TL;DR
- The legislative trajectory of CLARITY Act tokenized securities passed the U.S. House in July 2025, cleared the Senate Agriculture Committee in January 2026, and cleared the Senate Banking Committee in May 2026. A Senate floor vote, House reconciliation, presidential signature, and the statutory 360-day effective-date delay still lie ahead. The proposition has arrived; activation has not. The window between is roughly one to two years.
- One sentence is decisive. “Tokenization is a delivery method, not a new asset class.” This single line codifies the regulatory status of tokenized securities in U.S. statute for the first time. Tokenized securities inherit every requirement of existing securities law.
- What CLARITY imposes directly on tokens is relatively narrow: ICA/DC classification, the Mature Blockchain System four-part test, the $75M exemption, disclosure obligations. The heavier weight sits in what the codification derivatively forces. All existing securities law, FATF, and per-jurisdiction AML/KYC must operate at the token layer.
- An Investment Contract Asset traded inside an SEC-registered ATS like tZERO or INX is already absorbed by the existing compliance stack. The specification only begins to bite when a token crosses the boundary of a single ATS: cross-border ATS movement, passage through a self-custody wallet, and the dual-jurisdiction state after DC transition.
- The Regulatory Compliance Protocol (RCP), completed in late 2023, derived 31 requirements across five principles by analyzing 27 regulatory documents from 15 global regulators. CLARITY’s arrival validates that derivation within the U.S. legal framework. RCP and CLARITY do not converge — they form an intersection. The same infrastructure surface is illuminated from two different angles, one academic and one statutory.
The Gap Between Arrival and Effect
It is worth marking the precise moment we are reading from.
As of late May 2026, the Digital Asset Market CLARITY Act of 2025 (H.R. 3633) stands at this point. The U.S. House passed it 294 to 134 on July 17, 2025. The Senate Agriculture Committee advanced its Digital Commodity Intermediaries Act companion through committee on January 29, 2026, covering the CFTC-related provisions. The Senate Banking Committee reported the bill out 15 to 9 on May 14, 2026, closing the committee phase for the SEC-side provisions.
What remains is substantial. The Banking and Agriculture texts must be merged. A Senate floor vote needs 60 votes to overcome filibuster. The House must reconcile any changes through conference. The President must sign. After enactment, most provisions take effect 360 days later, with rulemaking-dependent items requiring an additional 60 days after publication of the final rule in the Federal Register. Section 112 directs both the CFTC and the SEC to promulgate every rule the Act requires within 360 days of enactment. The Senate Agriculture Committee discussion draft proposed extending the effective date to 18 months in some versions.
From the vantage point of the Senate Banking Committee passage, the picture is this. The law has arrived. Its activation has not. The interval between is, at minimum, one year; at maximum, two to three. The separation between the moment a proposition is fixed and the moment it touches the infrastructure becomes the motivation to derive the infrastructure specification in advance.
Earlier research on cross-border non-atomicity and the non-atomicity of the DeFi collateral layer worked on the diagnosis side. This essay moves in a different direction. Now that policy has arrived, the infrastructure specification it derivatively forces can be unfolded layer by layer.
Figure 1: CLARITY Act Legislative Path and the Effective Date Horizon
The Codification
One sentence determines the rest.
“Tokenization is a delivery method, not a new asset class.”
The text of the CLARITY Act and the January 2026 joint statement from three SEC divisions both express the same content. Tokenization is not a new asset class but a new method for delivering an existing asset. CLARITY Act tokenized securities inherit every requirement of existing securities law: issuance, registration, disclosure, custody, recordkeeping, and transfer restrictions apply identically whether the asset trades on a blockchain ledger or in a traditional system.
The weight of this one line needs to be read precisely.
This is the first time U.S. statute has codified the regulatory status of tokenized securities. The scholarly definition of codification is the consolidation of implicit or dispersed norms into a single body of statutory rules. Before CLARITY, the regulatory status of tokenized securities in the U.S. was determined only through case-by-case application of the Howey test. SEC enforcement decisions effectively served as the norm, and those decisions were applied project by project, case by case. Whether a particular token was a security, whether a tokenized bond carried the same regulatory weight as its paper counterpart, was a question that did not have an answer until an enforcement decision arrived.
The delivery method proposition legally terminates this ambiguity. A tokenized security is a security. The proposition is simple, and the simplicity is the weight. A single sentence of codification explicitly extends decades of securities law into the token domain.
The immediate consequence is this. Regulatory compliance requirements for tokenized securities become more explicit and more urgent. Under the era of case-by-case application, deferred compliance was possible in regions where enforcement had not yet arrived. After codification, that deferral disappears. Every tokenized security, from the moment of issuance, faces the full body of securities law.
Figure 2: The Codification — One Sentence, Two Eras of Tokenized Securities Regulation
Direct Regulation and Derivative Regulation
The starting point of this analysis is a clear distinction between two kinds of regulation.
Tracing the weight of a single sentence through the printed bill text — what “delivery method” derivatively forces onto the token layer.
The regulation CLARITY imposes directly on the token comes first. Its scope is relatively narrow. Three asset categories are defined: Investment Contract Asset (ICA), Digital Commodity (DC), and Permitted Payment Stablecoin. An ICA sits under SEC jurisdiction during the capital-raising phase. A DC sits under CFTC jurisdiction after passing the Mature Blockchain System certification.
The classification changes over time. The same token begins as an ICA under SEC oversight at issuance, then transitions to a DC under CFTC oversight the moment the blockchain system is certified as mature. The four-part test for Mature Blockchain System certification covers functional use, open-source code, pre-established transparent rules, and absence of a single controlling person (including no single party holding 20 percent or more of the supply).
The Section 4(a)(8) registration exemption allows up to $75M of capital raise over 12 months for tokens connected to a mature blockchain, conditional on additional disclosure. The issuer, affiliates, or a decentralized governance system may itself perform mature certification.
So far, this is the regulation directly imposed on the token itself: asset classification, certification procedure, exemption conditions, disclosure obligations. All of it regulates token state and token issuance behavior. The direct rules constrain what CLARITY Act tokenized securities may look like at issuance and how they may evolve through certification.
The second region is the regulation that the codification derivatively forces. The “Tokenization is a delivery method” proposition derivatively compels regulation. From the assertion that tokenized securities inherit every requirement of existing securities law, the following follows automatically.
Every provision of the Securities Act of 1933 and the Securities Exchange Act of 1934. Every provision of the Investment Advisers Act and Investment Company Act. The FATF Travel Rule and per-jurisdiction AML/KYC. The recordkeeping obligations of brokers, dealers, transfer agents, and custodians. Market intermediary registration.
Section 305 directs the SEC toward recordkeeping modernization that permits blockchain as a medium for books and records. Title III governs the activity of SEC-registered intermediaries handling digital assets. These two provisions belong to direct regulation, but the environment in which they operate presupposes that every requirement of existing securities law is satisfied at the token layer.
On top of this sits the reverse pressure of market infrastructure registration. Once exchanges, clearinghouses, and broker-dealers are bound by registration, the tokens they are permitted to handle are restricted to tokens that meet conditions compatible with registration. The law does not directly command the token, but for the market infrastructure handling that token to remain registered, the token must satisfy certain conditions. Conditions on the token are automatically generated.
The full scope of this derivative, indirect region is what this research analyzes.
Figure 3: Direct Regulation vs Derivative Regulation Under CLARITY Act
Where the Specification Bites
Without precisely locating where the specification actually requires operation, this analysis dissolves into a general requirement on every tokenized environment. That abstraction obscures the positioning.
An Investment Contract Asset falls under SEC jurisdiction, and its trades must clear through an SEC-registered broker-dealer or an Alternative Trading System (ATS). Section 15(a) of the Exchange Act prohibits any securities transaction by a broker or dealer that is not registered. Since an ICA secondary trade is a securities transaction, it must pass through registered infrastructure.
tZERO operates as an SEC- and FINRA-regulated broker-dealer and an ATS. As a special purpose broker-dealer, it holds the authority to custody digital asset securities. INX issues tokens under Regulation A+ and trades them on its own INX Securities ATS. PPEX ATS belongs to the same category. These venues already satisfy SEC recordkeeping, FINRA supervision, transfer agent obligations, SIPC membership, and custody segregation. The recordkeeping modernization that Section 305 calls for activates on top of their existing compliance stack.
What does this imply? So long as an ICA trades only inside a single ATS, the burden of meeting the specification this research derives is borne by the ATS infrastructure itself. An ATS is a single venue, single jurisdiction, single registered entity. Cross-domain atomicity, shared regulatory vocabulary, and deterministic priority are not internally required. The integrated compliance stack inside one system absorbs every requirement.
The specification begins to actually require operation at the moment the token crosses the boundary of a single ATS. For CLARITY Act tokenized securities, that boundary appears in three forms.
Boundary 1: Cross-border ATS movement. A tokenized security issued on a US ATS is traded on an EU regulated venue or a Hong Kong SFC-licensed platform. Each venue is registered in its own jurisdiction, but state synchronization between the two is a region no infrastructure has standardized. The three conflict layers from the earlier cross-border non-atomicity research begin to operate precisely at this boundary.
Boundary 2: Passage through self-custody wallets or permissionless venues. A token issued on an ATS moves to a qualified investor’s self-custody wallet, and from there to another ATS or a permissionless venue. The token spends a window of time outside registered infrastructure. During that window, KYC state changes, regulatory actions, and state transitions are tracked by no infrastructure.
Boundary 3: Dual-jurisdiction after DC transition. An asset that passes Mature Blockchain System certification is reclassified as a DC and trades on a CFTC-registered DCE. However, residual securities-related behaviors attached to the same asset (insider trading restrictions, the terminated conditions of a Section 4(a)(8) exemption, etc.) remain under SEC jurisdiction. The same token sits in a dual-jurisdiction state: trading behavior under CFTC, securities behavior under SEC.
It is inside these three boundary regions that the infrastructure specification this research derives requires operation. Getting this positioning right is what determines the analytic precision. An ICA inside a single ATS is a region already handled by existing ATS infrastructure, not a region where new infrastructure must be introduced.
Figure 4: Three Boundaries Where the Specification Bites
Six Specifications for CLARITY Act Tokenized Securities
The specifications that the “Tokenization is a delivery method” proposition derivatively imposes on boundary-crossing tokens can be unfolded layer by layer. As a classification axis, this section uses the vocabulary that the RCP framework began consolidating in 2023 by analyzing 27 regulatory documents from 15 global regulators into 31 requirements organized under five principles.
Specification 1: Traceability of Regulatory Data
If tokenized securities inherit every requirement of existing securities law, the first of those requirements is data traceability. Every stage — state change, transfer of ownership, exercise of rights, arrival of maturity — must remain as an auditable record.
In legacy securities infrastructure this traceability is achieved by combining the distributed recording systems of DTCC, the transfer agent, and the broker-dealer. In a cross-border ATS movement environment, that traceability requires the recording systems of different jurisdictions to be linked through shared vocabulary. Section 305‘s recordkeeping modernization permits blockchain as the medium, but the isomorphism of records is left to rulemaking.
Specification 2: Enforceability of Regulatory Action
As long as tokenized securities remain securities, regulators preserve the authority to issue freeze, seizure, trading restriction, and forced liquidation orders. For that authority to actually operate in a cross-border environment, an order must apply simultaneously across every jurisdiction in which the asset exists.
The three conditions derived in the earlier cross-border non-atomicity research — shared regulatory vocabulary, deterministic priority mechanism, atomic cross-domain propagation — reappear here precisely. The delivery method proposition derivatively requires that these three conditions be satisfied at the token layer. Policy evaluates only whether they are satisfied; how they are satisfied is delegated to the infrastructure. An atomic propagation mechanism does not exist within legacy securities infrastructure and cannot be reached by simple borrowing. Where the legacy infrastructure took for granted that atomicity holds within a single settlement system, a token that exists simultaneously across multiple chains, custodians, and jurisdictions requires a new mechanism that must be built.
Locating the three boundaries on a whiteboard — where the CLARITY Act specification stops being abstract and starts requiring infrastructure.
Specification 3: Authority Hierarchy with Time-Axis Variability
The classification transition from ICA to DC requires the Authority Hierarchy dimension to support different authority structures across time. The same token sits under SEC authority for registration, disclosure, and insider resale restriction during the issuance phase. The moment it passes Mature Blockchain System certification, it transitions under CFTC authority for spot market surveillance and intermediary registration.
This transition is a demand that legacy securities infrastructure has not encountered. In traditional securities, the authority subject is fixed at issuance and invariant to maturity. A structure in which the authority subject itself dissolves and reforms in response to a state change called mature certification means that the token layer must atomically reflect time-axis changes in the authority metadata.
Here the infrastructural implication of the Mature Blockchain System four-part test reappears. Whether the four requirements are met is the condition for legal reclassification, but the state of meeting them is determined by the infrastructure layer. The law does not merely impose an infrastructure specification one-directionally; the law also recognizes the legal classification on the basis of whether the infrastructure has reached the required state. A two-way relation is established.
Specification 4: Tokenizability-Specific Requirements
Maturity, asset class, transfer restrictions, atomic issuance and burning are requirements specific to tokenization itself. Bonds mature. Dividends are paid. Voting rights exist. Stock splits occur. Corporate actions happen. Unless these temporal, categorical, and restrictive properties of a security are reflected atomically at the token layer, the delivery method proposition tokenizes only the shadow of a security, not the security itself.
This is a region that existing securities law did not explicitly require. In paper securities or in the DTCC registry, atomicity was a self-evident assumption. At the token layer, atomicity is a property that must be proven. The delivery method proposition assigns the burden of that proof to the token infrastructure.
Specification 5: Privacy under Compliance
The confidentiality of securities transactions and the traceability required by regulators must be satisfied simultaneously. Institutional investors prefer to conceal portfolio exposure. Regulators require tracking of counterparty information to satisfy the FATF Travel Rule and KYC/AML. If the two requirements cannot be satisfied at once, one side becomes impossible in principle.
In legacy securities infrastructure this balance is achieved by the separated authority model between DTCC and the transfer agent. Who can see what is guaranteed by institutional separation. When institutional separation disappears at the token layer, the simultaneous satisfaction of confidentiality and traceability must rely on cryptographic mechanisms.
This dimension is not explicitly addressed by CLARITY. However, if the delivery method proposition imposes every requirement of existing securities law on the token layer, the requirement of simultaneous confidentiality and traceability is imposed alongside. It is a representative case of a specification that is not visible on the surface but is derivatively forced.
Specification 6: Finality with Reversibility
The finality of securities trades and the reversibility required in cases of error or fraud are two requirements in conflict. If settlement is final, rollback is impossible. If rollback is possible, settlement is not final. This conflict is not first encountered by DLT-based securities settlement. The way DTC combines T+1 with the fail-to-deliver mechanism, the way T2S reconciles settlement finality with recalls, and the settlement discipline regime of CSDR are all products of institutionally resolving this conflict.
At the token layer this conflict must be resolved at the protocol level. Finality is not achieved by block confirmation alone. For regulatory rollback authority to coexist with finality, finality must be split into legal finality and technical finality. The specification includes when and how the two senses align.
A Validated Derivation
At this point, the relationship between RCP and CLARITY deserves academic precision.
RCP (Regulatory Compliance Protocol) is a study completed in December 2023. It analyzed 27 regulatory documents from 15 global regulators — WB, ISDA, IOSCO, IMF, ICMA, FATF, BIS, SFC, HKMA, EU, ESMA, FCA, MAS, FINMA, FINRA — and organized 31 requirements that an asset will face in a tokenized capital market into five principles: Traceability, Privacy, Enforceability, Finality, Tokenizability. It is an advance derivation of the question what infrastructure specification must any asset satisfy to operate as a security in a tokenized environment.
The methodological feature of this derivation is that it infers the specification an enforcement decision will eventually require, before that decision arrives. In academic vocabulary, this is predictive regulatory analysis. It reasons in the direction opposite to the Howey test, which has formed norms retrospectively through case-by-case application. RCP synthesizes the pattern of requirements that 27 regulatory documents already express into a single explicit framework.
The academic meaning of CLARITY’s arrival has two parts. First, RCP’s derivation has been validated inside the U.S. legal framework. The delivery method proposition legally fixes the requirements that tokenized securities will face as every requirement of existing securities law. The 31 requirements that RCP has been advance-deriving since 2023 fall inside this fixation, and they map directly onto the infrastructure specification that CLARITY Act tokenized securities must satisfy. RCP’s predictive derivation is upgraded to validated derivation. Second, that validation is partial. CLARITY applies only to the U.S. RCP’s derivation targets 15 global regulators. The specifications derived by EU MiCA, FCA, MAS, and HKMA are separate validation events, each arriving at its own time, in its own way.
This is why we express the relationship as an intersection rather than a convergence.
The intersection region covers four dimensions: Traceability, Enforceability, Finality, Tokenizability. Both frames illuminate the same infrastructure surface from different angles. RCP uses academic vocabulary; CLARITY uses policy vocabulary. The content of the specification is largely the same; the path through which the vocabulary lands differs.
The region RCP covers more deeply is Privacy under Compliance and four-dimensional Selective Disclosure. CLARITY does not explicitly address this dimension.
The region unique to CLARITY is ICA/DC time-axis authority variability and the MBS certification procedure. RCP absorbs these two dimensions into Enforceability and Tokenizability at the level of principle, but the act of institutionalizing them as legal reclassification and as certification of the blockchain itself is something CLARITY does first.
Phrased this way, the relationship becomes clear. The two frames illuminate the same infrastructure surface of tokenized securities from different viewpoints. RCP is a frame that has been organizing the infrastructure dimensions derivatively forced before CLARITY’s arrival in academic vocabulary. CLARITY is the first instance of those dimensions being activated at the policy level. At the point where the two frames meet, the academic coherence of the specification and the policy enforceability of the specification mutually reinforce each other.
Where Cross-Border Meets the Codification
What happens when the six specifications operate in a cross-border environment?
Even if CLARITY brings codification to the U.S., tokens that operate in a cross-border environment also exist outside U.S. jurisdiction. EU MiCA entered full force in December 2024. MiCA imposes a specification on the Tokenizability, Traceability, and Enforceability dimensions of RCP in EU vocabulary. The Hong Kong SFC operates its STO framework through iterative guidance. MAS is moving Project Guardian from sandbox to production. The UK FCA remains in consultation phase.
Here the asynchrony of specification arrival appears. RCP’s derivation is a synthesis across all 15 regulators. The moment at which each jurisdiction activates that synthesis, however, is asynchronous. The EU has already activated. The US will activate sometime between 2027 and 2028. The UK‘s activation timing is undefined. For atomic cross-domain propagation to be satisfied, the specifications of every jurisdiction would need to be expressed in a common vocabulary. But in an environment where the specification itself arrives asynchronously, no jurisdiction provides a mechanism for when and how a common vocabulary will settle.
This is not criticism but an honest recognition of difficulty. The codification CLARITY brings does not operate on its own. Only when every dimension of the specification required by the token infrastructure is satisfied equally in the cross-border environment does codification convert into action. If satisfaction happens in only one jurisdiction, codification operates only within that jurisdiction.
Figure 5: Cross-Border Arrival Asynchrony of the Specification
Conclusion: The Weight of Codification
“Tokenization is a delivery method, not a new asset class.”
The weight of this one sentence has deepened throughout this research. Read once, it looks like nothing more than a classification decision. Tokenized securities follow existing securities law. The classification is clean, the conclusion natural.
And yet that one line is the first declaration in U.S. statute that codifies the regulatory status of tokenized securities. Codification is the landing of vocabulary, and the landing of vocabulary is the automation of application. Under case-by-case enforcement, deferred compliance was possible in regions where enforcement had not arrived. After codification, that deferral disappears. The regulatory compliance requirements for CLARITY Act tokenized securities become more explicit and more urgent.
This research has located precisely where that urgency operates. An ICA traded inside a single ATS is a region where the ATS infrastructure already meets the specification. The urgency activates at the moment the token crosses the boundary of the ATS: cross-border ATS movement, passage through a self-custody wallet, the dual-jurisdiction state after DC transition. Across those boundaries, six dimensions of the specification — Traceability, Enforceability, Authority Hierarchy, Tokenizability, Privacy, Finality — must be satisfied at the token layer.
RCP is a frame that has been deriving 31 requirements under five principles since before that urgency arrived. The arrival of CLARITY is the event in which RCP’s derivation is validated within the U.S. legal framework. The validation is partial: the EU, Hong Kong, Singapore, and the UK will bring their own validation events at their own times. The two frames do not converge. The two frames form an intersection. The same infrastructure surface is illuminated from different angles, in academic and statutory vocabulary, in mutual reinforcement.
The weight of codification leaves the mechanism for satisfying the specification to separate research. But this separation has a clock. The window between the moment the law was fixed and the moment it activates — roughly one to two years until the 2027–2028 effective date — is not empty time. It is preparation time. The infrastructure that will be expected to satisfy the six specifications must arrive before codification activates, not after. If the infrastructure arrives late, the codified proposition stays on the page; it does not convert into action.
This is the real shape of the gap between arrival and effect. The proposition has arrived. The activation is on a schedule. The infrastructure must arrive in the window between. Which infrastructure, by which means, can satisfy the six specifications inside that window is the next step of this work.
Conclusion: The Weight of Codification
“Tokenization is a delivery method, not a new asset class.”
The weight of this one sentence has deepened throughout this research. Read once, it looks like nothing more than a classification decision. Tokenized securities follow existing securities law. The classification is clean, the conclusion natural.
And yet that one line is the first declaration in U.S. statute that codifies the regulatory status of tokenized securities. Codification is the landing of vocabulary, and the landing of vocabulary is the automation of application. Under case-by-case enforcement, deferred compliance was possible in regions where enforcement had not arrived. After codification, that deferral disappears. The regulatory compliance requirements for CLARITY Act tokenized securities become more explicit and more urgent.
This research has located precisely where that urgency operates. An ICA traded inside a single ATS is a region where the ATS infrastructure already meets the specification. The urgency activates at the moment the token crosses the boundary of the ATS: cross-border ATS movement, passage through a self-custody wallet, the dual-jurisdiction state after DC transition. Across those boundaries, six dimensions of the specification — Traceability, Enforceability, Authority Hierarchy, Tokenizability, Privacy, Finality — must be satisfied at the token layer.
RCP is a frame that has been deriving 31 requirements under five principles since before that urgency arrived. The arrival of CLARITY is the event in which RCP’s derivation is validated within the U.S. legal framework. The validation is partial: the EU, Hong Kong, Singapore, and the UK will bring their own validation events at their own times. The two frames do not converge. The two frames form an intersection. The same infrastructure surface is illuminated from different angles, in academic and statutory vocabulary, in mutual reinforcement.
The weight of codification leaves the mechanism for satisfying the specification to separate research. Which infrastructure, by which means, can satisfy the six specifications is the next step of this work.
References
[1] U.S. Congress. (2025). H.R. 3633 – Digital Asset Market Clarity Act of 2025. congress.gov
[2] House Financial Services Committee. (2025). Section-by-Section: Digital Asset Market Clarity (CLARITY) Act of 2025. financialservices.house.gov
[3] CoinDesk. (2026). Clarity Act clears U.S. Senate committee, on its way to a final test in Congress. coindesk.com
[4] Arnold & Porter. (2025). Clarifying the CLARITY Act: What To Know About the House Crypto Market Structure Bill and Its Path to Law. arnoldporter.com
[5] CBIZ. (2026). New U.S. Rules Bring Greater Clarity to Digital Assets and Tokenization. cbiz.com
[6] Elliptic. (2026). Crypto regulatory affairs: US regulators issue comprehensive guidance on tokenized securities. elliptic.co
[7] tZERO. (2025). Tokenize – tZERO Securities ATS. tzero.com
[8] Kim, J. & Hong, J. (2026). A Regulatory Compliance Protocol for Asset Interoperability Between Traditional and Decentralized Finance in Tokenized Capital Markets. arXiv:2603.29278. doi.org/10.48550/arXiv.2603.29278
