Utility tokens vs Security tokens in Estonia

31. 8. 2018

Utility token vs Security token in Estonia. Legal perspective.

In our recent practice we are facing more and more enquiries from customers with regards of regulations of blockchain related business in Estonia. The most common question is: Do we need to have an investment firm license? In the beginning of this article, it is important to outline that each situation is different, and it solely relies on the type of issued tokens and goal of the ICO in general. However, it is possible to illustrate position of the state and help to understand in which situations you will definitely need an investment firm license. To start with that, we would like to define the difference between utility tokens and security tokens. We are sure that most of the people in the business are aware of the difference in general terms, therefore we will be brief in comparison and put emphasis on official opinion from government of Estonia. 

Utility token– also called user tokens; user coins; app coins; app tokens represent future access to company’s product or service. The defining aspect is that utility tokens are not designed as investments. It is important to understand that user is able to use utility token only in certain application which the team is building and raising for ICO. By putting it simply – utility token is nothing but access to the product or service of the company. It is like buying a customer’s card in Starbucks and earning points on it, so you can get free coffee in the future. You don’t expect to get profit from it and even more, you don’t expect to own shares in Starbuck company, you just want to get your 2 stars per $ 1 spent and receive free coffee or any other benefit it might bring to you. Few examples of successful ICO’s who have pure utility tokens are: 

  • Civic– they have created one billion utility tokens where users are able to acquire identity verification services and operates on the principle when the number of transactions grows, the network also grows, and the demand for the tokens increases. We encourage you to go and explore their platform, because in our opinion this is something beautiful. 
  • Golem– it enables users and applications to rent out cycles of other users (providers) machines which collectively employs it to run a supercomputer. Users earn GNT for connecting to the network and they can also buy them through simple exchange. 
  • Filecoin– a decentralized storage network which recently raised USD 257m in order to provide a decentralized cloud storage that will take advantage of unused computer hard drive space. ICO contributors received tokens that they will be able to use when purchasing storage space from Filecoin. 

In eyes of Estonian regulators – Financial Supervision Authority (FSA) – none of the above mentioned ICO’s would classify as investments and such companies wouldn’t need to apply for investment firm license. However, they would need to have virtual currency wallet service provider license to comply with Financial Intelligence Unit’s set standards for such business activities. 

            Security token– crypto tokens that pay dividends, share profits, pay interest or invest in other token assets to generate profits for the token holders. Security tokens gives their holders ownership rights of a company. Security token could represent a share in the company – if company’s value grows, then your share value increases as well. 

The Estonian Financial Supervisory Authority (EFSA) provides following explanation about security tokens: “The EFSA explains that tokens which give investors certain rights in the issuer company or whose value is tied to the future profits or success of a business are likely to be considered securities in the meaning of § 2 of the SMA. Therefore, the offering of such tokens may constitute as the issue of securities and, depending on its exact nature, be governed by the rules that of public offering as prescribed in § 12 of the SMA. That being the case, it is required to register a respective prospectus in the EFSA.As regards to ICOs encompassing the offering of instruments qualified as securities, it is important to note that the entities facilitating such ICOs or secondary trading of such tokens may be considered as providing investment services as stipulated in § 43 of the SMA. In particular, by organising such an offer or issuing tokens or bringing together the interests for acquisition and transfer of tokens under uniform conditions. The abovementioned services may be provided as a permanent activity only by authorised entities[1].

Most common examples of security tokens are:

  • ST20– one of the most common used security tokens with Ethereum’s blockchain on Polymath platform. Customers get instant access to tokens as Polymath launches them. As stated on their White Paper “Polymath enables individuals and institutions to authenticate their identity, residency, and accreditation status to participate in wide range security token offerings[2]
  • Nexo– the world’s first instant crypto-backed loans. Nexo generates operating revenues from crypto-backed loans. Which means that token holders may increase their profit when crypto-backed loans generate income from paid interest. Token holders receive 30% from Net Profit (the rest 70% is reinvested into crypto-backed loans) as dividends in the given accounting period. 

It is important to understand that in most of the jurisdictions in the world any activity which is related to dealing with securities, is regulated. However, since blockchain technology is developing much faster than governmental regulations in most of the countries there aren’t clear definitions on how to regulate security tokens and even more – what is considered security token? We always recommend to investors to be extra cautious when investing in to new ICO and to determine whether it falls under definition of “security” in said jurisdiction. Because in cases when developers present their security token as utility token or utility token “becomes” security token, there is a risk that local government will penalize developers and investors will lose all their investments. 

It is necessary to mention that until this moment (31.08.2018) there are no ICO’s in Estonia who are operating under investment firm or credit institution license. However, there are already few cases brought up to court where companies who were operating without the license have been penalized. 

As stated above, each case is different. Therefore, our recommendation is to contact local lawyer and ask his detailed explanation about tokens which you are planning to release. Meet with them, have a skype call, e-mail him your White Paper and get to the bottom of the local regulation in terms of ICO’s. That being said, it is important that said local lawyer knows the difference between utility and security tokens. 

We strongly believe that it is a huge advantage that Estonia recognizes ICO’s on state level and adapts regulation accordingly, instead of simply “flagging” blockchain related business as a high risk (toxic) activity from which everyone should stay away. There are not many countries in the world where their financial supervisor would state on the official website following: “Cryptocurrency offerings can provide new opportunities for businesses to raise capital and for investors to access a broader range of investments.[3]” Therefore we encourage you to explore your ICO launch options in Estonia and we would happy to help you with any kind of advice. 


[1]Source: Estonian Financial Supervision Authority. https://www.fi.ee/index.php?id=21661

[3]Source: Estonian Financial Supervision Authority. https://www.fi.ee/index.php?id=21661