Select Page
Understanding Tokenisation and Its Regulatory Aspects

Introduction

Tokenisation refers to the process of converting ownership rights or physical assets into digital tokens that are stored and managed on a blockchain. In simple words, tokenisation is the process of creating a digital token that represents a real-world asset (tangible and intangible). These tokens are stored on a blockchain, a secure and transparent digital ledger, and can be used to divide ownership of assets into smaller, tradeable units. By transforming assets into digital tokens, tokenisation makes it easier to buy, sell, or transfer ownership, even across borders, without relying on traditional intermediaries.

Tokenisation offers several key benefits that are transforming how assets are owned and traded. One major advantage is increased liquidity. By dividing assets into smaller, tradeable units, tokenisation allows more people to participate in the market, boosting activity and making it easier to buy or sell these assets. Another benefit is fractional ownership, which lets investors purchase small portions of high-value assets like real estate or artwork. This lowers entry barriers and opens up investment opportunities to a broader audience, making it more inclusive. Additionally, blockchain technology enhances transparency by recording all transactions in a clear and tamper-proof manner. This ensures accurate ownership records and reduces the chances of disputes, building trust among investors and participants.

Key Characteristics

  • Digital Representation: Tokens are digital identifiers that represent ownership or rights to an asset. Depending on the type of asset being tokenised, tokens can either be fungible, like cryptocurrencies that are interchangeable, or non-fungible, like unique digital art pieces or collectibles.
  • Blockchain Storage: These tokens are stored securely on a blockchain, which acts as a transparent and tamper-proof ledger. The decentralised nature of blockchain ensures that all transactions are verifiable and highly resistant to manipulation or fraud.
  • Smart Contracts: Tokenisation often uses smart contracts, which are self-executing programs with the terms of the agreement written directly into code. These contracts automate processes such as transferring ownership or conducting compliance checks, making the system more efficient while reducing administrative costs.

Applications of Tokenisation

Imagine owning a high-value asset like a skyscraper. Instead of requiring a single buyer to purchase the entire building, tokenisation divides ownership into digital tokens, each representing a fraction of the property. These tokens can then be traded on blockchain platforms, enabling broader participation in asset ownership.

For instance:

  • Real Estate: Companies like RealT have tokenised U.S. luxury apartments, allowing investors to own fractional shares and earn rental income proportional to their holdings.
  • Art and Collectibles: High-value artworks, such as Andy Warhol paintings, have been tokenised to democratise access to the art market.
  • Precious Metals and Carbon Credits: Tokenised gold offers a way to invest in precious metals, while carbon credit tokens facilitate sustainability efforts.
  • Sports and Finance: Fans can invest in players’ future earnings, while financial institutions use tokenisation to enhance the efficiency of trading bonds and stocks.
  • Financial Instruments: Stocks, bonds, and other securities can be represented as tokens on a blockchain, facilitating easier trading and settlement processes.
  • Intellectual Property: Rights to intellectual property can also be tokenised, allowing creators to monetise their work more effectively while maintaining control over their assets.

How Tokenisation Works

Tokenisation fundamentally transforms how physical and intangible assets are represented and managed in the digital economy. By converting ownership rights into digital tokens recorded on a blockchain, opening up broader access to investment, simplifying trading processes, and redefining ownership structures. Tokenisation involves several key steps:

  1. Asset Identification: The first step in tokenisation is identifying the asset to be tokenised. This could range from real estate, art, and commodities to financial instruments like stocks and bonds.
  2. Creating Digital Tokens: The ownership rights of the asset are converted into digital tokens, each representing a fraction of the asset. These tokens enable fractional ownership, meaning multiple investors can own a share of the asset.

During this step, two key elements are addressed:

  • Token Standards: The appropriate token standard is chosen based on the asset type and intended use. For example, ERC-20 is commonly used for fungible tokens (e.g., cryptocurrencies or shares), while ERC-721 and ERC-1155 are popular standards for non-fungible tokens (e.g., unique art pieces or collectibles).
  • Token Minting: Once the standards are defined, the tokens are “minted,” which means they are created and deployed on a blockchain platform. This step finalises the digital representation of the asset and makes it ready for use in transactions.

There are two main types of tokens here, serving different purposes:

  • Fungible Tokens: These are interchangeable tokens that represent a specific quantity of an asset, like cryptocurrencies (e.g., Bitcoin or Ethereum), where each unit is identical and can be exchanged for another unit without losing value. Fungible tokens are commonly used for divisible assets like shares in a company or currency.
  • Non-Fungible Tokens (NFTs): Unlike fungible tokens, NFTs are unique and cannot be exchanged on a one-to-one basis. Each NFT represents a one-of-a-kind asset, such as artwork, collectibles, or real estate. Their uniqueness is often ensured through metadata stored on the blockchain, distinguishing each token from the others.
  1. Blockchain Integration: Once the tokens are created, they are recorded on a blockchain, which acts as a secure and transparent ledger for all transactions. Blockchain technology provides several key features that are essential for tokenisation:
  • Decentralisation: Unlike traditional systems that rely on central authorities, blockchain operates on a decentralised network where multiple participants maintain copies of the ledger. This reduces the risk of fraud and ensures no single entity controls the data.
  • Immutability: Once recorded on the blockchain, transactions cannot be altered or deleted. This immutability guarantees that ownership records are permanent and verifiable.
  • Transparency: Blockchain allows all participants to view transaction histories, enhancing trust among users and ensuring accountability.
  1. Smart Contracts: Smart contracts play a crucial role in automating the processes involved in tokenisation. These self-executing contracts have terms directly written into code and are used to manage ownership transfers and enforce compliance with predefined rules. The benefits of smart contracts include:
  • Automated Execution: Smart contracts automatically execute transactions when conditions are met. For example, if a buyer purchases a tokenised asset, the smart contract can automatically transfer ownership once payment is confirmed.
  • Compliance and Governance: Smart contracts can embed rules regarding ownership transfer and legal requirements directly into the code, reducing the need for intermediaries and ensuring compliance.
  • Complex Conditions: Smart contracts can also handle complex conditions for ownership transfer, such as escrow arrangements, where funds are held until both parties meet their obligations.
  1. Trading and Liquidity: Once tokenised, assets can be traded on blockchain platforms, increasing liquidity and accessibility for investors. Tokenisation allows for 24/7 trading, unlike traditional markets that operate during limited hours. This greater liquidity enables faster transactions and broader access to global markets, making it easier for small investors to participate in high-value assets.

Token Standards

Token standards are the rules that govern how digital tokens are created, issued, and managed on blockchain networks. These standards ensure that tokens work smoothly across various platforms and applications, providing consistency and security. While most token standards were initially developed for Ethereum, many have been adopted and adapted by other blockchains:

  1. ERC-20: The Standard for Fungible Tokens

ERC-20 is the most widely used standard for creating fungible tokens on the Ethereum blockchain. Fungible tokens are identical and interchangeable, each token is equal in value and functionality to another. This standard is highly interoperable, allowing tokens to work seamlessly with various wallets and exchanges. It also comes with built-in functions, such as transfer and approve, which simplify token transfers and management. ERC-20 tokens are commonly used for utility tokens, Initial Coin Offerings, and cryptocurrencies like USDT.

  1. ERC-721: The Standard for NFTs

ERC-721 is the go-to standard for NFTs. Unlike fungible tokens, NFTs are unique and represent ownership of specific assets. Each token has a unique identifier that distinguishes it from others, making it ideal for one-of-a-kind assets like digital art or collectibles. Additionally, it supports metadata storage, allowing for the inclusion of extra details such as descriptions or images. This makes ERC-721 perfect for applications in digital art, gaming, and collectibles platforms like OpenSea.

  1. ERC-777: Enhanced Fungible Tokens

ERC-777 is an upgrade to ERC-20, offering more advanced features while maintaining compatibility with the earlier standard. It introduces a “hooks” system that allows smart contracts to respond to token transfers, enabling more complex interactions. This standard also enhances security by preventing tokens from being sent to restricted or invalid addresses. Projects requiring sophisticated token functionalities, such as automated financial tools or decentralised applications, often adopt ERC-777.

  1. ERC-1155: The Multi-Token Standard

ERC-1155 allows for creating both fungible and non-fungible tokens within a single smart contract. This standard is highly efficient, as it supports batch transfers, enabling multiple tokens to be sent in a single transaction and significantly reducing costs. Additionally, it consolidates the management of various token types into a single contract, eliminating the need for separate contracts for each token. This makes ERC-1155 particularly useful in gaming applications where both in-game currencies (fungible) and unique items (non-fungible) need to be managed.

  1. Other Blockchain Standards

While Ethereum dominates token standards, other blockchains have developed their own frameworks. BEP-20 on Binance Smart Chain mirrors ERC-20 but is tailored for Binance’s ecosystem, allowing seamless integration within its DeFi network. On the TRON network, TRC-10 provides a simpler option without requiring smart contracts, while TRC-20 offers more advanced functionalities similar to ERC-20. Solana’s SPL tokens focus on high-speed, low-cost transactions, making them ideal for high-performance decentralised applications.

History and types of Crypto Tokens in Blockchain Ecosystem

The history of crypto tokens began in 2013 with the launch of Mastercoin by J.R. Willett, marking the first Initial Coin Offering (ICO). Mastercoin introduced the idea of creating new tokens on top of Bitcoin’s network. From 2013 to 2016, the development of crypto tokens grew steadily, but it wasn’t until 2017 that the ICO market exploded, attracting massive investor interest. This rapid growth also led to scams and increased regulatory attention. By 2018, the ICO bubble burst, pushing the industry toward safer and more regulated fundraising methods. Since then, crypto tokens have evolved beyond fundraising and are now driving innovation across various industries.

Types of Crypto Tokens: A crypto token is a digital asset created within a blockchain environment, typically operating on existing blockchain platforms like Ethereum. Unlike cryptocurrencies such as Bitcoin or Ethereum, which have their own blockchain, tokens are often built on top of these established networks. Crypto tokens serve diverse purposes and can represent ownership, grant access to services, or facilitate decision-making, depending on their design. Below is an overview of key token types and their uses:

Security tokens are digital representations of ownership in assets classified as securities under applicable laws. They are subject to strict regulatory oversight, ensuring compliance with requirements such as registration, disclosures, and investor protections. Security tokens allow fractional ownership, making it possible to divide assets like real estate, stocks, or bonds into smaller, tradable units. They often provide rights similar to traditional securities, including dividends and voting rights. For example, real estate properties can be tokenised to enable multiple investors to own shares and receive rental income based on their holdings. Similarly, startups can issue security tokens during equity crowdfunding campaigns, offering ownership stakes to investors while raising capital.

Utility tokens differ from security tokens in that they do not represent ownership but instead grant access to specific products or services within a blockchain platform. These tokens are not classified as securities and derive their value from the utility they provide within their ecosystem. Utility tokens are commonly used for platform interactions, such as paying for transaction fees or unlocking premium services. For instance, users of decentralised applications may use utility tokens to access platform features or participate in governance decisions. Additionally, utility tokens can serve as rewards for users who contribute to a network, such as by validating transactions or providing liquidity.

Beyond security and utility tokens, there are other notable types of tokens with specialised roles. Stablecoins are designed to maintain a stable value by being pegged to fiat currencies like the US dollar or other assets, making them ideal for transactions and reducing the volatility typically associated with cryptocurrencies. NFTs, on the other hand, are unique digital assets representing ownership of specific items such as digital art, music, or collectibles. NFTs have gained popularity for their ability to provide verifiable ownership and authenticity of digital goods. Finally, governance tokens empower holders to participate in decision-making within decentralised organisations or platforms. These tokens often grant voting rights, allowing users to shape the platform’s future development and policies.

Cryptocurrencies vs. Crypto Tokens: Key Differences

Cryptocurrencies and crypto tokens are often confused, but they serve distinct roles in the digital ecosystem. Cryptocurrencies are digital currencies designed for payments and money transfers. Bitcoin, the first cryptocurrency, set the stage for others, known as altcoins, such as Litecoin, Bitcoin Cash, and Dogecoin. These altcoins aim to improve on Bitcoin but have not reached its level of popularity. On the other hand, crypto tokens are built on existing blockchains like Ethereum. They are not standalone currencies but serve various functions within blockchain platforms. Tokens can represent ownership in a company, offer access to specific services or products, or even be used in apps and games. Some tokens are also created for investment purposes, where users can buy, sell, or trade them. Tokens are typically introduced through Initial Coin Offerings (ICOs), a process where people invest in a project and receive tokens in return. These tokens can later be used or traded.

In summary, cryptocurrencies operate on their own blockchain and are used mainly for transactions and digital payments. Crypto tokens, however, are built on existing blockchains and can represent assets, ownership, or provide access to certain services. While tokens can be traded, they aren’t official currencies and are primarily treated as investment assets. In short, think of cryptocurrencies as digital money, while crypto tokens are versatile digital assets with many uses.

Regulatory framework for Tokenisation

European Union

The European Securities and Markets Authority (ESMA) is a key regulatory body in the EU that provides guidance on how existing financial regulations, like MiFID II and MiCA, apply to digital assets and tokenisation.  ESMA enforces transparency rules for firms dealing with security tokens and crypto-assets, requiring them to provide clear information on risks and investor rights. It sets measures to protect investors and ensure proper market conduct. ESMA also guides how to classify crypto-assets under MiFID II to determine applicable regulations. It clarifies how firms should handle reverse solicitation to comply with regulatory rules. ESMA applies a technology-neutral approach, ensuring consistent regulation for both traditional and digital financial products.

The European Union has developed an extensive regulatory framework to oversee tokenisation and digital assets. Key regulations include the following:

1. MiCA: The Markets in Crypto-Assets Regulation (MiCA) is the European Union’s comprehensive framework designed to regulate crypto-assets, including tokenised assets. It creates a single set of rules for crypto-assets across all EU countries, making it easier for businesses to comply with regulations when operating in multiple markets. It introduces clear definitions for different types of crypto-assets, such as crypto-assets in general, e-money tokens (EMTs), and asset-referenced tokens (ARTs). Crypto-assets are digital representations of value or rights that can be transferred and stored using blockchain technology. EMTs are crypto-assets backed by fiat currency and used for payments, while ARTs are tokens whose value is stabilised by referencing assets like fiat currencies, commodities, or financial instruments.

MiCA requires issuers of crypto-assets to publish a detailed whitepaper before launching their tokens. This whitepaper must explain how the token works, outline the rights attached to it, identify associated risks, and describe how the raised funds will be used. This requirement allows investors to make informed decisions. Additionally, issuers must obtain authorisation from national regulators before offering their tokens to the public. The authorisation process involves submitting detailed information about the issuer’s business model, governance structure, and risk management practices. This step ensures that only compliant entities can operate in the EU.

Specific rules apply to asset-referenced tokens under MiCA. Issuers of ARTs must hold sufficient and liquid reserves to back the tokens they issue and provide regular reports on these reserves. They must also implement systems to maintain the stability of ARTs, such as using algorithms or collateral strategies to manage price volatility. E-money tokens are similarly regulated, with requirements to issue them at par value and ensure they are redeemable at the same value upon request.

However, MiCA also presents challenges. Distinguishing between security tokens and other crypto-assets can be confusing, making compliance difficult for some issuers. While MiCA aims to harmonise rules across the EU, individual member states might interpret and apply the regulations differently, creating inconsistency. In the future, MiCA, along with frameworks like MiFID II and the DLT Pilot Regime, is expected to standardise how tokenised assets are regulated across the EU. EU initiatives like “Tokenise Europe 2025” further show the region’s focus on using tokenisation to drive economic growth.

  1. MiFID II: The Markets in Financial Instruments Directive II (MiFID II) is a major regulation in the EU that governs financial markets. It has a significant impact on tokenised assets, especially security tokens, by treating them similarly to traditional financial instruments. This means that security tokens representing shares, bonds, or debt must follow the same rules as traditional securities. Tokens that get their value from another asset, like derivatives, also fall under MiFID II. The ESMA provides guidance on how these rules apply to new financial technologies. Under MiFID II, issuers of security tokens must publish a prospectus with detailed information about the token. This includes how the token works, the rights it gives to holders, any financial data, and how the raised funds will be used. MiFID II also requires companies to be transparent about trading activities. Firms must share information about pricing before trades (pre-trade transparency) and report completed trades afterward (post-trade transparency). Also, firms must check if a security token is suitable for an investor based on their experience and risk tolerance. They must also ensure they get the best possible deal for their clients when executing trades.

MiFID II works alongside other regulations like MiCA, which covers crypto-assets that are not considered financial instruments. Together, they create a more complete regulatory environment for digital assets. However, different EU countries may apply MiFID II differently, leading some firms to choose countries with looser rules (regulatory arbitrage). Financial firms also need to invest in new technology and staff training to meet these regulatory demands.

3. DLT Pilot Regime: The DLT Pilot Regime, which came into effect on March 23, 2023, provides a legal framework for trading and settling tokenised financial instruments using Distributed Ledger Technology (DLT). This regulation allows financial institutions to experiment with blockchain technology in a controlled and regulated environment, offering both legal certainty and operational flexibility. The main objectives are to encourage the use of DLT in the financial sector, enable exchanges and central securities depositories (CSDs) to explore DLT applications.

The regime introduces three types of DLT market infrastructures: DLT Multilateral Trading Facilities (DLT MTFs) for trading tokenised financial assets, DLT Settlement Systems (DLT SSs) for settling these transactions, and DLT Trading and Settlement Systems (DLT TSSs) that combine both functions. Institutions interested in operating under this regime must get authorisation from relevant authorities, allowing them to provide services across all EU member states. Existing banks, investment firms, or market operators can apply, while new applicants need to obtain simultaneous authorisation as a CSD or investment firm.

The DLT Pilot Regime also offers exemptions from some existing financial regulations like MiFID II and CSDR, which might otherwise be too strict for DLT operations. However, these exemptions come with conditions, requiring firms to implement safeguards that protect investors and maintain market integrity. Applicants must provide detailed information about their operations, including the type of DLT used, access rules for the ledger, and how customer funds are kept separate. Applications must follow templates provided by the ESMA.

This pilot program will run for three years, after which ESMA will review its success and report to the European Parliament and Council. Based on this review, the regime could be extended, adjusted, or ended. Throughout the pilot period, DLT operators must actively cooperate with regulators to ensure full compliance with rules and reporting requirements. Additionally, the regulation clearly defines important terms like “tokenisation,” “DLT,” “distributed ledger,” “consensus mechanism,” and “DLT network node” to ensure a common understanding across the industry.

4. EU Digital Finance Strategy:  The EU Digital Finance Strategy is developing legal frameworks for crypto-assets/tokens that don’t fall under existing EU financial laws. This specifically targets utility tokens and payment tokens, providing them with clear regulations to ensure proper oversight. The strategy is built around four main priorities: removing fragmentation in the Digital Single Market to make cross-border financial services more accessible and support FinTech startups, adapting regulations to better fit digital innovations without compromising consumer safety, creating a European financial data space to encourage data sharing and innovation, and addressing digital risks by improving the financial system’s ability to handle digital disruptions.

To support these goals, the strategy includes legislative proposals like the MiCA regulation, which creates rules for crypto-assets to protect investors and markets, and the DLT Pilot Regime, which allows firms to experiment with tokenised financial instruments on blockchain platforms under regulatory supervision. The strategy also strengthens the digital operational resilience of financial institutions, ensuring they can handle risks linked to digital changes. Additionally, the EU plans to introduce interoperable digital identity solutions across member states. This will make customer onboarding easier and improve access to financial services throughout the EU. As of January, 2025, the EU is actively advancing this strategy with ongoing legislative efforts, including work on open finance initiatives and exploring the introduction of a digital euro. The European Commission, along with supervisory authorities, continues to review these developments.

Several countries in the European Union (France, Luxemburg, Germany etc.) have introduced local frameworks to support the use of tokens for representing and transferring unlisted securities:

France: France has established a regulatory framework to oversee the issuance and transfer of security tokens, particularly for unlisted securities. This framework is based on three key legislations: amendments to the French Financial Code, the Blockchain Order of 2017, and the Loi Pacte of 2019.

The amendment to the French Financial Code, particularly Article L. 211-1 II of the French Monetary and Financial Code (MFC), classifies security tokens as financial securities, allowing their issuance, registration, and transfer through DLT. It requires that security tokens be issued in a registered form, ensuring verifiable ownership within the DLT system. Article L. 211-20 permits the securitisation of rights through security tokens, enabling various financial rights to be represented digitally. Issuers must also maintain a detailed business activity plan for the distributed ledger used for registration, ensuring compliance with legal standards and accurate data recording.

The Blockchain Order of 2017 provides legal recognition for the representation and transfer of unlisted financial securities using DLT. It establishes a streamlined process for issuing, registering, and transferring such securities while ensuring compatibility with existing financial regulations. The AMF (Autorité des Marchés Financiers) has confirmed that these regulations support Security Token Offerings, though practical challenges remain. Investor protection is a key aspect, with the framework ensuring compliance with European and national financial regulations.

The Loi Pacte of 2019 integrates blockchain technology into France’s financial systems, supporting its application in capital markets. It enhances the legal status of digital assets, aligning them with traditional financial instruments under French law. It promotes entrepreneurship and job creation by providing a supportive environment for new financial technologies. The AMF has acknowledged the need for ongoing updates to the regulatory framework to address the evolving nature of tokenised assets and their role in financial markets.

Luxembourg: Luxembourg’s approach to tokenisation is defined through a series of legislative developments. The Blockchain I Law (2019) recognised blockchain technology as equivalent to traditional mechanisms, permitting the use of DLT in the registration and transfer of securities. This legislation provided a legal foundation for the issuance and circulation of dematerialised securities on a blockchain, marking Luxembourg as an early adopter within the European Union.

The Blockchain II Law (2021) expanded on this by formally recognising secure electronic registration mechanisms, facilitating the issuance and management of security tokens by credit institutions and investment firms.

The Blockchain III Law (2023), also known as Bill 8055, further amended the Financial Collateral Act 2005 to explicitly include DLT-based collateral arrangements. This update provided legal certainty for creditors and reinforced the use of tokenised financial instruments as collateral. Looking ahead, the Blockchain IV Bill (2024) proposes additional updates to enhance flexibility and legal clarity for issuers. The introduction of a control agent role to oversee the registration of dematerialised securities, along with the inclusion of equities in dematerialised form, is expected to strengthen Luxembourg’s position in the market for tokenised assets.

Key aspects of Luxembourg’s regulatory framework include its integration with existing financial laws rather than creating a separate regime for DLT. This approach ensures seamless adaptation of tokenised financial instruments into traditional financial practices while providing clear legal recognition of digital assets. The legislation also allows flexibility in the type of distributed ledger technology that can be used, whether public, private, permissioned, or permissionless, provided adequate control and security measures are in place. Investor protection is a central focus, with compliance required under data protection laws, AML, and KYC regulations. This ensures that tokenised securities are treated on par with traditional financial instruments.

In addition to its legislative framework, Luxembourg has enacted laws to support the issuance, conversion, and transfer of dematerialised securities using DLT. These laws allow securities to be registered through accounts on a distributed ledger, enabling a more efficient and secure process for managing these assets. Furthermore, the European Investment Bank (EIB) has demonstrated the practical application of Luxembourg’s regulatory framework by conducting two fully digital native bond offerings: one under French law and the other under Luxembourg law. These initiatives highlight the functionality and reliability of Luxembourg’s legal structure in real-world financial instruments and its role in advancing tokenisation. Luxembourg has seen a surge in institutional interest in tokenised assets, particularly in projects involving real estate closed-end funds.

Germany: Germany has established a comprehensive legal framework that facilitates the issuance and trading of electronic securities, including security tokens. A key legislative milestone in this area is the Electronic Securities Act (eWpG), enacted in June 2021. The eWpG provides the legal foundation for the issuance of electronic securities, enabling them to be registered and traded on blockchain or other electronic systems without requiring physical certificates. The act recognises electronic securities as equivalent to traditional securities, allowing them to be registered in either custodian-managed registers or issuer-maintained registers, provided regulatory standards are met. Issuers can issue dematerialised securities through entry into an electronic securities register, which may be maintained entirely on DLT by a licensed crypto securities registrar. However, this ability is currently restricted to bearer bonds and fund units, provided these are not listed on an exchange or admitted to a central securities depository.

Further, Future Financing Act (ZuFinG), passed in November 2023, allows stock corporations to issue shares directly on the blockchain, simplifying equity financing through digital means. Germany also participates in the European Union’s DLT Pilot Regime, an experimental regulatory framework that tests distributed ledger technology solutions in a controlled environment, before broader implementation.

Regulatory oversight in Germany is primarily handled by the Federal Financial Supervisory Authority (BaFin), which enforces compliance with financial laws and ensures adherence to the eWpG. Entities acting as crypto securities registrars must obtain licenses from BaFin, ensuring that only qualified parties manage tokenised securities. To further protect investors, Germany mandates strict KYC and AML requirements for entities dealing with cryptocurrencies and tokenised assets.

Notably, in December 2024, Frankfurt-based fintech firm 21X became the first company in Germany to receive a license under the eWpG to operate a multilateral trading facility for tokenised securities. This milestone highlights growing institutional confidence in Germany’s regulatory environment for digital assets.

US: In the United States, the regulatory framework for digital tokens depends on their classification, primarily as security tokens or utility tokens. Security tokens are digital representations of ownership or investment in assets such as stocks, bonds, or real estate and are classified as securities. They must comply with the Securities Act of 1933, which requires that any offering and sale of security tokens be registered with the SEC unless an exemption applies. Companies issuing security tokens must file registration statements with detailed disclosures about their business, financial condition, and investment risks. Exemptions under Rule 506 Regulation D allow private placements, with specific rules permitting fundraising from accredited investors and, in certain cases, a limited number of non-accredited investors, subject to disclosure requirements. Some exemptions permit general solicitation, provided all purchasers are accredited investors, and issuers take reasonable steps to verify their status. Public offerings may be conducted under Regulation A facilitates public offerings up to $50 million within a 12-month period, with Tier 1 offerings up to $20 million requiring state registration and Tier 2 offerings up to $50 million preempting state registration but imposing ongoing reporting obligations. Regulation CF allows crowdfunding offerings up to $5 million in a 12-month period, with investor limits based on income and net worth.

A token’s classification as a security is determined using the Howey Test, which examines whether an investment of money in a common enterprise is made with an expectation of profit derived from the efforts of others. The SEC has issued guidance outlining how this test applies to digital assets. Security token exchanges must register with the SEC as national securities exchanges or operate as alternative trading systems in compliance with the Securities Exchange Act of 1934. Participants in the market must adhere to insider trading prohibitions, ensuring they do not engage in fraudulent or manipulative practices when buying or selling security tokens. Firms acting as brokers or dealers in security tokens must register with FINRA and comply with its rules regarding conduct, reporting, and disclosure.

Utility tokens provide access to specific products or services within a platform without conferring ownership or investment rights. They are generally not classified as securities unless they exhibit characteristics of an investment, such as being marketed with an expectation of profits from the issuer’s efforts. The SEC has provided guidance on evaluating utility tokens under securities laws. While these tokens may not be subject to federal securities laws, they must comply with consumer protection regulations, including prohibitions on deceptive practices.

Governance tokens grant voting rights within decentralised platforms but do not inherently qualify as securities unless they are marketed in a manner suggesting investment potential. The SEC assesses governance tokens on a case-by-case basis to determine whether they fall within securities regulations. The regulatory framework for digital tokens in the United States requires issuers, investors, and intermediaries to ensure compliance with securities laws, trading regulations, and investor protection measures, necessitating careful analysis of each token’s characteristics and legal obligations.

In addition to the SEC’s role in securities regulation, other key agencies play important roles in overseeing the digital asset landscape. The Commodity Futures Trading Commission (CFTC) regulates digital assets classified as commodities, such as Bitcoin and Ether. While the CFTC primarily focuses on futures markets, it can also exercise authority over certain transactions involving tokenised assets deemed commodities, ensuring compliance with relevant regulations. Similarly, the Financial Crimes Enforcement Network (FinCEN) enforces AML and KYC regulations for digital assets and exchanges. Depending on their activities, some token issuers may be classified as money transmitters, requiring compliance with FinCEN’s regulations to prevent financial crimes.

Cayman Island: The regulatory framework for tokenisation in the Cayman Islands is primarily governed by the Virtual Asset (Service Providers) Act, 2020 (VASP Act) and its 2024 Revision, which together provide a comprehensive legal structure for the issuance, exchange, custody, and management of virtual assets, including various types of tokens. These laws are complemented by the Securities Investment Business Act (SIBA), the Mutual Funds Act (MFA), and the Companies Act, which collectively ensure that tokenised assets, whether they represent securities, investment funds, or other financial instruments, are subject to regulatory oversight. The Cayman Islands Monetary Authority (CIMA) serves as the primary regulatory body responsible for enforcing compliance with these laws. It oversees the licensing and registration process for VASPs, securities investment businesses, and mutual funds, ensuring that all entities meet the required standards. CIMA conducts periodic audits and inspections to verify compliance and has the authority to impose fines, revoke licenses, and initiate criminal proceedings in cases of non-compliance.

The VASP Act, 2020 laid the foundation for regulating VASPs in the Cayman Islands. It defined a virtual asset as a “digital representation of value that can be digitally traded or transferred and used for payment or investment purposes” (Section 2). However, it explicitly excluded digital representations of fiat currencies, central bank digital currencies (CBDCs), and securities already regulated under SIBA. It established a registration and licensing regime for VASPs, requiring entities engaged in activities such as the issuance of virtual assets, operation of virtual asset exchanges, custodial services, and other financial activities related to virtual assets to register with CIMA. The Virtual Asset (Service Providers) Regulations, 2020 further outlined the registration process, including the submission of detailed documentation, such as business plans, ownership structures, and AML policies, for approval by CIMA.

The 2024 Revision of the VASP Act along with the Statement of Guidance issued by CIMA has introduced significant regulatory updates to strengthen oversight, compliance, and risk management in the virtual asset sector. One of the most notable changes is the introduction of stricter licensing requirements, which now differentiate between various types of virtual asset services. For example, a fully operational virtual asset exchange is now subject to higher compliance obligations compared to a company offering only token issuance services. Entities dealing with security tokens, which represent ownership or rights in an underlying asset such as equity or debt, must obtain dual licensing under both the VASP Act and the SIBA. This ensures that security tokens are subject to the same regulatory scrutiny as traditional securities, including compliance with prospectus requirements, ongoing reporting obligations, and investor protection standards. Existing registered entities were given 90 days from the commencement of the 2024 Revision to apply for a license under the new framework, ensuring that all operations align with updated regulatory standards.

The application process for VASPs has become more rigorous, requiring detailed submissions of business plans, ownership structures, AML/CFT policies, and cybersecurity measures. Applicants must also demonstrate their ability to meet ongoing compliance obligations, including financial stability and operational resilience. Additionally, CIMA now conducts a stricter assessment of the qualifications and integrity of directors and key personnel involved in VASPs. This includes background checks, verification of professional experience, and evaluation of their ability to manage risks associated with virtual asset activities. For instance, directors and key personnel must demonstrate a clear understanding of the risks inherent in virtual asset operations, such as cybersecurity threats, market volatility, and regulatory compliance challenges.

The 2024 Revision expanded the scope of AML/CFT compliance, requiring VASPs to implement enhanced customer verification processes, real-time transaction monitoring systems, and detailed record-keeping practices. VASPs must maintain records of all transactions, customer information, and compliance activities for at least five years, ensuring accessibility for inspection by CIMA. They must also report suspicious activity to the Financial Reporting Authority (FRA) under the Proceeds of Crime Act (2020 Revision). To further enhance transparency and prevent illicit actors from operating under opaque entities, VASPs are now required to disclose their ownership and control structures to regulators. This includes providing detailed information about beneficial owners, shareholders, and key stakeholders, ensuring that regulators have full visibility into the corporate structure of VASPs.

To strengthen compliance, VASPs must submit regular and detailed compliance reports to CIMA. These reports must cover risk assessments of their operations and market exposure, financial disclosures to demonstrate solvency and capital adequacy, internal control measures for AML/CFT compliance, and transaction monitoring data to detect and prevent suspicious activities. For example, VASPs must provide quarterly reports detailing their financial health, including balance sheets, cash flow statements, and capital reserves. Failure to comply with these reporting obligations can result in severe penalties, including fines of up to CI$100,000, imprisonment for up to five years, and license revocation.

Corporate governance and oversight requirements were also strengthened under the 2024 Revision. VASPs must appoint at least three directors, including one independent director, to ensure oversight and accountability. They must also establish audit and risk management committees to oversee compliance and operational risks and implement conflict-of-interest policies to ensure fair treatment of clients. Any changes to approved business plans or the addition of new virtual asset services require prior written approval from CIMA, ensuring that regulators are kept informed of significant developments. For instance, if a VASP plans to introduce a new tokenised product or expand into a new jurisdiction, it must first seek approval from CIMA, providing detailed documentation outlining the risks and compliance measures associated with the new activity.

Furthermore, VASPs are required to implement enhanced KYC procedures, which include verification of customer identities using reliable, independent sources, ongoing monitoring of customer transactions to detect unusual or suspicious activity, and enhanced due diligence (EDD) for high-risk customers, such as politically exposed persons (PEPs). For example, VASPs must use advanced identity verification tools, such as biometric authentication and document verification software, to ensure the accuracy of customer information. They must also monitor transactions in real-time using sophisticated algorithms to identify patterns indicative of money laundering or terrorist financing.

Furthermore, the 2024 Revision introduced strengthened client asset protection measures. VASPs must segregate customer funds from company assets to prevent misuse, obtain insurance coverage to protect customer assets in the event of theft or loss, and maintain reserve requirements to ensure liquidity and financial stability. For instance, VASPs must hold customer funds in separate bank accounts or cold wallets, ensuring that these assets are not commingled with operational funds. They must also maintain insurance policies covering cyber risks, theft, and fraud, with coverage amounts proportionate to the value of customer assets under management.

Additionally, VASPs must develop and implement extensive internal policies to address AML/CFT compliance, including customer due diligence and transaction monitoring. They must also establish cybersecurity measures, such as encryption, multi-factor authentication, and incident response plans, along with risk management frameworks to identify, assess, and mitigate operational, financial, and regulatory risks. For example, VASPs must conduct regular penetration testing and vulnerability assessments to identify and address potential cybersecurity weaknesses. They must also develop comprehensive incident response plans, outlining the steps to be taken in the event of a data breach or cyberattack.

The VASP Act also clarifies the regulatory treatment of certain exempted tokens, which are not subject to the same level of oversight as other virtual assets. These include virtual service tokens, NFTs, and governance tokens. Virtual service tokens are digital assets used solely within a closed ecosystem, such as in-app tokens or loyalty points or for access or participation. Since these tokens are not transferable or exchangeable with third parties, they are not considered financial instruments and are therefore exempt from regulatory oversight under the VASP Act. Also, NFTs, which represent unique digital assets like art, collectibles, or intellectual property, are generally not regulated unless they exhibit characteristics of securities or payment tokens. For example, fractionalised NFTs that represent ownership in an underlying asset may fall under the regulatory scope of SIBA. Governance tokens, which grant holders voting rights or decision-making authority in decentralised autonomous organisations (DAOs), are also exempt from regulation as long as they do not provide financial rights or represent ownership in an asset. However, if these tokens are used for investment purposes, they may be subject to regulation under the VASP Act or SIBA.

The Securities Investment Business Act (SIBA) plays a crucial role in regulating security tokens, which represent ownership or rights in an underlying asset, such as equity, debt, or real estate.

Under SIBA, any entity engaged in “securities investment business,” including the issuance or trading of security tokens, must obtain a license from CIMA (Section 5). The definition of securities under SIBA is broad, encompassing “shares, debentures, or other instruments that confer ownership or debt rights” (Section 2). This means that tokenised assets representing traditional securities, such as stocks or bonds, fall under SIBA’s jurisdiction. Issuers of security tokens must also comply with prospectus requirements (Section 37) if the tokens are offered to the public. The prospectus must include detailed information about the issuer, the tokenised asset, risk factors, and financial statements, ensuring that investors have access to transparent and accurate information.

For tokenised investment funds, the Mutual Funds Act (MFA) provides the regulatory framework. If a fund issue tokenised assets that grant holders a right to participate in profits or gains, and these tokens are redeemable at the option of the investors, the fund must register under the MFA. This ensures that tokenised funds comply with the same corporate governance, disclosure, and reporting requirements as traditional mutual funds. Tokenised funds are subject to capital adequacy requirements, financial reporting obligations, and transparency standards, providing investors with a high level of protection.

The Companies Act 2023 and 2024 amendments supports the regulatory framework by providing the legal structure for corporate entities involved in tokenisation. Many token issuers and VASPs operate as exempted companies, which benefit from tax exemptions and confidentiality provisions. Exempted companies are not required to disclose shareholder information publicly, making them an attractive option for businesses in the virtual asset sector. However, these companies must still adhere to corporate governance standards, including the appointment of directors and maintenance of statutory records.

British Virgin Island: The regulatory framework for tokenisation in the British Virgin Islands (BVI) is primarily overseen by the BVI Financial Services Commission (BVI FSC), which operates under the Financial Services Commission Act of 2001. The BVI FSC, governed by a board appointed by the BVI government, is responsible for licensing and supervising financial institutions in the territory. The FSC issues regulatory codes, like the Code on the Prevention of Money Laundering, which have legal binding authority, and provides guidance through publications such as the 2023 Digital Assets Guidance.

The BVI introduced the Virtual Assets Service Providers Act (BVI VASP Act) in 2022, effective from 1st February, 2023. This law requires companies offering virtual asset services to register with the FSC, submitting a thorough application that includes a business plan and risk assessment. Applicants must also appoint an authorised representative approved by the FSC. This directly impacts tokenisation as it ensures that businesses offering tokenised assets as virtual assets are properly registered and comply with strict guidelines under the BVI VASP Act.  In 2024, updates to the BVI VASP Act brought the regulations more in line with global FATF standards. These changes improved licensing, consumer protection, and compliance rules. The Act also clarified that virtual assets are digital forms of value used for trading, payments, or investments. This clarification is crucial for tokenisation since any digital token created for trading or investment purposes would be recognised as a virtual asset under these regulations. However, stablecoins like USDC, which are tied to fiat currencies, are not considered “virtual assets” and are instead covered by payment token rules. The updates also strengthened consumer protection by banning misleading marketing and requiring clear risk warnings in whitepapers.

Also, the BVI VASP Act sets specific operational requirements for businesses in the virtual asset space. For example, custodians holding assets exceeding $10 million must adopt strong security measures, including cold wallet storage, to protect client assets. Unverified users are restricted from making transactions over $1,000 daily, ensuring compliance with AML/CTF rules. For tokenised businesses, this means that if they manage significant assets or have user transactions, they must ensure adequate security and compliance with AML/CTF regulations. As part of the 2024 updates, custodians holding more than $10 million must store assets offline (e.g., using Ledger Vault) and undergo quarterly audits. Existing VASPs had until June 2024 to meet these updated requirements.

Penalties for non-compliance under the BVI VASP Act vary depending on the severity of the breach. late reporting leading to fines up to $50,000, while more serious breaches, such as failure to follow AML rules, may incur fines up to $500,000. Tokenisation businesses must ensure they comply with these regulations to avoid potential fines or loss of business operations.

Apart from the VASP Act, the BVI Securities and Investment Business Act (BVI SIBA Act) governs tokenised securities. For example, if a BVI entity tokenises a $50 million private equity fund, it must comply with the BVI SIBA by filing a private placement memorandum under Section 41, which provides certain exemptions. These tokenised securities are restricted to accredited investors, and transfers to no more than 50 investors or professional investors (those with assets over $1 million) do not require a full prospectus. This regulation ensures tokenised securities follow similar rules to traditional securities, including investor restrictions.

Moreover, tokens that promise profits from the efforts of others are considered securities. Non-compliance with these rules can result in fines. Tokenisation businesses offering asset-backed tokens with profit promises must ensure they are in compliance with the SIBA Act to avoid penalties.

The BVI’s regulatory approach also includes a risk-based strategy for AML and CTF measures. For example, clients from high-risk jurisdictions like Iran or North Korea are subject to more in-depth checks. Politically Exposed Persons (PEPs) require senior management approval before being onboarded. Tokenisation businesses must apply enhanced due diligence when dealing with high-risk clients to meet international compliance standards.

To comply with the Travel Rule, which requires specific information sharing during virtual asset transfers, BVI VASPs collect detailed data on both senders and recipients, including names, wallet addresses, and identification numbers. Many VASPs in the BVI use the InterVASP Messaging Standard (IVMS) 101, recommended by the FATF, to ensure these data-sharing requirements are met. For tokenisation businesses, this means they must ensure compliance with the Travel Rule when transferring tokens.

Finally, the BVI Data Protection Act (2021) outlines rules for handling personal data. Businesses must respond within 30 days if someone requests their data, and breaking privacy rules can lead to fines up to $500,000. If personal data is stored on a blockchain, it must be protected using encryption or replaced with pseudonyms. Tokenisation businesses must ensure they protect any personal data stored on the blockchain and comply with these privacy rules. If there is a data breach, businesses must report it within 72 hours.

Cayman Islands and the BVI: Key similarities and differences

The Cayman Islands and the BVI are jurisdictions that support businesses involved in asset tokenisation and have certain similarities, yet their regulatory frameworks reflect different strategic priorities and positioning.

A key similarity between the two jurisdictions is the adoption of the VASP Act, a legislative framework designed to align with international standards, particularly those set by the FATF. Under both regimes, businesses operating as VASPs, including those involved in token issuance, exchange operations, and custodial services, must register or obtain a license from their respective regulatory authorities. In the Cayman Islands, this is overseen by the CIMA, while in the BVI, it falls under the BVI FSC.

However, a major divergence arises in the treatment of primary token issuance. The BVI and the Cayman Islands differ in their regulation of primary token issuances. In the BVI, the VASP Act does not regulate the initial issuance of virtual assets. The Cayman Islands, in contrast, requires prior approval for the public offering or sale of virtual assets.

Both the Cayman Islands and the BVI have economic substance requirements, meaning certain businesses must have a real presence in the respective jurisdiction. These businesses include banks, insurance companies, fund managers, finance and leasing firms, headquarters, shipping companies, distribution centers, intellectual property businesses, and holding companies. While the definition of these “relevant activities” is similar in both jurisdictions, the way VASPs meet economic substance requirements differs. In the Cayman Islands, VASPs must maintain specific insurance coverage and reserve funds to safeguard client assets and reduce financial risk. In contrast, the BVI simplifies compliance by allowing digital identity verification and electronic document submissions, reducing the reliance on traditional paperwork.

These regulatory differences influence the types of businesses each jurisdiction attracts. The BVI is more favorable for startups, DeFi projects, and NFT companies due to its straightforward token issuance process and flexible corporate structures. Its lower setup and maintenance costs make it ideal for businesses looking to save on expenses. The BVI has also updated its AML rules to allow digital identity verification and electronic document submissions, showing its support for blockchain innovation. The Cayman Islands, in contrast, with its more comprehensive regulatory framework and emphasis on compliance, attracts established investment funds, cryptocurrency trading companies seeking a well-regulated environment, and businesses prioritising investor protection and AML/KYC adherence. While virtual assets themselves and parties dealing with virtual assets for their own purposes are generally not subject to specific regulation in the Cayman Islands, the jurisdiction is attractive to businesses that value regulatory clarity and an extensive legal framework for virtual asset services.

Comparing Regulations for Security, Utility, and Governance Tokens

The difference between security token regulation and that of governance and utility tokens is based on their legal categorisation as securities in different jurisdictions. Security tokens denote interests in assets such as equity, debt, or real property and are bound by strict compliance protocols aimed at investor protection. Conversely, utility tokens provide access to a product or service, and governance tokens provide voting rights within decentralised protocols. Rules differ between jurisdictions, with some having definite frameworks and others adopting a more flexible approach.

Security tokens in the United States are regulated by the Securities Act of 1933 and the Securities Exchange Act of 1934, and the Howey Test is used to determine their status. Issuers are required to register with the SEC unless they are exempt under provisions such as Regulation D, A+, or S. The tokens are generally sold only to accredited investors in most exemptions. Severe KYC/AML adherence is mandatory, and secondary trading is restricted to registered markets such as Alternative Trading Systems or national securities exchanges. Utility tokens, if they meet the Howey Test, are not securities and are exempt from federal securities laws. Some examples are Filecoin and Ethereum. Governance tokens, like Uniswap’s UNI, are in a gray area of regulation. They will not be deemed securities unless they grant economic interests such as profit-sharing.

In European Union, security tokens are defined under the MiCA as crypto-assets that are financial instruments. Issuers are required to draft a prospectus sanctioned by national authorities and release a whitepaper. Trading platforms need to be authorised, and MiCA unifies regulations within EU member states to enable cross-border trading. Utility tokens are within MiCA unless they are deemed financial instruments. Issuers need to release a whitepaper with essential information, although small offerings below €5 million within 12 months may be exempt from certain disclosure. Governance tokens are under scrutiny if they grant ownership-like rights or profit-sharing attribute.

In Switzerland, security tokens fall under the category of securities according to the Swiss Financial Services Act (FinSA) and are overseen by Swiss Financial Market Supervisory Authority (FINMA). Issuers have to publish a prospectus except where exempted, adhere to KYC/AML rules, and ensure secondary trading takes place on licensed DLT exchanges. Utility tokens qualify as non-securities if they grant access solely to a non-financial app, have flexible regulation. Governance tokens are considered on their own, if there is profit-sharing involved, it might qualify as a security.

In Singapore, security tokens are governed by the MAS under the SFA. Offering documents need to be prepared by the issuers, and trading platforms need approval from MAS. Typically, only accredited investors can participate except when listed on an approved exchange. Utility tokens fall outside the regulatory scope unless they possess investment features. Governance tokens are evaluated according to their economic substance; if they grant ownership-like rights, they might be treated as securities.

In Cayman Islands, security tokens are regulated under the SIBA and the MFL, necessitating issuers and trading platforms to hold CIMA licenses, unless exempt. The jurisdiction offers tax neutrality, providing a favorable option for international issuers, in addition to strict KYC/AML regulations. Utility tokens are not regulated per se unless they are similar to securities or payment tokens. The Cayman Islands provide room for regulatory flexibility while being compatible with international standards. Numerous blockchain projects create foundations here in order to issue utility tokens. Governance tokens are assessed on structure; if they associate voting rights with profits, then they could be regarded as securities.

Security tokens in the BVI are regulated under the BVI SIBA. Issuers and trading platforms require FSC licensing, and KYC/AML compliance is mandatory. The BVI enables Special Purpose Vehicles (SPVs) for token issuance, offering flexibility for international projects. Utility tokens are not specifically regulated unless they are similar to securities or payment instruments. Governance tokens, can be subject to regulation if they grant economic benefits similar to dividends.

In conclusion, security tokens are subject to stringent regulation as they fall under securities, necessitating registration, licensing, and compliance procedures. Utility tokens are subject to lighter regulations, but governance tokens lie in a gray area with the need for case-by-case evaluation. Countries such as the U.S., EU, and Singapore give thorough regulatory systems, whereas Cayman Islands and BVI offer flexibility with strong compliance procedures.

Case Studies and Legal Precedents

Tokenisation has been applied across various industries, from real estate and art to decentralised finance. While some projects have shown how blockchain can improve accessibility and efficiency, others have faced challenges that shaped regulatory discussions:

RealT: It is a platform that allows people to invest in real estate by purchasing small digital shares of properties. Instead of buying an entire apartment, investors own fractional shares through blockchain-based tokens called RealTokens. These tokens represent real ownership, and investors receive rental income based on the number of tokens they hold. RealT has tokenised over 200 properties worth more than $45 million, making real estate investment more accessible.

The DAO: The DAO, or “The Decentralised Autonomous Organisation,” was a prototype blockchain investment fund that went live in 2016 on Ethereum. It proposed to have no central control and instead permit the token holders to vote on what investments should be made. It raised some $150 million worth of Ether through a public sale of tokens and was one of the biggest crowdfunds ever in the world of blockchain. But due to its smart contract vulnerability, a hacker was able to steal about $50 million in Ether. As the DAO existed outside any kind of regulation, investors did not have legal recourse, and liability was uncertain because it was decentralised. To reclaim the lost funds, the Ethereum network effected a “hard fork,” restoring the hack. In a later decision, the U.S. SEC declared DAO tokens to be securities and should therefore have been registered under U.S. law. This set an important precedent for future tokenised projects, establishing the importance of regulatory compliance.

Maecenas: Maecenas is a blockchain-based platform where investors can purchase and sell fractional ownership of art. Historically, it was expensive to invest in high-value art, but Maecenas makes it possible for individuals to buy smaller portions of tokenised art, opening up the market for art investment. Maecenas entered into agreements with galleries and artists to define ownership rights, consulted legal professionals to ensure compliance across jurisdictions, and hired independent appraisers to check for artwork authenticity and worth.

These case studies illustrate the potential and pitfalls of tokenisation. RealT shows how blockchain can democratise real estate investment with the need to comply with securities regulations. The DAO project illustrates the dangers of decentralised initiatives and the need for investor protection. Maecenas illustrates tokenisation’s potential in the art world while highlighting the need for legal certainty regarding ownership and valuation.

Legal precedents: Following precedents are central to defining the regulatory framework for tokenisation and digital assets:

SEC v. Telegram Group Inc. (2019): In this case, the U.S. SEC filed a lawsuit against Telegram to prevent the sale of its Gram tokens. The SEC contended that the sale of tokens constituted an unregistered securities offering. The court employed the Howey Test, which is a judicial test used to decide whether a given asset can be considered a security. The court held that Gram tokens constituted securities because investors anticipated profits as a result of Telegram’s endeavors. The ruling also significantly influenced the ICO market, where numerous projects have been made to reconsider their means of fundraising and pursue compliance regulation.

Re Munchee Inc. (2017): In this case, the SEC launched a cease-and-desist against Munchee Inc., who was token issuing an ICO for its MUN tokens. While the company sold MUN as a utility token, the SEC held that it was a security because it was sold as an investment with potential for profit. This case made it clear that the nature of a token is not only determined by its technical purpose but also by the way it is marketed and utilised in the economy.

SEC v. Ripple Labs Inc. (2020): where the SEC alleged that Ripple conducted an unregistered securities offering through selling XRP tokens. According to the SEC, XRP qualified under the Howey Test requirements, rendering it a security. The crypto space has closely followed the case since the result will shape the way regulators classify cryptocurrencies in the future. The ruling is set to give further guidance on whether payment tokens or utility tokens issued as digital assets qualify as securities in the eyes of U.S. law.

SEC v. Kik Interactive Inc. (2019): It was a milestone case where the SEC brought suit against Kik for offering $100 million worth of an unregistered ICO of its Kin token. The court held that Kin was a security since it was sold with an expectation of profit, affirming the SEC’s stance on ICOs. The case acted as a cautionary note to other ventures, demonstrating how tokens labeled utility tokens could be classified as securities as well, depending on their sale as investments.

The Bitfinex Case (2021): In 2021, Italy’s regulatory authority CONSOB, fined Bitfinex, one of the largest cryptocurrency exchanges, for distributing unauthorised financial products. Bitfinex had allegedly sold tokenised securities and derivatives without seeking required approvals under EU rules such as MiFID II and the Prospectus Regulation. The central issue was Bitfinex’s sale of tokenised financial instruments, like leveraged tokens, which were treated as securities but were not registered properly. To deal with this, CONSOB put out a cease-and-desist order, which stopped Bitfinex from operating in Italy pending compliance with regulation. This matter brought to light the difficulties in applying EU-wide rules to decentralised platforms and the need to effectively categorise tokenised assets.

The Quoine Case (2019): In 2019, the Singapore International Commercial Court (SICC) decided a case between the cryptocurrency exchange Quoine and the trading company B2C2. The issue was due to a smart contract glitch that resulted in Ethereum (ETH) trades at artificially low prices. The court had to decide whether these mistaken trades were legally enforceable. The SICC held in favor of Quoine, permitting it to undo the trades since they were entered into in a “mistake” and did not represent the intent of the parties. The case highlighted the dangers of poorly drafted smart contracts and the necessity for legal models to handle blockchain-related disputes.

The FCA vs. Binance (2021): The UK’s FCA placed restrictions on Binance, a top cryptocurrency exchange globally, in June 2021 for non-compliance with AML and KYC laws.  Binance was charged with insufficient AML and KYC controls, sparking investor protection and regulatory issues concerns. The FCA’s enforcement action was a public warning and operational restrictions, in effect prohibiting Binance from providing regulated services in the UK. The decision had international repercussions, with regulators in the EU and Asia following suit against Binance. The case emphasised the need for AML/KYC regimes and showed global regulatory cooperation to tackle compliance challenges in the crypto sector.

The Coincheck Hack (2018): In January 2018, Japanese cryptocurrency exchange Coincheck was the victim of a huge cyberhack in which $530 million worth of NEM tokens were stolen. The attack highlighted critical weaknesses in the security measures of the exchange, most notably its use of online (hot) wallets rather than offline (cold) storage. In response, Coincheck compensated impacted users from its own funds and Japan’s FSA implemented tighter regulations. These were security audits on a mandatory basis, customer asset segregation, and improved AML/KYC.

The Tezos ICO Case (2017-2020): The 2017 Tezos ICO collected more than $232 million, but it was subsequently challenged in the courts. There were lawsuits brought by investors for misappropriation of funds and false statements in the ICO, which resulted in regulatory investigations in Switzerland and the U.S. To settle the legal issues, Tezos settled the matter with U.S. investors for $25 million in 2020. The matter led Swiss regulators to establish their position regarding ICOs according to the Swiss FinSA and Anti-Money Laundering Act (AMLA).

These cases cumulatively show the changing legal landscape of cryptocurrencies and tokenisation. They point towards the necessity of securities law compliance, proper disclosure norms, and regulatory sanction before tokenised asset launches.

Contractual framework in tokenisation

Tokenisation projects need strong contracts to follow legal rules, protect everyone’s rights, and reduce risks. This mainly includes Token Purchase Agreements, SAFT etc.

Token Purchase Agreement (TPA):  A Token Purchase Agreement is a binding agreement between the token issuer and the buyer. It identifies the terms and conditions on which tokens are issued, transferred, and maintained. TPA ensures transparency, safeguards investors’ rights, and clarifies the obligations of both parties.

Key Components of a Token Purchase Agreement

Token Issuance Terms: This clause understands the arrangement between the Issuer and the Purchaser concerning the token issuance. The Issuer undertakes to issue [Number of Tokens] of [Token Name] that symbolises [Type of Asset or Rights] in consideration of the agreed amount. The tokens shall be issued pursuant to the relevant token standard, i.e., ERC-20 or ERC-721, and entered on the [Blockchain Network]. The tokens are [Fungible/Non-Fungible] assets and convey certain rights to the holder. These rights can range from ownership in the underlying asset, right to dividends or share of profits if so, to voting rights where applicable.

Transfer Restrictions: This clause comprehends the transfer restrictions placed upon the tokens to keep pace with regulatory demands. The Purchaser understands that token transfers should be in conformity with laws applicable thereto, including securities regulations, AML policy, and KYC regulations. The Issuer may impose technical measures, like smart contract locks, to avert unauthorised transfers. Also, any transfer of tokens will be subject to some conditions, including the Issuer’s or authorised body’s approval, verification of the transferee’s eligibility as an accredited or qualified investor, and compliance with any lock-up periods or holding requirements.

Investor Rights: This clause understands the rights and protection afforded to the Purchaser in a bid to secure transparency and accountability. The Purchaser is entitled to receive all material information in relation to the underlying asset, such as financial statements, risk disclosures, and progress reports on the project. If so, the Purchaser can also have voting rights on significant decisions regarding the asset. They can also be entitled to receive dividends, profits, or other financial distributions as stated in the terms of the token. The Issuer shall have accurate records of ownership of tokens and shall update token holders on a regular basis through a secure portal.

Representations and Warranties: This clause talks about the legal guarantees provided by both the Issuer and the Purchaser to ensure the legality of the transaction. The Issuer ensures that the tokens are issued in accordance with all applicable laws and regulations. They also ensure that the underlying asset does exist and is free from any encumbrances or claims under the law. In addition, the Issuer guarantees that all information provided to the Purchaser is correct and complete.

The Purchaser, for their part, represents and warrants that they are buying the tokens for their own account and not for resale or distribution. They also agree that they have made adequate due diligence and fully appreciate the risks associated with the investment.

Risk Disclosures: This clause is about the risks of investing in tokens, making sure that the Purchaser is adequately informed prior to investment. The Purchaser understands that token value can change with market conditions, and regulatory amendments may affect the legality or use of the tokens. Further, technical risks like blockchain or smart contract vulnerabilities have the potential to create security risks. The Purchaser also agrees that unexpected events like cyberattacks, network outages, or force majeure incidents can affect token availability or functionality. The Issuer is not responsible for any losses due to circumstances beyond its control.

Simple Agreement for Future Tokens (SAFT): A SAFT is a legal contract employed by blockchain projects to fundraise in the development stage. It is patterned after the SAFE (Simple Agreement for Future Equity) but adapted for token-based projects. Under SAFT, investors invest money in a project in return for the assurance of getting tokens in the future, usually after the network or platform is up and running.

Key Components of a SAFT

Investment Terms: This clause explains how the Investor funds the project and when they will receive their tokens. The Investor agrees to contribute [Amount in Fiat/Cryptocurrency] to the Issuer in exchange for the right to receive [Number of Tokens] of [Token Name] once the network or platform is up and running. The tokens will be delivered within [Timeframe] after the platform is operational, following the terms set in this Agreement. The Investor understands that the tokens do not currently exist and will only be issued if the platform is successfully developed and launched.

Security Classification: This clause clarifies whether the SAFT is considered a security under the law. Both parties agree that this SAFT is an investment contract and may be classified as a security under regulations like the Securities Act of 1933 (U.S.) or MiCA (EU). The Issuer is responsible for making sure they follow all necessary securities laws, including any registration or exemption requirements. The Investor confirms that they are a qualified or accredited investor under relevant laws and fully understand the risks of investing in an early-stage project.

Token Delivery and Conditions: This clause explains how and when the Investor will receive their tokens. The Issuer agrees to deliver the tokens within [Timeframe] after the platform is successfully launched. Before the tokens can be delivered, certain conditions must be met. These include the Investor completing KYC/AML verification, meeting all legal requirements, and ensuring that the platform or network is fully functional. If the platform does not launch within [Timeframe], the Issuer will refund the Investor’s contribution, minus any reasonable development costs.

Risk Disclosures: This clause makes sure the Investor understands the possible risks of investing in the project. The Investor acknowledges that the platform or network may never launch, which means they could lose their investment. Regulations could change, affecting the legality or usability of the tokens. There is also no guarantee that the tokens will have value or be easy to trade once they are issued. The Issuer is not responsible for losses caused by factors beyond their control, such as technical failures, government regulations, or market conditions.

Governing Law and Dispute Resolution: This clause explains which laws apply to the SAFT and how disputes will be handled. The Agreement will follow the laws of [Jurisdiction]. If any disputes arise, both parties agree to resolve them through arbitration under the rules of [Arbitration Institution]. The arbitration will take place in [Location], and whatever decision is made by the arbitrator(s) will be final and binding for both parties.

While TPAs govern the sale of already-issued tokens, a SAFT governs the pre-sale of tokens that do not yet exist.

Conclusion

Tokenisation is changing how people own, trade, and manage assets by turning physical and digital items into blockchain-based tokens. This makes it easier for more people to invest in things like real estate, art, and finance etc. Instead of needing a large sum of money to buy a property or artwork, investors can own a small piece of it through tokenisation. It also improves liquidity, meaning assets can be bought and sold more easily, and it brings more transparency to transactions. But the rules around tokenisation aren’t the same everywhere. Some places, like the EU and the U.S., have clear regulations to protect investors and keep markets stable. Security tokens, which represent financial investments, have stricter rules than utility or governance tokens, which serve different purposes in blockchain systems. These regulations help prevent fraud and ensure that tokenised assets follow existing financial laws.

There have already been real-world examples that show both the potential and challenges of tokenisation. Projects like RealT, which tokenises real estate, have shown how this technology can open up new investment opportunities. But other cases, like the DAO, have highlighted the risks when legal and security issues aren’t properly handled. These examples prove why strong legal frameworks and well-audited smart contracts are necessary for tokenisation to succeed.

As governments continue shaping their policies on digital assets, some jurisdictions, like the Cayman Islands and the British Virgin Islands, have become attractive hubs for tokenised projects. They offer a mix of flexibility and legal compliance, making them popular among startups and investment funds. Tokenisation has the potential to change traditional markets, but navigating the legal landscape carefully is key to ensuring long-term success.

Related Blogs

Quantum Updates 48 | June 2025

Quantum Updates 48 | June 2025

Jun 7, 2025 | 0 Comments

On 2 June 2025, the United States Securities and Exchange Commission (US SEC) issued an Order instituting proceedings to assess whether to approve or disapprove a proposed rule change by Cboe BZX Exchange, Inc.

Quantum Updates 47 | May 2025

Quantum Updates 47 | May 2025

May 30, 2025 | 0 Comments

On 28 May 2025, the United States Securities and Exchange Commission (US SEC) published a Notice of Designation of Longer Period to extend its review timeline on a proposed rule change by NYSE Arca, Inc. seeking approval to list and trade shares of the Bitwise 10 Crypto Index Fund under proposed NYSE Arca Rule 8.800-E.

Quantum Updates 46 | May 2025

Quantum Updates 46 | May 2025

May 28, 2025 | 0 Comments

On 21 May 2025, the Government of the Hong Kong Special Administrative Region announced the passage of the Hong Kong Stablecoins Bill by the Legislative Council, officially enacting the Hong Kong Stablecoins Ordinance.

Quantum Updates 45 | May 2025

Quantum Updates 45 | May 2025

May 21, 2025 | 0 Comments

On 1 April 2025, the Swiss Financial Market Supervisory Authority (FINMA) implemented a structural reorganisation to strenthen its risk-based supervision across banking, insurance, and asset management sectors.

Quantum Updates 44 | May 2025

Quantum Updates 44 | May 2025

May 12, 2025 | 0 Comments

On 29 April 2025, the United Kingdom Government along with UK Financial Conduct Authority (UK FCA) and UK Treasury Department, in furtherance of the UK Crypto Roadmap, completed a milestone shift in Crypto asset regulation and published its first draft bill for cryptoassets under the Financial Services and Markets Act 2000 (FSMA)

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *