Original author: Shao Jiadian
introduction
In the past few years, "issuing tokens" has become one of the most sensitive terms in the Web3 world. Some have become famous overnight through it, while others have been investigated, had their tokens refunded, or had their accounts suspended. The problem isn't "issuing," but "how" it's issued. While some projects list their tokens on major exchanges, have communities, and DAOs, others are deemed to be illegally issuing securities. The difference lies in whether or not the issuance is conducted within the legal framework.
The reality in 2025 is that utility tokens are no longer in a gray area. Regulators are scrutinizing every TGE, every SAFT, and every "airdrop" with a magnifying glass.
This article is for every Web3 project founder: On the road from Testnet to DAO, the legal structure is the skeleton of your project. Before issuing tokens, learn how to build the skeleton first.
Note: This article is based on the perspective of international law and does not apply to or pertain to the legal environment of mainland China.
The "identity" of a token cannot be determined simply by writing a white paper.
Many teams say, "Our token is just a utility token and doesn't distribute any revenue, so it should be fine, right?"
But the reality is different. In the eyes of regulators, a token's "identity" depends on market behavior, not how it is described.
A prime example is Telegram's TON project.
Telegram raised $1.7 billion in private placements with investors, claiming that the tokens were merely "fuel" for the future communication network.
However, the U.S. SEC considers this financing to constitute an unregistered securities offering—because the investors' purpose in purchasing the securities was clearly "future appreciation" rather than "immediate use."
As a result, Telegram refunded the investment and paid a fine, and the TON network was forced to operate independently from Telegram.
Lesson learned: Regulators look at "investment expectations," not "technological vision." As long as you use investors' money to build an ecosystem, it takes on the characteristics of a security.
Therefore, don't fantasize about eliminating risks by labeling tokens as "functional." The nature of tokens is dynamic—they are investment contracts in the early stages of a project, and may only become actual usage credentials after the mainnet.
First, identify what type of project you are working on.
What determines your compliance path is not the token name or the total supply, but the project type.
- Infrastructure (Infra):
For example, Layer 1, Layer 2, public blockchain, ZK, and storage protocols.
Typically, a "Fair Launch" is used, with no pre-mining, no SAFT, and tokens generated through node consensus.
Bitcoin, Celestia, and EigenLayer are examples of this type of software.
The advantages are its inherently distributed nature and low regulatory risk; the disadvantages are difficulty in financing and long development cycles.
- Application Layer Projects (App Layer):
For example, DeFi, GameFi, and SocialFi.
Teams pre-mint tokens (TGE) and manage the ecosystem treasury; typical examples include Uniswap, Axie Infinity, and Friend.tech.
The business model is clear, but the compliance risks are high: sales, airdrops, and distribution all require handling regulatory disclosure and KYC issues.
Conclusion: Infrastructure survives through consensus, while application projects rely on structure for survival. Without a well-designed structure, all "tokenomics" are just empty talk.
Testnet Phase: Don't rush to issue tokens; first, establish a solid legal framework.
Many teams start looking for investors, signing SAFT agreements, and pre-mining tokens during the Testnet phase.
However, the most common mistake at this stage is:
They're taking investors' money while claiming it's just a "functional coin."
Filecoin in the United States serves as a cautionary tale. It raised approximately $200 million through SAFT before mainnet. Although it received an SEC exemption, the delayed launch and the temporary unavailability of its tokens led investors to question its "securities status," and the project ultimately incurred huge compliance costs to fix the issues.
The correct approach is:
- Distinguish between the two layers of entities:
- DevCo (the development company) is responsible for technology research and development and intellectual property.
- The Foundation / TokenCo is responsible for ecosystem building and future governance.
- Financing method: Using an equity + token warrant structure, rather than directly selling tokens.
Investors receive the right to future tokens, rather than existing token assets.
This approach was first adopted by projects such as Solana and Avalanche, allowing early investors to participate in ecosystem building while avoiding direct securities sales.
Principle: The initial legal structure of a project is like the Genesis Block. One logical error can increase compliance costs tenfold.
Mainnet Launch (TGE): The Moment Most Likely to Attract Regulatory Attention
Once a token is tradable and has a price, it comes under regulatory scrutiny, especially when it involves public distributions such as airdrops, LBPs (liquidity bootstrapping pools), and Launchpads.
- Public blockchain projects:
For example, Celestia, Aptos, and Sui typically have their tokens automatically generated by the validator network during TGE.
The team does not directly participate in sales, the distribution process is decentralized, and the regulatory risks are minimized.
- Application layer projects:
Airdrops like Arbitrum and Optimism, or community distributions like Blur and Friend.tech,
Some regulatory authorities in various jurisdictions have raised concerns about whether the distribution and voting incentives constitute a sale of securities.
The safety line in the TGE phase lies in disclosure and usability:
1. Clearly define the use cases and functions of the token;
2. Announce the token allocation ratio, lock-up period, and unlocking mechanism;
3. Conduct KYC/AML checks on investors and users;
4. Avoid promotion based on "expected benefits".
For example, the Arbitrum Foundation explicitly stated during TGE that its airdrops were for governance purposes only and did not represent investment or profit rights; and that it would gradually reduce the foundation's dominant share in community governance—this is the key path to "de-securitizing" tokens.
DAO Phase: Learn to "let go" and truly decentralize the project.
Many projects end once they "issue their tokens," but the real challenge is how to relinquish control and return the tokens to the public good.
Taking Uniswap DAO as an example:
- Initially, development and governance were led by Uniswap Labs;
- Later, the Uniswap Foundation managed the treasury and funded ecological projects.
- The community decided on protocol upgrades and parameter adjustments through a UNI vote.
This structure makes it more difficult for regulators to identify a "centralized issuer" and also increases community trust.
Some projects that failed to properly handle the DAO transition, such as certain GameFi or NFT ecosystems, were ultimately considered "pseudo-decentralized" and still carried securities risks because the teams still controlled the majority of tokens and held voting rights.
Decentralization is not about "laissez-faire," but rather "verifiable exits." A secure DAO architecture is one that achieves a triangular balance between code, foundation, and community.
What regulators are looking for: Can you prove "this is not a security"?
Regulators are not afraid of you issuing cryptocurrency; what they are afraid of is you saying "it's not a security" but behaving like one.
In its 2023 lawsuit against Coinbase, Kraken, and Binance.US, the SEC listed dozens of "utility tokens," determining that they exhibited characteristics of "investment contracts" during their sales and marketing phases. This means that as long as a project conveys "expected returns" during token sales, even if the token itself has functionality, it will be considered a security.
Therefore, the key to compliance is dynamic response:
- Testnet → Focus on technology and development compliance;
- TGE → Emphasizes usage scenarios and functional attributes;
- DAO → Reduce team control and strengthen governance mechanisms.
The risks differ at each stage, and the token's positioning must be reassessed with each upgrade. Compliance is not about stamping an approval document, but about continuous iteration.
In conclusion: Projects that weather economic cycles rely on stability, not speed.
Many projects fail not because of poor technology, but because of a terrible structure. While others are still talking about "price fluctuations," "airdrops," and "listing on exchanges," truly smart founders are already building legal structures, writing compliance logic, and planning DAO transformations.
Issuing utility tokens isn't about circumventing regulation, but about using the law to prove you don't need regulation. When code takes over the rules, the law becomes your firewall.
