← Back to guides

Token Classification: Security vs. Utility

2026-04-03 · Web3 Compliance AI

Why Classification Matters

Token classification determines which regulatory regime applies. A token classified as a security triggers securities law requirements: registration, prospectus obligations, trading venue rules, and investor protection measures. Getting this wrong can result in enforcement actions, disgorgement of proceeds, and personal liability for founders and officers.

The US Approach: The Howey Test

The SEC applies the Howey Test from the 1946 Supreme Court decision. A token is a security (specifically, an investment contract) if it involves:

  1. An investment of money — Broadly interpreted; includes crypto and other consideration.
  2. In a common enterprise — Typically met when token purchasers' fortunes are tied together or to the issuer's efforts.
  3. With a reasonable expectation of profits — Includes capital appreciation, not just dividends. Marketing materials promising returns are strong evidence.
  4. Derived from the efforts of others — The critical prong. If the token's value depends primarily on the efforts of a centralized team, it likely meets this element.

The SEC's framework (published April 2019) provides additional guidance. Key factors include: the degree of decentralization, whether the network is fully functional, how the token is marketed, and whether purchasers have a reasonable expectation of profit from the issuer's efforts.

Sufficiently Decentralized

The SEC has indicated that a token may not be a security if the network is "sufficiently decentralized" — meaning no central party whose efforts are key to the token's value. This was articulated by former Director Hinman regarding Ethereum. However, this concept has no bright-line test and remains subject to debate. The path from security to non-security through progressive decentralization is legally uncertain.

The EU Approach: MiFID II and MiCA

The EU distinguishes between:

  • Financial instruments under MiFID II — Tokens that represent transferable securities (equity, debt), derivatives, or units in collective investment schemes. These fall under full securities regulation.
  • Crypto-assets under MiCA — Tokens that do not qualify as financial instruments. MiCA creates three categories: Asset-Referenced Tokens (ARTs), E-Money Tokens (EMTs), and other crypto-assets (utility tokens and others).

The classification test looks at: the rights attached to the token (profit rights, voting rights, redemption rights), the economic function, and how it is marketed. Member state NCAs make the final determination, and a token classified as a financial instrument in one member state should be treated consistently across the EU.

Practical Classification Framework

When analyzing a token, evaluate:

  1. Rights granted — Does it provide ownership, profit-sharing, governance rights, or access to a service?
  2. Economic reality — Is the primary use speculation/investment or functional utility?
  3. Marketing and communications — How was it sold? Promises of returns push toward security classification.
  4. Functionality at launch — Is there a working product, or are buyers funding development?
  5. Secondary market trading — Is it listed on exchanges primarily for speculation?
  6. Decentralization — Is there a central team whose efforts drive value?

Risk Mitigation

If classification is uncertain, the safest path is to comply with securities laws or seek a formal regulatory determination. Many jurisdictions offer no-action letters or sandbox programs. Document your classification analysis thoroughly — a well-reasoned legal opinion, even if ultimately wrong, demonstrates good faith and can mitigate penalties.