The $31B real-world asset market on-chain proves tokenization has moved from pilot to production, yet most issuers still fail at the first gate: the legal structure. Real estate, private equity, and corporate debt are all tokenizable, but misclassifying the legal wrapper — SPV vs.
Introduction
The $31B real-world asset market on-chain proves tokenization has moved from pilot to production, yet most issuers still fail at the first gate: the legal structure. Real estate, private equity, and corporate debt are all tokenizable, but misclassifying the legal wrapper — SPV vs. trust vs. REIT — before minting a single smart contract line carries the highest remediation cost in the entire process. This article walks through the six sequential decisions that separate successful issuances from costly failures: asset type selection, legal wrapping, regulatory framework alignment, platform and blockchain choice, token standard selection, and secondary market listing. By the end, readers will understand why legal structure determines everything downstream, which exemption targets their issuer category, and how ERC-3643's on-chain identity controls enforce compliance at the transfer level.
Key Takeaways
- Real estate, private equity, and corporate debt account for the largest share of the $31B on-chain RWA market as of May 2026, driven by assets that cleared legal ownership requirements first.
- Legal structure choice — SPV, trust, or REIT — determines token classification, investor eligibility, and which jurisdictions can legally hold the token; misclassification carries the highest downstream remediation cost.
- US issuers select among Reg D 506(c) for accredited-only raises, Reg A+ for retail access with $75M annual limits, or Reg S for non-US distribution; many combine multiple exemptions in dual-tranche offerings.
- Securitize operates under SEC-registered transfer agent licenses and manages $4B+ in tokenized AUM including BlackRock BUIDL; Tokeny deploys ERC-3643 across jurisdictions; Ondo Finance issues public DeFi-composable products with $2.5B TVL.
- ERC-3643 (T-REX) underpins $32B+ in tokenized assets across 180+ jurisdictions and enforces compliance at the transfer level through on-chain identity verification, eliminating the need for separate external gates.
What Can Be Tokenized and What Must Come First
Real estate, private equity, corporate debt, commodities, fund units, and intellectual property are all candidates for tokenization — but the asset type determines which legal wrapper, token standard, and regulatory pathway apply before a single line of smart contract code is written. The real-world asset (RWA) market on-chain surpassed $31B by May 2026, driven by assets that cleared these foundational requirements.
Which Asset Types Can Be Tokenized Today
Six primary asset classes currently support on-chain issuance at institutional scale. Real estate — fractional ownership in commercial properties or mortgages — accounts for the largest share of tokenization pilots. Private equity and venture fund units transfer through special purpose vehicles (SPVs) that hold the underlying shares. Corporate and government bonds issue as security tokens under Reg D or equivalent frameworks. Commodities, including gold and carbon credits, tokenize through custodial structures where the physical asset is held by a regulated vault operator.
The Key Legal Requirement — Provable Ownership or Claim
Tokenization requires a legally provable ownership claim — not a digital representation alone. The token must map to an underlying right: title to property, equity in an SPV, a debt obligation, or a custody receipt. Without that mapping, the token represents nothing a court would recognize. Jurisdictions including the US, UK, and Singapore have each issued guidance confirming that a token derives its legal status from the underlying instrument — meaning the legal structuring step is non-negotiable regardless of the blockchain chosen.
Data current as of June 2026.
Legal structure selection drives every downstream decision — token classification, investor eligibility, and secondary market access all depend on getting the wrapper right from the start.
Choosing the Right Legal Wrapper and Why It Matters
The legal wrapper chosen before tokenization — SPV, trust, LLC, or REIT — is not a formality: it determines whether the token is classified as a security, what investor rights attach, and which jurisdictions can legally hold it. Misclassification at this stage carries the highest downstream remediation cost in the entire tokenization process.
Choosing the Right Legal Wrapper — SPV, Trust, or REIT
An SPV is the most common structure for single-asset tokenization: it isolates the asset from the issuer's balance sheet, holds title directly, and issues membership interests as tokens. A trust structure is preferred for debt instruments and fund units because it separates legal ownership (the trustee) from beneficial ownership (the token holder), a distinction recognized across common law jurisdictions. A real estate investment trust (REIT) structure allows broader retail participation but triggers securities registration requirements and ongoing disclosure obligations that smaller issuers often cannot absorb. The choice among these three is driven first by asset type, then by target investor jurisdiction, and only last by cost.
Why Legal Structure Determines Token Classification
Token classification flows directly from the rights the token confers. An SPV membership interest token carries equity rights — dividends, voting, liquidation preference — and is a security in every major jurisdiction. A trust certificate token carries debt or beneficial ownership rights and is similarly classified. A utility token carrying no ownership claim or cash flow right is not a security, but no asset-backed token qualifies as utility. The legal structure chosen dictates which exemptions are available, which disclosures are mandatory, and which secondary venues can legally list the token — making this the decision with the highest downstream cost if wrong.
Regulatory framework selection — the next decision — must align precisely with the legal structure chosen here, because each exemption targets a specific token type and issuer category.
Selecting a Regulatory Framework — US, EU, and Global Pathways
Security token issuers must select a regulatory exemption before minting — the choice sets the investor pool, disclosure burden, and secondary market structure. Three US exemptions and two major international frameworks cover the broadest range of issuance scenarios in 2026 (as of May 2026) .
US Pathways — Reg D, Reg A+, and Reg S for Security Tokens
Regulation D 506(c) permits token sales to accredited investors only, with no cap on raise size and minimal disclosure requirements — it is the default for institutional-grade security token offerings. Regulation A+ extends access to retail investors with a $75M annual raise limit and a full SEC-qualified offering circular; issuers must file ongoing annual, semiannual, and current reports with the SEC. Regulation S covers token sales to non-US investors and carries no SEC registration requirement, but issuers must implement distribution compliance measures to prevent flowback into US markets within the applicable restricted period. Many issuers combine Reg D (for US accredited) with Reg S (for international) in a simultaneous dual-tranche offering, a structure Securitize has processed for multiple tokenized fund issuances.
EU and Global Frameworks — MiCA, MAS Project Guardian, and ADGM
The Markets in Crypto-Assets Regulation (MiCA) governs token issuance across all 27 EU member states and covers asset-referenced tokens and e-money tokens, though security tokens remain subject to existing MiFID II securities rules alongside MiCA's disclosure requirements. The Monetary Authority of Singapore (MAS) Project Guardian framework enables institutional DeFi pilots — 24 financial institutions participated in Project Guardian pilots through early 2026 — and explicitly covers tokenized bonds and fund units. The Abu Dhabi Global Market (ADGM) has issued dedicated digital securities regulations allowing full tokenized security issuance and secondary trading within its jurisdiction. Each framework carries distinct minimum investment thresholds, cross-border passport rights, and custody requirements that interact with the legal wrapper chosen in the prior step.
US
Framework: Reg D 506(c)
Who It Covers: Accredited investors only
Min. Investment: $10,000 (as of May 2026)
Key Requirement: Accredited investor verification
US
Framework: Reg A+
Who It Covers: Retail + accredited
Min. Investment: $100 minimum
Key Requirement: SEC-qualified offering circular
International
Framework: Reg S
Who It Covers: Non-US investors
Min. Investment: None
Key Requirement: Distribution compliance measures
EU
Framework: MiCA + MiFID II
Who It Covers: EU retail & institutional
Min. Investment: None
Key Requirement: Prospectus or exemption filing
Singapore
Framework: MAS PGF
Who It Covers: Institutional
Min. Investment: Institutional threshold
Key Requirement: MAS licensing or sandbox approval
Data current as of June 2026.
Platform and blockchain selection — the next decision — must match the regulatory framework chosen, because certain platforms are licensed only under specific exemptions.
Selecting a Platform and Blockchain for Tokenization
Platform choice and blockchain choice are interdependent decisions: Securitize operates under SEC-registered transfer agent and broker-dealer licenses that constrain it to US-compatible frameworks, while Tokeny's ERC-3643 deployment model works across any jurisdiction with a compliant legal wrapper. The blockchain choice then follows from the platform's supported networks and the liquidity requirements of the target investor base.
Platform Comparison — Securitize, Polymath, Tokeny, and Ondo
Securitize reported $4B+ in tokenized assets under management (AUM) and $19.5M in Q1 2026 revenue and manages BlackRock's BUIDL fund among other institutional mandates — it is the leading US-regulated tokenization platform by both AUM and revenue. Polymath targets capital markets issuers with its Polymesh permissioned blockchain, designed specifically for regulated securities with on-chain governance for corporate actions. Tokeny specializes in ERC-3643 deployments and serves issuers across Europe and Asia who need interoperable compliance without relying on a single platform's licensing infrastructure. Ondo Finance operates differently — it issues tokenized US Treasuries and money market funds as public DeFi-composable products, with total value locked (TVL) surpassing $2.5B across OUSG and USDY. Its primary buyers are protocols and institutional decentralized finance (DeFi) participants rather than individual security token purchasers.
Which Blockchain to Choose — EVM, Permissioned, or Hybrid
Ethereum remains the dominant settlement layer for tokenized assets because it provides the deepest liquidity, the widest smart contract tooling, and the largest base of institutional-grade wallets and custodians. Permissioned chains — Polymesh, Fabric-based networks, and enterprise Hyperledger deployments — offer privacy controls and governance features that regulated issuers in banking and insurance prefer, at the cost of secondary market liquidity. Layer-2 networks including Arbitrum and Polygon reduce transaction costs for high-frequency transfers — a property that suits tokenized money market funds where daily redemptions generate substantial on-chain activity. The choice among these architectures depends on whether the issuer prioritizes public DeFi composability, regulatory privacy controls, or transaction-cost efficiency.
Smart contract deployment follows platform and blockchain selection — the technical layer where the compliance rules encoded in the legal wrapper are converted into on-chain transfer restrictions.
Token Standards and Investor Onboarding Infrastructure
ERC-3643's on-chain identity module makes it the default for regulated security tokens — underpinning $32B+ in tokenized assets across 180+ jurisdictions — because it enforces compliance at the transfer level rather than relying on a separate off-chain gate that can be bypassed. The token standard chosen determines how know your customer (KYC) and anti-money laundering (AML) rules are implemented technically.
Choosing the Right Token Standard — ERC-20, ERC-3643, or ERC-1400
ERC-20 is the base fungible token standard and carries no compliance logic — transfers execute unconditionally. Without an external compliance layer that must be maintained separately, ERC-20 is unsuitable for security tokens. ERC-3643, also known as T-REX, extends ERC-20 with an on-chain identity registry that verifies wallet eligibility before every transfer — non-whitelisted wallets are blocked at the smart contract level. ERC-3643 is in active ISO standardization as of 2026 and underpins regulated issuances from Tokeny, Securitize, and Société Générale's digital bond platform. ERC-1400 offers a partition-based model suited to complex capital structures — different share classes within one token contract — and is used in fund issuances where preferred and ordinary units must be segregated with distinct transfer rules.
KYC/AML Whitelist Setup and Investor Onboarding
Investor onboarding for a regulated security token requires three steps before a wallet is whitelisted for transfer: identity verification against a government-issued document, accreditation verification matching the applicable exemption (income or net worth thresholds for Reg D, MAS institutional definitions, etc.), and sanctions screening against OFAC and equivalent lists. Securitize and Tokeny both provide onboarding modules that output a verified identity claim stored either on-chain (ERC-3643 ONCHAINID) or in a permissioned registry linked to the smart contract. Each verified wallet receives a transfer eligibility flag that the token contract checks before executing any transfer — meaning a non-verified wallet cannot receive tokens even if the issuer manually sends them, because the smart contract reverts the transaction.
ERC-20
Best For: Utility tokens, DeFi composability
Compliance Built-In: None
Notable Deployments: Stablecoins, governance tokens
ERC-3643 (T-REX)
Best For: Regulated security tokens, multi-jurisdiction
Compliance Built-In: On-chain identity registry
Notable Deployments: BlackRock BUIDL, SG Forge bonds
ERC-1400
Best For: Complex fund structures, multiple share classes
Compliance Built-In: Partition + controller restrictions
Notable Deployments: Polymath fund issuances
ERC-1155
Best For: Semi-fungible assets, NFT-hybrid structures
Compliance Built-In: None (requires overlay)
Notable Deployments: Fractionalized collectibles
Data current as of June 2026.
Secondary market listing — the final step — determines where verified investors can trade the token after issuance, and it carries its own regulatory requirements that vary by venue type.
Secondary Markets and Post-Issuance Obligations
Listing on a regulated alternative trading system (ATS) constrains the investor universe to the jurisdiction's eligible participants but satisfies securities regulators; listing on a permissioned decentralized exchange (DEX) widens access but requires ongoing wallet whitelisting that extends the issuer's compliance obligations indefinitely. Both options carry post-issuance reporting requirements that exist in perpetuity.
ATS vs DEX — Regulated vs Permissionless Secondary Markets
An ATS — tZERO, MERJ Exchange, or SDX in Switzerland — operates under securities exchange regulations, meaning it screens participants, maintains order books under market surveillance rules, and provides a regulatory audit trail acceptable to the SEC, FCA, and equivalent bodies. Tokens listed on an ATS benefit from price discovery and institutional credibility, but trading hours, participant eligibility, and supported token standards constrain liquidity. A permissioned DEX — a decentralized protocol with a whitelist gate enforced by the token's smart contract — allows 24/7 trading across any compliant wallet globally, but the issuer bears responsibility for keeping the whitelist current as investor accreditation status changes, legal ownership transfers, or sanctions lists update. Several issuers in 2026 operate dual-venue structures: ATS for primary institutional liquidity and a permissioned DEX pool for after-hours and cross-border access.
Post-Issuance Obligations — Reporting, Compliance, and Investor Relations
Post-issuance obligations begin the day the token is issued and do not expire as long as the token remains outstanding. Under Reg A+, issuers file annual reports on Form 1-K and semiannual reports on Form 1-SA with the SEC. Under MiCA, issuers publish periodic disclosures aligned with the approved white paper and notify the competent authority of material changes. Issuers must also update the KYC whitelist when investor circumstances change — an accreditation that lapses removes the investor's transfer eligibility — and manage corporate action events including distributions, redemptions, and voting on-chain through the token contract's governance module. Platforms including Securitize automate the majority of these functions through their transfer agent infrastructure, but ultimate legal liability for disclosure accuracy and whitelist maintenance rests with the issuer.
Summary
Tokenization moves through six interdependent decisions, each constraining the next. Asset selection determines which legal wrapper applies — real estate requires an SPV or REIT, private equity uses an SPV or LLC, debt instruments prefer a trust structure. The legal wrapper then determines token classification: an SPV membership interest token is a security in every major jurisdiction, while a trust certificate carries debt or beneficial ownership rights. Regulatory framework selection follows, with US issuers choosing among Reg D (for accredited investors, no raise cap), Reg A+ (for retail participation with a $75M annual limit and SEC-qualified offering circular), or Reg S (for non-US distribution). EU issuers navigate the Markets in Crypto-Assets Regulation (MiCA) alongside existing MiFID II securities rules, while Singapore's Monetary Authority (MAS) Project Guardian framework enabled 24 institutional DeFi pilots through early 2026 for tokenized bonds and fund units.
Platform and blockchain selection then interlock with regulatory choice: Securitize's SEC-registered transfer agent and broker-dealer licenses constrain it to US-compatible frameworks, while Tokeny's ERC-3643 model serves multi-jurisdiction issuers. Ethereum dominates as the settlement layer for institutional tokenized assets due to liquidity depth and custody infrastructure, though permissioned chains like Polymesh offer governance controls and privacy that regulated issuers in banking prefer. Token standard choice — ERC-20 (unsuitable for securities), ERC-3643 (the standard for regulated security tokens), or ERC-1400 (for complex fund structures with multiple share classes) — determines how know-your-customer and anti-money laundering rules are technically enforced. ERC-3643 is in active ISO standardization and underpins issuances from Securitize, Tokeny, and Société Générale's digital bond platform by enforcing whitelist eligibility at the smart contract level before any transfer executes. Secondary market listing concludes the process: regulated alternative trading systems (tZERO, MERJ, SDX) provide institutional credibility but constrain liquidity to business hours and specific participant classes, while permissioned decentralized exchanges enable 24/7 trading but require the issuer to maintain whitelist currency indefinitely. Post-issuance obligations include annual and semiannual filings under Reg A+, periodic disclosures under MiCA, and continuous KYC whitelist maintenance as investor accreditation status changes.
Conclusion
Issuers and investors can now explain the six structural choices that separate successful tokenizations from failed attempts: legal wrapper selection determines token classification; regulatory framework choice constrains the investor base; platform and blockchain decisions lock in liquidity architecture; token standard selection determines compliance mechanics; secondary venue choice defines trading access; and post-issuance obligations extend for the life of the token. The path from asset to regulated on-chain security is neither simple nor standardized across jurisdictions, but the sequence of decisions and the cost of missteps at each stage are now documented and repeatable. The question is no longer whether tokenization works — $31B of on-chain RWA prove it does — but whether an issuer has the legal and technical capacity to navigate all six steps without costly rework.
Why You Might Be Interested?
If an issuer or fund manager, understanding the legal-to-technical sequence prevents the costliest remediation: reclassifying a token after issuance. If an investor in security tokens, knowing which exemption covers a token tells whether secondary liquidity exists on an ATS or requires a permissioned DEX pool. If a blockchain developer, distinguishing ERC-3643's on-chain identity from simpler ERC-20 overlays explains why $32B in regulated assets standardized around identity-bound compliance rather than off-chain gates.
Quick Stats
- $31B — total RWA on-chain market value as of May 2026, driven by cleared legal ownership structures.
- $4B+ — Securitize tokenized assets under management, plus $19.5M Q1 2026 revenue; manages BlackRock BUIDL.
- $2.5B — Ondo Finance total value locked across tokenized US Treasury and money market fund products.
- 180+ — jurisdictions where ERC-3643 (T-REX) underpins $32B+ in tokenized assets; ISO standardization underway.
- 24 — financial institutions participated in Singapore's MAS Project Guardian institutional DeFi pilots through early 2026.
Data current as of June 2026.
FAQ
?What is the difference between Reg D 506(c) and Reg A+ for tokenized securities?
Reg D 506(c) limits investors to accredited individuals and institutions (net worth or income thresholds), carries no raise cap, and requires minimal SEC disclosure. Reg A+ extends access to all investors — accredited and non-accredited — with a $75M annual raise limit and mandatory SEC-qualified offering circular filing plus annual and semiannual reports. Issuers seeking institutional speed choose Reg D; those targeting broader retail participation choose Reg A+.
?Can I tokenize intellectual property, and if so, which token standard applies?
Yes — intellectual property tokenizes as a royalty token through a license agreement structure, but adoption remains in pilot phase. The token carries a contractual claim on future income (licensing fees, royalties), not direct copyright ownership. No single token standard dominates IP yet; ERC-20 with overlays and specialized smart contracts are common, but ERC-3643 is being explored for jurisdictions requiring on-chain compliance controls.
?What happens if I issue a security token on Ethereum but later want to move it to another blockchain?
Migration is technically possible but legally complex. The token contract can be paused and a new contract deployed on another chain, but every investor's wallet must be migrated and re-whitelisted on the new network's KYC/AML registry. Dual-chain deployments are more practical: the issuer can deploy identical token contracts on two blockchains with synchronized whitelists, letting investors choose their settlement layer. This approach requires additional compliance overhead.
?Is ERC-3643 mandatory for security token issuance, or can I use ERC-20 with off-chain compliance?
ERC-3643 is not legally mandatory, but it is the market standard for regulated security tokens because it enforces whitelist eligibility at the transfer level — a non-verified wallet cannot receive tokens even if the issuer manually sends them. Off-chain compliance gates (separate whitelists maintained outside the smart contract) can be bypassed if a wallet gains control of tokens through secondary transfer. ERC-3643 eliminates this risk by making the identity check part of the token contract itself.
?Which platform should I choose if I'm issuing a tokenized real estate fund to retail investors?
For US retail, Reg A+ through Securitize is the most established path: it provides SEC-regulated transfer agent infrastructure, investor onboarding, and access to secondary market liquidity through ATS venues. For EU retail, MiCA-compliant platforms like Tokeny offer multi-jurisdiction reach without relying on a single platform's licensing. For institutional-only offerings, Reg D 506(c) through Securitize or Tokeny both work, with Securitize preferred if US accredited investors dominate the cap table.
?What happens to a tokenized security if the platform that issued it shuts down?
The smart contract and token remain on the blockchain, but the issuer loses the platform's onboarding and compliance infrastructure. If the token was issued under Reg D or Reg A+, the issuer retains legal liability for KYC/AML maintenance and post-issuance filings regardless of platform status. The whitelist must be migrated to a replacement platform or governance module, which requires investor consent and legal coordination. This risk is why institutional issuers increasingly deploy on their own infrastructure or via decentralized identity systems rather than relying entirely on a single platform provider.
?How does secondary trading work for tokenized assets if I don't want to list on an exchange?
Permissioned decentralized exchanges (DEXs) allow peer-to-peer trading within whitelisted participants 24/7 without a centralized order book. The issuer (or a delegate) maintains the whitelist by verifying each new counterparty's accreditation and sanctions status before allowing transfers. This approach widens access beyond business-hours ATSes but requires continuous KYC/AML administration. Alternatively, issuers can disable secondary trading entirely — forcing redemption through the issuer rather than peer-to-peer transfer — which simplifies compliance but locks liquidity.
?Do I need to be an accredited investor to buy tokenized securities?
Depends on the exemption. Reg D 506(c) restricts sales to accredited investors only. Reg A+ allows both accredited and non-accredited retail investors, subject to a $75M annual raise cap and a potential individual purchase limit per investor per year. Regulation S covers non-US investors and has no accreditation threshold. MAS Project Guardian requires participants to be institutional entities licensed or operating in sandboxes approved by Singapore's regulator. Always confirm the exemption under which the token was issued.
References / Sources
Market Research
- Industry scale, growth metrics, and asset allocation data for tokenized RWA market.
- RWA.xyz: $31B on-chain RWA market milestone (rwa.xyz, May 2026)
- Fintech.tv: Ondo Finance TVL milestone $2.5B (fintech.tv, May 2026)
- Finextra: ERC-3643 jurisdiction coverage and standardization (finextra.com, 2026)
Platform & Company Data
- Official disclosures, tokenized AUM, revenue, and institutional deployments.
- Securitize: $4B+ tokenized AUM and Q1 2026 revenue $19.5M (securitize.io, May 2026)
- Securitize: BlackRock BUIDL fund management details (securitize.io, 2026)
- ERC3643.org: T-REX standard technical specifications and jurisdictional adoption (erc3643.org, 2026)
Regulatory & Legal
- Frameworks, exemptions, licensing requirements, and compliance standards.
- US SEC: Regulation D 506(c) and Reg A+ exemption rules (sec.gov, 2026)
- Singapore MAS: Project Guardian institutional DeFi pilot framework (mas.gov.sg, 2026)
- EU: Markets in Crypto-Assets Regulation (MiCA) and MiFID II integration (ec.europa.eu, 2026)
Related articles
Coinpaprika education
Discover practical guides, definitions, and deep dives to grow your crypto knowledge.
Cryptocurrencies are highly volatile and involve significant risk. You may lose part or all of your investment.
All information on Coinpaprika is provided for informational purposes only and does not constitute financial or investment advice. Always conduct your own research (DYOR) and consult a qualified financial advisor before making investment decisions.
Coinpaprika is not liable for any losses resulting from the use of this information.