Skip to main content

7.4 Geographic Considerations

What you'll learn

Why the same security token faces different legal frameworks across nine major jurisdictions, how the US shifted from $7.7 billion in enforcement actions toward formal rulemaking, and why geographic strategy is now inseparable from token compliance strategy.

You're issuing a security token backed by real estate in Dubai. Your development team works from Singapore. Your investors live in Germany, the United States, and Japan. Which country's laws apply?

All of them. Differently. Simultaneously.

Security tokens don't respect borders. Securities laws absolutely do. A token that's legally compliant in Switzerland might violate US regulations. A platform licensed in Singapore can't automatically serve investors in the European Union. A structure that works perfectly in one jurisdiction can become an enforcement target in another.

The United States: Enforcement First, Rules Second

The US commands the largest capital market in the world and enforces the strictest approach to token regulation. For most of the past decade, the SEC operated on a simple principle: if a token looks like a security, it is one, and if you sold it without registering, you'll hear from the enforcement division.

The numbers are stark. Between July 2013 and December 2024, the SEC brought over 200 crypto-related enforcement actions, extracting approximately $7.7 billion in monetary penalties 1. Under Chair Gary Gensler (2021-2024), the pace intensified: 125 actions and $6 billion in penalties, with 47% of all cases targeting initial coin offerings.

Then the approach changed. When Paul Atkins took over as SEC Chair in 2025 under the Trump administration, the agency reversed course. Crypto-specific enforcement dropped 60%. The SEC dismissed or settled cases against Coinbase, Binance, and Gemini 2. The Ripple lawsuit, which had dragged on since December 2020, ended in a $50 million settlement (reduced from $125 million), with both sides dropping their appeals 3.

In November 2025, Atkins announced "Project Crypto," a joint SEC-CFTC initiative to build a comprehensive regulatory framework through formal rulemaking rather than enforcement actions 2. The SEC's Crypto Task Force, led by Commissioner Hester Peirce, held public roundtables throughout 2025. The CLARITY Act passed the House in July 2025 by a vote of 294-134 4. The Senate Banking Committee released its own discussion draft in September 2025. As of early 2026, comprehensive crypto legislation has not been signed into law, but it's actively moving.

One concrete milestone: in December 2025, the Depository Trust Company received an SEC no-action letter allowing it to operate tokenization services on certain public blockchains on a trial basis 5. The entity that settles most US securities transactions now has regulatory permission to experiment with blockchain-based settlement.

The US exemption pathways for security token offerings (Reg D, Reg A+, Reg S, Reg CF) are covered in Section 7.1. The key takeaway here is directional: the US is shifting from "regulate by enforcement" toward "regulate by rulemaking." The strictest major jurisdiction is slowly becoming more predictable.

The European Union: One Framework, 27 Countries

Europe took the opposite approach. Instead of suing first and clarifying rules later, the EU built a comprehensive regulatory framework before enforcing it.

MiCA (Markets in Crypto-Assets Regulation) entered enforcement in two phases: stablecoin rules in June 2024, and full Crypto-Asset Service Provider licensing in December 2024 6. By mid-2025, over 40 MiCA licenses had been issued across the EU. The Netherlands and Malta granted the first licenses on day one of enforcement. Germany followed in January 2025.

The critical detail for security tokens: MiCA doesn't apply to them. Crypto-assets that qualify as financial instruments under MiFID II, which includes tokenized shares, bonds, and fund units, remain governed by existing securities law 6. MiCA covers utility tokens, payment tokens, and stablecoins. Tokenized securities follow the same rules as traditional securities, regardless of the underlying technology.

For tokenized securities specifically, the EU created the DLT Pilot Regime, a regulatory sandbox for blockchain-based market infrastructure 7. Three platforms received authorization by mid-2025, including 21X AG in Germany. The original aggregate issuance cap was €6 billion, but the European Commission proposed raising it to €100 billion in December 2025. ESMA recommended making the pilot permanent rather than temporary.

The EU's biggest structural advantage is passporting. A license granted in one member state allows operation across all 27 EU countries without additional approvals. No other region offers this.

Individual member states have pushed further. Luxembourg passed four successive "Blockchain Laws" between 2019 and 2024. The most recent enables tokenization of equity securities and physical assets, and introduces a "control agent" role for overseeing DLT-based issuance 8. Franklin Templeton received Luxembourg CSSF approval in October 2024 for the first public blockchain-based UCITS fund in the country.

Germany's Electronic Securities Act (eWpG), enacted in June 2021, allows issuance of bearer bonds and fund units in purely electronic form on DLT-based registers 9. Siemens issued a €60 million digital bond on Polygon in February 2023, followed by a €300 million bond in September 2024 10. KfW, DZ BANK, and Commerzbank have all issued tokenized securities under the framework.

Liechtenstein moved earliest. Its Blockchain Act (TVTG), enacted in October 2019, was the first comprehensive blockchain regulation in the world 11. The law's "Token Container Model" defines tokens as technology-neutral containers for any right, claim, or asset, providing legal certainty for virtually any form of tokenization.

Singapore: Regulation as Competitive Advantage

The Monetary Authority of Singapore published its Guide to Digital Token Offerings in November 2017, one of the earliest clear classification frameworks anywhere 12. Tokens representing ownership or debt fall under the Securities and Futures Act. Utility tokens remain unregulated. Payment tokens fall under the Payment Services Act.

Singapore pairs clear rules with active government support for experimentation. ADDX (formerly iSTOX), a blockchain-based private market exchange backed by the Singapore Exchange and Temasek, surpassed $2 billion in cumulative transaction volume by late 2024 13. In 2025, Franklin Templeton and ADDX launched a tokenized US Dollar money market fund in Singapore.

Project Guardian, launched by MAS in 2022, brings together over 40 financial institutions across seven jurisdictions to test asset tokenization in capital markets 14. Participants include JPMorgan, DBS Bank, Standard Chartered, HSBC, Citi, and UOB. The initiative published an Operational Guide for Tokenized Funds in November 2025 and is actively commercializing its pilot results.

The trade-offs: Singapore's domestic market is small relative to the US or EU. Cross-border complexity remains when serving investors in other jurisdictions. But for projects seeking a well-regulated hub with access to Asian capital, Singapore offers a compelling balance of clarity and flexibility.

Switzerland: The Crypto Valley Pioneer

FINMA published its token classification guidelines in February 2018, sorting tokens into three categories: payment, utility, and asset 15. Asset tokens (securities) fall under the Financial Market Infrastructure Act.

The DLT Act, which entered force on August 1, 2021, created a new legal category of "ledger-based securities" and introduced a dedicated DLT trading facility license 16. In March 2025, FINMA granted the first such license to BX Digital AG, which uses the Ethereum public blockchain for settlement.

SDX (SIX Digital Exchange), operated by the same group that runs the Swiss Stock Exchange, is the world's first fully regulated digital stock exchange. It has issued nearly CHF 1.4 billion across 10 digital bonds since 2021, with issuers including the World Bank, UBS, and the City of Lugano 17. The Swiss National Bank participated through Project Helvetia III, settling over CHF 750 million in digital bonds using wholesale central bank digital currency.

The broader ecosystem adds weight. Crypto Valley, centered in Zug, hosts over 1,700 active blockchain companies. The Top 50 carry a combined valuation above $590 billion, including 17 unicorns. Switzerland's combination of regulatory clarity, institutional infrastructure, and concentrated talent makes it one of the world's most active jurisdictions for security token issuance and trading.

Emerging Jurisdictions

United Arab Emirates

Dubai established VARA (Virtual Assets Regulatory Authority) in 2022, the world's first dedicated virtual assets regulator 18. Abu Dhabi's ADGM framework has operated since 2018 and reported a 67% increase in new licenses in the first quarter of 2025. Over 1,800 crypto companies now operate in the UAE, with Binance, Bybit, and Crypto.com among the firms that have established regional or global operations there. The UAE positions itself as a bridge between Western and Asian markets, pairing regulatory clarity with tax advantages.

Hong Kong

Hong Kong's SFC introduced mandatory licensing for virtual asset trading platforms in June 2023 19. By the end of 2025, 11 platforms held SFC licenses, including HashKey Exchange and OSL Digital Securities. The SFC launched its ASPIRe regulatory roadmap in February 2025, covering access, safeguards, products, infrastructure, and relationships. Security tokens are classified as securities under the Securities and Futures Ordinance, and offerings are generally restricted to professional investors only.

United Kingdom

The UK integrates crypto regulation into its existing Financial Services and Markets Act framework rather than creating a standalone regime like MiCA 20. HM Treasury published the final draft cryptoasset regulations in December 2025. The application window for new regulated activities opens in September 2026, with legislation expected in force by October 2027. The Bank of England and FCA jointly operate the Digital Securities Sandbox, which allows firms to test blockchain-based financial market infrastructure through January 2029 21. A UK-US Transatlantic Taskforce for Markets of the Future is expected to issue recommendations around March 2026.

Restrictive Jurisdictions

China maintains the most comprehensive crypto ban globally. The government declared all crypto transactions illegal in 2021, and enforcement has only tightened since. Updated decrees in June 2025 expanded asset seizure powers and explicitly criminalized stablecoin transactions 22. Hong Kong operates as a partial exception, having launched Asia's first spot Bitcoin and Ethereum ETFs in April 2024, though mainland Chinese investors remain blocked from participation.

India hasn't banned crypto but has made it expensive. A flat 30% tax applies to all virtual digital asset profits, with no loss offset permitted against other income. A 1% tax deducted at source applies to transfers above threshold amounts. An additional 18% GST on trading fees took effect in July 2025 23. India has no dedicated crypto licensing framework, leaving the regulatory status in a tax-heavy limbo that discourages domestic participation without outlawing it.

Comparing the Jurisdictions

JurisdictionPrimary FrameworkSecurity Token ClassificationRetail AccessCompliance ComplexityStatus
European UnionMiFID II; DLT Pilot RegimeFinancial instruments under MiFID IIYes — broad access with investment limitsMediumOperational; 40+ MiCA licenses; passporting covers all 27 states; DLT Pilot may become permanent
SwitzerlandDLT Act; FINMA guidelinesAsset tokens under FMIAYes — via licensed platforms (SDX, BX Digital)MediumOperational; first DLT trading facility license March 2025
SingaporeSecurities and Futures Act (SFA)Securities under SFARestricted — accredited and institutional onlyMediumOperational since 2017; Project Guardian commercializing
United Arab EmiratesVARA (Dubai); ADGM (Abu Dhabi)Virtual assets under respective frameworksRestricted — varies by emirate and license typeLow–MediumOperational; 1,800+ crypto firms licensed
Hong KongSFC; Securities and Futures OrdinanceSecurities under SFORestricted — professional investors onlyMediumMandatory licensing since June 2023; 11 platforms licensed
United StatesSEC (Securities Act)Securities under Howey TestRestricted — accredited only (Reg D); retail via Reg A+/Reg CFHighShifting to rulemaking; legislation pending
United KingdomFinancial Services and Markets ActSpecified investments under existing lawTBD — Digital Securities Sandbox active through 2029HighLegislation expected October 2027
IndiaNo dedicated frameworkNo formal classificationLegal but heavily taxed (30%+ effective rate)LowNo licensing framework; tax-heavy limbo
ChinaComprehensive banAll crypto transactions illegalBannedN/AEnforced since 2021; tightened June 2025

The pattern is clear: major financial centers are building regulatory infrastructure, but they're building it differently. The US restricts retail participation. The EU allows it with guardrails. Singapore and Switzerland favor institutional access through licensed platforms. Hong Kong limits security tokens to professional investors. The UK is still writing the rules. China bans everything. India taxes everything.

For issuers, this table is a starting point, not an answer. Each jurisdiction's details, covered in the sections above, determine whether a specific token structure works in that market. The cross-border challenges below explain why operating across multiple rows of this table gets expensive fast.

Cross-Border Challenges

The core problem is straightforward: a single token offering might need to satisfy US accredited investor requirements, EU MiFID II compliance, and Singapore SFA licensing simultaneously. Each jurisdiction has its own classification rules, investor restrictions, and ongoing reporting obligations.

This creates real costs. The compliance costs from Section 7.1 apply per jurisdiction: $50,000 to $200,000 in legal counsel and $20,000 to $100,000 in annual ongoing compliance. The math pushes most security token issuances to restrict to one to three jurisdictions rather than attempting global access. Broader investor reach means higher compliance costs, and at some point the cost exceeds the benefit.

Jurisdictional arbitrage adds complexity. Projects choose domicile based on regulatory friendliness. Investors use intermediaries or workarounds to access tokens from jurisdictions that technically exclude them. The gap between where tokens are issued and where investors actually live creates compliance risk that issuers can't always control.

Toward Convergence

Are global standards emerging? Slowly.

IOSCO published 18 policy recommendations for crypto markets in November 2023, built on "same activity, same risk, same regulation" 24. A thematic review in October 2025 across 20 jurisdictions found "significant progress" but "much more to be done," with cross-border cooperation mechanisms described as limited in practice.

The FATF travel rule, which requires crypto service providers to collect and share sender and recipient data, is being implemented across 85 of 117 reporting jurisdictions 25. The EU enforced its version in December 2024. The US is considering lowering the reporting threshold from $3,000 to $250.

Areas of convergence exist: most major jurisdictions now require KYC/AML verification, custody standards, and some form of licensing for crypto service providers. Areas of persistent divergence include token classification (what counts as a security varies by jurisdiction), retail access (the US restricts security tokens to accredited investors while the EU allows broader participation), and taxation (India's 30% flat rate versus Switzerland's more favorable treatment).

Full harmonization is unlikely within the next five to ten years. The Financial Stability Board flagged "significant gaps and inconsistencies" in global crypto regulation as recently as October 2025. Projects must work through a patchwork of overlapping, sometimes contradictory requirements. The winners will be those that build compliance into their architecture from the start, not those waiting for a single global standard.

What This Means for Projects and Investors

For issuers: Choose your primary jurisdiction carefully. It determines your compliance framework, cost structure, and investor reach. Budget for legal counsel in every jurisdiction you plan to serve. Design smart contracts with jurisdiction-specific transfer restrictions built in, using the compliance standards described in Section 7.1. Consider a phased geographic rollout rather than a global launch.

For investors: Understand which jurisdiction's laws protect you. Verify the issuer's regulatory status in their home jurisdiction before buying. Recognize that "tokenized" does not mean "unregulated." Check secondary market availability in your jurisdiction, because a token you can't sell is an illiquid holding regardless of what the whitepaper promises.

The Regulatory Map Is Still Being Drawn

The picture that emerges from this section isn't one of global consensus. It's a set of overlapping, partially compatible frameworks built on different principles. The US restricts first and clarifies later. The EU legislates first and enforces after. Singapore builds regulatory clarity as a competitive feature. Switzerland provides institutional infrastructure for institutional participants. Several jurisdictions are still writing the rules. One major economy bans everything outright.

For projects, this means geographic strategy is inseparable from compliance strategy. The choice of domicile determines your cost structure, your investor reach, and your exposure to enforcement risk. There is no jurisdiction that optimizes all three simultaneously.

For investors, it means the token you hold is always subject to the rules of at least two jurisdictions: where it was issued and where you live. That overlap creates rights, but also obligations, that don't disappear because the asset is on-chain.

Sections 7.1 through 7.4 have covered how security tokens work: the compliance infrastructure, the asset categories, the early projects, and the regulatory map. What they haven't addressed is the term that now dominates every institutional conversation about this market. BlackRock doesn't call BUIDL a security token fund. Regulators don't headline their policy papers with STOs. The category has been renamed, and the name came from an unexpected place. Section 7.5 covers Real-World Assets: where the term came from, what it added that "security token" couldn't communicate, and why the gap between what's currently on-chain and the size of the underlying global asset base makes RWA unlike any other category in this paper.

Key Takeaways
  • After 200+ enforcement actions and $7.7 billion in crypto penalties through 2024, the SEC cut new actions 60% in 2025 and shifted to formal rulemaking.
  • EU passporting lets a single MiCA license cover all 27 member states; no other jurisdiction allows one regulatory approval to replace 27 separate compliance processes.
  • Legal counsel costs $50K-$200K per jurisdiction; most security token projects restrict to one to three markets because broader geographic coverage eventually costs more than it raises.
  • China banned all crypto in 2021 and expanded enforcement in 2025; India's 30% gain tax with no loss offsets achieves the same deterrence without prohibition.

Footnotes

  1. SEC Cryptocurrency Enforcement: 2025 Update, Cornerstone Research - https://www.cornerstone.com/wp-content/uploads/2025/11/SEC-Enforcement-Public-Companies-Subsidiaries-FY2025.pdf

  2. SEC Chairman Atkins, Project Crypto: The SEC's Approach to Digital Assets - https://www.sec.gov/newsroom/speeches-statements/atkins-111225-secs-approach-digital-assets-inside-project-crypto 2

  3. SEC Settlement with Ripple Labs - https://www.sec.gov/enforcement-litigation/litigation-releases/lr-26306

  4. Digital Asset Market Clarity (CLARITY) Act, H.R. 3633 - https://www.congress.gov/bill/119th-congress/house-bill/3633/text

  5. SEC Staff No-Action Letter to DTC for Tokenization Services - https://www.carltonfields.com/insights/publications/2025/sec-staff-no-action-letter-to-dtc-for-tokenization-services

  6. ESMA Markets in Crypto-Assets Regulation (MiCA) - https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica 2

  7. ESMA DLT Pilot Regime - https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/dlt-pilot-regime

  8. Luxembourg Adopts Blockchain Law IV - https://www.goodwinlaw.com/en/insights/publications/2024/12/insights-finance-ftec-luxembourg-adopts-blockchain-law-iv

  9. BaFin: Germany's Electronic Securities Act (eWpG) - https://www.bafin.de/SharedDocs/Veroeffentlichungen/EN/Fachartikel/2021/fa_bj_2107_eWpG_en.html

  10. Siemens Issues Digital Bond on Blockchain - https://press.siemens.com/global/en/pressrelease/siemens-remains-pioneer-another-digital-bond-successfully-issued-blockchain

  11. Liechtenstein Parliament Adopts Blockchain Act (TVTG) - https://www.loc.gov/item/global-legal-monitor/2019-10-30/liechtenstein-parliament-adopts-blockchain-act/

  12. Summary of MAS Guideline on Digital Token Offerings - https://www.cnplaw.com/summary-of-mas-guideline-on-digital-token-offerings/

  13. Franklin Templeton and ADDX Launch Tokenized Money Market Fund in Singapore - https://www.prnewswire.com/apac/news-releases/franklin-templeton-and-addx-launch-tokenised-us-dollar-short-term-money-market-fund-in-singapore-302612421.html

  14. MAS Project Guardian - https://www.mas.gov.sg/schemes-and-initiatives/project-guardian

  15. FINMA ICO Guidelines: Token Classification - https://www.finma.ch/en/news/2018/02/20180216-mm-ico-wegleitung/

  16. FINMA Grants First DLT Trading Facility License to BX Digital - https://www.finma.ch/en/news/2025/03/20250318-mm-dlt-handelssystem/

  17. SDX Digital Bonds Surpass CHF 1 Billion Milestone - https://www.six-group.com/en/newsroom/media-releases/2024/20240521-six-sdx-digital-bonds-milestone.html

  18. Dubai Law No. 4 of 2022: Regulating Virtual Assets in the Emirate of Dubai - https://dlp.dubai.gov.ae/Legislation%20Reference/2022/Law%20No.%20(4)%20of%202022%20Regulating%20Virtual%20Assets.html

  19. SFC Hong Kong: Virtual Asset Trading Platform Operators - https://www.sfc.hk/en/Rules-and-standards/Virtual-assets/Virtual-asset-trading-platforms-operators

  20. FCA: New Regime for Cryptoasset Regulation - https://www.fca.org.uk/firms/new-regime-cryptoasset-regulation

  21. Bank of England and FCA: Digital Securities Sandbox - https://www.bankofengland.co.uk/paper/2024/policy-statement/boe-fca-joint-approach-to-the-digital-securities-sandbox

  22. China Crypto Ban: 2025 Enforcement Updates - https://www.bitget.com/academy/china-crypto-ban-2025-stablecoins-hong-kong-jd-ant-crypto-mining

  23. India Crypto Tax: Complete Guide 2026 - https://koinly.io/guides/crypto-tax-india/

  24. IOSCO Policy Recommendations for Crypto and Digital Asset Markets - https://www.iosco.org/library/pubdocs/pdf/IOSCOPD755.pdf

  25. FATF Targeted Update on Virtual Asset and VASP Standards - https://www.fatf-gafi.org/en/publications/Fatfrecommendations/targeted-update-virtual-assets-vasps-2024.html