Knowledge for Web3 Regulators

Katarzyna Hasnik
May 26
7 min read

Updated: Jul 4

1. Utility tokens, payment tokens, and security tokens: distinctions and regulatory significance

Utility tokens are digital assets designed to provide access to a product or service within

a blockchain ecosystem. They are typically not intended as investment vehicles.

Payment tokens, often referred to as cryptocurrencies, function as a medium of exchange and are used for payment purposes without granting rights or access to specific services.

Security tokens represent ownership or entitlement to an underlying asset, such as shares in a company, and may provide dividends, voting rights, or other financial benefits.

These distinctions are critical within regulatory frameworks. Utility tokens may not be regulated as financial instruments, whereas security tokens often fall under securities laws. Payment tokens may trigger obligations under anti money laundering (AML) and financial services legislation.

Recognising the correct classification affects the obligations of issuers, the rights of holders, and the oversight of regulatory authorities.

Utility tokens grant access to a platform’s functions or services; their primary purpose is usage,

rather than investment.

Payment tokens (cryptocurrencies) serve as a medium of exchange or store of value, without

conferring rights to services or profits.

Security tokens confer rights analogous to traditional securities, such as equity, debt, dividends or profit-sharing, and are treated as financial instruments under securities laws .

Why this matters for regulation:

Security tokens trigger securities regulation, requiring registration, disclosures, and compliance with frameworks like the US Howey test.
Payment tokens trigger AML/KYC and financial-services regulation.
Utility tokens may remain outside financial regulation, though regulators scrutinise ICOs to prevent misclassification.

Clear classification protects consumers, ensures legal clarity for issuers, and aligns supervisory obligation.

Discover more at Web3 Talents https://web3-talents.io/:

Web3 Talents: Fundamentals of Bitcoin, and Ethereum (public blockchain systems) - Discovery & Define Stage.

2. Comparative regulatory frameworks for blockchain and cryptocurrencies

United States: The regulatory environment is fragmented. The Securities and Exchange Commission (SEC) treats many tokens as securities, requiring compliance with securities laws.

The Commodity Futures Trading Commission (CFTC) considers some digital assets to be

commodities. The Financial Crimes Enforcement Network (FinCEN) enforces AML obligations.

Taxation is under the purview of the Internal Revenue Service (IRS), which treats crypto as property subject to capital gains tax.

United Kingdom: The Financial Conduct Authority (FCA) oversees crypto asset businesses, primarily through AML regulations. While utility tokens are generally unregulated, security tokens fall under the Financial Services and Markets Act. The UK has introduced a phased approach to crypto legislation, with plans to regulate stablecoins and broader financial promotions. Crypto assets are subject to capital gains tax.

Singapore: The Monetary Authority of Singapore (MAS) provides a clear regulatory regime under

the Payment Services Act, covering digital payment tokens. AML and countering the financing of

terrorism (CFT) requirements are strictly enforced. Singapore distinguishes between utility and

security tokens, with the latter regulated under the Securities and Futures Act. Tax treatment is

favourable, with no capital gains tax.

Japan: The Financial Services Agency (FSA) regulates crypto assets under the Payment Services Act and the Financial Instruments and Exchange Act. Exchanges must register and comply with capital and cybersecurity requirements. AML obligations are strict, and security tokens are subject to securities regulations. Japan has established detailed tax obligations for crypto asset trading.

European Union (MiCAR): The Markets in Crypto Assets Regulation (MiCAR) introduces

a comprehensive regulatory framework across the EU, distinguishing between asset referenced tokens, electronic money tokens, and other crypto assets. It mandates licensing, transparency,

and consumer protection. MiCAR will harmonise AML, market conduct, and prudential requirements across member states.

Other jurisdictions:

Switzerland adopts a principle-based approach with FINMA classifying tokens as payment,
utility, or asset tokens.
United Arab Emirates and Hong Kong are introducing robust licensing frameworks.
Australia is pursuing legislation with a focus on consumer protection and innovation facilitation.

United States

SEC regulates security tokens as securities under federal law.
CFTC may treat certain tokens as commodities.
FinCEN mandates AML/KYC for exchanges and custodians.
IRS taxes tokens as property; capital gains apply upon each disposition.

United Kingdom

Financial Conduct Authority (FCA) regulates crypto businesses under AML frameworks.
Security tokens are regulated under the Financial Services and Markets Act; utility tokens are generally unregulated.
Planned legislation will regulate stablecoins and financial promotions.
Tax: capital gains tax applies to crypto disposals.

Singapore

MAS regulates under the Payment Services Act.
AML/CFT rules are strict.
Security tokens fall under Securities and Futures Act; utility tokens are exempt.
Tax: no capital gains tax.

Japan

FSA regulates under both the Payment Services Act and Financial Instruments and Exchange Act.
Exchanges require registration, capital requirements, cybersecurity protocols and AML/KYC.
Taxation includes income from trading.

European Union - MiCAR

MiCAR (Regulation (EU) 2023/1114) establishes a harmonised regime distinguishing
asset‑referenced tokens (stablecoins), e‑money tokens and other crypto‑assets.
Licensing mandatory for issuers and service providers; transparency and consumer protections enforced.
AML/CFT obligations are strengthened via EBA/FTR oversight.
Capital gains taxed per national law.

Other jurisdictions

Switzerland (FINMA) classifies tokens as payment, utility, or asset tokens.
Hong Kong and UAE are developing detailed licensing regimes.
Australia is moving ahead with consumer-oriented frameworks.

3. Central Bank developments and regulatory implications

Central banks globally are increasingly engaged in the regulation of digital assets, both through

oversight and direct involvement. Their primary concerns include financial stability, monetary

sovereignty, and systemic risk management.

Regulatory implications include the integration of crypto asset firms into prudential frameworks,

oversight of stablecoin issuers, and the creation of licensing regimes for exchanges and custodians.

Furthermore, central banks are working with international standard setters such as the Financial Stability Board and the Bank for International Settlements to coordinate global standards.

Central banks actively engage in crypto‑asset oversight to protect financial stability, sovereign currency issuance, and systemic risk.

Their influence includes:

Participation in international standard‑setting bodies (BIS, FSB).
Imposing prudential rules on crypto firms, exchanges, custodians and stablecoin issuers.
Leading regulatory initiatives for stablecoins and DLT infrastructures (e.g. UK’s DLT pilot regime). Conducting licensing, monitoring, and oversight of service providers.

4. Central Bank Digital Currencies (CBDCs): impacts and developments

CBDCs are being explored or piloted in numerous jurisdictions. China’s digital yuan is the most

advanced among major economies, while the European Central Bank is proceeding with a digital euro. The Bank of England has released consultations on a potential digital pound. The United States is evaluating but remains cautious.

CBDCs could enhance monetary policy transmission by allowing real time policy effects. They may support financial inclusion and reduce transaction costs. However, they also present risks to financial stability, particularly if individuals shift deposits from commercial banks to central banks, potentially leading to disintermediation. Moreover, their implementation raises questions about data privacy, technical resilience, and cross border interoperability.

Global developments

China (digital yuan) is well advanced.
European Central Bank aims for autumn 2025 decision for a digital euro.
Bank of England is consulting regarding a “digital pound”.
USA remains cautious, with exploratory research ongoing .
Thailand, Bahamas, Nigeria, Jamaica have launched or piloted fast‑track digital payout schemes.

Impacts on policy and stability

Monetary policy: CBDCs alter transmission mechanisms; they may tighten or loosen financial conditions and affect policy shock impacts.
Financial stability: Large-scale retail CBDC adoption may disintermediate banks and trigger
deposit flight; this calls for mitigations via tiered remuneration or limits.
Operational design: Wholesale versus retail models present divergent effects on monetary
operations.

5. Blockchain and data protection: interaction with GDPR and privacy technologies

Blockchain technology presents inherent tension with data protection regulations such as the General Data Protection Regulation (GDPR). Challenges include the immutability of blockchain data, which conflicts with the right to be forgotten, and diﬃculties in identifying data controllers in decentralised networks.

Privacy enhancing technologies (PETs) such as zero knowledge proofs, homomorphic encryption,

and secure multiparty computation are emerging to address these concerns.

These technologies can enable compliance with data minimisation and purpose limitation principles while maintaining decentralisation and security. However, the legal status of PETs remains under scrutiny and their effectiveness is contingent upon proper implementation and governance.

GDPR challenges

Blockchain’s permanence conflicts with GDPR rights such as right to erasure and data minimisation.
Decentralised systems obscure data controller accountability.

Privacy‑Enhancing Technologies

Solutions include zero‑knowledge proofs (ZKPs), chameleon hashes, homomorphic encryption, and secure multiparty computation.
These methods allow proof of validity without exposing personal data, helping GDPR compliance while maintaining decentralisation.

6. Regulatory strategy for DLT and DeFi as a supreme authority

As the supreme regulatory authority, I would advocate for a balanced regulatory framework that

supports innovation while ensuring market integrity and consumer protection.

Definition and taxonomy: Clear legal definitions of security tokens, utility tokens, stablecoins, and decentralised protocols are essential. Security tokens would fall under existing securities laws. Utility tokens would be exempt unless they confer financial rights.
Stablecoins: Issuers would require authorisation and must maintain adequate reserves and
disclosures. Algorithmic stablecoins would face enhanced scrutiny.
DeFi regulation: Regulatory oversight would be function based rather than entity based. Protocols that facilitate lending, trading, or asset management would be subject to compliance obligations including AML, risk disclosure, and technical audits.
Taxation: A pragmatic tax regime would be introduced, treating crypto gains as capital gains but with exemptions for small retail transactions. Airdrops and staking rewards would be taxed as income upon receipt.
Licensing: All custodians, exchanges, and wallet providers would need to register and
demonstrate compliance with capital, cybersecurity, and operational standards.
Innovation facilitation: Regulatory sandboxes and innovation hubs would support the
development of new models, while a public-private advisory committee would guide legislative developments.

The goal would be neither under regulation nor over regulation, but intelligent regulation that ensures a safe, transparent, and competitive digital asset economy.

I would adopt a balanced, innovation‑friendly yet protective regime:

Legal definitions: Clear statutory taxonomy of token types (security, utility, stablecoin, payment) with tiered regulation.
Security tokens: Regulated under securities laws with disclosure, issuance and trading controls.
Utility tokens: Exempt unless used as financial instruments; ICOs with investment characteristics to be assessed case by case.
Stablecoins: Issuers must be licensed, maintain full reserves, audited, and subject to prudential oversight; algorithmic variants to face increased scrutiny.
DeFi platforms: Regulated by function, not entity, requiring AML/KYC compliance, technical
audits, and risk disclosures for lending, trading and yield‑generation protocols.
Custody and exchanges: Licence requirement with capital, custody, and cybersecurity standards; align with MiCAR and local AML laws.
Taxation: Capital gains tax on disposal; exempt trivial amounts; treat staking or airdrops as
income.
Innovation support: Create sandboxes, innovation hubs, and advisors to promote responsible
development.
Data protection: Mandate privacy‑by‑design for blockchain applications; deploy PETs and require data-impact assessments.