MiCA regulatory framework, identity verification, KYC/AML compliance, fee comparison, contract addresses, and industry reference cards.
Just like banks need licenses to operate, crypto platforms in the EU now need authorization under MiCA (Markets in Crypto-Assets). This is like a "banking license" for crypto. It means your money is protected, the platform is regularly audited, and there are rules about how your funds are held and managed. Under the Belgian Act of 11 December 2025 transposing MiCA (Wet van 11 december 2025 betreffende de markten voor cryptoactiva): FSMA supervises conduct rules for all CASPs; NBB supervises prudential matters for credit institutions, EMIs, and payment institutions.
Tokenize operates under the EU's Markets in Crypto-Assets (MiCA) regulation, which provides the comprehensive framework for crypto-asset services in the European Union.
MiCA Art. 48 — Backed 1:1 by fiat currency. Circle holds CASP authorization (EMI license from Banque de France). EURC (Circle's EUR-pegged stablecoin) also has EU-native EMT status.
MiCA Art. 48 — 1:1 backed by EUR deposits. Requires CASP authorization and proof-of-reserve attestations.
Subject to MiFID II suitability requirements. KYC-gated with investor accreditation checks.
Industry practice: Most tokenized funds use a permissioned ERC-20 (whitelist-controlled transfers) with an external compliance layer (Securitize, Chainlink DTA). ERC-3643/T-REX is the emerging open standard for this pattern. ERC-7540 adds async redemption for T+1/T+2 settlement. ERC-1643 anchors regulatory documents (prospectus, KID) on-chain.
Platform must hold Crypto-Asset Service Provider (CASP) license under MiCA. Belgium transitional deadline: 1 July 2026. Competent authority: FSMA (conduct) + NBB (prudential) per the Belgian Act of 11 December 2025 transposing MiCA.
Monthly third-party attestations verifying 1:1 EUR backing of EUR tokens. Merkle-proof reserve attestation similar to Circle's model. Depositary/custodian has liability for loss of assets.
Platform demonstrates on-chain securities settlement under the EU DLT Pilot Regime (extended to 2026). This positions the Sepolia demo as a regulatory sandbox for wholesale securities.
FSMA: Conduct rules for all CASPs, MiFID II suitability, investor protection.
NBB: Prudential supervision for credit institutions, EMIs, payment institutions, AML/CFT compliance.
Replaces generic "accredited investor" tiers. Three categories: Retail (full protection, KID required), Professional (reduced protection, may access complex products), Eligible Counterparty (institutional clients, no suitability assessment).
Money Market Fund Regulation — TMMF positioned as LVNAV (Low Volatility NAV) with stable €1.00 NAV. Eligible assets: government securities, repos, high-quality CP. Minimum liquidity: 10% daily / 30% weekly. Stress testing required.
TMF may be UCITS (retail) or AIF (professional). UCITS: management company + depositary required. AIFMD: AIFM authorization + Annex IV reporting. Both require independent depositary/custodian.
Digital Operational Resilience Act — ICT risk management, incident classification/reporting, third-party (cloud/node provider) oversight. Required from January 2025 for MiCA-licensed entities.
Transposes EU AMLD5/6 into Belgian law. Travel Rule obligations apply at €1,000 threshold (consistent with EU TFR). NBB CDD circular obligations for customer due diligence.
Before any yield figures are shown to retail investors, a Key Information Document (KID) must be provided per PRIIPs Regulation. Yield figures must be framed as "target yield subject to risk" — not guaranteed.
Circle holds CASP/EMT issuer authorization (EMI license from Banque de France), enabling Belgian entities to use USDC as a settlement asset. EURC (Circle's EUR-pegged stablecoin) also has EU-native EMT status.
Just like banks need to verify who you are (KYC = "Know Your Customer"), Tokenize does this digitally. When you sign up, you submit ID documents that are checked by a professional verification service. Once verified, your identity is stored securely — your actual personal data stays off-chain (private), but a simple "verified" flag is stored on-chain so the system knows you're allowed to use the platform. It's like having a bank card that proves you've passed identity checks, without revealing your actual ID number.
Tokenize implements a multi-layered compliance framework using on-chain identity registry and off-chain KYC providers.
Customer submits identity documents to an off-chain KYC provider (Sumsub/Jumio). Provider performs document verification, facial recognition, and sanctions screening.
Once KYC is approved, the identity verifier calls verifyIdentity() on the IdentityRegistry contract, recording the user's accreditation level and jurisdiction on-chain.
Every vault operation (deposit, withdraw) and payment calls checkCompliance() to verify the user is verified and not blacklisted.
Only authorized identity verifiers can verify new users. Compliance officers can blacklist addresses. Admins manage corridors and vault parameters.
Banks don't just check sanctions once at onboarding — they screen every transaction in real-time. Tokenize integrates on-chain identity oracles that connect to Chainalysis, Elliptic, or TRM Labs sanctions feeds. Before any smart contract executes, the platform checks both parties against live OFAC, EU, and UN sanctions lists.
SanctionsOracle.isAddressSanctioned(recipient)
Why this matters: In 2023-2024, OFAC sanctioned Tornado Cash, causing billions in frozen funds. Banks that didn't have real-time screening faced regulatory fines. Chainalysis reports that $24.6B in crypto was stolen in 2023 — many funds traced through sanctioned addresses. Real-time screening prevents accidental violations.
Stored on-chain — used to route ISO 20022 XML via SWIFT network
Required for corporate entities — FATF Travel Rule compliance
Reason: Wallet address matched against OFAC SDN list during real-time Chainalysis screening.
What happens next: The address is added to the on-chain blacklist. All future transactions from this address will be automatically rejected by the IdentityRegistry contract. The compliance team receives an alert for manual review.
In production, identity verification is performed by an off-chain KYC provider. The smart contract only records the result (verified/not verified) and accreditation level. This ensures GDPR compliance while maintaining on-chain auditability.
See how Tokenize compares to traditional banking across key metrics.
All contracts are verified on Sepolia testnet. Fork this project and redeploy to Base L2 or your preferred chain.