The European Securities and Markets Authority (ESMA) has unveiled comprehensive guidelines requiring crypto-asset service providers to ensure their staff meet stringent knowledge and competency standards. This marks a significant step toward professionalizing the industry under Markets in Crypto-Assets (MiCA) regulation.

ESMA Proposes Strict Knowledge Standards for Crypto Service Providers

The proposed framework, released today (Monday) in a consultation paper, establishes minimum qualification requirements and mandatory continuous professional development for staff providing crypto-asset advice and information to clients.

“ESMA ESMA European Securities and Markets Authority (ESMA) is an independent Authority of the European Union that is responsible for the safety, security, and stability of the European Unions’ financial system and is charged with protecting the public. The European supervisory authority for the securities sector, ESMA was established on 1 January 2011. The European Securities and Markets Authority is an independent EU authority based in Paris. It aims to contribute to the effectiveness and stability of t European Securities and Markets Authority (ESMA) is an independent Authority of the European Union that is responsible for the safety, security, and stability of the European Unions’ financial system and is charged with protecting the public. The European supervisory authority for the securities sector, ESMA was established on 1 January 2011. The European Securities and Markets Authority is an independent EU authority based in Paris. It aims to contribute to the effectiveness and stability of t Read this Term launched a consultation on the criteria for the assessment of knowledge and competence of crypto-asset service providers’ (CASPs) staff giving information or advice on crypto-assets or crypto-asset services,” the regulator commented.

Under the proposed rules, staff providing crypto advice must complete at least 20 hours of annual professional development, while those giving information need a minimum of 10 hours. The guidelines also mandate specific qualifications and experience requirements, with advisors needing either a three-year tertiary degree plus one year of supervised experience or alternative combinations of education and practical experience.

#ESMA launched a consultation on the criteria for the assessment of knowledge and competence of crypto-asset service providers’ staff giving information or advice on #CryptoAssets or crypto-asset services.

🗓️ Send your comments by 22 April 2025 → https://t.co/9t4at6MKzf. pic.twitter.com/NFUY7IV6dZ

— ESMA - EU Securities Markets Regulator 🇪🇺 (@ESMAComms) February 17, 2025

The move comes as retail investors increasingly access crypto markets through various platforms, often with a limited understanding of the associated risks. ESMA noted that while crypto awareness has grown significantly, comprehensive knowledge among market participants remains limited.

Know Your Stuff

The guidelines distinguish between staff providing general information and those offering advice, with higher standards applied to advisory roles.

Service providers must ensure their staff understand key aspects of crypto assets, including:

• Distributed ledger technology fundamentals
• Market functioning and pricing mechanisms
• Cybersecurity Cybersecurity Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Read this Term risks and protection measures
• Regulatory frameworks and investor protection considerations
• Tax implications and cost structures

Crypto service providers will be required to assess staff competency annually and maintain detailed records for regulatory review. New staff members without required qualifications can only work under supervision for a maximum of four years.

MiCA Updates

The consultation period runs until April 22, 2025, with ESMA expected to publish final guidelines in the third quarter of 2025. The rules will become effective 60 days after publication in all official EU languages.

These requirements could significantly impact smaller crypto service providers who may struggle to meet enhanced training and supervision requirements. However, larger institutions may generally welcome the move as a step toward greater market maturity.

The guidelines complement MiCA, which became applicable for crypto-asset services in December 2024, establishing a comprehensive regulatory framework for the crypto industry in the European Union.

In January 2025 the regulator introduced stricter rules on how crypto companies handle potential conflicts of interest. The new requirements represent a fundamental shift in how these firms operate, potentially requiring them to create separate legal entities when offering services that might clash with each other. The regulations also put the spotlight on monitoring personal transactions within these companies and expand what counts as compensation.