In my August blog, I discussed some of the regulatory risks associated with raising capital in the EU through initial coin offerings (ICOs). Since publishing that blog, a lot has been happening in the world of cryptocurrencies and token sales, and the global regulatory environment for ICOs has become more uncertain than ever.

Recent Developments in ICOs and Token Sales

Most significantly, in early September, China's central bank announced a ban on domestic ICOs, declaring them to be illegal and "disruptive to economic and financial stability". In the days following that announcement, a number of high profile Chinese cryptocurrency exchanges announced the closure of their Chinese operations and a wave of panic-selling ensued in cryptocurrency markets, sending the price of Bitcoin and other major cryptocurrencies tumbling.

While Chinese officials were quick to do a partial turn-about – emphasizing that the ICO ban was a "stop" rather than a "forbidden" and that China would look to resume ICOs in the future after establishing licensing regulations – the announcement was enough to wreak havoc on global cryptocurrency markets, with the combined market capitalization falling from a record high of US$179 billion in August to below US$100 billion on September 15th.

Elsewhere in the world, a number of international regulators, including the Canadian Securities Administrators, the Hong Kong Securities and Futures Commission and the UK Financial Conduct Authority have in the last number of weeks followed in the footsteps of the SEC by issuing statements declaring that certain tokens may constitute securities for local regulatory purposes.

At EU-level, the European Securities and Markets Authority (the EU securities markets watchdog) has remained tentative on the matter, commenting to Law360 earlier this week that it is "aware of the various developments, and currently observing the issue [of ICOs]" and "readying further guidance". Similarly, the European Commission (the executive branch of the EU) is "observing ICOs" and expects action to be taken “on a case-by-case basis.”

While these combined developments certainly do not signal the end of the ICO as a potentially valuable mechanism for raising capital, they highlight, more than ever, the uncertainty of the global regulatory and legal environment in which token sales and ICOs operate.

Mitigating Regulatory Risk in an Uncertain Environment

Given the prevailing uncertainty, anyone looking at launching an ICO right now should be working closely with their legal counsel to carry out a comprehensive, cross-jurisdictional risk assessment with a view to identifying ways to minimize their potential legal and regulatory exposure. The reality in the current regulatory environment is that - even where that risk assessment has been carried out - it may not be possible to fully eliminate (or even quantify) all of the legal and regulatory risks that can arise in the context of an ICO. Nevertheless, there are steps and strategies that can be taken in structuring an ICO that can help to mitigate or ringfence potential regulatory exposure. These include the following:

Carve-out uncertain jurisdictions

Many ICOs are now being set up to exclude investors from certain jurisdictions. Unless you have carried out a comprehensive legal and regulatory risk assessment in a particular jurisdiction and you are comfortable that you understand and can manage any relevant risk exposure, there is a strong argument that you should be excluding participants from that jurisdiction. At the very least, you should exclude participants from jurisdictions that are perceived to be high risk from a regulatory perspective. For example, given the current state-of-play in China - where regulators have warned that violations of the recent ICO ban will be "severely punished" - it is a no-brainer to exclude China-based investors from any upcoming ICO. In the wake of the DAO Report, there is also an argument for excluding US-based investors unless you are prepared to deal with the consequences of the potential application of US federal securities laws (and this approach has been taken in a number of ICOs).

Limit participation to accredited investors

In some jurisdictions, you can minimize the risk of triggering securities law registration and prospectus requirements by limiting participation in your ICO to certain categories of sophisticated and/or professional investors.

For example, in an ICO involving the US, you could limit participation to "accredited investors" only. Offers of securities to this category of investors are exempt from the general requirement under US federal securities to register an offer of securities with the SEC and issue a prospectus. Similarly, within the EU, an offer of securities to the public is subject to a general requirement to publish a prospectus unless the offer is addressed to "qualified investors" only.

Limiting the category of eligible investors in this manner has become a popular approach in recent ICOs and, for example, it is the approach adopted in the Simple Agreement for Future Tokens or SAFT (discussed further below).

Limit your ICO to pure utility or app tokens

Recent pronouncements from the SEC and other international regulators have been relatively consistent in the view that only "certain" types of tokens will constitute securities for regulatory purposes. This makes sense - since while some tokens are clearly analogous to traditional forms of securities (such as the equity-style tokens considered by the SEC in the DAO Report), others simply are not.

However, the reality is that most tokens - even pure utility or apptokens - will exist in a grey area somewhere in between - in particular, where the tokens are being offered for sale prior to launch of the underlying platform or application to which they relate (in which case they are much more akin to an investment contract and there is therefore a much greater risk of them being treated as securities).

With that said, if you limit your ICO to pure utility or apptokens - giving present rights to use an application or platform that is already operational - then the tokens are less likely to be deemed "securities" and your ICO is less likely to fall foul of local securities laws.

If your ICO falls into this category, you should ensure that your marketing strategy is in line with the legal and regulatory analysis and your white paper and other marketing materials surrounding the ICO (as well as any parties involved in promoting the ICO) should avoid using any investment-style language to describe the tokens that are being offered for sale.


The Simple Agreement for Future Tokens or SAFT is a form of open source standard instrument and framework for token sales, created by Protocol Labs in partnership with AngelList and the law firm, Cooley. The purpose of the SAFT is to streamline the process for raising early-stage capital through ICOs by providing a standard document and framework for ICO organizers to use. It cuts through the debate of whether the sale of pre-launch tokens (the "grey-area" tokens alluded to above) constitutes the sale of a security, as the SAFT itself is structured as a security instrument. However, it seeks to minimize the regulatory implications of that by restricting participation to accredited investors only.

Any ICO organizer can use SAFT, including through Protocol Lab's CoinList platform - the aim of which is to serve as a platform for regulatory compliant ICOs using SAFT. CoinList has a standardized profile page for each token sale, as well as a unified payment structure that can be used across the platform. So far, investors have been responding positively to the platform, and its inaugural token sale, launched on August 10th by the decentralized data storage network, FileCoin, broke all-time ICO funding records by raising more than US$257 million over a month of activity.

While using SAFT and/or CoinList cannot guarantee protection against all of the legal and regulatory risks that can arise in the context of an ICO, it is a step in the direction toward regulatory compliance and it arguably represents the "gold standard" for ICO compliance right now, at least for ICOs involving US-based investors.


As ICOs can involve many different international participants, this brings the rules and regulations of many different jurisdictions into play. While the steps outlined above can help to mitigate certain regulatory risks, they are no substitute for substantive legal advice. Having regard to recent developments in China - and the potential sanctions at play in that jurisdiction for regulatory non-compliance - the stakes involved in getting things wrong in an ICO are potentially very high. In that context, it is more important than ever that anyone who is considering participating in an ICO or token sale – whether as an issuer or an investor, in the US, the EU or elsewhere – is working closely with legal counsel with a view to fully assessing and evaluating their risk exposure and identifying the best strategies to minimize that risk.