Skip links

Type and hit enter

Subscribe
Oraclizer Research

Standards Track EIP: RCP-based Security Token Standard Proposal

TL;DR

Over the past few years, the Ethereum ecosystem has continuously strived for security token standardization. While standards like ERC-1400 and ERC-3643 have made significant progress, they haven’t fully met the complex and evolving requirements of global financial regulators. Particularly, for tokenized capital markets to enter the institutional realm, more comprehensive and sophisticated regulatory compliance mechanisms are essential.

Our proposed RCP-based Standards Track EIP is a comprehensive solution designed to address these fundamental limitations. Rather than mere functional extensions, it aims to open new horizons for the security token ecosystem through technological innovation alongside a philosophical redefinition of regulatory compliance.

The greatest dilemma faced by Oraclizer’s research team was balancing decentralization and regulatory compliance. While existing approaches tended to sacrifice one for the other, we pursue the harmonious coexistence of both values.

Regulatory Gap Analysis of Existing Standards

Our analysis of currently proposed security token standards against RCP’s 31 regulatory requirements reveals significant regulatory gaps.

ERC-1400 Limitations

ERC-1400 provides a foundational framework for security tokens but lacks the granular enforcement mechanisms required in complex regulatory environments. Particularly, it shows the following limitations:

  • Single Controller Action: The controllerTransfer function alone cannot represent legally distinct regulatory actions such as FREEZE, SEIZE, CONFISCATE
  • Fragmented Structure: Distribution across multiple sub-standards like ERC-1594, ERC-1410, ERC-1643, ERC-1644 makes integrated implementation complex
  • Absence of Cross-chain Support: Design that doesn’t consider state synchronization in modern multi-chain environments

ERC-3643 Limitations

ERC-3643 (T-REX Protocol) provides sophisticated ONCHAINID-based identity management systems, but still has several constraints:

  • Monolithic Structure: Difficult structure for selective implementation of only necessary functions
  • Limited Asset Class Support: Difficulty in applying differentiated regulations by various asset types
  • Absence of System-wide AML: Limited integrated anti-money laundering mechanisms in cross-chain environments

“While existing standards have shown excellent performance in their respective domains, they haven’t fully implemented the comprehensive and granular compliance framework required by global financial regulators.”

— Oraclizer Regulatory Research Team

📋 Key Reference Note: Existing security token standards like ERC-1400 and ERC-3643 have established valuable foundations for the industry. While these respected standards address many important aspects of tokenized securities, the evolving landscape of global financial regulations presents additional complex requirements that create opportunities for further innovation and collaboration.

Innovative Approach of RCP-based EIP

Our proposal is designed with a dual structure of Informational EIP and Standards Track EIP. This represents not merely technical improvements, but a paradigmatic shift in regulatory compliance.

Meta-Architecture: Modularized Standards Framework

ERC-RCP is not a single monolithic standard, but an ecosystem composed of 6 specialized modules:

  1. Core Regulatory Actions Module — 6 granular regulatory actions
  2. Identity Management Module — OCID-based unified identity management
  3. Advanced Enforcement Module — Time-based and conditional enforcement
  4. Cross-chain Operations Module — Cross-chain atomic enforcement
  5. Audit & Monitoring Module — Integrated audit trails and real-time monitoring
  6. Asset Lifecycle Module — Token expiration and asset class management
RCP-based EIP Architecture RCP-based Standards Track EIP Architecture Legacy Standards (Inheritance Foundation) ERC-1400 Security Token Standard ERC-3643 T-REX Protocol Regulatory Gaps 31 Requirements → 15-16 Covered ERC-RCP Core Security Token Standard 25/31 Requirements Core Regulatory Actions Module • 6 Granular Actions • FREEZE/SEIZE/etc • Legal Distinction Identity Management Module • OCID System • System-wide AML • Cross-chain Identity Advanced Enforcement • Time-based Actions • Conditional Logic • Real-time Control Cross-chain Operations • Atomic Enforcement • State Sync • Multi-chain Assets Audit & Monitoring • Integrated Auditing • Real-time Monitor • Automated Reports Asset Lifecycle Module • Token Expiration • Asset Classes • Lifecycle Mgmt Gasless Enforcement • Emergency Actions • Regulator Sponsored • Instant Response Compliance Achievement 80% → 93% Regulatory Coverage Figure: RCP-based Standards Track EIP Modular Architecture Extending ERC-1400 with Comprehensive Regulatory Compliance

Core Innovation: 6 Granular Regulatory Actions

Beyond the ambiguous single enforcement function of existing standards, we define 6 regulatory actions that are legally clearly distinguished:

solidityenum RegulatoryAction {
    FREEZE,      // Temporary asset freeze, reversible
    SEIZE,       // Court order-based forced custody, ownership retained
    CONFISCATE,  // Permanent ownership forfeiture, final action for illegal assets  
    LIQUIDATE,   // Asset liquidation for debt settlement
    RESTRICT,    // Trading allowed under specific conditions
    RECOVER      // Return of stolen/fraudulent assets to original owner
}

This granularization is not merely a technical improvement. Each action has different legal foundations and procedural requirements, enabling precise expression of regulatory intent.

Regulatory Action Legal Basis Reversibility Ownership Impact
FREEZE Administrative order Reversible Retained
SEIZE Court order Conditional Retained
CONFISCATE Criminal conviction Permanent Forfeited
LIQUIDATE Debt settlement Irreversible Transferred
RESTRICT Compliance requirement Conditional Retained
RECOVER Fraud recovery Restoration Restored
Regulatory Actions Comparison Regulatory Action Implementation: Legacy vs RCP-based EIP Legacy Standards (ERC-1400/3643) Issues RCP-based EIP Solution controllerTransfer() • Single function for all actions • No legal distinction ONCHAINID • Single-chain identity • Limited AML scope Manual Enforcement • Post-transaction action • No real-time control User-paid Gas • Emergency action delays • Cost barriers ⚠️ Legal Ambiguity 🔗 Cross-chain Gaps Response Delay 💰 Emergency Barriers 6 Granular Regulatory Actions FREEZE • SEIZE • CONFISCATE LIQUIDATE • RESTRICT • RECOVER OCID System • Cross-chain identity registry • System-wide AML compliance Real-time State Control • Conditional automatic enforcement • Time-based scheduled actions Gasless Emergency Actions • Regulator-sponsored transactions • Instant regulatory response Figure: Enhanced Regulatory Control Through Granular Action Implementation RCP-based EIP provides legal precision and operational efficiency

Oracle Contract ID (OCID): Innovation in Identity Management

The OCID system, evolving from ERC-3643’s ONCHAINID, is the industry’s first to achieve unified identity management spanning off-chain-on-chain-cross-chain:

soliditystruct OCID {
    bytes32 damlPartyId;     // DAML contract participant ID
    bytes32 zkProofId;       // zk-based privacy-preserving ID
    uint256 chainRegistry;   // Cross-chain identity registry
    bytes32 amlCompliance;   // System-wide AML compliance status
}

OCID’s true innovation lies in providing pseudonymous identity per contract while ensuring system-wide traceability. This enables the new paradigm of ‘System-wide AML’.

💡 Innovation Highlight: OCID is the industry’s first unified identity management system that provides pseudonymous identity per contract while ensuring system-wide traceability.

Real-time State-based Regulatory Control

While existing standards focused on post-hoc enforcement, the RCP-based EIP aims for preventive and real-time control.

State Synchronization-based Control Mechanism

Through integration with Oraclizer’s state synchronization technology, real-time state monitoring of RWA registries becomes possible:

solidityinterface IRealTimeRegulatoryControl {
    function monitorAssetState(bytes32 assetId) external view returns (AssetState);
    function triggerConditionalAction(bytes32 assetId, RegulatoryAction action) external;
    function scheduleTimeBasedAction(bytes32 assetId, uint256 timestamp, RegulatoryAction action) external;
}

This enables immediate regulatory intervention even during ongoing transactions and achieves proactive risk management through conditional automatic enforcement.

Gasless Regulatory Enforcement

Through regulatory agency gas sponsorship mechanisms, we ensure immediate regulatory action in emergency situations:

solidityfunction emergencyRegulatoryAction(
    bytes32 assetId,
    RegulatoryAction action,
    bytes calldata evidence
) external onlyRegulator gasless {
    // Execute regulatory action immediately
    executeRegulatoryAction(assetId, action, evidence);
    emit EmergencyAction(assetId, action, msg.sender, block.timestamp);
}

Here we face a philosophical question: How do we harmonize centralized regulatory authority within a decentralized system?

Our answer is selective decentralization. While system operations are decentralized, we allow intervention by legitimately authorized regulatory agencies in transparent and traceable ways.

Cross-chain Atomic Enforcement

Modern tokenized assets are not confined to single chains. The RCP-based EIP supports atomic regulatory enforcement across multiple blockchains:

Multi-chain Synchronization Mechanism

solidityinterface ICrossChainRegulatory {
    function atomicMultiChainAction(
        ChainAsset[] calldata assets,
        RegulatoryAction action,
        bytes calldata proof
    ) external returns (bool success);
    
    function validateCrossChainCompliance(
        bytes32 assetId,
        uint256[] calldata chainIds
    ) external view returns (bool compliant);
}

This is not merely a technical function. It represents a paradigmatic shift enabling consistent regulatory application for assets spanning multiple jurisdictions in global financial markets.

⚠️ Critical Consideration: Cross-chain atomic enforcement involves complex technical challenges and must consider the unique characteristics and regulatory environments of each chain.

Compatibility and Migration Strategy

ERC-1400+ Inheritance Structure

For compatibility with existing ecosystems, we adopted an approach of extending ERC-1400:

soliditycontract RCPSecurityToken is IERC1400, IRCPCompliant {
    using RCPEnforcement for RegulatoryState;
    using OCIDManager for bytes32;
    
    mapping(bytes32 => RegulatoryState) internal _regulatoryStates;
    
    function transfer(address to, uint256 value) public override 
        checkRCPCompliance(msg.sender, to, value) 
        returns (bool) {
        return super.transfer(to, value);
    }
}

Gradual Adoption Model

There’s no need to implement all features at once. We provide a flexible structure that allows selective adoption of only necessary modules according to project requirements.

Technical Challenges in Implementation

Gas Optimization Dilemma

Implementation of complex regulatory logic inevitably causes increased gas costs. We solved this through the following strategies:

  • Lazy Evaluation: Perform regulatory validation only when necessary
  • State Compression: Efficient compressed storage of regulatory states
  • Batch Operations: Bulk processing for multiple assets

Balancing Upgradability and Immutability

Finding balance between upgradability for responding to changing regulatory environments and immutability for protecting token holder rights was crucial.

We solved this dilemma through modular independent upgrades and guaranteeing immutability of core rights.

Future Roadmap: Ecosystem Evolution Direction

Phase 1: Core Module Release (Q3 2025)

  • Core Regulatory Actions Module
  • Identity Management Module
  • Basic Audit & Monitoring functionality

Phase 2: Advanced Feature Expansion (Q4 2025)

  • Advanced Enforcement Module
  • Cross-chain Operations prototype
  • Real-time state-based control

Phase 3: Complete Ecosystem Implementation (H1 2026)

  • Integrated completion of all modules
  • Mainnet deployment and real asset application
  • Expanded cooperation with global regulatory agencies

Our vision is clear: Making regulatory compliance not an obstacle to innovation, but the foundation that enables innovation.

The RCP-based Standards Track EIP is essential infrastructure for institutional adoption of tokenized capital markets and simultaneously the key to opening new possibilities for decentralized finance.

This is not merely a proposal for technical standards. It’s a philosophical declaration for the future of finance and the first step toward harmonious coexistence of regulation and innovation.

⚠️ Development Status Notice
The RCP-based EIP proposals described in this document are currently under active research and development. All specifications, interfaces, and implementation details are subject to change based on ongoing research, community feedback, and technical discoveries.

References

[1]. Security Token Standard. (2023). ERC-1400: A Library of Interoperable Security Token Standards. https://thesecuritytokenstandard.org/

[2]. Ethereum Foundation. (2018). EIP-1400: Security Token Standards. https://github.com/ethereum/eips/issues/1411

[3]. Polymath. (2024). ERC-1400 – The Security Token Standard. https://www.polymath.network/erc-1400

[4]. Tokeny. (2023). ERC-3643 – The Official Smart Contract Standard for Permissioned Tokens. https://tokeny.com/erc3643/

[5]. Ethereum Foundation. (2021). EIP-3643: T-REX – Token for Regulated EXchanges. https://eips.ethereum.org/EIPS/eip-3643

[6]. ERC3643.org. (2024). ERC3643 – The Token Standard for RWA Tokenization. https://www.erc3643.org/

[7]. Merkle Science. (2024). ERC-3643: Unveiling the Future of Financial Compliance in Security Token Contracts. https://www.merklescience.com/erc-3643-unveiling-the-future-of-financial-compliance-in-security-token-contracts

[8]. ResearchGate. (2020). Security Token Offerings: Regulatory Gaps in Existing EU Financial Services Regulation. https://www.researchgate.net/publication/346660321_SECURITY_TOKEN_OFFERINGS_REGULATORY_GAPS_IN_EXISTING_EU_FINANCIAL_SERVICES_REGULATION

Read Next