There is one date that the European crypto industry knows well: July 1, 2026. The end of the MiCA transitional regime — the moment when all crypto-asset service providers had to hold a CASP licence in hand or stop operating within the European Union. A deadline that mobilised lawyers, compliance officers, and legal teams for months, generating dozens of articles, analyses, and webinars. A deadline that, in the end, produced 280 authorised CASPs and 29 revocations already recorded in the days immediately following it.
And then there is July 28, 2026. A date that is almost invisible in the public debate, ignored by mainstream industry media, absent from the most widely-read newsletters. Yet July 28 is not a minor deadline: it is the day on which the ESMA guidelines developed under Article 81(7) of the MiCA Regulation enter into force — the rules that require exchanges to demonstrate that their staff is competent, certified, and trained. Having the licence is no longer enough: you must prove that the people working for you know what they are doing.
This article tells that story. Who knew, who did not, who has already declared compliance, and who chose silence. And why this second deadline may matter far more than it appears to the retail users who buy and sell crypto every day on authorised European platforms.
- Date of entry into force: 28 July 2026
- Legal basis: Art. 81(7) MiCA (Reg. EU 2023/1114)
- ESMA guidelines published: 28 January 2026 (ref. ESMA35-24871704-2922)
- Staff Tier 1 (information roles): minimum 10 hours CPD per year
- Staff Tier 2 (advisory roles): minimum 20 hours CPD per year
- First NCA to declare compliance: AMF France (26 March 2026)
- CASPs in scope: all 280 authorised EU/EEA CASPs (data as of 9 July 2026, source: casptracker.eu)
- Possible sanctions: up to €15 million or 12.5% of annual turnover (Art. 111 MiCA)
July 28 is not July 1
To understand why July 28 matters, it is necessary to first understand why it is different from July 1. The two dates respond to distinct regulatory logics and produce completely different effects on the market.
July 1, 2026 marked the end of the grandfathering regime provided for by the MiCA transitional phase. In plain terms: all CASPs that had been operating under a provisional regime — authorised by their national NCA on the basis of pre-existing rules — had to complete the full authorisation process under the new European framework by that date, or cease operations. It was an existential deadline for many operators. Those without a licence, those who had not yet completed their application dossier, those who had chosen to withdraw their application (as Binance did with Greece) had to come to terms with the impossibility of operating legally in the EU. The result, in the days following July 1, was 29 CASP revocations already recorded and 280 active operators remaining in the field, according to data from casptracker.eu and Finray.
July 28 works differently. It is not a market access deadline — it instead concerns the conduct standards that already-authorised operators must meet. Technically, the ESMA guidelines under Article 81(7) were published on 28 January 2026, and the rule provides for a six-month application period from publication. The calculation is straightforward: 28 January plus six months equals 28 July 2026. From that day, all authorised CASPs are required to comply with the staff knowledge and competence requirements established by ESMA. Not as a recommendation. As a legal obligation.
The near-total silence of the media regarding this second deadline is striking. In the weeks leading up to July 28, virtually all sector attention has been focused on the aftermath of July 1 — who lost their licence, who left Europe, how Binance's customers will be redistributed. July 28 has remained in the shadows. Which makes this article one of the few attempts at a systematic analysis of that deadline aimed at an English-speaking audience.
What Art. 81(7) MiCA requires of exchange staff
Article 81(7) of the MiCA Regulation establishes that CASPs must ensure that staff employed in providing information or advice on crypto-assets possess the knowledge and competence necessary to fulfil their obligations. The ESMA guidelines of 28 January 2026 — the final product of a process that began with the Final Report published in July 2025 (ref. ESMA35-1872330276-2380) — translate this principle into concrete operational requirements, organised by level.
The guidelines introduce two categories of staff within scope, each with distinct requirements:
Tier 1 — Information staff. This category covers all roles that provide general information about crypto-assets without personalised recommendations: customer support, onboarding teams, commercial account managers, KYC operators, and technical support staff who explain how products work. For this staff, the minimum requirement is 10 hours of annual Continuing Professional Development (CPD). This is not a one-off course: it is a mandatory annual update, certified and documented.
Tier 2 — Advisory staff. This category includes professionals who provide personalised recommendations on specific crypto-assets, manage portfolios on behalf of clients, or provide structured investment advice on crypto matters. For these roles, the requirement rises to 20 hours of annual CPD — double the Tier 1 requirement — reflecting the greater responsibility towards the end user.
But perhaps the most demanding aspect of the guidelines is not the training hours themselves: it is the mandatory documentation that every CASP must maintain for every single individual in scope. The ESMA guidelines specify that each person within the scope of the rule must have an individual record that includes:
- An initial competence assessment at the time of hiring or assignment to the role
- The completed certified training module, identifying the provider and date
- Assessment results with the passing score
- Documentation of mandatory annual updates
- Evidence of supervision during the initial months in the role
- A complete individual record, available on demand for the NCA supervisor in the event of an inspection
This is the aspect that makes July 28 an operationally heavy deadline, particularly for medium-to-large CASPs with hundreds or thousands of staff in scope. Building an individual training tracking system, certifying it, keeping it updated, and making it available upon regulatory request is not something that can be done in a week. It is a compliance infrastructure that requires months of design, implementation, and testing.
Methodological note: The ESMA guidelines do not specify a closed list of approved training providers. However, CPD hours must be delivered through structured programmes with a certified final assessment. Internally produced courses without external assessment may not be considered sufficient by NCAs during inspection.
What this means for you as a user
July 28, 2026 is a regulatory compliance date. But its concrete implications for the end user are more tangible than they might initially appear.
The starting point is this: when you contact the customer support team of your European exchange — for a problem with a bank transfer, to understand how staking works, to ask questions about a product — you are interacting with staff who, from July 28, must have certified competencies in crypto-assets. Not generic, not self-declared: certified, documented, updated at least 10 hours per year. If you receive incorrect information about a crypto product, and it later emerges that the operator had not completed mandatory training, the exchange is exposed not only to reputational criticism but to formal regulatory sanctions.
Even more relevant for users of advisory or portfolio management services: the advisor who recommends a specific crypto-asset to you, or who manages your portfolio on a discretionary basis, must have at least 20 hours of certified annual training. This is a requirement similar to those that have existed for decades for traditional financial advisers. MiCA is extending it to the crypto world.
There is a very simple question you can put to your exchange: "Are you compliant with the ESMA guidelines of 28 July 2026 under Article 81(7) of MiCA?" If the person you are speaking to does not know what you are talking about, that is a signal. Not necessarily that the exchange is non-compliant — it may simply be that the person handling your ticket is not the one managing compliance. But if the response is a complete void, or an evasive answer even after escalation, there are legitimate grounds for concern.
From July 28, NCAs — the national competent authorities of individual member states — have the explicit power to request individual training records on demand. If an exchange does not have them, or has them in a non-compliant format, it risks sanctions under Article 111 of MiCA: up to €15 million or 12.5% of annual turnover, whichever figure is higher. NCAs can also suspend or revoke a CASP licence for repeated violations of conduct rules.
This is not merely a matter of bureaucratic compliance. It is concrete protection for the retail user, built on the same logic as MiFID II requirements for traditional financial advisers. The European crypto market is aligning itself with the standards of the regulated financial market — and this includes the professional quality of the people who work in it.
Who has declared readiness — and who has said nothing
The disparity between those who have communicated their position on July 28 and those who chose silence is perhaps the most revealing aspect of this story. And the picture that emerges is far from reassuring for users seeking transparency.
AMF France — compliance declared. The French Autorité des Marchés Financiers is the first NCA to have formally declared its compliance with the ESMA guidelines under Article 81(7), on 26 March 2026 — almost four months before the deadline. The AMF's official statement is explicit: "The AMF reminds that these guidelines will apply from 28 July 2026. They will apply to all authorised CASPs, whether authorised through licensing or through a notification procedure." The reference document is AMF Position DOC-2026-03. The AMF, which supervises the main CASPs authorised in France including Bitstamp, has therefore already incorporated the requirements into its inspection procedures.
CySEC Cyprus — intention to comply. The Cyprus Securities and Exchange Commission has declared that it "intends to comply" with the guidelines once its internal procedures are completed. The wording is different from the AMF's: it is not a declaration of compliance already achieved, but a formal statement of intention. Cyprus is the jurisdiction with the highest number of authorised CASPs in the EU — an NCA that is not fully operational on these requirements therefore has systemic implications.
Central Bank of Cyprus — same position. The CBC issued a statement similar to that of CySEC, indicating the intention to comply once internal procedures are completed. Two Cypriot authorities with the same wording, both still completing their internal processes just weeks before the deadline.
On the exchange side, the picture is even more opaque. Kraken has not released any public statement on this matter at the time of publication. Bitvavo, one of the Dutch exchanges most relevant to EU retail users, has not released any public statement on this matter at the time of publication. Coinbase EU, which operates through its Irish entity authorised by the Central Bank of Ireland, has not released any public statement on this matter at the time of publication. OKX and Bybit EU are in the same position: no specific public communications regarding the guidelines at the time of publication.
This does not necessarily mean that these exchanges are non-compliant. It means they have chosen not to proactively and publicly communicate their compliance. It is a legitimate choice, but it is also relevant information for users who want to assess the quality of the operator they interact with.
The investigative conclusion is this: the absence of public declarations from the vast majority of exchanges is not a trivial detail. In a regulatory framework like MiCA, where transparency towards users is explicitly required, the absence of proactive communication on a significant compliance deadline is in itself an indicator worth considering.
But there is something even more important revealed by the official ESMA Compliance Table (ESMA35-24871704-3058, published 7 July 2026): Poland and Romania are formally non-compliant by default. Not because they refused to adapt — but because no Member State has yet designated a competent authority for MiCA supervision in those countries. In plain terms: for CASPs operating in those markets, no authority exists capable of requesting training records. A systemic gap that ESMA itself has made public.
| Entity | Type | Public declaration Art. 81(7) | Status |
|---|---|---|---|
| AMF France | NCA | Yes — compliance declared on 26/03/2026 | COMPLIANT |
| BaFin Germany | NCA | Yes — compliant (source: ESMA compliance table 7/7/2026) | COMPLIANT |
| AFM Netherlands | NCA | Yes — compliant (source: ESMA compliance table 7/7/2026) | COMPLIANT |
| Central Bank of Ireland | NCA | Yes — compliant (source: ESMA compliance table 7/7/2026) | COMPLIANT |
| CONSOB Italy | NCA | Yes — compliant (source: ESMA compliance table 7/7/2026) | COMPLIANT |
| MFSA Malta | NCA | Yes — compliant (source: ESMA compliance table 7/7/2026) | COMPLIANT |
| CySEC Cyprus | NCA | Intends to comply — internal proceedings in progress | IN PROGRESS |
| Central Bank of Cyprus | NCA | Intends to comply when a relevant institution exists under the authority's supervision | IN PROGRESS |
| MNB Hungary | NCA | Intends to comply by 30 September 2026 | IN PROGRESS |
| Latvijas Banka (Latvia) | NCA | Intends to comply by 30 September 2026 | IN PROGRESS |
| Bank of Greece | NCA | Intends to comply by 31 December 2026 | IN PROGRESS |
| CNB Czech Republic | NCA | Intends to comply by 1 July 2027 | IN PROGRESS |
| Finanstilsynet Denmark | NCA | Partial compliance only — qualitative guidelines applied; national law constraints prevent full quantitative adoption | PARTIAL |
| Poland | NCA | Non-compliant by default — competent authority not yet designated by Member State | NON-COMPLIANT |
| Romania | NCA | Non-compliant by default — competent authority not yet designated by Member State | NON-COMPLIANT |
| Kraken | Exchange CASP | Has not released any public statement on this matter at the time of publication | N/A |
| Bitvavo | Exchange CASP | Has not released any public statement on this matter at the time of publication | N/A |
| Coinbase EU | Exchange CASP | Has not released any public statement on this matter at the time of publication | N/A |
| OKX | Exchange CASP | Has not released any public statement on this matter at the time of publication | N/A |
| Bybit EU | Exchange CASP | Has not released any public statement on this matter at the time of publication | N/A |
NCA source: ESMA Compliance Table ESMA35-24871704-3058 of 7 July 2026. Exchange data: editorial verification at time of publication. Full table: esma.europa.eu
ESMA in enforcement mode — not waiting for July 28
If the industry has ignored July 28, ESMA has not. On the contrary, the European Securities and Markets Authority has adopted a strategy that goes well beyond simply waiting for the deadline: it has chosen to apply pressure, anticipate, and multiply enforcement tools even before the date arrives.
On 7 July 2026 — nineteen days before the deadline — ESMA published the Compliance Table for the Article 81(7) guidelines. The Compliance Table is a document that maps the position of each NCA in relation to the guidelines: who has declared compliance, who has declared an intention to comply, and who has not responded. It is a highly effective instrument of political pressure: non-compliant NCAs are publicly exposed, with their name and position, before the entire European regulatory community. Publishing the Compliance Table nineteen days before the deadline is a deliberate move: it is not post-deadline information, it is a formal and public prompt to those still lagging behind.
On 8 July 2026 — one day later — ESMA raised the stakes further by announcing the launch of a Common Supervisory Action (CSA) on the digital operational resilience of CASPs. The exercise focuses specifically on custody services — DLT governance, cryptographic key management, incident detection systems, and smart contract risks. The CSA is a coordinated European exercise that will run from H2 2026 through H1 2027, with a final report expected in the second half of 2027.
On 8 July 2026, ESMA launched the Common Supervisory Action (CSA) on the digital operational resilience of CASPs for custody services — DLT governance, key management, incident detection, smart contract risks. Exercise H2 2026 → H1 2027. Source: esma.europa.eu/press-news/esma-news/esma-launches-common-supervisory-action-casps-digital-operational-resilience
The message that emerges from these two consecutive moves is clear: ESMA is not in wait-and-see mode. It is in active enforcement mode, and it is demonstrating this by anticipating deadlines, making NCA positions public, and launching coordinated supervision exercises that will cover the entire sector over the next twelve months.
There is a precedent worth citing to understand the direction of travel. In July 2025, ESMA conducted a peer review of the Malta Financial Services Authority (MFSA) in relation to the supervision of Maltese CASPs. The peer review — without naming the specific CASPs examined — raised "concerns about governance, ICT, and AML at at least one unnamed CASP." This is evidence that formal compliance — having the licence, having the documents — is not sufficient. ESMA looks at the substance of supervision, the quality of local enforcement, and the real effectiveness of the measures adopted by operators.
In this context, July 28 is not a finish line to be crossed with a press release. It is the beginning of an ongoing supervision regime in which NCAs will be able to request training records on demand, in which the Compliance Table is updated and public, and in which ESMA can launch CSA exercises in any area deemed critical. Those who had wagered that MiCA was simply a matter of "getting the licence and then seeing" may find 2027 more complicated than expected.
The broader context: why staff quality matters for EU crypto users
It is worth stepping back for a moment to understand why Article 81(7) exists at all — and why it matters for ordinary investors.
The history of retail crypto investing in Europe has been marked by a persistent information asymmetry. Platforms could hire staff with no financial background, no formal training, and no obligation to keep their knowledge current. A customer support agent at a European crypto exchange in 2021 could field questions about yield farming, staking derivatives, and leveraged products without ever having passed a single assessed course on any of those topics. The consequences of bad information — or worse, misinformation — fell entirely on the user.
MiCA's staff knowledge rules draw a direct parallel with the MiFID II framework that has governed traditional investment advice in the EU since 2018. Under MiFID II, investment advisers must demonstrate ongoing competence through structured CPD, assessed modules, and verifiable records. The same logic is now being applied to the crypto sector — not because regulators want to make life difficult for exchanges, but because the products being sold carry real financial risk and users deserve qualified guidance.
The 10-hour and 20-hour CPD thresholds may sound modest. But consider what they imply at scale. An exchange with 500 staff members across customer support, onboarding, and advisory functions needs to design, deliver, document, and audit training programmes for all of them — every year. It needs a training management system. It needs assessment tools. It needs records that are exportable and NCA-ready. For a startup CASP that obtained its licence with a lean team, this infrastructure represents a meaningful compliance investment that cannot be deferred indefinitely.
The July 28 deadline is therefore not just a bureaucratic milestone. It is a structural shift in how European crypto operators must think about human capital. Knowledge and competence are no longer optional features — they are regulatory infrastructure, as essential as capital adequacy or AML controls.
Frequently asked questions
Does the July 28, 2026 deadline apply to all EU exchanges?
Yes — the ESMA guidelines under Article 81(7) apply to all 280 CASPs authorised in the EU and the European Economic Area, both those that have obtained a full CASP licence through the standard process and those that have obtained authorisation through the notification procedure (European passport). There are no exemptions based on operator size, user volume, country of authorisation, or type of services offered. A small exchange authorised in Estonia is subject to the same obligations as a large operator authorised in France or Ireland.
What are the risks for a non-compliant exchange after July 28?
The applicable sanctions are those provided for by Article 111 of the MiCA Regulation for violations of conduct rules. The maximum amount of the administrative pecuniary penalty is the greater of €15 million and 12.5% of the operator's total annual turnover in the preceding financial year. This means that for an exchange with significant turnover, the penalty could substantially exceed €15 million. In addition to financial penalties, NCAs have the power to temporarily suspend the CASP authorisation, impose corrective measures with specific deadlines, or in the most serious cases permanently revoke the licence. Revocation of the CASP licence means the operator cannot legally conduct business across the entire European single market.
How can I find out if my exchange is compliant?
There is currently no centralised public register showing which CASPs have completed staff training under the Article 81(7) guidelines — this is internal documentation that each operator must maintain and make available upon request from their NCA. The most direct route is to ask your exchange explicitly, preferably via a written channel (email or support ticket): "Is the company compliant with the ESMA guidelines under Article 81(7) MiCA that entered into force on 28 July 2026? Is a formal statement available on this?" From July 28, NCAs can request records on demand: serious exchanges should be able to answer this question without difficulty. The practical advice is to favour exchanges operating under NCAs with a proven enforcement track record: AMF France, BaFin Germany, AFM Netherlands, Central Bank of Ireland. It is not an absolute guarantee, but it is a meaningful quality indicator for the level of supervision.
Conclusion: the second deadline opens phase two
July 28, 2026 does not close the MiCA cycle: it opens a new phase. The first deadline — July 1 — decided who can operate in the European single market for crypto-assets. The second deadline — July 28 — begins to define how. And the difference between those two questions is enormous.
Having a licence means having passed an authorisation process, having submitted documents, having demonstrated to an NCA that you possess the organisational and financial requirements to operate. It is a necessary condition, but not a sufficient one. Having qualified, certified, up-to-date staff tracked in an individually verifiable record — that is something different. It is the difference between the form and the substance of compliance.
The European crypto market has spent years in which "regulated wild west" was an accurate description: operators of every quality could operate freely, staff could say anything without consequences, and protections for retail users were minimal or non-existent. MiCA is changing this situation progressively, deadline by deadline. July 28 is a concrete step in that direction.
One question remains open, and we leave it to you as the reader: has your exchange ever informed you of this obligation?
If the answer is no, it may be worth asking why. And if the answer turns out to be "we don't know what you're talking about," you may already have the answer to the question that really counts: how seriously does your exchange intend to take the rules it agreed to follow when it obtained its MiCA licence.
Further reading: Read our investigation into MiCA July 1 D-Day — what really happened on the day of the deadline. Also consult our MiCA CASP compliance guide for a full breakdown of obligations, and the constantly updated authorized CASP exchanges list.
Sources
- ESMA Guidelines Art. 81(7) MiCA — Criteria for the assessment of knowledge and competence of CASP staff (28/01/2026): ESMA35-24871704-2922
- ESMA Final Report on MiCA Guidelines on knowledge and competence (07/2025): ESMA35-1872330276-2380
- AMF France — compliance declaration (26/03/2026), AMF Position DOC-2026-03: amf-france.org
- ESMA Compliance Table — Guidelines Art. 81(7) MiCA, ESMA35-24871704-3058 (07/07/2026): esma.europa.eu
- ESMA Common Supervisory Action — Digital operational resilience of CASPs, custody (08/07/2026): esma.europa.eu
- casptracker.eu — Register of authorised EU/EEA CASPs (data as of 9 July 2026): casptracker.eu
- MiCA Regulation Art. 81(7) and Art. 111 — Reg. EU 2023/1114, Official Journal of the European Union