Bybit Global vs Bybit EU: what the MiCA register says, and what the bybit.com sign-up flow actually does

What the regulator says

The Austrian Financial Market Authority (FMA) granted Bybit EU GmbH (commercial register number FN 636180i, registered office Donau-City-Straße 7, 1220 Vienna) authorisation as a Crypto-Asset Service Provider under Article 63 of Regulation (EU) 2023/1114 on 28 May 2025. The FMA's public release dated 30 May 2025 confirms the decision.

The ESMA Register of Crypto-Asset Service Providers lists the entity with LEI 5299005V5GBSN2A4C303, and records five authorised services: custody and administration of crypto-assets on behalf of clients (Article 3(1)(16)(a)), exchange of crypto-assets for funds (c), exchange of crypto-assets for other crypto-assets (d), placing of crypto-assets (f), and providing transfer services for crypto-assets on behalf of clients (j). The authorisation is passported to all 29 other EEA member states.

What the authorisation does not cover is significant. Operation of a trading platform (b), execution of orders (e), reception and transmission of orders (g), advice (h), and portfolio management (i) are absent. Derivatives - including the perpetual futures product that constitutes the bulk of bybit.com's global trading volume - fall outside MiCAR entirely and would require a separate MiFID II authorisation. On 5 September 2025, Bybit confirmed via PR Newswire that a separate entity, Bybit X GmbH, is pursuing a MiFID II licence for that purpose.

What Bybit's own materials promise

The migration plan was set out in a Bybit announcement dated 2 June 2025 and reproduced in the Bybit Learn primer:

"New EEA users can no longer onboard on to Bybit Global, but they can pre-register on www.bybit.eu where interested. From Jul 1, 2025, all eligible EEA users can onboard through www.bybit.eu, our fully licensed European platform."

The plan reads as a textbook MiCA hub-and-passport implementation: an unlicensed global entity ceases offering services to EEA users, a licensed EEA subsidiary takes over the European book, and the rest of the world continues to use the global platform. This is the same shape adopted by OKX (authorised in Malta, January 2025), Kraken (authorised in Ireland, June 2025), Coinbase (authorised in Luxembourg, June 2025), and Crypto.com (authorised in Malta, January 2025).

What the on-page reality shows

Between the public commitment and the operational implementation, there is a gap.

On 12 May 2026 - 50 days before MiCA's hard enforcement deadline of 1 July 2026 - direct page captures of bybit.com via Firecrawl, using egress IPs in Germany, the Netherlands and France, produced the following observations:

• The bybit.com homepage renders the full global product nav for a German IP, including perpetual futures, options, copy-trading and other MiCAR-out-of-scope services. There is no banner redirecting the visitor to bybit.eu.
• The default sign-up page at bybit.com/en/register renders for a German IP and prompts the visitor to choose a country.
• For a Dutch IP, the same page renders a soft message: "We regret to inform you that our services are not available for access in your region." This is a message, not a redirect.
• The default Terms of Service link from the registration page resolves to a document authored by BybitVirtualAssetPlatformOperator - L.L.C. - S.P.C, a Dubai entity regulated by the Virtual Asset Regulatory Authority. The document was last updated 23 January 2026, post-dating the EU migration policy.
• The Service Restricted Countries page, last updated 7 May 2026, lists 15 restricted jurisdictions, none of which is an EEA member state.

The footer of bybit.com's English/European-coded landing page (en-EU) reads: "Globally regulated - Licensed in Vienna, Cyprus, Dubai & more key markets." The Vienna licence belongs to Bybit EU GmbH, a sibling legal entity that - according to its own Imprint - does not operate bybit.com.

The French exception

France is the one EEA member state where the migration has been executed in a publicly verifiable way, and the form of that execution is itself instructive. The Addendum to Terms of Service - French Users, governed by Bybit Technology Limited and last updated 16 January 2026, states:

"To fulfill the French regulatory standards and in compliance with the request from the French Financial Markets Authority, Autorité des Marchés Financiers ('AMF') to discontinue our services to French Users, the remaining assets in the French Users' Accounts will be transferred to an AMF-regulated crypto asset service provider in France, Coinhouse SAS ('Coinhouse')."

French user assets are not being transferred to Bybit EU GmbH but to a competitor. The AMF's own white-list entry for Bybit EU GmbH, dated 28 May 2025, records the entity as passported into France under freedom of services, so the AMF does recognise the Austrian authorisation. Why French legacy users are being routed to Coinhouse rather than to Bybit EU is not explained in any public Bybit document we could find as of 12 May 2026. This is the strongest signal in the public record that the migration is not a clean transfer of EEA users to the licensed European entity.

The reverse-solicitation question

MiCA Article 61 preserves a narrow "reverse solicitation" exception: a third-country firm may serve an EU client whose relationship was initiated exclusively at the client's own initiative. ESMA's Final Report on Guidelines on Reverse Solicitation, published 17 December 2024, interprets that exception narrowly. The Guidelines (ESMA35-1872330276-1899) state that virtually any form of solicitation, advertising, or promotion that reaches EU clients defeats the exception.

The relevance for Bybit is procedural. From 1 July 2026 onwards, an EEA-resident user who reaches bybit.com and signs a contract with BybitVirtualAssetPlatformOperator - the Dubai entity - is in a relationship that ESMA's Guidelines would scrutinise. The defence "the user initiated this entirely on their own" is harder to make if the global site is reachable from EEA IPs, presents EEA-language defaults, and does not redirect to the licensed European platform.

Two things this article is not

It is not an accusation that Bybit is operating illegally in the EEA. The licence is real. The Austrian regulator has authorised the entity. Migration of legacy users is in progress. The transitional period under Article 143 MiCAR runs until 1 July 2026, and many of the structural choices visible today may resolve before that date.

It is also not a claim that Bybit's situation is unique. Every major exchange running both a global and a European entity faces the same operational tension. Binance, with no MiCA authorisation at all, faces a sharper version of the problem. The pattern visible at Bybit - licensed EEA subsidiary, unlicensed global platform, incomplete operational separation - is the pattern the regulatory model creates. The interesting question is which operators close the operational gap by 1 July 2026, and which do not.

What we are watching

1. The bybit.com sign-up flow for EEA IPs. Will registration from German, Italian, Spanish, Polish IPs be hard-blocked by 1 July 2026, or will the soft Dutch-style message remain the only friction?
2. The default Terms of Service entity on bybit.com. Will the BVAPO Dubai contract continue to be the default ToS shown to EEA-language visitors after 1 July 2026?
3. Derivatives access for EEA users. Bybit's MiCAR authorisation does not cover derivatives. Bybit X GmbH's MiFID II application is pending. What product offering will EEA-classified users have access to between 1 July 2026 and the MiFID II decision?
4. The Coinhouse precedent. Will any other national regulator follow the AMF in declining to accept Bybit EU GmbH as the receiving entity for legacy users from their jurisdiction?

We will update this article when the public record changes. Email corrections@thecryptoregister.com with primary-source evidence of any factual error.