The distinction between a security token and a utility token is not a technical nuance: it determines which law applies, which supervisor oversees the project, and which obligations fall on the issuer. The key lies in the rights the token carries. If it confers economic or financial rights typical of a security, it is a security token. If it merely grants access to or use of a product or service, it is a utility token. That seemingly simple boundary is the one that causes the most problems in practice.
A security token works as the digital representation of a financial instrument: a share, a bond, a fund unit, or any security granting a right to dividends, interest, a share of assets or voting rights. A utility token, by contrast, is a digital coupon: it lets you use a platform, redeem a service or access a feature, without promising returns or a share in profits.
Understanding this difference matters because the legal regime changes entirely. Below we look at the rights each one carries, which rules apply, who supervises them, some typical examples and, above all, how to avoid issuing a security token without intending to.
What rights each token carries
The security token carries economic or financial rights. Its holder may expect dividends if the token represents equity, coupons or interest if it represents debt, or a proportional share in the results of a project or an underlying asset. It may also carry political rights, such as voting at a general meeting. In essence, the investor acquires the token with an expectation of return derived from a third party's effort, which is the logic of any transferable security.
The utility token carries rights of access or use. Its holder gains the ability to consume a service, download content, pay fees within a network or unlock features of an application. There is no promise of financial return or share in profits; its value derives from the utility it provides within a specific ecosystem.
Substance prevails over the label
What is decisive is not what the token is called in its documentation, but what rights it actually confers. A token presented as a utility token but that, in practice, promises appreciation, profit-sharing or a return tied to the project's success will be treated as a security token by the supervisor. Legal form yields to economic substance.
Which regime applies to each
The security token, being a financial instrument, is subject to securities markets regulation. In the European Union, that means the MiFID II Directive and its national transposition; in Spain, Law 6/2023 on Securities Markets and Investment Services (LMVSI). This is the anchor rule: a security token is a financial instrument, so MiFID II and the LMVSI apply to it, and the European crypto-assets regulation MiCA does not, because its Article 2(4) expressly excludes from its scope crypto-assets that already qualify as financial instruments.
The utility token, not carrying financial rights, does fall within the scope of MiCA, specifically in the category of crypto-assets other than asset-referenced tokens and e-money tokens. MiCA imposes on the issuer obligations such as publishing a white paper with minimum content, marketing rules and conduct requirements, but not the full securities markets regime.
Two frameworks, two levels of demand
The practical consequence is that issuing a security token entails the regime for transferable securities: a prospectus where applicable, registration of the security, authorised intermediaries and, in Spain, the involvement of an entity responsible for registration and recording for tokenised securities. Issuing a utility token under MiCA is demanding, but it follows a different logic and is generally less burdensome than the securities markets regime.
Who supervises each token
In Spain, security tokens fall under the supervision of the National Securities Market Commission (CNMV), like any financial instrument. At the European level, the European Securities and Markets Authority (ESMA) coordinates the application of MiFID II and has published guidelines on when a crypto-asset should be classified as a financial instrument.
Utility tokens, within MiCA, are also supervised in Spain through the CNMV as the competent authority, with ESMA and the European Banking Authority (EBA) at the European level depending on the type of crypto-asset. The difference lies not so much in who supervises, but in under which framework and with what obligations.
Typical examples
Security tokens are, for example, a tokenised share granting dividends and voting rights, a tokenised bond paying periodic coupons, a tokenised unit in an investment fund, or a token representing a share in a property with a right to the rents it generates. In all of them there is an expectation of financial return and rights typical of a security.
Utility tokens, by contrast, include a token granting access to the computing power of a decentralised network, one redeemable for services within a storage platform, or one that unlocks premium features of an application. Their value lies in use, not in a promised financial return.
How not to issue a security token by accident
The most common risk is designing a token as a utility token and, through the way it is marketed or the rights it ends up granting, effectively turning it into a security token. This happens when public communication appeals to appreciation, when a share of profits is promised, when the token trades with an expectation of gain derived from the promoting team's work, or when periodic returns are distributed to holders.
To avoid this, it is advisable to define the token's rights precisely and keep the legal design consistent with the commercial message. If the token is not meant to be a security, it should not promise returns or profit-sharing, nor be presented as an investment opportunity. When in doubt, a prior legal classification avoids costly reclassifications and the sudden application of the entire securities markets regime.
To explore the opposing frameworks, you can read our analysis of MiCA versus MiFID II and the comparison between tokenised securities and crypto-assets.
Frequently asked questions
What is the essential difference between a security token and a utility token?
The rights they carry. A security token confers economic or financial rights (dividends, interest, profit-sharing, voting); a utility token only grants access to or use of a product or service, with no promise of return.
Does MiCA apply to a security token?
No. A security token is a financial instrument governed by MiFID II and, in Spain, by the LMVSI. MiCA expressly excludes it in its Article 2(4), because that regulation does not apply to crypto-assets that are already financial instruments.
Can a utility token become a security token?
Yes, in fact. If, through its marketing or the rights it grants, it promises returns or profit-sharing, the supervisor will treat it as a security token regardless of the label. Substance prevails over form.
Who supervises each type of token in Spain?
The CNMV is the competent authority in both cases, but under different frameworks: security tokens under securities markets regulation and utility tokens under MiCA, with ESMA and the EBA at the European level depending on the case.
What this means for you
If you are assessing, investing in or planning to issue a token, the first step is to classify it correctly. Look at the rights it confers, not the commercial label. If there is an expectation of financial return, you are dealing with a security token subject to the securities regime; if there is only access or use, with a utility token under MiCA. For an issuer, a clear legal classification from the design stage avoids regulatory surprises; for an investor, knowing what type of token you are buying defines what protections and what risks you take on.
This content is informational and general in nature; it does not constitute tax, legal or investment advice. For specific decisions, consult a qualified professional.
Sources: Regulation (EU) 2023/1114 (MiCA), Article 2(4); Directive 2014/65/EU (MiFID II), Annex I, Section C; Law 6/2023, of 17 March, on Securities Markets and Investment Services (BOE-A-2023-7053); ESMA, Guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments (ESMA75-453128700-1323).
.webp)
.webp)
.png)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
%20(1).webp)
.webp)
.webp)
.webp)
.png)
.png)
.png)
