In January 2024, BlackRock launched BUIDL, a tokenized money market fund on Ethereum that surpassed $500 million in assets under management within a year. This was not a fringe experiment or a speculative promise. One of the world’s largest asset managers issued security tokens under full regulatory compliance for institutional investors. That single move reshaped the conversation about what role tokenized securities play in global finance.
According to data from RWA.xyz, the on-chain tokenized real-world asset market reached $12 billion by early 2025, with tokenized U.S. Treasuries alone exceeding $2.5 billion. Boston Consulting Group projects the global tokenized asset market will hit $16 trillion by 2030. Security tokens are the cornerstone of that transformation.
Whether you work in finance, real estate investment, venture capital, or simply want to understand how blockchain is reshaping access to capital markets, this guide covers everything you need to know: from definitions and technical standards to current regulation and real investment opportunities in 2026.
What is a security token
A security token is the digital representation of a financial security (equity, bonds, fund shares, real estate rights) issued and managed on a blockchain. Unlike cryptocurrencies such as Bitcoin or Ethereum, security tokens are backed by real-world assets and subject to securities regulation in the jurisdiction where they are issued.
The key distinction from a conventional token is that a security token satisfies the Howey test, the criteria the U.S. Securities and Exchange Commission (SEC) uses to determine whether an instrument qualifies as a security: there is an investment of money, in a common enterprise, with an expectation of profit, derived from the efforts of others. If a token meets all four criteria, it is legally a security and must be regulated as one.
How it works in practice
The process is more straightforward than it sounds. The issuer (a company, fund, or platform) creates a smart contract on a blockchain such as Ethereum, Polygon, or Avalanche. That smart contract defines the token’s rules: how many are issued, who can hold them, what rights they confer, and what transfer restrictions apply.
Each investor must complete a KYC/AML process before receiving tokens. Their wallet address is added to an on-chain whitelist. When someone attempts to transfer a security token, the smart contract automatically verifies that the recipient is verified, that jurisdictional limits are respected, and that lock-up periods are observed. If any condition fails, the transfer is rejected.
Dividends, interest payments, and corporate actions (voting, stock splits) can be automated through the same contract. Everything is recorded immutably on the blockchain: every issuance, transfer, and redemption is auditable in real time.
Security tokens vs utility tokens vs payment tokens
Confusion between token types is one of the reasons so many projects have faced regulatory trouble. Understanding the difference is essential before investing in or issuing any type of token.
| Feature | Security token | Utility token | Payment token |
|---|---|---|---|
| Represents | Ownership or investment in an asset (equity, bonds, real estate) | Access to a product or service within a platform | Medium of exchange or store of value |
| Regulation | Regulated as a financial security (SEC, MiCA, FCA) | Generally not a security (unless reclassified) | Varies; stablecoins increasingly regulated |
| Economic rights | Yes (dividends, interest, profit-sharing) | No | No (though staking yields exist) |
| Howey test | Passes | Generally does not pass | Generally does not pass |
| Transfer restrictions | Yes (KYC/AML, jurisdictional, lock-up periods) | Generally none | Generally none |
| Examples | tZERO equity token, BlackRock BUIDL, Securitize-issued tokens | Filecoin (FIL), Chainlink (LINK), BAT | Bitcoin (BTC), USDT, USDC |
The key takeaway: the SEC and other regulators look at the economic substance of a token, not its commercial label. A token marketed as “utility” can be reclassified as a security if it generates an expectation of profit derived from third-party efforts. That explains enforcement actions against projects like Ripple (XRP) and LBRY.
Technical standards for security tokens
The technical infrastructure enabling security tokens consists of smart contract standards specifically designed to embed regulatory compliance. These are the four most relevant in 2026.
ERC-3643 (T-REX protocol)
ERC-3643 is the only standard officially accepted by the Ethereum community as an ERC specifically for security tokens. It was developed by Tokeny Solutions in Luxembourg and became an official ERC in late 2023.
Its architecture rests on three pillars:
- Token contract: ERC-20 compatible with built-in transfer restrictions.
- Identity registry: links each wallet address to a self-sovereign identity contract (ONCHAINID), verifying that the holder has completed KYC.
- Compliance contract: a modular rules engine that can enforce investor limits per country, lock-up periods, accreditation checks, and other restrictions.
The numbers are significant: according to Tokeny, over $28 billion in assets have been tokenized using ERC-3643 through late 2024, with more than 100,000 token holders. Institutions including Citi, Apex Group, and Clearstream have run pilots with this standard.
ERC-1400
ERC-1400 is a community-driven standard proposed by Polymath that bundles several sub-standards:
- ERC-1410: partially fungible tokens organized into tranches (useful for different share classes with different rights).
- ERC-1594: core security token functionality with issuance and redemption.
- ERC-1643: document management associated with the token (prospectuses, reports).
- ERC-1644: controller operations (forced transfers by court order or regulatory mandate).
Although technically robust, ERC-1400 was never formalized as an official ERC. Its adoption was concentrated on Polymath’s original Ethereum platform before they migrated to Polymesh, their purpose-built blockchain.
ST-20 and DS Token
ST-20 was Polymath’s proprietary standard, an ERC-20 extension with a Transfer Manager module. It was superseded by Polymesh’s native compliance framework.
DS Token is the standard developed by Securitize, the platform that issued BUIDL for BlackRock. It uses a hybrid on-chain/off-chain model: complex compliance checks run off-chain for flexibility, while the on-chain token queries a trust service before authorizing each transfer.
Quick comparison
| Standard | Blockchain | Compliance model | Status in 2026 |
|---|---|---|---|
| ERC-3643 | EVM chains | Fully on-chain (ONCHAINID) | Official ERC, actively adopted |
| ERC-1400 | Ethereum | On-chain (tranche-based) | Community draft, limited adoption |
| ST-20 | Ethereum | On-chain (Transfer Manager) | Superseded by Polymesh |
| DS Token | EVM chains | Hybrid on/off-chain | Proprietary (Securitize) |
Security token regulation in 2026
Regulation is the factor that distinguishes security tokens from every other crypto asset. They do not exist in a legal vacuum: they are subject to existing securities laws, adapted for the digital format.
MiCA and European regulation
The Markets in Crypto-Assets Regulation (MiCA) became fully effective on December 30, 2024. But there is a crucial nuance that many misunderstand: MiCA explicitly excludes instruments that qualify as financial securities under MiFID II. Security tokens are therefore not regulated by MiCA but by the existing securities framework: the MiFID II Directive, the Prospectus Regulation, and the Market Abuse Regulation.
What directly affects security tokens is the EU DLT Pilot Regime (Regulation 2022/858). Operational since March 2023, this regulatory sandbox allows regulated venues and settlement systems to trade and settle tokenized securities. SIX Digital Exchange (Switzerland), 21X (Germany), and several other operators are testing tokenized bond and equity trading within this framework.
SEC and U.S. regulation
The SEC has regulated security tokens as securities from the beginning, applying the same laws as traditional stocks or bonds. Most Security Token Offerings (STOs) in the U.S. are conducted under:
- Regulation D (506c): for accredited investors, no fundraising cap but with resale restrictions.
- Regulation A+: allows public offerings up to $75 million to non-accredited investors.
- Regulation S: for offerings outside U.S. territory.
Platforms such as tZERO and Securitize Markets operate as SEC-registered broker-dealers and alternative trading systems (ATS) to facilitate secondary trading of security tokens.
The SEC’s leadership change in early 2025, with Paul Atkins as the new chair, has signaled a more open posture toward clear regulatory frameworks for digital assets.
FCA and the UK approach
Post-Brexit, the UK is developing its own framework. The FCA classifies security tokens as “Specified Investments” under the Regulated Activities Order (RAO), subjecting them to the same rules as traditional securities. The Digital Securities Sandbox (DSS), launched in January 2024, allows firms to issue, trade, and settle digital securities using DLT within a tailored regulatory framework.
The Security Token Offering (STO) process
Issuing security tokens is nothing like launching an ICO. The process is more structured, more regulated, and consequently more trustworthy for institutional investors.
Step 1. Asset selection and structuring
Identify the asset to tokenize: a building, startup equity, fund shares, or a corporate bond. Define the legal structure, typically through a special purpose vehicle (SPV), and determine the token parameters: total supply, price per token, minimum investment, and yield distribution rules.
Step 2. Regulatory compliance
Securities lawyers prepare the documentation: prospectus, private placement memorandum (PPM), or offering document depending on the jurisdiction. Register with the relevant regulator or qualify for an applicable exemption.
Step 3. Technology setup
Select the token standard and blockchain. Deploy smart contracts with compliance rules: KYC whitelists, transfer restrictions, lock-up periods. Integrate an identity verification provider and configure the investor portal.
Step 4. Primary offering
Investors complete KYC/AML verification, prove accreditation if necessary, and acquire tokens with fiat or stablecoins. The smart contract records ownership on-chain. The typical fundraising period lasts 30 to 90 days.
Step 5. Post-issuance management
Automated dividend or interest distribution through smart contracts, usually in stablecoins like USDC. Real-time on-chain cap table management. Corporate actions such as voting or new issuances executed programmatically.
Step 6. Secondary market
Tokens are listed on regulated platforms (tZERO, Securitize Markets, Archax, INX). The smart contract continues verifying compliance on every trade: the buyer must be verified and jurisdictional limits must be respected. Settlement is near-instant (T+0 versus T+2 in traditional markets).
Step 7. Redemption or exit
At bond maturity, sale of the underlying asset, or token buyback, tokens are burned (destroyed) and investors receive their capital.
Security token issuance and trading platforms
The platform ecosystem has matured considerably. These are the most relevant in 2026.
Securitize
Based in Miami and founded in 2017, Securitize is the dominant platform for institutional security tokens. It offers the full cycle: issuance, compliance, investor management, and secondary trading (Securitize Markets operates as an SEC-registered broker-dealer and ATS).
Its most visible milestone: the issuance of BUIDL for BlackRock, a tokenized money market fund on Ethereum that surpassed $500 million in AUM during 2024, later expanding to Avalanche, Polygon, Optimism, and Arbitrum. It has also tokenized funds for KKR and Hamilton Lane.
Polymath / Polymesh
Polymesh is a Layer 1 blockchain built specifically for security tokens, launched in October 2023. Unlike general-purpose chains, it incorporates verified identity at the protocol level: every participant has an on-chain verified identity. It includes confidential transactions (MERCAT protocol) and governance by regulated entities.
tZERO
A subsidiary of Overstock, based in Salt Lake City. It was one of the first SEC-registered platforms for security token trading. It facilitated trading of TZROP (tZERO equity token) and ASPD (St. Regis Aspen hotel token). Its main challenge remains liquidity: daily volumes typically range between $50,000 and $500,000.
Tokeny Solutions
Based in Luxembourg, Tokeny is the company behind ERC-3643. It offers a white-label solution for financial institutions that want to issue security tokens with built-in compliance. Clients include Apex Group, Euroclear (pilot), and Clearstream.
Other notable platforms
| Platform | Headquarters | Primary focus |
|---|---|---|
| Archax | London | FCA-regulated exchange for digital securities |
| INX | Israel/U.S. | SEC-registered security token exchange ($85M in its own STO) |
| SIX Digital Exchange | Switzerland | Digital exchange by SIX Group (Swiss Stock Exchange parent) |
| DigiShares | Denmark | White-label platform for real estate tokenization |
| Backed Finance | Switzerland | Tokenized stocks and ETFs on-chain |
Benefits for investors and issuers
For investors
Fractional ownership. The most tangible benefit. Security tokens allow investing in assets that previously required $100,000 or $1 million minimums. KKR reduced the minimum investment in its tokenized fund from $5 million to $100,000 through Securitize. In real estate tokenization, minimums can drop to as low as $50 per token.
24/7 trading. Security tokens can trade on regulated platforms around the clock. Traditional markets operate from 9:30 a.m. to 4:00 p.m. Eastern Time, with holidays and closures.
Faster settlement. T+0 or T+1 versus T+2 in traditional securities markets. This reduces counterparty risk and the time capital sits idle.
Full transparency. The on-chain cap table is auditable in real time. Every dividend distribution, every transfer, every redemption is recorded immutably.
Automated compliance. KYC/AML rules and transfer restrictions are enforced by smart contracts, eliminating human error and reducing operational costs.
For issuers
Access to a global investor base. Security tokens enable raising capital from investors across multiple jurisdictions, always within each country’s regulatory limits.
Cost reduction. By removing intermediaries (transfer agents, clearinghouses, custodian banks), issuance and management costs can be reduced by an estimated 35% to 65%, according to Deloitte and BCG.
Automated corporate actions. Dividends, voting, splits, and new issuances can be executed programmatically, saving time and reducing errors.
Risks and challenges
No guide would be complete without an honest assessment of the risks. Security tokens are not a risk-free investment.
Regulatory fragmentation. There is no global standard. A token legally issued in the EU may not be tradeable in the U.S., and vice versa. Multi-jurisdictional offerings require complex, expensive legal counsel.
Limited liquidity. This is the biggest challenge today. Secondary market volumes for security tokens are a fraction of what traditional exchanges handle. Without liquidity, fractional ownership loses much of its appeal.
Technology risk. Smart contracts can contain bugs; once deployed, they are immutable (or require complex upgradeability patterns). Gas costs on Ethereum L1 can be high, and L2 solutions or alternative chains introduce bridge risks.
Custody. Institutional custodians for security tokens are still maturing. Major names (BNY Mellon, State Street) are entering the space, but slowly.
Interoperability. A security token on Ethereum cannot easily trade on Polymesh or a private chain. Cross-chain bridges for regulated tokens are nascent.
Market education. Many institutional and retail investors still do not understand the mechanics of tokenized securities, which slows adoption.
The future of security tokens
Institutional DeFi
The convergence of DeFi and security tokens is one of the most promising trends. Projects like Ondo Finance are already using tokenized Treasuries (such as BUIDL) as collateral in DeFi lending protocols. The concept of “permissioned DeFi” (liquidity pools where only KYC-verified wallets participate) is gaining traction.
ERC-3643, with its on-chain identity layer, is well positioned to bridge the regulated world with DeFi protocols without compromising compliance.
Accelerating institutional adoption
BlackRock, Franklin Templeton, JPMorgan, Citi, Goldman Sachs, HSBC, and UBS all have active tokenization products or pilots. JPMorgan Kinexys (formerly Onyx) processes over $2 billion daily in tokenized repo transactions. HSBC Orion has issued tokenized bonds for the Hong Kong Monetary Authority and the European Investment Bank.
The primary motivation is operational: faster settlement, less reconciliation, lower counterparty risk. Retail access will follow.
Cross-chain interoperability
The biggest technical obstacle is fragmentation across chains. Emerging solutions include:
- Chainlink CCIP: a cross-chain interoperability protocol being explored for security token transfers with compliance verification.
- Swift + Chainlink: experiments in tokenized asset settlement bridging traditional banking networks and blockchains.
- Multi-chain ERC-3643: the standard’s deployment across multiple EVM chains creates a de facto interoperability layer.
CBDCs and security tokens
Settling tokenized securities with central bank digital currencies (CBDCs) is another active frontier. The European Central Bank is experimenting with atomic settlement: delivering the security token and the CBDC simultaneously, eliminating delivery-versus-payment risk.
Keep exploring
If you want to dive deeper into topics related to security tokens, we recommend these articles:
- What is tokenization? The complete guide to tokenized assets in 2026
- Real estate tokenization: how to invest in property with blockchain
- MiCA regulation: what it is, how it works, and how it affects your business
- What is a token?
- What is a smart contract? Complete guide
Frequently asked questions
What is the difference between a security token and a cryptocurrency like Bitcoin?
Bitcoin is a decentralized payment medium that does not represent ownership of any asset and does not generate economic rights such as dividends or interest. A security token is the digital representation of a financial security (equity, bonds, real estate), is regulated as a security, and grants rights over the underlying asset. They are fundamentally different instruments.
Do I need to be an accredited investor to buy security tokens?
It depends on the jurisdiction and the type of offering. In the U.S., Regulation D (506c) offerings require accredited investors. However, Regulation A+ offerings allow participation by non-accredited investors with certain limits. In Europe, public offerings with an approved prospectus are open to all investors. European real estate tokenization platforms typically have accessible minimums starting from $50 to $100.
Are security tokens safe?
Security tokens inherit blockchain security (immutability, transparency, censorship resistance) and add regulatory compliance. However, they are not risk-free: smart contracts can have vulnerabilities, secondary market liquidity remains limited, and the regulatory framework varies across jurisdictions. Like any securities investment, they require due diligence.
What is an STO, and how does it differ from an ICO?
A Security Token Offering (STO) is a token offering regulated under securities legislation. Unlike ICOs (Initial Coin Offerings), which operated in a regulatory vacuum, STOs must comply with SEC, FCA, or the relevant regulator’s requirements: prospectus or offering document, KYC/AML verification, and transfer restrictions. STOs offer greater investor protection in exchange for greater regulatory complexity.
Can I sell my security tokens at any time?
Only if there is a regulated secondary market where they are listed and there are buyers. Platforms such as tZERO, Securitize Markets, and Archax offer secondary trading, but liquidity is significantly lower than on traditional exchanges. Additionally, some security tokens have lock-up periods during which they cannot be sold.
Which technical standard is best for issuing security tokens?
It depends on the issuer’s needs. ERC-3643 is the most widely adopted and the only official ERC for security tokens, with fully on-chain compliance and multi-chain support. DS Token (Securitize) is ideal when working with the Securitize platform. Polymesh is an option if a dedicated securities blockchain is preferred. For most issuers in 2026, ERC-3643 on an EVM chain (Ethereum, Polygon, or Avalanche) offers the best balance of adoption, functionality, and compliance.
How does MiCA affect security tokens?
MiCA does not directly regulate security tokens. The regulation covers crypto assets that are not financial securities. Security tokens, as they qualify as financial instruments under MiFID II, continue to be regulated by the existing securities framework (MiFID II Directive, Prospectus Regulation). What is relevant for security tokens is the EU DLT Pilot Regime, which enables the trading and settlement of tokenized securities within a tailored regulatory environment.
Are you evaluating tokenizing an asset or integrating security tokens into your investment strategy? At Beltsys Labs we offer blockchain consulting specialized in securities tokenization and regulatory compliance. Contact our team for a personalized assessment of your project.
