Skip to content
Request a demo →
SUPERBLOCK
Standards

What Is ERC-3643? The Institutional Security-Token Standard

If you are evaluating tokenization infrastructure in 2026 and do not understand ERC-3643, you are looking at the wrong standards. ERC-20 is for cryptocurrencies. ERC-3643 is for regulated

10 April 2026 · 10 min read

$32B+ Tokenized using ERC-3643 globally
180+ Jurisdictions where ERC-3643 is deployed
2025 DTCC joined ERC-3643 Association (March)
ISO Standardisation underway via ISO TC 307
T-REX Token for Regulated EXchanges — the protocol name

If you are evaluating tokenization infrastructure in 2026 and do not understand ERC-3643, you are looking at the wrong standards. ERC-20 is for cryptocurrencies. ERC-3643 is for regulated finance. The two are not competitors — they solve fundamentally different problems. This guide explains exactly what ERC-3643 is, how it works, who uses it, and why every serious institutional tokenization platform is built on it.

What Is ERC-3643?

ERC-3643 — also known as the T-REX Protocol (Token for Regulated EXchanges) — is an Ethereum-based token standard designed specifically for issuing and managing permissioned security tokens. Unlike ERC-20, which lets any wallet receive tokens freely, ERC-3643 embeds compliance rules directly into the token contract. Non-compliant transfers are not prevented by policy or blocked by an off-chain system — they are architecturally impossible.

People also ask: What does ERC-3643 stand for? ERC stands for "Ethereum Request for Comment" — the standard naming convention for Ethereum token standards. 3643 is the proposal number. The protocol's technical name is T-REX, which stands for "Token for Regulated EXchanges." It was originally developed by Tokeny and has since become a formal Ethereum standard governed by the ERC-3643 Association.

At the protocol level, ERC-3643 extends the familiar ERC-20 interface with three additional requirements on every transfer:

  • The sender must have a verified on-chain identity — through a decentralized identity system called ONCHAINID
  • The receiver must have a verified on-chain identity — and meet the eligibility claims required by the specific token
  • The transfer must satisfy all compliance rules — investor caps, jurisdiction restrictions, lockup periods, accreditation status, and any other rules configured by the issuer

If any of these three checks fail, the transfer does not execute. It is not reversed after the fact. It is rejected at the smart contract level before it is ever recorded. This is what makes ERC-3643 fundamentally different from every compliance wrapper or off-chain KYC system: compliance is not added on top of the token, it is built into the token itself.

"ERC-3643 is the technical standard that makes it legally possible to hold a fraction of a real-world asset on a blockchain without violating securities law. It is the compliance layer that separates legitimate regulated tokenization from uncontrolled speculation."

ERC-3643 Association

Why ERC-20 Cannot Be Used for Securities

To understand why ERC-3643 exists, start with the problem it solves.

ERC-20, the most widely used token standard on Ethereum, is designed for open, permissionless transfers. Any wallet can hold any ERC-20 token. Any wallet can transfer any ERC-20 token to any other wallet. There is no concept of investor identity, eligibility, or transfer restrictions built into the contract. This is exactly what makes ERC-20 suitable for utility tokens and cryptocurrencies — and exactly what makes it unsuitable for securities.

If you tokenize a regulated security on ERC-20, you have immediately created a compliance problem. A US accredited investor could transfer tokens to a non-accredited investor. A European investor could transfer tokens to a sanctioned wallet. An investor in a 12-month lockup could sell tokens on day one. None of these transfers are prevented by the token itself. The issuer has to rely on external systems — whitelists, off-chain monitoring, legal contracts — to enforce compliance, and those systems cannot reach onto the blockchain to reverse a non-compliant transfer once it happens.

The regulatory reality is unforgiving. If your tokenized security is transferred to an ineligible holder, you have potentially distributed an unregistered security to an unverified investor — a serious legal violation regardless of intent. No amount of off-chain compliance can fix an on-chain transfer that has already settled.

ERC-3643 vs ERC-20: The Critical Differences

People also ask: What is the difference between ERC-20 and ERC-3643? ERC-20 is a permissionless token standard suitable for cryptocurrencies and utility tokens — anyone can hold or transfer them. ERC-3643 extends ERC-20 with mandatory identity verification and compliance logic — only verified, eligible wallets can hold or receive tokens, and every transfer is checked against the token's compliance rules before execution. They serve different markets: ERC-20 is for open permissionless finance, ERC-3643 is for regulated permissioned finance.
Capability ERC-20 ERC-3643
Transfer model Permissionless — any wallet to any wallet Permissioned — only verified wallets, checked on every transfer
Identity integration None — wallet addresses only Native — ONCHAINID on-chain identity contracts for all holders
KYC/AML enforcement Off-chain only — cannot block on-chain transfers On-chain enforcement — transfers to unverified wallets are rejected
Jurisdiction restrictions Not possible at contract level Built-in — block transfers to wallets in restricted jurisdictions
Lockup periods Only via custodian agreements Enforceable at contract level per investor
Investor caps Not possible at contract level Max holders, per-investor caps configurable and enforced
Token recovery Impossible — lost keys mean lost tokens Issuer can burn and reissue to new wallet for verified holder
Regulatory auditability Wallet-level only — no investor identity link Full audit trail from transaction to legal identity
Best for Cryptocurrencies, utility tokens, stablecoins Securities, real estate, private credit, regulated funds

How ERC-3643 Actually Works

ERC-3643 is modular by design. Rather than putting every piece of compliance logic into a single monolithic contract, it separates responsibilities across five core components that work together. This is how compliance enforcement happens on-chain without creating an unmaintainable contract.

FIG 01 — ERC-3643 ARCHITECTURE | HOW A TRANSFER IS VALIDATED ON-CHAIN ERC-3643 TOKEN transfer() intercepted ↓ compliance checks ↓ IDENTITY REGISTRY Links wallet → ONCHAINID Jurisdiction metadata On-chain whitelist 1. Is identity verified? ONCHAINID Per-investor identity Holds verified claims ERC-734/735 compliant 2. What claims? TRUSTED ISSUERS Who can issue claims? KYC providers, regulators CLAIM TOPICS Which claims required? KYC, accreditation, jurisdiction 3. Correct claims? COMPLIANCE MODULE Rule evaluation Max holders Lockup periods Jurisdiction caps Investor limits 4. Rules pass? ALL PASS → TRANSFER EXECUTES Any fail → transfer reverts on-chain Every transfer triggers checks 1–4 before execution. No external system required. Compliance is enforced at the token contract level.
FIG 01 — ERC-3643 ARCHITECTURE | FIVE CORE COMPONENTS ENFORCE COMPLIANCE ON EVERY TRANSFER

The Five Core Components

The Token Contract
ERC-20 + COMPLIANCE

Extends ERC-20 with mandatory compliance checks. Every transfer() or transferFrom() call is intercepted and validated against the four components below before execution. Fully ERC-20 compatible for read operations — existing tools work without modification.

Identity Registry
WHO CAN HOLD?

On-chain registry mapping each verified wallet to its ONCHAINID identity contract. Stores jurisdiction metadata and acts as the whitelist of eligible holders. The issuer (or their agents) adds or removes identities as investors onboard or become ineligible.

ONCHAINID
IDENTITY PER INVESTOR

Each investor has an ONCHAINID — a decentralized identity contract (based on ERC-734/735) that holds verifiable claims issued by trusted parties. Claims are cryptographic attestations like "KYC verified" or "accredited investor" issued by a KYC provider.

Trusted Issuers Registry
WHO ISSUES CLAIMS?

List of trusted entities (KYC providers, regulators, compliance firms) authorised to issue claims about investor identities. The issuer configures which parties they trust for which claim types — e.g., only Chainalysis for AML screening, only a specific KYC firm for accreditation.

Claim Topics Registry
WHICH CLAIMS REQUIRED?

Catalog of the claim types required to hold this specific token — KYC verified, accredited investor, jurisdiction eligibility, source of funds verified, etc. Issuers configure this per token to match the regulatory requirements of the specific offering.

Compliance Module
RULE EVALUATION

Configurable module that evaluates rules beyond identity — max holders, lockup periods, investor caps by jurisdiction, transfer cooldowns. Modular design means issuers can swap or extend compliance logic without redeploying the entire token.

When an investor tries to transfer tokens, the token contract checks in sequence: Is the sender's wallet in the Identity Registry? Does the sender's ONCHAINID have the required claims? Are those claims issued by a Trusted Issuer? Does the transfer satisfy all rules in the Compliance Module? Only if every check passes does the transfer execute. If any check fails, the transaction reverts on-chain — no tokens move, no record is created, no legal compliance risk is introduced.

Who Is Using ERC-3643 in 2026?

This is where ERC-3643's trajectory diverges from most Ethereum standards. It is not a developer curiosity or a theoretical framework. It is the standard behind the majority of regulated institutional tokenization happening globally in 2026.

People also ask: Is ERC-3643 widely adopted? Yes. ERC-3643 has been used to tokenize over $32 billion in real-world assets across more than 180 jurisdictions. Institutional adopters include DTCC, Apex Group, Invesco, Franklin Templeton, Fasanara Capital, and numerous tokenization platforms. The SEC Chairman cited it by name in a July 2025 speech. MAS's Project Guardian is built on it. ISO standardisation is underway.

The Institutional Adoption Timeline

Jul 2025
SEC Chairman Paul Atkins cited ERC-3643 by name

In his July 2025 speech on American leadership in digital finance, SEC Chairman Paul Atkins cited ERC-3643 as an example of a token standard that incorporates compliance features, under a proposed innovation exemption framework.

Mar 2025
DTCC joined the ERC-3643 Association

The Depository Trust & Clearing Corporation — which processed $3 quadrillion in securities transactions in 2023 — joined the ERC-3643 Association in March 2025 and committed to integrating the standard into its ComposerX tokenization platform. This is the single largest institutional endorsement of any security token standard to date.

Late 2025
ISO standardisation initiative launched

The Spanish national correspondent committee of ISO TC 307, in coordination with ISO TC 68, submitted a New Work Item Proposal to formalise ERC-3643 as a global ISO standard. Partners include ANNA, INATBA, and CEN/CENELEC. If adopted, ERC-3643 becomes the recognised global reference for tokenized securities.

2024–25
Fasanara Capital launched tokenized money market fund

Fasanara deployed a tokenized money market fund on Polygon using ERC-3643 as the compliance layer — with Fireblocks for custody and Chainlink for oracles. One of many institutional fund managers adopting the standard.

Ongoing
Apex Group, Invesco, MAS Project Guardian all on ERC-3643

Apex Group (one of the world's largest fund administrators) and Invesco are both members of the ERC-3643 Association. MAS's Project Guardian — Singapore's institutional tokenization programme — is built on ERC-3643. The standard is effectively becoming the institutional default globally.

Tokeny and the T-REX Implementation

ERC-3643 was originally developed by Tokeny, a Luxembourg-based tokenization infrastructure firm. The reference implementation of the standard — the T-REX protocol — is an open-source suite of audited smart contracts that provides a ready-to-use tokenization framework. Tokeny's platform has been used to tokenize over $32 billion in assets directly, and the open-source T-REX contracts power a further wave of institutional platforms built on top of the same foundation.

Governance of the standard passed from Tokeny to the ERC-3643 Association, a non-profit body that now includes DTCC, Apex Group, Invesco, and other institutional members. This transition is significant — it means the standard is no longer governed by a single commercial entity but by an institutional consortium committed to maintaining it as open infrastructure.

When Should You Use ERC-3643?

People also ask: When should I use ERC-3643 instead of ERC-20? Use ERC-3643 for any token representing a regulated asset — securities, real estate, private credit, regulated funds, tokenized bonds. Use ERC-20 for utility tokens, stablecoins, cryptocurrencies, and governance tokens where transfers do not need to be restricted to verified investors. The rule of thumb: if the token represents something a securities regulator cares about, use ERC-3643.

Concrete use cases where ERC-3643 is the correct choice:

  • Tokenized real estate — fractional ownership of property SPVs where investors must be verified and accredited
  • Private credit and fund tokenization — regulated fund vehicles where only qualified investors can participate
  • Tokenized corporate bonds and debt instruments — jurisdiction restrictions, investor caps, lockup periods
  • Security token offerings (STOs) — any offering structured under Reg D, Reg S, Reg A+, MiCA, or equivalent regulatory exemptions
  • Tokenized private equity and venture funds — restricted to accredited or institutional investors only
  • Tokenized commodities where regulatory treatment requires holder verification
  • Sukuk and Shariah-compliant instruments — including Shariah eligibility as a required claim type

The Practical Deployment Reality

Deploying an ERC-3643 token is more complex than deploying an ERC-20. You are not deploying a single contract — you are deploying a system: Identity Registry, Claim Topics Registry, Trusted Issuers Registry, Identity Registry Storage, Compliance Module, and the token contract itself, all bound together correctly.

In practice, the minimum deployment involves:

  • Deploy the four registries and bind the Identity Registry Storage to the Identity Registry
  • Configure the claim topics (which claims are required) and add the trusted issuers (who can issue them)
  • Deploy the Compliance module and configure compliance rules
  • Deploy the token contract with references to the Identity Registry and Compliance module
  • Set up Owner and Agent roles — restrict sensitive functions (forced transfers, token recovery, mint/burn) to Agent roles
  • Register each investor's identity (wallet address, ONCHAINID, country) in the Identity Registry
  • Mint tokens and allocate to verified investor wallets

This complexity is why most institutional issuers do not deploy ERC-3643 infrastructure themselves. They use a platform that provides the full stack — token factory, identity infrastructure, compliance modules, investor onboarding — as a managed service. This is exactly what SBX Prime provides: no-code ERC-3643 deployment with all registries pre-configured, multi-chain EVM support, white-label branding, and a managed compliance stack that combines with SBX ID for reusable investor credentials.

ERC-3643 on Non-Ethereum Chains

Although ERC-3643 is an Ethereum standard, it works on every EVM-compatible blockchain — Polygon, Arbitrum, BNB Chain, Avalanche, and others. The same smart contract architecture deploys with minimal modification. This matters because it means an issuer can choose their blockchain based on cost and performance requirements (Polygon for low-cost retail offerings, Ethereum L1 for maximum institutional credibility) without giving up ERC-3643's compliance guarantees.

For non-EVM chains — Solana, XRP Ledger, Stellar — ERC-3643 does not apply directly. Equivalent compliance models exist but use different technical architectures (XRPL's MPTokens embed compliance natively; Stellar's SEP standards use asset authorization flags; Solana platforms typically use custom compliance modules on top of SPL tokens). This is one of the reasons institutional tokenization is so concentrated on Ethereum and EVM L2s: ERC-3643 is the dominant regulatory standard, and deploying on EVM means inheriting it automatically.

The Path to ISO: Why This Matters

The single most important development in ERC-3643's trajectory is the ISO standardisation process currently underway. If successful, this would formalise ERC-3643 as the recognised global reference standard for tokenized securities — at the same level of international legitimacy as ISO 20022 for financial messaging or SWIFT's messaging standards.

The practical implications of ISO adoption are substantial:

  • Regulatory alignment — jurisdictions building tokenization frameworks (UAE, Singapore, Hong Kong, EU) can reference the ISO standard directly rather than drafting their own technical requirements
  • Cross-border interoperability — tokens issued on ERC-3643 in one jurisdiction become more easily recognised in another, because the underlying technical standard is ISO-certified
  • Institutional procurement — large banks and institutions with ISO-compliance requirements can adopt ERC-3643-based products without bespoke technical reviews
  • Regulatory enforceability — compliance features embedded in the ISO standard become part of the legal framework, not just technical implementation choices

The Bank for International Settlements (BIS) has proposed "Unified Ledgers" as the future backbone of financial services — a vision that requires exactly the kind of compliance-integrated token standard that ERC-3643 provides. ISO standardisation would position ERC-3643 as the technical foundation for that vision.

The Future of ERC-3643

The trajectory is now unambiguous. ERC-3643 has moved from "a good idea for regulated tokenization" to "the institutional default." The adoption curve in 2024–2026 has been remarkable: from early deployments by boutique issuers to DTCC integration and SEC endorsement within 18 months.

For any institution, platform, or asset owner evaluating tokenization in 2026, the decision tree on token standards is now simple:

  • Tokenizing a regulated asset and distributing to verified investors → ERC-3643
  • Issuing a cryptocurrency, utility token, or open-participation asset → ERC-20
  • Everything else → usually ERC-3643, because future-proofing against regulatory evolution is almost always worth the small additional complexity

ERC-3643 is not the most exciting topic in blockchain. It is not a speculative asset, a new chain launching, or a novel DeFi primitive. It is critical infrastructure. It is the plumbing that makes legitimate, regulated, institutional tokenization possible at scale — and the standard that every serious tokenization platform in the world has now adopted as the foundation of their technical stack.

SUPERBLOCK built SBX Prime on ERC-3643 from day one, specifically because the standard is the only architecture that satisfies both regulatory and institutional requirements for tokenization at scale. Combined with SBX ID for reusable identity credentials and SBX AURA for automated settlement, this gives institutional issuers a complete, ISO-aligned, DTCC-compatible tokenization stack — ready to deploy across every major EVM jurisdiction.

Built on ERC-3643

Deploy Compliant Tokens.
Without Writing a Line of Code.

SBX Prime gives you the complete ERC-3643 infrastructure — Identity Registry, ONCHAINID, Compliance Modules, and Claim Topics — preconfigured and ready for institutional issuance. White-label branding. Multi-chain EVM deployment. Shariah-compliant structures for the GCC market.

This article is for general information only and is not financial, investment, or legal advice. Forward-looking statements are subject to change. See our Disclaimer.

Build on institutional-grade infrastructure