As tokenised real-world assets push past $20 billion on-chain in 2026, four regulators are taking visibly different routes — the European Union’s expiring DLT Pilot Regime, the United Kingdom’s open-ended Digital Securities Sandbox, the United States’ “same rules, new plumbing” stance, and Singapore’s framework-led Project Guardian — leaving issuers of tokenised securities to navigate a widening regulatory-arbitrage gap.
Tokenised securities are no longer a laboratory exercise. Real-world asset tokenisation has tripled since early 2025 to more than $20 billion in on-chain value, drawing BlackRock, Franklin Templeton and Ondo Finance, with tokenised US Treasuries alone up roughly 600% in 18 months to about $7.5 billion (RWA market data, May 2026). Yet the four leading regimes diverge on the most basic questions — what a tokenised security legally is, where it can trade, and who supervises it. This longform walks the rule texts, compares the jurisdictions, examines the enforcement backdrop, and sets out the operational implications for issuers, exchanges and compliance teams.
Key Facts:
• The EU DLT Pilot Regime (Regulation (EU) 2022/858) has applied since March 23, 2023, granting time-limited exemptions from MiFID II and the Central Securities Depositories Regulation (CSDR) — ESMA
• ESMA was required to report to the European Commission on the regime by March 24, 2026, and has recommended making it permanent — ESMA, June 25, 2025
• The UK Digital Securities Sandbox, run by the Bank of England and Financial Conduct Authority (FCA), became operational in late 2024 and runs to late 2028
• US SEC staff issued a statement in February 2026 confirming tokenised securities remain securities under the Securities Act of 1933 and Securities Exchange Act of 1934
• Tokenised real-world assets exceeded $20 billion on-chain in 2026; BlackRock’s BUIDL fund alone passed $2.5 billion by May 25, 2026 — CoinDesk
• A US federal court imposed a $125 million civil penalty on Ripple in August 2024 for unregistered securities sales, settled for $50 million in May 2025
Methodology and sources
This analysis rests on primary regulator documents and frameworks: the EU DLT Pilot Regime Regulation (EU) 2022/858 and ESMA’s Article 14 review materials; the Bank of England and FCA Digital Securities Sandbox rules and FCA Consultation Paper CP25/28 on fund tokenisation; the US SEC staff statement on tokenised securities and Commissioner Hester Peirce’s published statements; and the Monetary Authority of Singapore (MAS) Project Guardian publications, including the 2024 Guardian Funds Framework. Market-size figures are drawn from public RWA trackers and issuer disclosures dated through May 2026. The jurisdictional scope is the EU, UK, US and Singapore; the time window is 2023 to mid-2026. Frameworks evolve quickly — primary documents always supersede this summary.
What the rules actually say
The four regimes start from incompatible premises. The EU built a bespoke but temporary carve-out: the DLT Pilot Regime lets market infrastructures trade and settle tokenised shares, bonds and units of collective investment undertakings under targeted exemptions from MiFID II and CSDR, subject to volume caps and a sunset. The UK, by contrast, created a live, multi-year testing ground — the Digital Securities Sandbox — that lets firms operate tokenised securities depositories and trading venues under modified rules through 2028, applying proportionality more broadly than the EU pilot. Singapore did not legislate a new regime at all; through Project Guardian, MAS issues operational frameworks and lets tokenised funds and bonds operate under the existing Securities and Futures Act.
The United States is the outlier that insists nothing has changed. In a February 2026 staff statement, the SEC reaffirmed that a tokenised security is still a security and that the federal securities laws apply in full — the so-called “new plumbing, same rules” position. There is no tokenisation-specific statute; issuers rely on registration or existing exemptions (Regulation D, Regulation S, the Alternative Trading System framework, and transfer-agent rules). A narrow “innovation exemption” for tokenised versions of already-trading securities has been floated but, as of mid-2026, not finalised.
“As powerful as blockchain technology is, it does not have magical abilities to transform the nature of the underlying asset. Tokenized securities are still securities.”
— Hester Peirce, Commissioner, US Securities and Exchange Commission (SEC)
What is a tokenised security, in regulatory terms? Across all four jurisdictions, it is the digital representation on a distributed ledger of a financial instrument that already exists in law — an equity share, a bond, or a fund unit — not a new asset class. That shared definitional anchor is why the SEC can apply 1930s statutes unchanged and why ESMA frames its pilot as an exemption from, not a replacement for, MiFID II and CSDR. The divergence is procedural, not conceptual: every regime agrees the instrument is a security, but they disagree on which infrastructure may issue, trade and settle it, under what authorisation, and with what investor-protection overlay. For issuers, that means the legal nature of the token is portable across borders, but the licensing path is not.
| Jurisdiction / Regulator | Framework & status | Approach | Key requirement | Permanence |
|---|---|---|---|---|
| EU (ESMA / national CAs) | DLT Pilot Regime, Reg (EU) 2022/858, applied March 23, 2023 | Bespoke, time-limited exemptions from MiFID II / CSDR | DLT market-infrastructure authorisation; volume caps | Temporary; review due March 24, 2026; ESMA urges permanence |
| UK (Bank of England + FCA) | Digital Securities Sandbox, operational late 2024 | Live sandbox with modified rules and proportionality | Sandbox entry; phased activity limits | Runs to late 2028; permanent regime to follow |
| US (SEC) | No bespoke regime; Securities Act 1933, Exchange Act 1934 | “Same rules, new plumbing” — existing law applies | Registration or exemption (Reg D, ATS, transfer-agent rules) | Permanent existing law; narrow exemption floated |
| Singapore (MAS) | Project Guardian; Guardian Funds Framework (2024) | Framework-led under existing Securities and Futures Act | Existing capital-markets licensing; industry frameworks | Permanent existing law; framework-based |
Sources: ESMA, Bank of England/FCA, US SEC, and MAS primary publications. Last updated: June 24, 2026.
How the four jurisdictions compare
The clearest split is temporary-versus-permanent. The EU pilot’s sunset and volume caps were designed to contain risk, but they also weakened the economic case for participation: firms faced full authorisation burdens for a capped, time-limited activity, which helps explain the cautious uptake ESMA observed. The UK’s sandbox runs longer and applies proportionality more generously, betting that a multi-year runway attracts the depositories and venues the EU pilot struggled to. Singapore avoids the dilemma by not creating a special regime at all, instead publishing playbooks — the Guardian Funds Framework being the prime example — that tell the industry how to tokenise within existing law.
The US sits apart again, offering certainty of principle but not of process: everyone knows a tokenised security is a security, but the operational path runs through decades-old registration and ATS rules never designed for on-chain settlement. That is regulatory-arbitrage fuel. An issuer weighing where to launch a tokenised bond can choose the UK’s long sandbox runway, Singapore’s framework certainty, the EU’s bespoke-but-expiring exemptions, or the US’s deep capital markets with heavier process friction — and the choice increasingly turns on supervisory predictability rather than the underlying law. This is the same divergence dynamic seen in our coverage of MiCA’s market-abuse regime and crypto-staking rules.
“Through practical experimentation with the financial industry and the broader ecosystem, we seek to sharpen our understanding in this rapidly transforming digital assets ecosystem.”
— Sopnendu Mohanty, Chief FinTech Officer, Monetary Authority of Singapore (MAS)
The enforcement backdrop
Divergent frameworks do not soften enforcement where a token is sold as an unregistered security. The defining US case remains the SEC’s action against Ripple Labs: in August 2024, the US District Court for the Southern District of New York entered a final judgment finding Ripple’s institutional sales of XRP were unregistered securities offerings under Section 5 of the Securities Act of 1933, imposing a $125 million civil penalty; the parties settled in May 2025, with Ripple paying $50 million and both sides dropping appeals (The Block). The lesson for tokenisation is direct: wrapping an instrument on a ledger does not change the registration analysis.
The fraud perimeter is also active. In December 2025, the SEC charged three purported crypto-asset trading platforms and four investment clubs with defrauding US retail investors of at least $14 million through fake “Security Token Offerings” marketed between January 2024 and January 2025, alleging violations of the anti-fraud provisions of both the 1933 and 1934 Acts. For compliant issuers, the takeaway is that the tokenised-securities label now attracts both registration scrutiny and fraud enforcement — and that operating inside a sandbox or pilot does not immunise a firm from the underlying securities-law obligations it has not been explicitly exempted from.
What this means for issuers, exchanges and compliance teams
For issuers, domicile choice is now a supervisory-predictability calculation as much as a legal one. A tokenised money-market fund can be structured under Singapore’s Guardian Funds Framework, inside the UK sandbox, or under EU pilot exemptions — but each carries a different authorisation timeline, cap structure and exit path, and the EU’s pending permanence decision is a live variable. For trading venues and depositories, the operational burden is running ledger-based settlement against rulebooks (CSDR, the US transfer-agent regime) written for centralised intermediaries; reconciliation, finality and custody controls must map onto on-chain mechanics that examiners are still learning to supervise.
For compliance and legal teams, three obligations dominate. First, classification: confirm the token represents a real security and document the analysis, because every regime treats it as one. Second, cross-border reach: a tokenised security is borderless by design, so issuers must manage simultaneous exposure to ESMA, the FCA, the SEC and MAS, and avoid inadvertent solicitation into jurisdictions where they lack authorisation. Third, recordkeeping and investor protection: on-chain share registers, redemption mechanics and disclosure must satisfy the same standards as their off-chain equivalents. The pattern echoes the fragmentation we tracked in Basel’s crypto capital rule and the EU’s AMLA single rulebook.
The forward view: what is pending and contested
The EU faces the most consequential near-term decision. ESMA has recommended converting the DLT Pilot Regime into a permanent framework, raising or removing volume caps and broadening eligible assets, and the European Commission floated a major upgrade in December 2025. Whether the Commission legislates permanence — and how high it lifts the caps — will determine whether the EU keeps pace with the UK’s longer sandbox runway. In the UK, the FCA’s CP25/28 on fund tokenisation points to a Policy Statement in the first half of 2026 that could move tokenisation from sandbox to the mainstream authorised-fund regime. In the US, the contested question is the scope of any “innovation exemption”: Commissioner Peirce has signalled it should be narrow, limited to tokenised versions of securities already trading, rather than a broad relief that lets synthetic exposure escape securities law. Singapore, meanwhile, is extending Project Guardian toward tokenised central-bank bills and cross-border settlement.
TL;DR
Tokenised real-world assets have tripled since early 2025 to more than $20 billion on-chain, but the four leading regimes diverge sharply. The EU’s DLT Pilot Regime (Regulation (EU) 2022/858) is time-limited and under review, with ESMA urging permanence; the UK’s Digital Securities Sandbox runs to 2028 with broader proportionality; the US applies existing securities law unchanged — “tokenized securities are still securities,” per SEC Commissioner Hester Peirce — backed by enforcement such as Ripple’s $125 million 2024 penalty; and Singapore’s Project Guardian works through frameworks under existing law. The result is real regulatory-arbitrage risk, with domicile choice now driven by supervisory predictability.
FAQ
What is a tokenised security?
It is the digital representation, on a distributed ledger, of a financial instrument that already exists in law — such as a share, bond or fund unit. Every major regulator treats it as a security subject to existing securities law, not as a new asset class.
Is the EU DLT Pilot Regime permanent?
Not yet. Regulation (EU) 2022/858 applied from March 23, 2023 as a temporary regime with volume caps. ESMA reported to the European Commission by March 24, 2026 and has recommended making it permanent; the Commission floated a major upgrade in December 2025, but legislation is pending.
How does the UK approach differ from the EU?
The UK’s Digital Securities Sandbox, run by the Bank of England and FCA and operational from late 2024 to 2028, applies proportionality more broadly and offers a longer runway than the EU’s capped, time-limited pilot, aiming to attract the depositories and venues the EU pilot struggled to onboard.
How does the US regulate tokenised securities?
The US has no bespoke regime. The SEC reaffirmed in February 2026 that tokenised securities are securities under the Securities Act of 1933 and Exchange Act of 1934, so issuers must register or use existing exemptions. A narrow innovation exemption has been floated but not finalised as of mid-2026.
What enforcement risk applies to tokenised securities?
The same registration and anti-fraud rules as any security. The SEC’s case against Ripple produced a $125 million penalty in August 2024 (settled for $50 million in May 2025) for unregistered sales, and the SEC charged a $14 million fake “Security Token Offering” fraud scheme in December 2025.
What should issuers watch next?
The European Commission’s decision on making the DLT Pilot Regime permanent and lifting caps, the FCA’s fund-tokenisation Policy Statement expected in the first half of 2026, the scope of any US innovation exemption, and MAS’s expansion of Project Guardian toward tokenised central-bank bills.
This article is informational analysis only and does not constitute legal, regulatory, tax, or investment advice. Regulatory frameworks change frequently and interpretation depends on facts and circumstances; primary documents and official regulator guidance always supersede summaries. Firms should consult qualified legal counsel and their relevant supervisory authority before taking any action based on the analysis above.
Rick Steves
Rick Steves has seen business and economics through many lenses. He joined the financial services industry in 2009, and has been a financial journalist since 2011. He holds a degree in Business Administration and has experience producing real-time news, from both buy-side and sell-side, as well as for retail traders, brokers and service providers. Steves' work has appeared in a variety of online publications including FX Street, NewsBTC, FinanceFeeds, and The Industry Spread. Rick has great interest in the dynamics of the trading industry. The never-ending clash between technology, economics, regulation, and more importantly, the people.
