Imagine you invent a brand-new kind of poker chip. It is not issued by any casino. Anyone in the world can mint one if they solve a hard math puzzle. Once minted, the chip lives on a shared ledger that every player keeps a copy of, so no single house can quietly add zeros to its own stack. People begin trading these chips for dollars, for goods, for other chips. Some treat them like cash. Some hoard them like gold. Some sell them to strangers with the pitch that "the project team is going to make you rich." And then a very natural question arrives, the same question that arrives whenever humans invent a new way to move value: who, exactly, gets to make the rules?

That question is the entire subject of this article. Cryptocurrency is hard to regulate not because lawmakers are slow (though sometimes they are) but because a single token can wear four legal costumes at once. To a securities regulator it can look like an investment contract. To a commodities regulator it can look like a digital version of gold or wheat. To a financial-crimes regulator it can look like cash that needs an anti-money-laundering chaperone. And to a tax authority it can look like property you bought and sold for a gain. Different agencies, different countries, and different judges have grabbed different costumes, and the result is the beautiful mess we are about to walk through.

Here is the thing that makes the mess instructive rather than merely chaotic: the same fight has been fought before, every time a new instrument outran the categories the law had on hand. Courts once had to decide whether a "whiskey warehouse receipt," a beaver-farming contract, or a self-improvement course sold with a money-back promise was a "security." Cryptocurrency is the latest entry in that long tradition of value that does not fit the box it arrived in. The good news for the reader is that the doctrines doing the work — the Howey test, the property characterization of assets for tax, the architecture of anti-money-laundering law — are old and stable. The hard part is mapping new facts onto them, and watching legislatures race to replace judicial improvisation with purpose-built statutes.

Here is what you will learn. First, in plain English, what cryptocurrency and blockchain actually are, so the legal vocabulary lands on solid ground. Second, the U.S. framework, which is not one framework but a layered cake of federal agencies (the SEC, the CFTC, FinCEN, the IRS, the banking regulators) sitting on top of fifty state money-transmission regimes, with New York's famous BitLicense as the headliner. Third, a tour of the rest of the world, from the European Union's comprehensive Markets in Crypto-Assets Regulation (MiCA) to the strikingly different choices made in the UK, Switzerland, Singapore, and Japan, to the countries that have banned crypto outright. Fourth, the two policy stories that dominate the 2020s: stablecoins and central bank digital currencies. And throughout, a steady drumbeat of warning: the U.S. legislative picture in particular is moving fast, and some of what is true the week this is published may be amended, litigated, or superseded by the time you read it. Where the ground is shifting, this article says so out loud rather than pretending the map is finished.

A note on tone and on trust. This is a survey for an intelligent reader, not a compliance manual for a specific deal. We will name real cases and statutes, and we will be candid about where the law is genuinely unsettled. We will not tell you whether a particular token is or is not a security, because that question is contested, fact-specific, and the subject of active litigation. Treat this as a well-drawn map of the territory. For the route through any particular transaction, you will want a guide who knows the current weather.

Part One: What Are We Even Regulating? Crypto and Blockchain in Plain English

Let us define the terms of art before the lawyers get to them.

A blockchain is a shared digital ledger — a running list of transactions — that is maintained by many independent computers rather than by one central bookkeeper. Picture a notebook that thousands of people each keep an identical copy of. Every few minutes, a new page (a "block") of recent transactions is added, and once a page is added and the network agrees on it, rewriting that page becomes extraordinarily difficult because you would have to convince a majority of the network to rewrite their copies too. The "chain" part is that each new page cryptographically references the page before it, so tampering with an old page would break the links in every page after it. The headline feature is that no single party controls the ledger and no single party can secretly alter it. That property — call it decentralized trust — is the whole point. It lets strangers transact without a bank in the middle vouching for the balances.

A cryptocurrency is a unit of value that lives natively on such a ledger. Bitcoin, the original, is simply an entry in the Bitcoin ledger that says a particular address controls a particular amount, and "owning" bitcoin means holding the secret cryptographic key that can authorize moving it. There is no paper, no vault, no central issuer. The supply and the rules are set by software that the network runs. This is the feature that should make any lawyer's ears prick up: with no issuer, there is no defendant of first resort, no entity to register an offering, no balance sheet to subpoena. A technology designed to remove the middleman also removed the party that regulators are accustomed to leaning on.

From there the vocabulary explodes, and the explosion matters legally:

  • A token is any unit of value issued on a blockchain. Some tokens are "coins" native to their own chain (bitcoin, ether). Many others are issued on top of an existing chain by a project team — these often raise the hardest legal questions, because a team raising money by selling its own token starts to look a lot like a company selling shares.
  • A stablecoin is a token designed to hold a steady value, usually by being pegged to a national currency like the U.S. dollar, with the issuer claiming to hold reserves that back each coin. Stablecoins are the plumbing of the crypto economy — the way traders park value without cashing out to a bank — and they are now the single hottest regulatory topic, because a privately issued dollar-substitute that millions of people rely on is, functionally, a new kind of money.
  • A non-fungible token (NFT) is a token representing a unique item rather than an interchangeable unit of currency — a digital deed to a specific image, collectible, or in-game item. NFTs raise their own tangle of copyright and contract questions, which we explore separately in our discussion of NFT marketplaces and secondary-sale royalties.
  • A smart contract is self-executing code stored on a blockchain that runs automatically when conditions are met — "if X is paid, release Y." Smart contracts power decentralized finance ("DeFi"), where lending, trading, and borrowing happen through code rather than through a licensed intermediary, which is exactly the feature that makes regulators reach for the aspirin. (A caution on the name: a "smart contract" is neither necessarily smart nor necessarily a contract in the legal sense — it is software, and whether its execution also forms an enforceable agreement is a separate question that ordinary contract and software-licensing law must answer.)
  • An exchange is a business that lets people buy, sell, and trade crypto, often holding customer funds. Exchanges are where most ordinary people touch crypto, and — because they hold other people's money — they are the natural chokepoint where regulators apply pressure. When an exchange custodies user assets, it has reintroduced exactly the trusted middleman that the underlying technology was built to eliminate, which is why "decentralized" assets are so often traded through very centralized businesses.

Why does any of this taxonomy matter to a lawyer? Because the law almost never asks "is this crypto?" It asks narrower questions: Is this an investment contract? Is this a commodity? Is this money transmission? Is this a sale of property? And the answer depends enormously on which of the things above you are holding and what someone did with it. Bitcoin and a freshly issued startup token can sit in the same wallet and yet be governed by entirely different bodies of law. Keep that single idea in your pocket; it explains nearly every dispute that follows.

Part Two: The United States — One Country, Many Sheriffs

There is a popular complaint that the United States has "no rules" for crypto. The truth is closer to the opposite: the United States has too many overlapping rulebooks, written by agencies that were never designed to coordinate. The result was for years called regulation by enforcement — meaning that the clearest signal about what was illegal came not from a statute written for crypto but from a lawsuit filed after the fact. Critics charged that this told the industry what was forbidden only by punishing it, while defenders answered that the securities laws have always been written in deliberately broad terms precisely so that they would not need rewriting every time someone invented a new wrapper for an old scheme. Both things are true at once, which is why the debate has been so durable. Let us meet the sheriffs in turn.

The SEC and the Howey Test: Is Your Token a Security?

The Securities and Exchange Commission ("SEC") protects investors and polices the offer and sale of "securities." The threshold question — and arguably the most consequential question in all of U.S. crypto law — is whether a particular token transaction is the sale of a security. If it is, a whole apparatus snaps into place: the offering generally must be registered with the SEC or fit a narrow exemption, the seller owes anti-fraud and disclosure duties, and trading venues may need to register as exchanges or broker-dealers. If it is not a security, that apparatus does not apply, and some other regime (commodities, money transmission) governs instead. The same registration-versus-exemption machinery that governs an ordinary startup's stock sale governs a token sale that crosses the securities line — a framework our guide to navigating the capital-raising maze walks through in detail.

The statutory definition of "security" in the Securities Act of 1933, 15 U.S.C. § 77b(a)(1) (and the parallel definition in the Securities Exchange Act of 1934, 15 U.S.C. § 78c(a)(10)), includes a long list of obvious instruments — stocks, bonds, notes — and one famously elastic catch-all: "investment contract." What is an investment contract? For that we go to a Florida orange grove and the most-cited four-factor test in American securities law.

In SEC v. W.J. Howey Co., 328 U.S. 293 (1946), the W.J. Howey Company sold rows of orange trees to out-of-state buyers and, in the same breath, offered to lease the land back and farm it, splitting the profits. Buyers were tourists and professionals staying at an adjacent resort, not orange farmers; they were investors hoping Howey's labor would make them money. The Supreme Court held that this arrangement was an "investment contract," and it announced the test that bears the case's name. An investment contract exists where there is (1) an investment of money, (2) in a common enterprise, (3) with a reasonable expectation of profits, (4) to be derived from the efforts of others. Howey, 328 U.S. at 298-99. Notice what the test does not require: a stock certificate, a formal company, or even a written contract. The Court said the term embodies "a flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits." It looks past form to economic reality. That is precisely why a 1946 case about citrus controls the regulation of a 2020s technology its authors could not have imagined.

Apply Howey to a token. If a startup sells a new token to the public to raise money, promising that the team will build a network that will make the token valuable, all four prongs can be present: buyers invest money, in a common enterprise (the project), expecting profits, from the efforts of the team. That looks like an investment contract — a security. This was the core theory behind the SEC's wave of cases against initial coin offerings ("ICOs") beginning around 2017, after the agency's DAO Report of investigation warned that tokens could be securities, and it remained the agency's default lens for years. Bitcoin sits at the other extreme: there is no issuer, no team whose efforts you are betting on, no common enterprise in the Howey sense — which is why even the SEC has long treated bitcoin as not a security, a position it formalized in informal guidance and confirmed when it allowed spot bitcoin exchange-traded products to launch. Most tokens live somewhere in the contested middle.

The hardest and most litigated question is what happens after a network matures. A token might be sold as an investment contract on day one, when everything depends on the founders' efforts, and yet trade years later as a commodity-like asset on a network so decentralized that no one's "efforts" particularly matter. Does the security label stick to the token forever, or does it attach to the transaction? An SEC official floated the idea in a widely noted 2018 speech that a token could undergo "sufficient decentralization" such that it stops being offered and sold as a security — a pragmatic intuition that has never been adopted as a binding legal standard but that frames the entire debate.

That distinction sat at the heart of the most closely watched crypto case of the decade. In SEC v. Ripple Labs, Inc., 682 F. Supp. 3d 308 (S.D.N.Y. 2023), Judge Analisa Torres of the Southern District of New York applied Howey on a transaction-by-transaction basis to the XRP token and reached a split decision that satisfied no one entirely. The court sorted Ripple's distributions of XRP into three buckets. First, institutional sales — XRP sold directly to hedge funds and sophisticated buyers under written contracts, accompanied by marketing that emphasized how Ripple would use the proceeds to build and promote the XRP ecosystem — were unregistered investment-contract sales, because those buyers reasonably expected to profit from Ripple's efforts. Second, programmatic sales — XRP sold through blind bid/ask transactions on public exchanges, where buyers had no idea whether they were buying from Ripple or from some anonymous stranger — were not securities transactions, because those buyers "could not reasonably expect" that the dollars they paid were going to Ripple to fund ecosystem development, and so the expectation-of-profits-from-the-efforts-of-others prong was not satisfied on those facts. Third, certain other distributions (XRP paid to employees and handed to developers as grants) failed the very first prong, because there was no "investment of money" by the recipients at all.

The Ripple ruling was a partial win for each side, was the work of a single district judge rather than a binding appellate rule, and prompted considerable disagreement among courts. Within months, a different judge in the same district expressly declined to follow the programmatic-sales reasoning. In SEC v. Terraform Labs Pte. Ltd., 684 F. Supp. 3d 170 (S.D.N.Y. 2023), the court rejected any distinction between sophisticated and retail buyers, reasoning that Howey asks about the economic substance of the scheme, not the manner of sale or the buyer's identity, and that nothing in the securities laws makes a token a security in the hands of one purchaser but not another. Meanwhile, in the litigation against major U.S. exchanges, courts mostly allowed the SEC's claims to proceed past the pleading stage — declining to dismiss the theory that secondary-market token trading could involve unregistered securities — even as they acknowledged the difficulty of the questions. The honest summary for a reader is this: courts are actively wrestling with whether and when the Howey analysis can change over a token's life and whether the manner of sale matters, the answers are not uniform across districts, and you should treat any single headline about a "crypto win" or "crypto loss" with caution. This is a textbook example of law that is genuinely unsettled and date-sensitive — and a powerful argument for why so many people, on all sides, have begged Congress to replace litigation with a statute.

The CFTC and Commodities: The Other Federal Cop

If the SEC's costume is "securities," the Commodity Futures Trading Commission ("CFTC") wears "commodities." The Commodity Exchange Act defines "commodity" extraordinarily broadly — it sweeps in not just agricultural goods but "all other goods and articles . . . and all services, rights, and interests . . . in which contracts for future delivery are presently or in the future dealt in," 7 U.S.C. § 1a(9). Courts and the CFTC have relied on that breadth to treat bitcoin and ether as commodities; a federal court endorsed the view as early as CFTC v. McDonnell, 287 F. Supp. 3d 213 (E.D.N.Y. 2018), which upheld the CFTC's authority to pursue fraud in virtual-currency markets. The CFTC has clear, exclusive authority over derivatives — futures, options, and swaps — on those commodities, and it has asserted anti-fraud and anti-manipulation authority over the underlying "spot" markets in a string of enforcement cases. In plain terms: where the SEC says "this token is an unregistered security," the CFTC may say "this token is a commodity, and the venue trading it committed fraud or ran an unregistered derivatives market."

The overlap is not a bug the agencies have fixed; it is a genuine gap in the statutes, and it can produce the disorienting spectacle of two federal agencies asserting jurisdiction over the same asset on incompatible theories. A great deal of the 2024-2026 legislative debate has been about drawing the SEC-CFTC boundary by statute — deciding, in legislation rather than litigation, which tokens are "securities" and which are "digital commodities," and giving the CFTC a clear mandate over spot trading of the latter. Several market-structure bills have advanced through Congress with exactly this aim, generally proposing that sufficiently decentralized assets be treated as digital commodities under CFTC oversight while assets tied to an active, controlling enterprise remain with the SEC. As of this writing, the boundary remains primarily a matter of agency assertion and case law rather than a finished statute, and the precise contours are very much in motion. Read any specific allocation of authority below as provisional.

FinCEN, the Bank Secrecy Act, and the War on Dirty Money

Now meet the financial-crimes sheriff. The Financial Crimes Enforcement Network ("FinCEN"), a bureau of the Treasury Department, administers the Bank Secrecy Act ("BSA"), 12 U.S.C. §§ 1951-1960, and the broader anti-money-laundering ("AML") regime. The core idea is old and intuitive: businesses that move money must know who their customers are, keep records, and report suspicious activity, so that criminals and terrorists cannot launder funds through them invisibly. Tellingly, this regime cares nothing for the securities-versus-commodity debate that consumes the SEC and CFTC; its obligations attach to the act of running a money business, whatever the asset is otherwise called.

FinCEN reached crypto early — earlier than most observers remember. In March 2013 guidance (FIN-2013-G001), and again in comprehensive May 2019 interpretive guidance (FIN-2019-G001, "Application of FinCEN's Regulations to Certain Business Models Involving Convertible Virtual Currencies"), FinCEN took the position that many crypto businesses qualify as money services businesses ("MSBs"), specifically money transmitters, when they deal in "convertible virtual currency" ("CVC") — virtual currency that has an equivalent value as real currency or acts as a substitute for it. The 2013 guidance drew a durable three-way distinction that still governs the analysis:

  • A user, who obtains virtual currency to buy goods or services for themselves, is not an MSB.
  • An exchanger, who as a business exchanges virtual currency for real currency, funds, or other virtual currency, is a money transmitter.
  • An administrator, who as a business issues a virtual currency and has the authority to redeem it, is also a money transmitter.

The 2019 guidance crystallized the governing rule of thumb: whether you are regulated "generally depends on the person's activities and not its formal business status." A money transmitter is defined as one who accepts and transmits "currency, funds, or other value that substitutes for currency," 31 C.F.R. § 1010.100(ff)(5)(i)(A), and the implementing definition of MSB lives at 31 C.F.R. § 1010.100(ff). As MSBs, covered crypto firms must register with FinCEN, build a written AML compliance program, perform customer due diligence (the familiar "know your customer," or KYC, checks), and file currency transaction reports and suspicious activity reports under the BSA and its implementing rules at 31 C.F.R. Chapter X. Operating an unlicensed money-transmitting business is, separately, a federal crime under 18 U.S.C. § 1960 — a statute prosecutors have used aggressively against crypto operators. That is why a crypto exchange can simultaneously be in an SEC fight about whether it listed securities and a FinCEN matter about whether its compliance program was adequate: the two regimes ask entirely different questions.

A few wrinkles worth knowing. Software developers who merely write or publish code, and individuals who use crypto for their own purposes, are generally not money transmitters under FinCEN's view — the obligations fall on those who accept and transmit value on behalf of others. The treatment of DeFi protocols, "unhosted" wallets, peer-to-peer exchangers, and anonymizing tools (mixers) has been a continuing and contested frontier, with major enforcement actions and sanctions designations testing where the line sits — and the broader DeFi regulatory picture remains one of the least settled in the field, precisely because there may be no centralized operator on whom to pin an obligation. And the Office of Foreign Assets Control ("OFAC") layers economic sanctions on top of all this: transacting with sanctioned addresses can violate U.S. sanctions law even if no other crypto rule is broken. OFAC has gone so far as to add specific blockchain wallet addresses, and even an entire mixing service, to its sanctions lists — a vivid demonstration that "code is law" runs headlong into the reality that running the code can still break the law.

State Money-Transmitter Laws and the New York BitLicense

Here is where many newcomers underestimate the complexity. Even after a crypto business satisfies the federal alphabet soup, it usually must contend with state law, because nearly every state regulates "money transmission." Historically these laws were written for businesses like Western Union, requiring a license, a surety bond, minimum net worth, permissible-investment requirements, and consumer protections in each state where the business operates. Most states have concluded that handling other people's crypto can constitute money transmission, which means a national exchange may need licenses (or exemptions) in dozens of states — an expensive, slow, jurisdiction-by-jurisdiction grind that can take years and millions of dollars. A multistate effort led by the state regulators' association has tried to harmonize these regimes with a Model Money Transmission Modernization Act and a streamlined multistate licensing process, but meaningful variation persists, and a handful of states have enacted crypto-specific provisions of their own.

The most famous state regime is New York's. In 2015 the New York Department of Financial Services ("NYDFS") adopted a dedicated framework, codified at 23 N.Y.C.R.R. Part 200, requiring most firms conducting "virtual currency business activity" involving a New York resident to obtain a BitLicense. The license demands serious compliance infrastructure: capital requirements, AML and OFAC programs, a cybersecurity program, consumer-protection disclosures, custody safeguards (NYDFS expects customer crypto to be held for the customer's benefit and not commingled or pledged), and — distinctively — the regulator's approval before a licensee may offer a new coin, drawn from a NYDFS "greenlist" of pre-approved assets. The BitLicense is admired by some as a model of clear, rigorous oversight and criticized by others as so burdensome that smaller firms simply geofence New York out of their service. Either way, it is a reminder that "crypto regulation in the United States" is not a single thing you can comply with once; it is a federal layer plus fifty state layers, with New York as the most demanding of them.

The IRS: It's Property, So Keep Your Receipts

Finally, the tax sheriff — the one nearly every crypto user actually meets. In IRS Notice 2014-21, the Internal Revenue Service announced that, for federal tax purposes, convertible virtual currency is treated as property, not as currency, and that "general tax principles applicable to property transactions apply." This single sentence has large consequences. Because crypto is property, every disposition is a potential taxable event that can generate capital gain or loss measured against your "basis" (roughly, what you paid). Selling bitcoin for dollars is a taxable event. Trading one token for another is a taxable event. Even buying a cup of coffee with crypto is, technically, a disposition of property that can trigger gain or loss on the difference between what you paid for the coin and its value when you spent it. Receiving crypto as payment for services is ordinary income at fair market value (and may carry employment-tax and reporting obligations for the payer); mining rewards generally produce ordinary income at the time of receipt; and the IRS has taken the position, in Revenue Ruling 2023-14, that staking rewards are likewise gross income when the taxpayer gains "dominion and control" over them.

The practical upshot is a recordkeeping burden that surprises casual users, and an enforcement focus that has grown sharply — including a prominent question on the front page of Form 1040 asking whether you received, sold, exchanged, or otherwise disposed of digital assets, and expanded information-reporting rules pushing brokers to report customer transactions on a new Form 1099-DA. The headline doctrine has been stable since 2014, but the reporting machinery around it has tightened considerably and continues to evolve. For most people, the operative lesson is simple and unglamorous: keep meticulous records of every acquisition and disposition, because the tax law treats your wallet like a brokerage account full of tiny property trades — and unlike a brokerage, your wallet does not, historically, mail you a tidy year-end statement.

Putting the U.S. Pieces Together: A Worked Example

Let us make the abstraction concrete with an invented company. (The following is a hypothetical for illustration only.) Suppose Nimbus Labs, Inc. builds a new blockchain and, to fund development, sells its native "NIM" token to the public, marketing it with promises that the team's work will drive the token's value. Suppose Nimbus also launches NimbusTrade, an exchange where users can swap NIM and other tokens, holding customer balances along the way.

Watch how many sheriffs arrive. The SEC will scrutinize the NIM token sale under Howey: investors put in money, into a common enterprise, expecting profits from Nimbus's efforts — that has the shape of an unregistered securities offering, and (as Ripple underscores) the precise marketing language and channel of sale matter enormously. The CFTC may take an interest if NimbusTrade offers leveraged or derivative products, or if there is fraud in markets for commodity-like tokens. FinCEN will treat NimbusTrade as a money services business — an exchanger of convertible virtual currency — demanding registration, an AML program, KYC, and suspicious-activity reporting under the BSA. The states will ask whether NimbusTrade needs money-transmitter licenses everywhere its users live, and if any of those users are New Yorkers, the BitLicense beckons. OFAC will expect NimbusTrade to screen out sanctioned wallets. And the IRS will treat every user's NIM trade as a property transaction with potential gain or loss. One company, one product line, six regulators — none of whom were designed to talk to one another. That is the U.S. crypto landscape in a single hypothetical, and it explains why the loudest demand from industry and consumer advocates alike has been the same: give us a coherent statute.

Now change one fact and watch the analysis swing. (Still hypothetical.) Suppose that, five years later, Nimbus Labs dissolves, the NIM network is maintained entirely by a sprawling group of independent volunteers, and NIM trades on dozens of venues with no one promising anyone anything. A new buyer who purchases NIM on the open market is no longer betting on "the efforts of" any identifiable promoter. Under the reasoning of Ripple's programmatic-sales holding, that secondary trade may look very different from the original token sale — even though it is the identical asset. Under Terraform's reasoning, the original "scheme" may still color the analysis. The same token, the same buyer, two defensible answers: that is not a drafting accident in this article, it is the actual state of the law, and it is why the classification question is so consequential and so contested.

The 2024-2026 Legislative Story: Evolving and Date-Sensitive

Which brings us to Congress, and to the most important caveat in this article. After years in which crypto policy was made almost entirely through enforcement actions and court decisions, the mid-2020s have seen serious legislative motion. Two strands stand out.

The first is stablecoin legislation, and here the story has a definite milestone. After several years of competing drafts, Congress passed and the President signed the GENIUS Act (the Guiding and Establishing National Innovation for U.S. Stablecoins Act) on July 18, 2025 — the first comprehensive federal crypto statute in U.S. history. At a high level, the Act establishes a federal framework for "payment stablecoins," requiring that they be backed one-for-one by U.S. dollars or other high-quality liquid assets such as short-term Treasuries, that issuers be permitted entities subject to federal or qualifying state supervision, and that holders have clear redemption rights; it also imposes marketing restrictions, forbidding issuers from implying that a stablecoin is legal tender, federally insured, or backed by the U.S. government. Crucially for any reader trying to time compliance, the statute does not switch on immediately: it takes effect on the earlier of eighteen months after enactment or 120 days after the primary federal regulators issue final implementing rules. In other words, the law exists, but its operative details are still being written, and the precise obligations on any given issuer will continue to take shape as rulemaking proceeds.

The second strand is market-structure legislation — the effort to draw the SEC-CFTC boundary by statute, define when a token is a "digital commodity" versus a security, and build a disclosure and registration regime suited to crypto rather than retrofitted from 1933. These bills have advanced through the legislative process, in some chambers by wide margins, but a comprehensive market-structure law has proven harder to finish than the stablecoin piece — the securities-versus-commodity line is genuinely difficult, and the stakes of drawing it are enormous — and its final shape remains uncertain as of this writing.

Two honest warnings flow from all of this. First, direction is not destination: bills that pass one chamber may stall, be amended, or change substantially before enactment, and even enacted statutes like the GENIUS Act still require years of agency rulemaking before their practical contours are clear. Second, enforcement posture shifts with administrations: the intensity and theories of crypto enforcement have varied considerably from one presidential administration to the next, and what one SEC leadership treats as a violation, another may dismiss or decline to pursue — the agency dropped or paused several prominent crypto enforcement actions during this period. For these reasons, treat every statement in this section as a snapshot of a moving picture. If you are making a real decision, confirm the current state of play — because in U.S. crypto law, "current" can mean this quarter.

Part Three: The Rest of the World — A Comparative Tour

Zoom out from the United States and the picture becomes, paradoxically, both more varied and in places more orderly. Some jurisdictions have done what the United States long struggled to do — pass a single, comprehensive crypto law. Others have banned the whole enterprise. A useful way to organize the global landscape is along a spectrum running from embrace to prohibition, with most countries somewhere in the cautious middle: warning their citizens, applying anti-money-laundering rules, taxing gains, and licensing exchanges, without either welcoming crypto with open arms or banning it outright.

The European Union: MiCA and the Comprehensive Model

The European Union made the boldest structural bet. Its Markets in Crypto-Assets Regulation (MiCA) — formally Regulation (EU) 2023/1114 — is the world's first major, comprehensive, cross-border crypto framework, and it has become the reference point against which other regimes are measured. Rather than asking courts to stretch decades-old securities law to fit tokens, the EU wrote new rules from scratch and made them directly applicable across all member states, so that a crypto business authorized in one EU country can "passport" its services across the bloc — a single license for a market of roughly 450 million people.

MiCA's architecture is worth understanding because it shows what a purpose-built regime looks like. It sorts crypto-assets into categories and regulates each differently. Asset-referenced tokens (stablecoins referencing a basket or a non-EU currency) and e-money tokens (stablecoins referencing a single official currency, such as the euro) face strict requirements on reserves, redemption at par, and issuer authorization, reflecting the same anxiety driving U.S. stablecoin law: a private dollar- or euro-substitute used at scale is too money-like to leave unregulated. MiCA even imposes transaction caps on large non-euro stablecoins used widely as a means of payment, an explicit effort to protect monetary sovereignty. Other crypto-assets face a lighter regime centered on a published "white paper" disclosure document. And crypto-asset service providers (exchanges, custodians, brokers) must be authorized and must meet governance, custody, conflict-of-interest, market-abuse, and consumer-protection standards. MiCA's stablecoin provisions took effect in mid-2024 and its service-provider rules in late 2024, with transitional grandfathering running into 2025 and 2026, so the regime is now operational rather than aspirational. Notably, MiCA largely carves out assets that already qualify as financial instruments under existing EU securities law (those remain governed by that law) and does not fully cover decentralized finance or most NFTs, leaving frontiers for future rulemaking. Still, as a model, MiCA's message is clear: comprehensive, harmonized, ex-ante rules are possible, and a continent chose them over regulation by enforcement.

The United Kingdom: A Phased, Activity-Based Approach

The United Kingdom, having left the EU, charted its own course rather than adopting MiCA. Its approach has been incremental and activity-based. Crypto firms operating in the UK have long had to register with the Financial Conduct Authority ("FCA") for anti-money-laundering supervision, and the UK tightened the rules on how crypto can be marketed to consumers — bringing "qualifying cryptoassets" within its financial-promotions regime, so that crypto promotions are treated much like promotions for other high-risk investments, with mandatory risk warnings, a "cooling-off" period for first-time investors, and a ban on incentives like "refer a friend" bonuses designed to spur impulsive retail buying. The broader project is to bring a wide range of crypto activities (issuance, custody, trading, lending) within the existing regulated-financial-services perimeter through phased legislation and FCA rulemaking, while simultaneously developing a dedicated regime for fiat-backed stablecoins jointly with the Bank of England. The UK's posture is best described as deliberately gradual: build the framework activity by activity, keep consumer protection front and center, and aim to be a credible global hub without either a single big-bang statute or a ban.

Switzerland: The "Crypto Valley" Bet on Legal Clarity

Switzerland took a different and influential path: rather than a single new statute, it fit crypto into its existing, well-respected financial law and then provided unusually clear guidance. The Swiss Financial Market Supervisory Authority ("FINMA") published guidelines in 2018 classifying tokens into functional categories — payment tokens, utility tokens, and asset tokens (with "hybrid" tokens treated cumulatively) — and explained how each is treated under existing securities, banking, and AML law. Switzerland later enacted targeted "DLT Act" amendments (effective 2021) to refine the treatment of tokenized securities, create a clean property-law concept for ledger-based rights, and establish a regulated trading category for tokenized assets, smoothing the rough edges where old law met new technology. The canton of Zug earned the nickname "Crypto Valley" for the cluster of blockchain firms that settled there, drawn by exactly what the United States struggled to provide: predictable, principled rules and a regulator willing to engage with novel projects rather than ambush them. Switzerland's lesson is that you do not necessarily need a brand-new comprehensive statute if your existing law is flexible and your regulator communicates clearly.

Singapore: Rigorous, Pro-Innovation, and Not Naive

Singapore, through the Monetary Authority of Singapore ("MAS"), built a reputation as a serious, innovation-friendly hub with teeth. The cornerstone is the Payment Services Act, which brings "digital payment token" services — buying, selling, and facilitating the exchange of crypto — under a licensing regime focused heavily on anti-money-laundering controls and, increasingly, on consumer protection and custody safeguards. MAS has been deliberately welcoming to legitimate, well-run firms and deliberately unwelcoming to retail speculation: it has restricted aggressive consumer marketing (no advertising in public spaces, no influencer hype), required risk-awareness checks, and warned the public repeatedly that crypto trading is "highly risky and not suitable for the general public." After several high-profile crypto failures in 2022 touched firms based or operating in the region, MAS tightened custody and consumer rules further. The Singapore model is "yes, but carefully": come build here if you are serious about compliance, and do not expect to push speculative products on retail customers.

Japan: Early, Scarred, and Strict

Japan was a pioneer, in part because it learned hard lessons early. The collapse of the Tokyo-based Mt. Gox exchange in 2014 — at the time the largest in the world, losing hundreds of thousands of bitcoins — pushed Japan to act sooner than most. Japan amended its Payment Services Act to define "crypto-assets," require exchanges to register with the Financial Services Agency ("FSA"), and impose AML, custody, and consumer-protection obligations. After the 2018 Coincheck hack, in which roughly half a billion dollars of tokens were stolen, Japan tightened the rules again, emphasizing the segregation of customer assets and cold-storage security. Japan also developed notably clear rules for stablecoins, generally requiring that they be issued by regulated entities such as banks, trust companies, or licensed money-transfer agents, and be redeemable at face value — an approach that influenced the global conversation, including the U.S. and EU instincts about reserve backing and par redemption. The Japanese story illustrates a recurring theme: many of the world's strictest crypto rules were written in the aftermath of a spectacular failure, by regulators determined not to be caught flat-footed twice.

Outright Bans: China and the Prohibition Camp

At the far end of the spectrum sit the prohibitionists. The most consequential is China, which moved from tolerance to restriction to near-total ban over roughly a decade. China prohibited initial coin offerings in 2017, then ordered domestic crypto exchanges to shut, then in 2021 cracked down on crypto mining (once enormously concentrated in China, which had hosted a majority of global bitcoin mining), and ultimately, through a joint notice of ten agencies, declared essentially all crypto-related business activities illegal. The motivations are a blend of capital-control concerns (a country with strict limits on moving money abroad sees crypto as a leak), financial-stability worries, energy-consumption policy, and a preference for a state-controlled digital currency rather than private ones — which is why China simultaneously became a leader in developing its own central bank digital currency. Notably, China's ban on private crypto coexists with continued, even enthusiastic, recognition of blockchain as a technology worth developing for state and enterprise use; the objection is to decentralized private money, not to distributed ledgers as such. (Hong Kong, meanwhile, has moved in the opposite direction, building a licensing regime to attract crypto businesses — a reminder that "China" is not monolithic on this question.)

China is the largest but not the only member of the prohibition camp. A number of countries — at various points including Algeria, Bolivia, Morocco, Nepal, Pakistan, and Vietnam, among others — have imposed bans or severe restrictions, and several jurisdictions have barred local trading while tolerating cross-border use. Bans are also notoriously hard to enforce against a borderless, peer-to-peer technology, and the practical reality on the ground often diverges from the law on the books — peer-to-peer trading and offshore exchanges persist in places where domestic activity is formally forbidden. The lesson is that "illegal" is a spectrum too: a formal prohibition, an effective prohibition, and a winked-at prohibition are three different things.

El Salvador: The Outlier That Made Bitcoin Legal Tender

For a few years, one country ran in the opposite direction entirely. In 2021, El Salvador became the first nation to adopt bitcoin as legal tender under its "Bitcoin Law," meaning — at least on paper — that businesses were generally required to accept it alongside the U.S. dollar, and the government rolled out a national wallet ("Chivo") and even purchased bitcoin for its treasury. The experiment drew global attention and substantial skepticism from international financial institutions, with the International Monetary Fund repeatedly warning about volatility, consumer protection, and fiscal and financial-stability risks. Under external pressure — including as a condition of an IMF financing arrangement — and amid muted real-world adoption, El Salvador in 2025 walked back the mandatory legal-tender status, moving bitcoin toward voluntary acceptance. The arc is instructive precisely because it is so unusual: it shows both the symbolic appeal of national bitcoin adoption and the very real frictions — volatility, infrastructure, international financing relationships — that make a volatile asset an awkward fit for a country's official money.

The Cautious Middle: Where Most of the World Actually Lives

Between embrace and prohibition sits the vast majority of jurisdictions, and their behavior is remarkably consistent. Most have, at minimum, issued public warnings through their central banks about volatility, fraud, and the lack of legal recourse if a crypto investment goes to zero. Many have extended their anti-money-laundering and counter-terrorism-financing laws to cover crypto exchanges, often prodded by the Financial Action Task Force ("FATF"), the international standard-setting body whose recommendations now cover "virtual asset service providers" and whose "travel rule" — requiring intermediaries to collect and pass along identifying information about senders and recipients of crypto transfers above a threshold, just as banks do for wire transfers — has been adopted in some form by many countries (the EU implemented it via its Transfer of Funds Regulation alongside MiCA). Most have grappled with taxation, typically landing on treating crypto as property or as an asset subject to capital-gains or income tax, with the precise characterization (income versus capital gain, and how to tax mining, staking, and airdrops) varying widely. And a growing number license or register exchanges and custodians with consumer-protection and custody requirements. In other words, the global default is not "ban" and not "embrace" but "watch, warn, tax, and apply the anti-money-laundering rules" — a pragmatic middle that lets crypto exist while trying to keep it from becoming a haven for laundering or a trap for naïve investors.

Part Four: The Two Big Themes — Stablecoins and Central Bank Digital Currencies

Two subjects recur in every serious crypto-policy conversation worldwide, and they are worth treating on their own because they touch the deepest question of all: who gets to issue money?

Stablecoins: Private Money Wearing a Dollar's Clothes

A stablecoin promises to be worth, say, exactly one U.S. dollar, today and tomorrow, by being backed by reserves the issuer claims to hold. That promise is what makes stablecoins so useful — they are the dollars-on-a-blockchain that let the whole crypto economy settle trades without constantly cashing out to banks, and they have grown into a market measured in hundreds of billions of dollars — and it is also what makes regulators nervous. If millions of people treat a private company's tokens as dollars, then that company is effectively issuing money, and if its reserves turn out to be thin, illiquid, or simply not there, a sudden loss of confidence can trigger a run, much like a run on a bank, with holders racing to redeem before the reserves run dry. The collapse in May 2022 of the so-called "algorithmic" stablecoin TerraUSD — which tried to hold its peg through a trading mechanism with a sister token rather than through real cash reserves — vaporized tens of billions of dollars of value in days, helped topple several large crypto firms in a chain reaction, and handed regulators worldwide a vivid argument for hard rules. (Even a fully reserved stablecoin briefly "broke the buck" in 2023 when part of its cash reserves sat in a failing bank, proving that the quality and location of reserves matter as much as their nominal existence.)

The regulatory response has converged with unusual speed and consistency. The recurring requirements are: full backing by high-quality, liquid reserves (cash and short-term government debt, not risky or illiquid assets); a clear right of holders to redeem at face value; regular disclosure or attestation of reserves; segregation of reserves from the issuer's own funds; and authorization of issuers under banking-style or dedicated supervision. The EU's MiCA imposes exactly this kind of regime on its asset-referenced and e-money tokens; Japan requires regulated issuers and face-value redemption; and the United States, with the GENIUS Act of 2025, adopted the same core architecture — one-to-one reserves in safe assets, permitted issuers, redemption rights, and tight marketing limits. Across very different legal systems, regulators reached the same conclusion: a private dollar-substitute used as money should look, in its safety and soundness, a lot like the regulated institutions that already issue money-like instruments. Of all the corners of crypto law, stablecoins are the one where global consensus has formed fastest — and, not coincidentally, the one where the United States legislated first.

Central Bank Digital Currencies: When the State Goes Digital

If stablecoins are private money on a blockchain, a central bank digital currency ("CBDC") is public money on a digital ledger — a digital form of a nation's official currency, issued and guaranteed by its central bank. A CBDC is not a cryptocurrency in the decentralized sense; it is, in an important way, the opposite — a centralized digital dollar, euro, or yuan, with a single trusted issuer at the top. Governments are interested for several reasons: to modernize payments and lower transaction costs, to preserve the role of public money as physical cash use declines, to extend financial access to the unbanked, and — candidly — to keep control of the monetary system in an era when private stablecoins threaten to become the default digital cash.

The global picture is uneven and politically charged. China has been among the most advanced, piloting its digital yuan (e-CNY) at very large scale across many cities. The European Central Bank has moved through preparation phases for a "digital euro." Several smaller economies have launched live retail CBDCs (the Bahamas' "Sand Dollar" and a handful of others), and dozens more are researching or piloting. The United States, by contrast, has been notably cautious and, at the federal-policy level, turned openly hostile to a retail CBDC — with legislation and executive action in this period aimed at prohibiting the Federal Reserve from issuing one directly to the public, grounded in privacy and government-overreach concerns, since a state-issued digital currency could, depending on its design, give the government unprecedented visibility into (and potentially control over) individual transactions. The result is a genuine global fork: some governments see a CBDC as essential infrastructure for the future of money; others see it as a surveillance risk to be avoided. This, too, is a fast-moving and date-sensitive area where policy can shift with elections, and where the design choices — privacy protections, whether banks intermediate access, and whether the money is "programmable" — matter as much as the yes-or-no decision to issue one at all.

Part Five: Practical Takeaways

After all that, what should a thoughtful reader actually carry away?

First, classification is destiny. The single most important legal question about any token is not "is it crypto?" but "what is it, legally, for the purpose at hand?" — security, commodity, money for transmission purposes, or taxable property. The answer can differ for the same token depending on who is asking, what was promised, how it was sold, and what was done with it. If you remember one idea from this article, make it this one.

Second, in the United States, comply in layers. Federal securities, commodities, and anti-money-laundering rules sit on top of fifty state money-transmission regimes, with New York's BitLicense the most demanding. A business cannot satisfy one and assume it has satisfied the rest — an exchange can be simultaneously SEC-investigated, CFTC-charged, FinCEN-examined, state-licensed (or not), OFAC-screened, and IRS-reportable. And the property treatment of crypto means even ordinary users carry a recordkeeping burden.

Third, the rest of the world is not waiting. The EU's MiCA, Switzerland's clear guidance, Singapore's and Japan's licensing regimes, and the global stablecoin consensus show that comprehensive rules are not only possible but increasingly the norm. A business operating across borders must map several regimes at once, and "compliant in one country" rarely means "compliant everywhere." Mapping that exposure is its own legal discipline; our overview of types of lawyers can help you identify the securities, tax, and fintech specialists a cross-border launch actually requires.

Fourth, and most importantly, this map is dated the moment it is drawn. U.S. legislation (the GENIUS Act's rulemaking, and any market-structure law that follows), agency enforcement priorities, MiCA's rolling implementation, and CBDC policy are all in motion. Treat every specific claim here as a snapshot, and verify the current state of play before relying on it. The doctrines with deep roots — Howey, the property treatment of crypto for tax, the basic structure of anti-money-laundering law — are stable. The specifics of who regulates what, and under which new statute, are not.

If you take crypto seriously as a business, an investor, or an estate-planning matter, the next step is rarely "read another article." It is "talk to counsel who is tracking this in real time," because in this field the difference between last year's rule and this year's rule can be the difference between a compliant launch and an enforcement action — and when a deal does go sideways, the path forward often starts with a well-drafted demand letter before it ever reaches a courtroom.

Frequently Asked Questions

Is cryptocurrency legal in the United States? Yes. Owning, buying, selling, and using cryptocurrency is legal in the United States. What is regulated — and sometimes restricted or penalized — is how you do it: offering tokens that qualify as unregistered securities, running an unlicensed money-transmitting business (a federal crime under 18 U.S.C. § 1960), failing to meet anti-money-laundering obligations, violating OFAC sanctions, or failing to report and pay taxes. The activity, not the asset, is where the legal risk lives.

Is my token a "security"? That depends on the facts, and it is one of the most contested questions in the field. Courts apply the Howey test from SEC v. W.J. Howey Co., 328 U.S. 293 (1946): an investment of money, in a common enterprise, with a reasonable expectation of profits from the efforts of others. A token sold by a team promising to build value tends to look like a security; a fully decentralized asset like bitcoin generally does not. SEC v. Ripple Labs, 682 F. Supp. 3d 308 (S.D.N.Y. 2023), held that the same token (XRP) was sold as a security in direct institutional sales but not in anonymous "programmatic" exchange sales — and a different judge in SEC v. Terraform Labs declined to follow that distinction. Because the law is unsettled and fact-specific, no article can tell you the answer for a particular token; that requires individualized legal analysis.

How is cryptocurrency taxed in the U.S.? Under IRS Notice 2014-21, crypto is treated as property, not currency. That means selling it, trading one token for another, or spending it on goods can each trigger a taxable capital gain or loss measured against what you paid, and receiving crypto as income (including wages, mining, and — per Revenue Ruling 2023-14 — staking rewards) is generally taxable at fair market value. Keep detailed records of every acquisition and disposition; the reporting rules, including the Form 1040 digital-asset question and the new Form 1099-DA broker reporting, have tightened significantly.

What is the New York BitLicense and do I need one? The BitLicense, under 23 N.Y.C.R.R. Part 200, is New York's license for businesses conducting "virtual currency business activity" involving New York residents. It requires substantial compliance infrastructure — capital, AML and cybersecurity programs, custody safeguards, consumer disclosures, and regulator approval of new coins. If your business serves New Yorkers and handles their crypto, you likely need it (or an exemption). It is widely considered the most demanding U.S. state crypto regime — demanding enough that some firms simply block New York users rather than apply.

What is the GENIUS Act? The GENIUS Act, signed into law on July 18, 2025, is the first comprehensive federal crypto statute in the United States. It creates a framework for "payment stablecoins," requiring one-to-one backing by U.S. dollars or other high-quality liquid assets, permitted (and supervised) issuers, redemption rights for holders, and strict marketing rules (no implying a stablecoin is legal tender, federally insured, or government-backed). It takes effect on the earlier of 18 months after enactment or 120 days after regulators finalize implementing rules, so its detailed obligations are still being written.

What is MiCA? MiCA is the European Union's Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114), the first major comprehensive, cross-border crypto framework. It licenses crypto-asset service providers, imposes strict rules on stablecoins, and requires white-paper disclosure for token issuances, with one authorization "passporting" across the EU. Its provisions phased into effect across 2024-2025, making it the leading global model for purpose-built crypto regulation.

Which countries have banned cryptocurrency? China is the most significant, having moved to a near-total ban on private crypto transactions and mining while developing its own central bank digital currency. Various other countries have imposed bans or severe restrictions at different times, including (at various points) Algeria, Bolivia, Morocco, Nepal, Pakistan, and Vietnam. Bans are difficult to enforce against borderless peer-to-peer technology, so the law on the books and the reality on the ground often diverge. By contrast, El Salvador briefly made bitcoin legal tender (2021) before walking the mandate back in 2025.

What is a stablecoin and why is it regulated so heavily? A stablecoin is a token designed to hold a steady value, usually pegged to a currency like the U.S. dollar and backed by reserves. Because people use them as money, regulators worry about "runs" if reserves prove thin — a fear made vivid by the 2022 collapse of the algorithmic stablecoin TerraUSD, which erased tens of billions of dollars. The global regulatory response has converged on requiring full backing by safe, liquid reserves, a right of redemption at face value, disclosure, and authorized issuers — the model adopted by the EU's MiCA, Japan, and the U.S. GENIUS Act.

Why does U.S. crypto law seem to change so often? Because for years it was made largely through enforcement and litigation rather than a tailored statute, it shifts with court decisions and with changes in agency leadership and presidential administrations. The mid-2020s brought serious legislative motion — including the enacted GENIUS Act for stablecoins and advancing market-structure bills to split SEC and CFTC authority — but much remains in flux, and implementing rules take years to finalize. Always confirm the current state of the law before relying on any specific point.

Related Articles

This article is general legal information, not legal advice, and crypto law is evolving rapidly. It does not create an attorney-client relationship and may not reflect the most current legal developments. For advice about your specific situation, consult qualified counsel.