StateBay
BlogCrypto

Crypto Token Classification 2026: When Your Token Needs a Securities License

7 min read
Legal classification framework showing crypto tokens evaluated against securities regulations across multiple jurisdictions

Four major jurisdictions, four different classification frameworks, and one common trap: assuming your token is a utility token because you want it to be. Here is what actually triggers securities classification in 2026.

Why classification matters more than you think

Token issuers treat classification like a branding exercise. Call it a utility token, avoid the word "investment," and hope regulators agree. This approach worked in 2017. It does not work now.

If your token is classified as a security, you need securities authorization to issue it, exchanges need securities licenses to list it, and secondary trading falls under securities market rules. The consequences of getting this wrong go beyond fines. Issuers face token buyback orders, personal liability for directors, and criminal referrals in some jurisdictions. The SEC has collected over $5 billion in crypto enforcement actions since 2020, and a significant portion targeted tokens that were sold as utility tokens but functioned as investment contracts.

The frustrating part: there is no universal classification standard. A token that qualifies as a utility token in Singapore might be an asset-referenced token in the EU and an unregistered security in the United States. You need to classify under every jurisdiction where your token will be offered or traded.

The Howey test and what the SEC actually looks for

In the United States, the SEC's framework applies the 1946 Howey test: an investment of money, in a common enterprise, with an expectation of profits, derived from the efforts of others. Every element must be met.

The tricky element is "efforts of others." If token buyers reasonably expect the issuing team to build, market, and improve the platform in ways that increase the token's value, that looks like reliance on the efforts of others. Most pre-launch and early-stage token sales fail this test. The token does not have utility yet. Buyers are betting on the team's ability to deliver it. That is an investment contract.

The SEC's enforcement actions reveal what actually triggers scrutiny. Promotional materials that emphasize token price appreciation. Roadmaps that tie platform development to token value. Team token allocations with vesting schedules that incentivize price increases. Buyback or burn mechanisms designed to create scarcity. Any of these features, combined with a token sale to the general public, will draw SEC attention.

There is a narrow path to utility classification in the US, but it requires the network to be "sufficiently decentralized" before the token is widely distributed. The SEC has acknowledged that a token could start as a security and later transition to a non-security once the network becomes decentralized enough that buyers no longer rely on a central team. Bitcoin and (eventually) Ethereum received this treatment. Almost nothing else has.

MiCA's three-category approach in the EU

The EU's Markets in Crypto-Assets regulation takes a different approach entirely. Rather than asking whether something is a security (which would fall under MiFID II), MiCA creates three categories specifically for crypto-assets that are not already financial instruments.

E-money tokens (EMTs) reference a single fiat currency. These require EMI authorization. Straightforward.

Asset-referenced tokens (ARTs) reference multiple currencies, commodities, or other assets. These need specific MiCA authorization and face capital requirements, reserve obligations, and ESMA oversight for significant tokens.

Utility tokens provide access to goods or services and are the least regulated category. Issuers must publish a white paper but do not need authorization.

The catch: if your token provides rights that resemble financial instruments (profit sharing, revenue distribution, governance rights that function like equity), it falls outside MiCA entirely and into MiFID II territory. That means full securities regulation. The European Securities and Markets Authority published guidance in late 2025 clarifying that tokens with staking rewards tied to protocol revenue, or governance tokens that grant rights to treasury funds, may qualify as transferable securities under MiFID II rather than utility tokens under MiCA.

Token structuring decisions made before launch determine which category you land in. Once the token is live and classified, reclassification is painful and potentially impossible without a new token issuance.

How the FCA classifies tokens in the UK

The UK's Financial Conduct Authority takes a principles-based approach. The FCA's crypto guidance defines three broad categories: security tokens, e-money tokens, and unregulated tokens (which include utility tokens and exchange tokens).

A token is a security token if it provides rights equivalent to shares, debt instruments, or units in collective investment schemes. The FCA's test focuses on the rights the token confers, not the technology used to deliver them. If your token grants holders a share of profits, a right to repayment with interest, or pooled investment returns managed by a third party, it is a security token regardless of what you call it.

The UK regime has a meaningful gap that creates confusion. Tokens that do not qualify as securities or e-money are currently unregulated (beyond AML registration requirements for crypto businesses). But the Treasury has been consulting on expanded regulation since 2023, and broader rules covering utility tokens, stablecoins, and exchange tokens are expected. Issuers designing token structures for the UK market should plan for incoming regulation, not the current light-touch regime.

One practical advantage of the FCA's approach: you can request informal guidance from the FCA's Innovation Hub on whether your specific token would be classified as a security. The response is not binding, but it provides meaningful signal before you commit to a token structure.

Singapore's functional approach under MAS

The Monetary Authority of Singapore applies existing securities law to digital tokens. Under the Securities and Futures Act, a token is a capital markets product if it constitutes a share, debenture, or unit in a collective investment scheme. MAS published detailed guidance ("A Guide to Digital Token Offerings") that walks through classification scenarios.

Singapore's approach is notable for its focus on substance over form. MAS has been explicit: calling something a "utility token" does not make it one. If the token's economic reality is that holders invest money and expect returns generated by the issuer's efforts, MAS will treat it as a capital markets product.

Where Singapore differs from the US is in the treatment of governance tokens and staking. MAS has indicated that pure governance tokens (voting rights only, no economic rights) are unlikely to be securities. Staking rewards that function as a return on investment, as opposed to compensation for network services actually rendered, push a token toward securities classification. The distinction is subtle and fact-specific.

The design decisions that trigger securities classification

Across all four jurisdictions, certain token features consistently increase the risk of securities classification:

  • Revenue sharing or profit distribution mechanisms (dividends by another name)
  • Token buyback programs funded by the issuer's revenue (creates price support that resembles a return on investment)
  • Burn mechanisms explicitly tied to increasing scarcity and price (marketed as value appreciation, which regulators read as investment return)
  • Staking yields funded by protocol revenue rather than inflation or network fees (the source of yield matters enormously)
  • Governance rights over a treasury or revenue pool (this starts looking like a collective investment scheme)
  • Vesting schedules for team and investor tokens that align with price milestones

The features that help a token stay in utility territory: access to a specific product or service that exists at the time of sale, consumption-based pricing (tokens are used and burned through actual usage), no secondary market promotion by the issuing team, and a functioning product rather than a promise to build one.

Practical consequences for issuers

If your token is classified as a security in even one major jurisdiction, the implications cascade. Exchanges in that jurisdiction cannot list it without securities market authorization. Marketing to residents becomes a regulated activity. Secondary trading faces restrictions. And if you sold the token to residents before obtaining authorization, you face retroactive enforcement.

The cost of getting a securities license varies dramatically. In the EU under MiFID II, you need investment firm authorization with minimum capital of EUR 75,000 to EUR 750,000 depending on activities, plus ongoing compliance infrastructure. In the US, you either register the offering with the SEC (expensive and slow) or qualify for an exemption like Reg D (which limits you to accredited investors). In Singapore, a capital markets services license from MAS requires SGD 250,000 to SGD 5 million in base capital.

Compare that to the cost of a utility token white paper under MiCA: essentially legal fees for drafting and filing. The regulatory cost difference between "utility" and "security" can be millions of dollars over the life of the project. That is why classification decisions made at the design stage, before a single line of smart contract code is written, are the most consequential decisions a token project makes.

What to do first

Get a classification opinion from qualified legal counsel in every jurisdiction where you plan to offer or allow trading of your token. Not a general memo on token classification. A specific, written opinion on your token's features, your distribution plan, and your marketing strategy. Budget $20,000 to $50,000 for multi-jurisdictional analysis. It is the cheapest insurance you will buy.

If the analysis comes back saying your token is a security in one or more jurisdictions, you have two options: restructure the token to remove the features that trigger classification, or accept the classification and obtain the necessary licenses before launching. Both are better than launching and hoping regulators do not notice. They will.

Related Jurisdictions

Malta flagMaltaSingapore flagSingaporeUnited Kingdom flagUnited KingdomUnited States flagUnited StatesGermany flagGermany

Related Articles

Crypto OTC desk trading environment with regulatory licensing compliance elements across multiple jurisdictions
BlogCrypto
Feb 23, 2026

Crypto OTC Desk Licensing 2026: Requirements for Over-the-Counter Trading

OTC desks operate differently from exchanges, but regulators increasingly treat them the same. Here is when OTC activity triggers licensing and what the requirements actually look like across key jurisdictions.

Institutional crypto custody illustration showing secure key management and client asset segregation concepts
BlogCrypto
Feb 10, 2026

Crypto Custody License Requirements for Institutional Providers in 2026

Crypto custody licensing is distinct from exchange licensing, with requirements around cold storage architecture, key management, insurance, and client asset segregation that catch unprepared applicants off guard.

Dubai skyline with Burj Khalifa representing VARA crypto licensing jurisdiction
BlogCrypto
Feb 7, 2026

Dubai VARA Crypto Licensing: Full Authorization vs MVP Pathway

Dubai's VARA offers two routes to market: the Minimum Viable Product license for limited launch, or full authorization for unrestricted operations. Here's how they differ.

Stablecoin regulation concept illustration showing currency stability framework
BlogCrypto
Jan 30, 2026

MiCA Stablecoin Rules Reshape European Crypto Payments

MiCA's stablecoin framework distinguishes between e-money tokens and asset-referenced tokens with different authorization requirements. Here's what issuers need to know.