in the ESMA Guidelines.
• Sponsorship of EU- or Member-State-centric events. Conference sponsorship, trade-show booths, hackathons, university partnerships, and sporting sponsorships in EU Member States are treated as marketing presence regardless of whether the activity itself contains a sign-up link. Footnote 3 of the Guidelines clarifies that sponsoring an international competition in which Member State teams or athletes happen to compete also counts as solicitation.
• EU-based influencers. Paid or affiliate relationships with influencers domiciled or operating in EU Member States. Remuneration is a strong indication but not necessary; the test runs through the influencer’s audience and content, not the third-country firm’s contracting party (Guidelines paragraph 20).
• Affiliate or referral programmes that direct EU traffic. Revenue-share arrangements, click-tracking pixels, deep-link landing pages, and any infrastructure that routes EU users into the third-country firm’s onboarding flow. The architecture is what is scrutinised, not the wording of the affiliate agreement.
• App-store availability in EU Member States. Listing of the firm’s mobile application in EU app stores is itself a solicitation indicator. Withdrawal from EU app stores is part of the precautionary geo-block recommended by Guidelines paragraph 16 for firms in doubt.
• Push notifications and cross-selling. Notifications to existing reverse-solicited clients that direct attention to trending crypto-assets, new products, or temporary promotions are explicit Annex examples of conduct that defeats the exemption, including where the new product is of the same type.
• Bundling. Offering a package of bundled crypto-asset services in response to a client’s request for a single specific service defeats the “same type” analysis under Guideline 4.
• EU-regulated intermediary redirection. An EU credit institution, investment firm or payment service provider may not redirect clients to a third-country firm’s crypto-asset services, whether or not the third-country firm is part of the same group (Guidelines paragraph 22).

Why “Carve-Out” Is the Wrong Word

A carve-out implies a class of activity that sits outside the regulation entirely: free to be scaled, free to be marketed, free to be operationalised as a standing business line. Article 61 is engineered to be none of these things.

The drafting language ties the exception to a single client’s exclusive initiative; Article 61(2) prohibits the firm from using that initiative to market new types of crypto-assets or services to the same client; ESMA’s Guidelines tighten the exception with a non-exhaustive list of solicitation indicators and a time element on same-type marketing; and the default Article 59 authorisation requirement applies to everything that does not fit inside the narrow exception.

Unlike a tax carve-out, which is structural and exploitable as such, Article 61 is a permission of last resort for genuinely unsolicited contacts. Treating it as a market-entry route is the single most common compliance error in the third-country crypto-asset services space.^[2]

The Time Limit and the Same-Type Rule

The most commonly misunderstood feature of MiCA Article 61 is the so-called “one-month rule.” The one-month period referenced in ESMA’s Guideline 3 paragraph 27 is not a ceiling on the service relationship itself. It is an illustrative time element on the marketing of further transactions or further crypto-assets to a client who has already been reverse-solicited.^[1][2] The original service relationship that flows from the client’s exclusive initiative can continue without a CASP authorisation. What changes after the relevant period has elapsed is that the firm can no longer treat further marketing to the same client as being at the client’s exclusive initiative.

What ESMA Actually Says

Guideline 3 paragraph 27 is the source of the “one month” framing. The text reads: For instance, if the client contacts the third-country firm to buy crypto-asset X, the firm may, at this point in time, market to the clients crypto-assets of the same type. However, the third-country firm would not be entitled to market further crypto-asset X transactions or transactions in similar crypto-assets to the client a month later.^[1] The word “market” is operative: what is constrained after the relevant time has elapsed is the marketing activity, not the service that was already initiated.

ESMA further clarified the position in Final Report paragraph 50: the time limit explicated in Guideline 3 only applies to the marketing of new crypto-assets and crypto-asset services that are of the same type as the crypto-asset or crypto-asset service initially requested by the client at its own exclusive initiative. It thus does not apply to the relationship resulting from the provision of the crypto-asset service initiated at the own exclusive initiative of the client.^[2]

Final Report paragraph 47 records ESMA’s deliberate refusal to fix a numeric ceiling: it is however not possible or desirable to provide a set time limit, because the relevant time limit will depend on the specific circumstances of each case.^[2]

The Two-Limb Test for Further Marketing

After the original reverse-solicited contact, any further marketing by the third-country firm to that client must clear both of the following:

• The type limb (Article 61(2)). Marketing of new types of crypto-assets or crypto-asset services to the client is prohibited at all times. Final Report footnote 10 is explicit: Other types of crypto-assets or crypto-asset services cannot be marketed at all to the client on the basis of Article 61 of MiCA, even during a short period of time following the solicitation by the client.^[2]
• The time limb (Guidelines paragraphs 25–28). Marketing of the same type of crypto-asset or service is permitted only in the context of the original transaction. Once material time has elapsed, the contact can no longer plausibly be characterised as at the client’s exclusive initiative; ESMA uses one month as an illustration but expressly declines to fix the period.

Determining “Same Type”

Guideline 4 paragraph 30 requires the firm to assess whether two crypto-assets or two crypto-asset services are of the same type on a case-by-case basis, taking into account elements such as (i) the category of the crypto-asset or crypto-asset service or activity offered and (ii) the risks attached to each crypto-asset or crypto-asset service or activity.^[1]

Guideline 4 paragraph 32 sets out a non-exhaustive list of pairs that are not of the same type:

• Utility tokens vs asset-referenced tokens vs electronic money tokens.
• Crypto-assets not stored or transferred using the same technology.
• E-money tokens not referencing the same official currency.
• Asset-referenced tokens based mostly on fiat currencies vs those with significant crypto-currency ponderations.
• Liquid vs illiquid crypto-assets.
• Crypto-assets other than ARTs and EMTs with non-identifiable offerors vs those with identifiable offerors.

Guideline 4 paragraph 31 reminds firms that the categorisation must be granular enough to ensure that the reverse solicitation exemption cannot be used to circumvent the authorisation requirements under Article 59 of MiCA.^[1]

Documentation and Burden of Proof

The firm bears the burden of evidencing that each client’s contact was at their own exclusive initiative. Guideline 3 paragraph 28 requires that third-country firms should be able to provide records tracking the relationship with the client and, in particular, whether the client has taken the initiative to receive crypto-asset services with respect to a new product.^[1] Article 61(1) third subparagraph (level 1) is unambiguous that the prohibition on solicitation shall apply notwithstanding any contractual clause or disclaimer purporting to state otherwise.^[3] A signed client declaration is useful but insufficient on its own; the surrounding factual record (website state at the time of contact, geo-block evidence, channels through which the client arrived) determines whether the exclusive-initiative test is met.

The Precautionary Geo-Block

Guidelines paragraph 16 provides what is, in practice, the most useful operational guidance for firms wanting a clean position: A third-country firm in doubt about whether it is soliciting EU clients may, for instance, not accept any new EU clients’ accounts or geo-block the means of access to its crypto-asset services or activities.^[1] Footnote 4 of the Guidelines specifies that geo-blocking includes blocking IP addresses originating in the EU and not making the mobile application available in EU app stores. Geo-blocking is not a defence to past conduct but it is a credible forward-looking posture, particularly when paired with a documented internal policy.

ESMA Guidelines on Reverse Solicitation (February 2025)

The operative ESMA instrument is the Guidelines on reverse solicitation under MiCA (ESMA35-1872330276-2030), published 26 February 2025.^[1] The applicable-from date is 27 April 2025 (60 calendar days after publication of all official translations); the NCA notify-by date was 26 April 2025. The antecedent Final Report (ESMA35-1872330276-1899), published 17 December 2024, is the drafting history; it is not the operative instrument.^[2]

What the Guidelines Do

The Guidelines have three substantive functions. First, they set out an illustrative, non-exhaustive list of solicitation indicators that defeat the Article 61 exemption (see §Why the Exemption Is Narrow). Second, they articulate the time element and the same-type rule on further marketing to a reverse-solicited client, sitting alongside the Article 61(2) statutory prohibition on marketing new types of crypto-assets or crypto-asset services to that client (see §The Time Limit and the Same-Type Rule). Third, they instruct NCAs on convergent enforcement practice: investigative pattern, documentation expectations, and the burden of proof that sits on the third-country firm asserting reliance on Article 61. The Guidelines bind NCAs through the ESMA peer-review framework under Article 30 of Regulation (EU) No 1095/2010; they bind third-country firms indirectly through NCA enforcement.^[7]

Final Report vs. Guidelines: The Citation Trap

ESMA’s instrument-publication pattern typically runs in two steps: a Final Report concluding consultation (containing the recommended text in an annex) and, weeks or months later, the operative instrument with a different document ID and a separate publication date. Both publications are real and quotable, but they are distinct artefacts with distinct legal status. For reverse solicitation, the Final Report is ESMA35-1872330276-1899 (17 December 2024) and the Guidelines are ESMA35-1872330276-2030 (26 February 2025). The correct citation when describing the live regime is the Guidelines.^[1][2] The Final Report retains substantive value for two purposes: it contains ESMA’s reasoning on contentious provisions in the consultation feedback, and paragraphs 46 to 51 are the clearest articulation of how the time limit on further marketing actually operates, material that is not repeated in the operative Guidelines.

Applicability Date vs. Publication Date

The publication date (when the operative instrument was issued) is 26 February 2025. The applicable-from date (when compliance is required) is 27 April 2025, computed as 60 calendar days after publication of all official translations. Use the publication date when citing the Guidelines as a regulatory artefact; use the applicable-from date when describing when the regime began to bite. The NCA notify-by date of 26 April 2025 is the deadline by which NCAs notified ESMA of their intention to comply, partially comply, or not comply with the Guidelines under the ESMA peer-review framework.^[7]

Why Reverse Solicitation Cannot Be a Market-Entry Strategy

The combination of the non-exhaustive list of solicitation indicators and the Article 61(2) prohibition on marketing new types of crypto-assets or services to a reverse-solicited client makes Article 61 structurally unsuitable as a market-entry strategy for any third-country crypto-asset firm intending sustained EU-client business. The drafting is engineered to prevent that use.

The Offshore-Operator Implication

For an operator licensed in an offshore jurisdiction (BVI, Cayman, Bermuda, Saint Kitts, Saint Lucia, the Marshall Islands, Vanuatu, Comoros) the practical implication is that the offshore licence does not, on its own, provide a route to recurring EU-client business. The reverse-solicitation framing tolerates isolated unsolicited contacts within a strict time cap; it does not tolerate a recurring book of EU clients served from a third-country entity. An offshore VASP registration remains commercially valuable for non-EU client bases, token-issuance vehicles, holding structures, and fund domiciliation; but the EU client base must run through a separately authorised EU or EEA CASP.^[8]

What Goes Wrong When Firms Treat Article 61 as a Strategy

The pattern observed in NCA enforcement actions is consistent. A third-country firm onboards EU clients off a translated landing page or an affiliate funnel, books the relationships under an “Article 61” classification, and uses the relationship to market further crypto-assets or new services to those clients. The NCA investigation then runs through the website, the marketing copy, the social-media presence, the influencer partnerships and the affiliate architecture. Each of those is matched to the solicitation indicators in the ESMA Guidelines, and the further-marketing pattern is matched to Article 61(2). The firm’s assertion that the clients initiated contact at their own exclusive initiative collapses under the weight of the surrounding marketing context.

Penalties for unauthorised provision of crypto-asset services in the Union are governed by MiCA Article 111: minimum-maximum administrative pecuniary sanctions are at least EUR 5 million for legal persons and at least EUR 700,000 for natural persons for breaches of the Article 59 authorisation requirement. Member States may set higher penalties under Article 111(6); criminal sanctions apply in several Member States.^[3][9]

National Competent Authority Enforcement Patterns

Article 61 enforcement runs through the national competent authority (NCA) in each Member State, with ESMA’s peer-review framework under Article 30 of Regulation (EU) No 1095/2010 providing convergence pressure across the Union.^[7] The investigative pattern is consistent across jurisdictions; the procedural pathways differ.

The Investigative Pattern

The standard NCA evidence chain follows a fixed sequence. First, the firm’s website is reviewed for language coverage, ccTLD use, and EU-Member-State references. Second, the firm’s marketing copy is reviewed for EU references, EU language, and EU-targeted creative. Third, the firm’s social-media activity and influencer relationships are reviewed for EU audience targeting. Fourth, sponsorships, conference presence, hackathons, and trade-show booths are checked. Fifth, the affiliate and referral architecture is traced (tracking pixels, deep-link parameters, revenue-share agreements). Sixth, the timing of client onboarding flows is compared with the firm’s marketing calendar. Only after this evidence chain is assembled does the NCA assess whether the EU client’s contact was genuinely at their own exclusive initiative.

Member-State Enforcement Patterns

• France AMF. Formally aligned with the ESMA reverse-solicitation Guidelines in May 2025 (as one of six sets of ESA guidelines under MiCA). The AMF’s unauthorised providers list includes crypto-asset firms whose websites contain French-language content or are accessible at French ccTLDs.^[10] AMF practice has been to treat marketing presence on French-targeted channels as decisive; an April 2021 Enforcement Committee decision under MiFID II established that a firm cannot rely on pre-drafted client declarations to manufacture reverse-solicited status.
• Luxembourg CSSF. The CSSF’s warning regime for unauthorised providers covers crypto-asset firms whose EU activity is structured around Article 61 claims; the CSSF publishes case-specific warnings on its official warnings list.^[11]
• Germany BaFin. Competent authority under the German Crypto-Markets Supervision Act (KMAG), part of the Financial Market Digitalisation Act (FinmadiG) adopted 18 December 2024. BaFin’s long-standing enforcement against unauthorised provision of investment services translates directly into the crypto-asset regulatory perimeter; the BaFin consumer warnings list includes crypto-asset firms whose conduct falls outside Article 61.^[12]
• Italy CONSOB. The most visible enforcer in the Union. Under Article 7-octies of Legislative Decree No 58/1998 (the Italian Consolidated Law on Finance) combined with powers granted by Legislative Decree No 129 of 5 September 2024 (which transposed MiCAR-related powers), CONSOB has ordered the blocking of unauthorised crypto sites on a continuous basis. As of 4 May 2026, CONSOB had ordered the blocking of 1,681 websites since July 2019, of which 178 related to crypto-assets.^[15]
• Netherlands DNB. Historically the more active Dutch enforcer than the AFM. DNB has imposed administrative pecuniary sanctions on third-country crypto firms operating without registration, including EUR 2.25 million on Bybit Fintech Limited (22 October 2024) and EUR 2.25 million on Aux Cayes Fintech Co. Ltd. trading as OKX (27 May 2025).^[14]
• Cyprus CySEC. CySEC’s warning regime mirrors the others; CySEC ran a MiCA application process for existing Cyprus national-regime CASPs, with the application deadline of 27 February 2026 now past. CASPs that applied by that date may continue operating under the national regime until their application is approved, rejected, or the transitional period ends on 1 July 2026, whichever occurs first; those that did not apply are required to submit wind-down plans. The deadline has produced an active enforcement posture against third-country firms relying on Article 61.^[13]

The ESMA Peer-Review Framework

ESMA’s peer-review framework under Article 30 of Regulation (EU) No 1095/2010 binds NCAs to make every effort to comply with the Guidelines or, where they do not comply, to notify ESMA and publish the reasons.^[7] For reverse solicitation, the NCA notify-by date of 26 April 2025 required each NCA to declare its compliance intent. The convergence pressure produces a measurable consistency across NCA enforcement practice; the procedural mechanism (administrative warning, order to cease, monetary penalty, criminal referral) varies by jurisdiction but the underlying assessment of what defeats Article 61 is shared.

Compliant Alternatives to Reverse Solicitation

Four structural options exist for a third-country firm with EU-client exposure under MiCA. The first three serve sustained EU-client access without relying on Article 61; the fourth disciplines a limited, incidental Article 61 footprint where no recurring EU book exists. Each carries a different cost structure, timeline, capital requirement and risk posture; the right answer depends on the operator profile.

Option 1: EU-Incorporated CASP Authorisation

The standard solution. Form a legal entity in an EU Member State (or, conditionally, an EEA-EFTA state once national implementation of EEA Joint Committee Decision No 41/2025 takes effect), apply for CASP authorisation under Article 63 of MiCA, and passport under Article 65.^[3][5] The applicant’s central administration must align with the authorising state; pure-paper structures are not authorisable. The full Year 1 cost typically runs USD 200,000 to USD 600,000, with the spread reflecting NCA differences (Lithuania at the lower end; Germany, Ireland and France at the upper end). Malta and Cyprus sit above the middle of that band, and a realistic Malta budget of €350,000–€900,000 over a 9–18 month process can exceed it.

Capital requirements under MiCA Annex IV are tiered by service permission set:

• Class 1: EUR 50,000. Covers reception and transmission, execution, placing, advice, portfolio management, and transfer services.
• Class 2: EUR 125,000. Class 1 plus custody and administration, exchange of crypto for funds, and exchange of crypto for other crypto.
• Class 3: EUR 150,000. Class 2 plus operation of a trading platform.

Article 67(1) requires the higher of the Annex IV figure and one quarter of the firm’s fixed overheads of the preceding year. Estonia, Lithuania, Malta and Cyprus are common entry points; the choice depends on language, infrastructure, processing time, and counterparty banking access.

Option 2: EEA Passport via JCD 41/2025

For operators preferring the EEA-EFTA states, MiCA was incorporated into the EEA Agreement by EEA Joint Committee Decision No 41/2025 of 20 February 2025 (with supplementary RTS via JCD 138/2025 of 13 June 2025 covering order-book records and trading-platform transparency).^[5][6] The decisions enter into force in each EEA-EFTA state once domestic constitutional procedures are completed; the effective passport reach therefore depends on the implementation status of each state at the relevant time. The substantive requirements track MiCA; the administering NCAs are Iceland’s FME, Liechtenstein’s FMA, and Norway’s Finanstilsynet. Authorisations issued by these NCAs passport on the same Article 65 basis as EU-Member-State authorisations, subject to in-force status.

Option 3: Dual-Jurisdiction Structuring

For operators with both offshore and EU client bases, the standard structure pairs an offshore operating company (BVI, Cayman, Bermuda) with an EU CASP-authorised affiliate. The offshore entity serves non-EU clients; the EU affiliate serves EU clients via passport. The two entities sign an intercompany services agreement for any shared technology, treasury or compliance infrastructure. The structure preserves the offshore tax efficiency for non-EU client revenue while providing a fully compliant EU-client pathway.

Option 4: Limited Use of Article 61

For firms with very limited, genuinely unsolicited EU exposure, a disciplined reliance on Article 61 remains available. The conditions are restrictive: no EU-targeted marketing in any of the solicitation-indicator categories (paid placements, EU-language sites, EU ccTLDs, country sub-directories, SEO targeting, EU event sponsorship, EU-based influencers, affiliate programmes, EU app-store availability), rigorous documentation of each client’s exclusive initiative, no marketing of new types of crypto-assets or crypto-asset services to the client under Article 61(2), and same-type marketing only in the context of the original transaction. The structure is workable only for firms whose EU activity is incidental to a global business model; it does not scale to a recurring EU-client book.

Comparison of the Four Structural Options

Compare every crypto jurisdiction side by side →

How Authorities Distinguish Genuine Reverse Solicitation from Marketing

Public NCA case files and industry-counsel analyses produce a consistent pattern of how genuine reverse solicitation is distinguished from disguised marketing. The archetypes below illustrate the analytical framework without naming individual firms; the substantive distinctions hold across jurisdictions.

Archetype 1: The Genuinely Unsolicited Institutional Contact

An EU-based institutional investor reads a global research paper, identifies a specific third-country crypto-asset service that meets a portfolio requirement, and contacts the third-country firm directly via the firm’s English-only global website. The third-country firm has no EU-language sites, no EU ccTLDs, no EU influencer partnerships, no affiliate programme, no EU app-store presence, and no advertising campaigns geo-targeted to the EU. The firm provides the specific crypto-asset service requested, documents the client’s exclusive initiative, and does not market any new types of crypto-assets or services to the client under Article 61(2). Any subsequent same-type marketing happens, if at all, only in the context of the original transaction. This pattern is consistent with Article 61’s drafting intent and survives NCA scrutiny when the surrounding evidence chain is examined.

Archetype 2: The Translated Landing Page

A third-country firm operates a website at a `.com` domain with English content, but offers a language-selection toggle that reveals German, French, Italian, Spanish, and Polish versions of the marketing copy, T&Cs and KYC interface. EU clients onboard predominantly through the translated flows. The firm classifies each onboarded relationship as Article 61 on the basis that the client “clicked through” rather than being “targeted.” This pattern fails the ESMA Guidelines on the second operational trigger (EU-language websites); the language coverage is itself the solicitation, and the client’s contact cannot be characterised as exclusive initiative.

Archetype 3: The Affiliate Funnel

A third-country firm runs a global affiliate programme with revenue share. The affiliate network includes operators of EU-language crypto news sites, EU-based YouTube creators, and EU-domiciled blog publishers with tracking pixels that route EU readers into the firm’s onboarding flow under affiliate IDs. The firm classifies the resulting onboardings as Article 61. This pattern fails on the sixth operational trigger (affiliate or referral programmes that direct EU traffic); the architecture of the funnel is the solicitation, regardless of where the affiliate contract is signed.

Archetype 4: The Conference Sponsorship

A third-country firm sponsors a crypto conference in an EU Member State, sets up a booth, distributes branded merchandise and collects business cards. Two weeks later, several conference attendees email the firm to open accounts. The firm classifies the relationships as Article 61 on the basis that the clients themselves initiated the email contact. This pattern fails on the sponsorship-of-EU-events indicator; the conference sponsorship is itself the marketing presence that produced the inbound contacts. The temporal distance between sponsorship and onboarding does not break the link.

Archetype 5: The Push-Notification Cross-Sell

A third-country firm has a genuinely reverse-solicited EU client who initially contacted the firm to buy crypto-asset X. Two days after the initial transaction, the firm sends a push notification to the client’s mobile application directing the client to a list of trending crypto-assets, some of which are not of the same type as the originally requested asset. Two months later, the firm sends a further push notification encouraging the client to trade more of crypto-asset X via a temporary promotion. The first notification fails Guideline 4 (marketing of crypto-assets that are not of the same type as the original request is prohibited at all times under Article 61(2)). The second notification fails Guideline 3 (marketing of the same type of crypto-asset after material time has elapsed cannot be characterised as at the client’s exclusive initiative). Both are explicit Annex examples in the ESMA Guidelines.

The Investigative Conclusion

The four archetypes reflect the consistent NCA position: Article 61 protects the inbound enquiry that arrives in spite of a third-country firm’s presence in the EU; it does not protect the inbound enquiry that arrives because of that presence. Marketing infrastructure, in any of the six trigger categories, defeats the exception regardless of whether each individual client clicked the marketing or arrived through some other route. NCAs assess the entire EU-facing footprint, not the form of the individual onboarding event. As of May 2026, the convergence pressure from ESMA’s peer-review framework has produced a measurably consistent enforcement posture across French AMF, German BaFin, Italian CONSOB, Dutch AFM, Cypriot CySEC, and Luxembourg CSSF practice.^[7]

How Jagelski & Partners Helps

Jagelski & Partners advises third-country crypto-asset firms on whether their EU activity falls inside Article 61 and structures compliant alternatives where it does not. The work runs across the licensing, formation, and banking pillars of the firm in a single engagement.

The Three-Stage Engagement

• Stage 1: Article 61 assessment. Review of the third-country firm’s website, marketing copy, SEO posture, social-media activity, influencer relationships, sponsorships, affiliate architecture, app-store availability and post-onboarding communication patterns against ESMA’s solicitation indicators, plus a review of any same-type or new-type marketing to existing clients against the Article 61(2) prohibition and Guideline 3 time element. Output: a written assessment of whether the current EU activity is inside or outside Article 61, with a remediation plan if the activity is outside.
• Stage 2: Structural recommendation. Selection of the right compliant alternative for the operator profile: EU-incorporated CASP (which Member State, which capital class, which timeline), EEA passport via FME/FMA/Finanstilsynet, or dual-jurisdiction structure with intercompany services agreements. Output: a comparative cost and timeline model with NCA-specific application requirements.
• Stage 3: Implementation. Entity formation, application preparation, regulatory liaison, banking placement and post-authorisation compliance. The work is delivered through Jagelski & Partners’ specialist legal, regulatory and compliance partners (50+ specialists), with a single point of contact at Jagelski.

Banking Access for EU-Incorporated CASPs

An EU CASP authorisation is operationally complete only with banking. Jagelski & Partners coordinates banking placement across 90+ institutions for crypto-asset firms; the firm placed more than fourteen billion euros in client turnover across banking and EMI relationships in 2025. The placement network covers EU banks, EMIs in Lithuania, the Netherlands and Spain, offshore correspondent banks, and crypto-native rails in Switzerland, Liechtenstein, the UAE and Asia. Pre-qualified placement, no markup on institutional pricing, no onboarding fee. For most newly authorised CASPs, the banking placement runs in parallel with the application process so that operational readiness is achieved at authorisation. Banking placement across our partner network →

Frequently Asked Questions

References