Tokenized Real-World Assets and Security Tokens: Where MiCA Ends and MiFID II Begins

Tokenize a bond, a fund unit, or a slice of real estate and your instinct is to reach for the Markets in Crypto-Assets Regulation. That instinct is almost always wrong. MiCA explicitly excludes financial instruments from its scope — and the moment a token represents a transferable security, a money-market instrument, or a unit in a collective investment scheme, it falls under MiFID II, the Prospectus Regulation, and potentially the DLT Pilot Regime instead.

Founders who assume "crypto equals MiCA" build their compliance stack on the wrong rulebook. They scope a CASP licence when they actually need a MiFID investment firm authorisation, a custodian regulated under CSDR, and an approved securities prospectus. The cost of that misclassification is measured in six to twelve wasted months and a relaunch.

This article gives you The RWA Classification Gate — a three-question test that routes any tokenized real-world asset into one of three regimes: MiFID II, MiCA, or neither. Run the gate before you write a line of smart-contract code.

The single most common error in RWA tokenization is treating the wrapper as the asset. A token is a bearer representation of an underlying right. Regulation follows the underlying right, not the technology that records it. A tokenized government bond is still a bond; a tokenized fund unit is still a fund unit.

The European Securities and Markets Authority (ESMA) has been consistent: where a crypto-asset qualifies as a financial instrument under Markets in Financial Instruments Directive, the existing securities framework applies and MiCA does not apply.¹^[1]

So the danger is not under-regulation — it is regulating to the wrong regime. A CASP authorisation gives you no right to issue securities, no approved prospectus, and no CSDR-compliant settlement. If your token is a security, a CASP licence is a category error, not a head start.

The gate is a sequential three-question test. You answer them in order, and the first "yes" routes you. Do not skip ahead — the questions are ordered by legal precedence, and securities law wins ties.

1. 1

   Question 1 — Is the token a financial instrument? If yes, you are in MiFID II, the Prospectus Regulation, and possibly the DLT Pilot Regime. Stop here.

2. 2

   Question 2 — If not, is it a crypto-asset in MiCA scope? If yes, you are in MiCA — as an ART, an EMT, or an "other" crypto-asset.

3. 3

   Question 3 — Or is it exempt entirely? Genuinely unique non-fungible tokens, closed-loop instruments, and certain utility constructs may fall outside both regimes.

The definition that matters is Annex I, Section C of MiFID II, read with Article 4(1)(15). It enumerates the categories of financial instrument — and transferable securities sit at the top of the list.²^[2]

A transferable security is, broadly, a class of instrument that is negotiable on the capital market — shares, bonds, and other securitised debt, plus instruments giving the right to acquire or sell them. Tokenize any of these and the token inherits financial-instrument status.

Apply three practical tests to the underlying right:

• Negotiability — is the instrument freely transferable and capable of being traded on a market?

• Standardisation — does it belong to a class of fungible, interchangeable units (as bonds and shares do)?

• Investment character — does the holder expect a return — coupon, dividend, capital appreciation, or distribution?

If the answer to all three is yes, you almost certainly hold a security token, and MiFID II governs. The Markets in Financial Instruments Directive then drags in issuance disclosure, intermediary licensing, custody, and market-abuse rules.²^[3]

Only if Question 1 returns no do you reach MiCA. MiCA captures crypto-assets that are not financial instruments and sorts them into three buckets.³^[4]

• Asset-Referenced Tokens (ARTs) — tokens referencing a basket of currencies, commodities, or crypto-assets to stabilise value. Governed by MiCA Title III.

• E-Money Tokens (EMTs) — tokens referencing a single official currency. Governed by MiCA Title IV and the EMD2 overlay.

• Other crypto-assets — utility tokens and anything else in scope, governed by MiCA Title II with a lighter white-paper regime.

Crucially, a tokenized real-world asset rarely lands here. A token referencing a fund or a bond is a financial instrument; a token referencing real estate cash-flows often looks like a collective investment scheme. The Markets in Crypto-Assets Regulation is the destination for payment and utility constructs, not for securitised investments.³^[5]

A narrow set of tokens escape both regimes. MiCA Article 2 excludes crypto-assets that are unique and not fungible with other crypto-assets — genuine NFTs representing one-off digital or physical items.

But the exemption is substance over form. Issue a large series of "NFTs" that are economically interchangeable and reference the same underlying asset, and ESMA's de facto fungibility test pulls them back into scope — or into MiFID II if they confer investment rights.

Genuinely exempt constructs include:

• Unique non-fungible tokens — one-of-one art or collectibles with no investment return.

• Closed-loop instruments — value usable only within a limited network for goods and services.

• Pure utility access tokens that grant a service right and nothing resembling a financial return.

The table below maps the common RWA tokenization use-cases to their governing regime. Note how few legitimately land in MiCA.

If the gate routes you into MiFID II, three obligations attach immediately, and none of them are optional.

First, prospectus. A public offer or admission to trading of transferable securities triggers the EU Prospectus Regulation, requiring an NCA-approved prospectus unless an exemption applies — small offers, qualified-investor-only placements, or sub-threshold raises.⁴^[6]

Second, MiFID licensing. Anyone placing, executing, advising on, or operating a venue for the tokens needs a MiFID investment firm authorisation — a CASP licence will not substitute. The activity, not the asset's digital form, defines the permission required.

Third, custody and settlement. Tokenized securities must be safeguarded and settled in line with CSDR and the Settlement Finality Directive. This is where most RWA projects stall — there is no MiCA-style crypto custody carve-out for securities.

The DLT Pilot Regime, Regulation (EU) 2022/858, is the EU's answer to a hard problem: existing market-infrastructure rules were written for centralised intermediaries, not blockchains. The Pilot grants temporary, conditional exemptions so financial instruments can be issued, traded, and settled on DLT.⁵^[7]

The regime authorises three new infrastructure types:

• DLT MTF — a multilateral trading facility that admits and trades DLT financial instruments.

• DLT SS — a settlement system that records and settles DLT financial instruments, taking on CSD-like functions.

• DLT TSS — a combined trading and settlement system, merging the MTF and SS roles in one operator.

The trade-off is hard volume caps: the Pilot is a sandbox, not an end-state. ESMA oversees the regime, and instruments are capped by issuance size and aggregate market value, with the framework reviewed before any permanent successor.⁵^[8]

The three regimes differ on every axis that matters operationally — instrument type, licensing, disclosure, custody, and passporting.

Three constructs sit on the seam and routinely confuse founders.

A token marketed as a stablecoin but backed by a managed portfolio of yield-bearing securities can cross from an EMT under MiCA into a collective investment scheme — and therefore a financial instrument under MiFID II. Yield and active management are the tell.

A tokenized deposit is a claim on a credit institution recorded on DLT. It is generally not a crypto-asset and not an EMT — it sits in banking and deposit law, outside MiCA, and is one of the cleanest non-MiCA categories.

Tokens bundling a payment function with an investment return are classified by their dominant economic feature. If any limb meets the MiFID II definition, the whole instrument is typically pulled into securities law — the strictest applicable regime wins.

Run the gate across real deal flow and the pattern is stark: the overwhelming majority of RWA tokenization projects are securities projects. Bonds, funds, equity, and income-bearing real estate all route to MiFID II.

That changes the entire build. You do not need a CASP licence — you need a MiFID investment firm authorisation, an NCA-approved prospectus or a valid exemption, CSDR-compliant custody, and — if you want to run a venue — a DLT MTF or DLT TSS permission under the Pilot.

Teams that learn this late have usually burned their runway scoping the wrong licence with the wrong regulator. The fix is to run the classification gate first, get a written legal opinion on instrument status, and only then choose the licence — see our breakdown of EMI vs PSP vs VASP vs CASP for how these permissions diverge.

No. Security tokens are excluded from MiCA. MiCA Article 2 carves out crypto-assets that qualify as financial instruments under MiFID II. A token representing a share, bond, or fund unit is a transferable security governed by MiFID II, the Prospectus Regulation, and related securities law — not MiCA.

No. A tokenized bond is securitised debt, which is a transferable security and therefore a financial instrument. The DLT wrapper does not change its legal nature. It falls under MiFID II and may be issued or settled through the DLT Pilot Regime, not under MiCA.

The DLT Pilot Regime (Regulation (EU) 2022/858) is an EU sandbox granting temporary exemptions from market-infrastructure rules so financial instruments can be issued, traded, and settled on DLT. It authorises DLT MTFs, DLT SSs, and DLT TSSs, subject to volume caps and ESMA oversight.

Usually, yes. If the tokenized asset is a financial instrument — a bond, equity, fund unit, or income-bearing real-estate interest — then placing, executing, advising on, or running a venue for it requires a MiFID investment firm authorisation. A CASP licence does not cover securities activity. Run The RWA Classification Gate before choosing a licence.

• MiCA Compliance Guide for CASPs: when your token genuinely is a crypto-asset, this is the authorisation path.

• Switzerland's FINMA DLT Act: how the Swiss DLT framework treats tokenized securities outside the EU.

• EMI vs PSP vs VASP vs CASP: which financial licence each business model actually requires.

• Issuing an ART under MiCA Title III: the path for asset-referenced tokens that stay inside MiCA.

The wrapper is never the regulation. Run The RWA Classification Gate before you build, because the difference between a CASP licence and a MiFID investment firm authorisation is the difference between a product that ships and one that gets unwound. Classify first, code second.

Consider a concrete case. A team raises capital by issuing tokens that pay holders a quarterly distribution funded by rent from a portfolio of apartments. Each token is fungible, freely transferable, and bought for expected return. That is not a crypto-asset — it is a pooled investment, almost certainly a collective investment scheme, and the issuer needs fund authorisation and a prospectus, not a CASP licence.

Now change one fact: the token grants no economic return and simply records title to one specific apartment as a unique, non-fungible deed. That token may sit outside both MiCA and MiFID II — closer to a digital land registry entry than a financial product. The legal outcome flips on fungibility and return, not on the chain it runs on.

One subtlety trips up even experienced teams: admission to trading is not required for transferable-security status. An instrument can be a transferable security simply because it is capable of being negotiated on the capital market, even if it never lists. Restricting transfers contractually does not automatically remove the instrument from MiFID II — the assessment is functional, not formal.

Where MiCA does capture an RWA-flavoured token is narrow but real. A token backed by a basket of commodities purely to stabilise value — with no investment return and a payment or store-of-value purpose — can be a genuine ART under MiCA Title III. The issuer then needs ART authorisation, a reserve of assets, and ongoing prudential supervision, not a securities prospectus.

The line between an ART and a collective investment scheme is one of the sharpest in the whole framework. The European Securities and Markets Authority looks at whether holders are exposed to investment management and pooled returns (pointing to a fund and MiFID II) or merely to a stabilisation mechanism (pointing to an ART and MiCA). Get a written opinion before you assume either.⁵^[9]

The prospectus exemptions are where most early-stage RWA issuers find breathing room. Offers limited to qualified investors, offers to fewer than 150 persons per Member State, and offers below the relevant national threshold can avoid a full approved prospectus under the EU Prospectus Regulation. But the exemption is from the disclosure document — it does not exempt you from MiFID licensing or custody rules.

In practice, the DLT Pilot Regime suits a specific profile: an issuer or operator that wants to run on-chain issuance and settlement for genuine securities, at controlled scale, while the permanent EU framework catches up. It is not a shortcut around securities law — every instrument inside it is still a financial instrument with full MiFID II and Prospectus obligations attached.

The trade-off founders underestimate is the caps. Because the Pilot limits aggregate issuance and market value, it is a proving ground, not a scaling platform. A project expecting to grow past the thresholds must plan its exit to the permanent regime from day one, or risk being forced to unwind or migrate its infrastructure mid-stream.

If the gate routes you to securities law, the build sequence is predictable. Treat it as a five-step path:

1. 1

   1. Obtain a written legal opinion on the instrument's status under MiFID II Annex I Section C.

2. 2

   2. Prepare a prospectus or confirm a valid exemption under the Prospectus Regulation.

3. 3

   3. Secure MiFID authorisation for whatever regulated activity you perform — placing, dealing, advising, or operating a venue.

4. 4

   4. Arrange CSDR-compliant custody and settlement, or a DLT SS / DLT TSS permission under the Pilot.

5. 5

   5. Choose your jurisdiction and NCA deliberately — passporting only works once you hold the right base authorisation.

Skip any step and the project cannot lawfully offer the token. This is why classification is not a formality — it determines every downstream cost, timeline, and counterparty you will need.