The Complete Guide to Security Tokens vs. Utility Tokens

The Complete Guide to Security Tokens vs. Utility Tokens

minute read time
Noah Thorp
Noah Thorp
Founder, CEO
Noah Thorp
Bryan Wilson
Legal Engineer
August 5, 2022
Last Updated:
November 7, 2022

What is a security token? Think of it as similar to owning stock or an equity interest in an asset, which can also be a debt instrument.


Organizations from all types of markets and communities are looking to tokens as a way to deploy new types of businesses and projects. From finance bros to community activists to gamers, sustainability advocates, researchers, artists, people committing fraud, people looking to prevent fraud, and all those in between, everyone is exploring how this new technology might be harnessed to do things that were otherwise impractical or inefficient before the technology.

The differences between Security and Utility tokens are important to understand.

Yet, like with the internet before it, each person interested in tokenization might be interested in some different aspect of the technology. To demonstrate, think about the concept of a website. There are lots of different websites out there. There's social media, there are marketplaces, there are content repositories, there are whistleblower sites, etc. And, critically, in the same way that each website has to abide by different laws and regulations, so too do different token types.

Someone issuing securities will have to abide by securities regulations. Someone selling goods will have to abide by the Uniform Commercial Code. And someone starting a business will have to abide with the laws governing corporations. This is the same when it comes to launching a token.

When navigating how to design, launch, and maintain a token, these distinctions can make or break a token. There are as many horror stories about failed token launches as there are success stories for major token launches. A key distinction herein is whether or not a token is a security token or a utility token. This distinction will necessarily impact the timeline from ideation to launch for a token, but also will impact the cost of conducting a token launch, as well as the ongoing compliance required.

To help get a better understanding of which token is right for your project, in the rest of this post we will unpack the key features and examples for both Security Tokens and Utility Tokens.

Intro to Security Tokens

As the nomenclature indicates, security tokens are themselves securities, which means they demand a more rigorous set of protections for issuers (the people creating and selling the securities) and investors (the people buying the securities). To give you an idea of what securities are meant to protect, securities law in the US was catalyzed by the financial crash of 1929 when, among other things, investors were led astray by issuers through rampant financial speculation in the roaring 20s. In the aftermath of that crisis, Congress enacted the Securities Act of 1933 and the Securities Exchange Act of 1934. From then on, securities law in the US has been periodically updated in order to evolve the regulations in a way that keeps investors protected and ensures issuers are sophisticated and trustworthy enough to be issuing securities.

Now, the test used by the SEC to determine whether a given digital asset is a security is the Howey Test analysis of “investment contracts.” Per the SEC's Framework for “Investment Contract” Analysis of Digital Assets, under the Howey Test, a digital asset will be a security if there is "a reasonable expectation of profits to be derived from the efforts of others" and this "applies to any contract, scheme, or transaction regardless of whether it has any of the characteristics of typical securities." Interpreting Howey in relations to the application of securities law to digital assets, William Hinman (the SEC's Director for the division of Corporate Finance), made the following statement: "If the network on which the token or coin is to function is sufficiently decentralized – where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts – the assets may not represent an investment contract." As a result, for purposes of the Howey test, the more centralized a community is, the greater the risk that sales of a crypto-asset are deemed sales of securities.

In the context of crypto, Securities Tokens are quite beneficial for raising funds for an investment or democratizing ownership of a project. Launching a Security Token in the crypto community can in itself be a strength because it signals to investors that you are sophisticated enough to be pulling off your project (because you are sophisticated enough to navigate securities filings). Security tokens are typically issued via a Security Token Offering (STO) and come in several different types, each with a different amount that is able to be raised, jurisdiction where it may be offered, filing requirements, and requirements for investors.

The five regulatory categories used for launching a Security Token Offering (chart inspired by

It is quite important to note that securities laws will apply regardless of whether or not you call your token a security. This means, if it looks like a security, behaves like a security, and is otherwise treated like a security, odds are the Securities and Exchange Commission (SEC) is going to consider your token a security. As such, a number of tokens have been derailed after raising funds without entering the requisite paperwork and filings.

When making the determination of whether or not a token is a security or not, it is also important to point out that regulators will apply laws based on the citizenship of the individual participants. These include purchasers of tokens, issuers of tokens, and investors of tokens. As a result of the United States' regulatory uncertainty relating to the classification of a token as either a security or a utility, it might be in the best interests of a business to launch a token in a different jurisdiction. Reasons for this include different jurisdictional approaches to addressing fraud and money laundering. This is also why many crypto apps (but not all) have different KYC/AML requirements.

A final note about the different types of securities and how they can be used to raise funds via a security token offering: some types of securities can be combined for the same offering. Perhaps the most common case will be when a token launches to US investors via Reg D and international investors via Reg S. As an example in the next case demonstrates, this can be an effective way to raise money for a project from the US and other countries.

Examples of Security Tokens

A key feature to understanding whether or not a token is a security is the process for registering securities. In each example here, the tokens are registered with the SEC using one of the avenues listed above. The following projects and their accompanying brief descriptions help demonstrate the benefits of using a security token for various business cases:

  • Props: launched a security token for accredited and non-accredited investors under Reg CF in the US via a Token Debt Payable by Assets (DPA) and raised $1.07m from 794 investors.
  • Vevue: launched a security token for a Wyoming Corporation for international investors and providing them with non-voting preferred equity share.
  • Curzio Equity Owners: launched for accredited investors under Reg D in the US and international investors under Reg S.

These examples, like many security tokens, focus on fundraising and as such are subject to the rules related to fundraising. There are however, other types of tokens that are not subject to securities law requirements.

Intro to Utility Tokens

Where Security Tokens have pretty well-defined parameters, the ideas underlying Utility Tokens are a more abstract convention that is predominantly defined as the inverse of a Security Token. Explicitly, as we will use it in this document and for purposes of distinguishing among our products, Utility Tokens do not require registration as a security with the SEC.

Utility Tokens provide value to users with a representation of some type of value to holders for some specific purpose. For example, Utility Tokens can be used by an organization to reward repeat customers (like airline miles), provide discounts for goods and services (like a coupon), receive access to special goods or services (like a membership program), or entitle members of a group to make non-financial decisions about an organization with a non-financial interest (like the way lots of DAOs such as Uniswap operate). As a practical matter, there can even be hybrid tokens that have features of both a Security Token and a Utility Token.

Image courtesy of Variant.Fund and Marc Boiron's excellent "Sufficient Decentralization: A Playbook for web3 Builders and Lawyers"

In 2014, Ethereum, at the time it was launched via ICO, would likely have met the threshold for an investment contract as set forth by the Howey-test. A few years after launching and after Ethereum became sufficiently decentralized, per the Hinman factors – let's say around 2018 – it would likely not have met the threshold for an investment contract as set forth by the Howey-test. Now, with proposed upgrades to the network set to be implemented in September, Ethereum's status as security will likely again be up for debate.

The SEC's System for No-Action Relief

The squishiness of these definitions mean that it can be difficult to distinguish between Utility Tokens and Security Tokens because, in different contexts, a token can behave as either. Consider the case of TurnKey Jet: TurnKey Jet is a company that offered to sell tokenized jet cards to make it easier to fly on private jets – users with accounts could buy these tokenized jet cards and redeem them whenever they needed to fly. This is a utility for people who fly often because the settlement process for flying on private planes can sometimes be lengthy and the coordination offered by the tokenized jet cards speeds that process up in a trustworthy fashion. However, if the tokenized jet cards were used to develop the platform, network, or app in the future, then the tokenized jet cards could fit under the Howey Test even though it is providing a utility to users.

Because all of this is very complicated and it can leave projects in a precarious position facing lots of uncertainty, the SEC has designed a mechanism that allows projects to submit requests for No-Action Relief and if a request is successful the SEC will publish a No-Action Letter which describes the reasoning that led to the decision. While the SEC's system for No-Action Relief seems like it should theoretically provide a mechanism for determining a token's status as a security or not, the system does not do very much to clear up which tokens are or are not securities. Through 2020 the SEC only issued three successful No-Action Letters – Pocketful of Quarters, TurnKey Jet, and IMVU each received No-Action Relief. 

While the process of obtaining No-Action Relief could be more robust, the reasoning the SEC used to issue No-Action Relief is instructive for developing an understanding of the features for the types of tokens that would not be considered Securities by the SEC. Pocketful of Quarters: created a token to resolve the inability to use gaming credits, coins or other units of value purchased in, or earned playing, one online video game in other online games. Among the reasons listed in the SEC's No-Action Letter are: PoQ will not use any funds from Quarters sales to build the Quarters Platform, which has been fully developed and will be fully functional and operational immediately upon its launch and before any of the Quarters are sold; the Quarters will be immediately usable for their intended purpose (gaming) at the time they are sold; PoQ will implement technological and contractual provisions governing the Quarters and the Quarters Platform that restrict the transfer of Quarters to PoQ or to wallets on the Quarters Platform; gamers will only be able to transfer Quarters from their Quarters Hot Wallets for gameplay to addresses of Developers with Approved Accounts or to PoQ in connection with participation in e-sports tournaments; only Developers and Influencers with Approved Accounts will be capable of exchanging Quarters for ETH at pre-determined exchange rates by transferring their Quarters to the Quarters Smart Contract; to create an Approved Account, Developers and Influencers will be subject to KYC / AML checks at account initiation as well as on an ongoing basis; Quarters will be made continuously available to gamers in unlimited quantities at a fixed price; there will be a correlation between the purchase price of Quarters and the market price of accessing and interacting with Participating Games; and PoQ will market and sell Quarters to gamers solely for consumptive use as a means of accessing and interacting with Participating Games.

TurnKey Jet: TurnKey Jet, Inc. provides interstate air charter services as a licensed United States air carrier and air taxi operator and created a token to resolve coordination problems by facilitating Token sales for air charter services on a private blockchain network. Among the reasons listed in the SEC's No-Action Letter are: TKJ will not use any funds from Token sales to develop the TKJ Platform, Network, or App, and each of these will be fully developed and operational at the time any Tokens are sold; the Tokens will be immediately usable for their intended functionality (purchasing air charter services) at the time they are sold; TKJ will restrict transfers of Tokens to TKJ Wallets only, and not to wallets external to the Platform; TKJ will sell Tokens at a price of one USD per Token throughout the life of the Program, and each Token will represent a TKJ obligation to supply air charter services at a value of one USD per Token; If TKJ offers to repurchase Tokens, it will only do so at a discount to the face value of the Tokens (one USD per Token) that the holder seeks to resell to TKJ, unless a court within the United States orders TKJ to liquidate the Tokens; and The Token is marketed in a manner that emphasizes the functionality of the Token, and not the potential for the increase in the market value of the Token.

Synthesizing the responses from the SEC in their grant of No-Action relief, the following simplified rubric represents information about which features the SEC looks for when determining whether a token is a security or not.

  1. No funds from a token's launch are used to build the platform;
  2. Tokens are immediately available for their intended use upon being sold;
  3. The platform restricts the transfer of tokens to wallets registered with the platform;
  4. There is a direct correlation between the purchase of the token and the market price of the token;
  5. Tokens are only sold for consumptive use in the application; and
  6. Tokens are marketed in a manner that emphasizes the functionality of the token and not the potential for the increase in market value of the token.

Examples of Utility Tokens

Unlike with Security Tokens, there is not a registration requirement for Utility Tokens. Because the nature of Utility Tokens is focused on the behaviors of the tokens (do they behave like a security or do they provide a utility, according to the features identified by the SEC above), the analysis in this section of examples more thoroughly looks at the behavior of the tokens. To demonstrate, the following list two tokens that are widely considered to be Utility tokens.


In brief, Filecoin (FIL) is an application that allows users to pay FIL to store their file in a network. Miners, who store files, receive FIL each time a file is added to the network or the information from the file needs to be retrieved.

A diagram defining the Filecoin peer-to-peer network.

From their website: "Filecoin is a peer-to-peer network that stores files, with built-in economic incentives to ensure files are stored reliably over time. In Filecoin, users pay to store their files on storage providers. Storage providers are computers responsible for storing files and proving they have stored the files correctly over time. Anyone who wants to store their files or get paid for storing other users’ files can join Filecoin. Available storage, and the price of that storage, is not controlled by any single company. Instead, Filecoin facilitates open markets for storing and retrieving files that anyone can participate in."

Basic Attention Token

In brief, Basic Attention Token (BAT) is an application that allows Users of the Brave browser to earn BAT for their attention, creators get paid BAT for making great content, and Advertisers get a better return on their ad spend.

Basic Attention Token direction of payments.

From their website: Basic Attention Token is "based on the Ethereum technology that can also be used as a unit of account between advertisers, publishers, and users in a new, blockchain-based digital advertising and services platform." The "tokens are intended for use on the BAT platform, a new Blockchain-based digital advertising and services platform."

It is important to point out at this moment, that neither FIL nor BAT have received No-Action Letters. They simply operate their sufficiently decentralized applications in a way that, by the application's design, reduces the likelihood that the SEC might consider their tokens as securities. As the numbers indicate, the process of obtaining a No-Action Letter is not something that happens so frequently. Because of this uncertainty, lots of utility tokens that are being bootstrapped will choose to launch in countries, such as Switzerland, Panama, British Virgin Island or the Cayman Islands, where the regulatory landscape is more settled and channels have been created for the registration of different types of tokens.


In wrapping up, Security Tokens require registration with the SEC, as well as compliance with local securities laws. Tokens that are initially designed as Utility Tokens (i.e., as not having parts which require registration with the SEC) may inadvertently become securities if they are treated like securities (e.g., money raised from the token launch becomes an investment contract under Howey, network is no longer sufficiently decentralized, etc.). As such, it would seem that the most predictable trustworthy and reliable method for determining whether or not a token is a Utility Token in the United States is to seek No-Action relief from the SEC directly; however as mentioned earlier, this almost never happens, is time consuming, and can greatly increase the legal budget required to launch such a project. Even after obtaining a No-Action letter, it would be possible for a Utility Token to become a Security Token if it starts to be treated like a security. For this reason, it is also important to acknowledge there may be friendlier jurisdictions than the United States to launch a specific token project; this will all come down to a question of facts and is best discussed with your project's lawyer(s), financial advisor(s), and tax professional(s).

Note: This is part one in our four part series on the Taxonomy of Tokens. You can see the following articles on the full background on NFTs, our deep dive on Liquidity Provider Tokens, and our complete guide to Governance Tokens.

If you are thinking of launching a Security Token or a Utility Token get in touch here: Upside. We can help you navigate to a successful, secure, legally predictable, and regulatory compliant token launch.

This article does not constitute investment and/or legal advice, and is strictly for education purposes only. Upside is not an SEC registered investment advisor, practicing legal entity or any other type of licensed body that can legally provide investment and legal advice. Upside is not responsible for any errors or omissions in this article, due to the changing nature of laws, rules and regulations or otherwise, or for results obtained from use of the information it contains.

Why It's Hard To Launch A Token...and Why Its Worth It For Ambitious Businesses

Join Noah Thorp, founder and CEO of Upside, for a 40 minute overview of why businesses are moving into Web3; and the legal, technical and regulatory complexities involved in that move.
Watch The Presentation
Related Articles