A compliant STO needs documents linking the issuing SPV/SPC to the asset, corporate governance and authorization records, required issuer policies (AML/KYC, Privacy, Terms, Conflict of Interest), a legal token issuance verification and legal opinion, tax structuring, and offering documents matched to your registration path.
Legal documentation is where the tokenized offering is made defensible. This phase assembles the comprehensive record that demonstrates the structure and legitimacy of the offering — establishing a clear legal connection between the issuing SPV or SPC and the underlying asset, confirming that the entity issuing tokens has rightful control or ownership, and validating the entity’s existence and operational authority.
Without a clear legal file, a project faces regulatory uncertainty, reduced credibility, and barriers to capital raising. The package here — corporate authorization records, required issuer policies, a Legal Token Issuance Verification, a Legal Opinion, tax structuring, and the offering documents themselves — forms the legal backbone that enables trust, enforceability, and long-term credibility. It also feeds directly into the validation gate in the next phase and into the offering documents you publish through Stobox Compass. Treat everything below as an educational reference to work through with qualified securities counsel, not as legal advice.
Legal Link Between the Issuing SPV/SPC and the Asset
When the SPV/SPC is incorporated in a different jurisdiction from the underlying asset, the local operating company that owns or manages that asset must be legally linked to the token-issuing entity. This linkage is essential for regulatory compliance, investor protection, and the distribution of revenue. For the broader structuring context, see the SPV tokenization guide.
Key Legal Agreements Connecting the SPV/SPC With the Underlying Asset
| Agreement Type | Purpose | Key Provisions |
|---|---|---|
| Asset Holding Agreement | Establishes the legal framework of the asset’s ownership. | Defines the rights, obligations, and transferability of the asset from the local entity to the SPV/SPC. |
| Revenue Distribution Agreement | Regulates how income is shared with token holders. | Defines the distribution of rental income, dividends, or profit-sharing mechanisms between the local entity and the SPV/SPC. |
| Management Agreement | Defines operational control and asset maintenance responsibilities. | Specifies whether the local entity retains operational control or transfers it to a third-party management company. |
| Regulatory Compliance Framework | Ensures adherence to domestic and foreign financial regulations. | Outlines investor reporting requirements, KYC/AML procedures, securities compliance, and tax obligations. |
Together, these agreements establish clear ownership rights, enforceable investor protections, and transparent financial operations.
Note: For example, a real estate developer in Germany tokenizes a residential property portfolio through a Liechtenstein SPV. The SPV issues the security tokens, while a Revenue Distribution Agreement ensures that rental income is transferred to the SPV for distribution to token holders.
SPV/SPC Corporate Governance Documentation
Corporate governance documentation is the legal foundation of the offering. These records prove that the entity is properly formed, operates under defined governance rules, and that its management has formally approved the token issuance. The Board Resolution confirms official authorization to proceed; the Articles or Charter define the entity’s legal powers, shareholder rights, and ability to issue digital assets. Together they establish transparency, demonstrate compliance, and give investors and regulators confidence in the legitimacy and enforceability of the offering.
Board of Directors Resolution
A formal resolution passed by the company’s Board of Directors authorizing the issuance of tokens.
Details:
- Confirms the legal status of the tokens by formally recognizing them as claims on the issuer that provide the defined rights.
- Specifies the purpose and goals of the token issuance (e.g., fundraising, asset tokenization).
- Approves the use of company resources to support the tokenization.
- Confirms that the issuance complies with corporate governance policies and applicable regulations.
Importance:
- Demonstrates that the decision was made with the full knowledge and consent of the company’s leadership.
- Legally frames the token issuance as an official corporate action.
Articles of Association or Corporate Charter
Legal amendments to the company’s foundational documents to reflect the inclusion of token issuance activities.
Details:
- Specifies changes made to governance structures, such as adding the ability to issue tokens or to recognize token holders’ rights.
- May include provisions for token holders’ voting rights, profit-sharing, or other governance structures.
Importance:
- Ensures the company’s foundational documents align with the token issuance and reduces the risk of legal disputes.
- Provides a transparent record for regulators and stakeholders.
Required Issuer Policies for Tokenized Offerings
Tokenized securities are regulated financial instruments, and issuers must maintain a set of standing policies that govern how they handle investors, data, and conflicts. These four policies form the compliance foundation of any tokenized offering.
AML/KYC Policy (Anti-Money Laundering & Know Your Customer)
Issuers must screen and verify investors to prevent money laundering, terrorist financing, and identity fraud.
Key reasons to adopt and maintain it:
- Ensures compliance with FATF, MiCA, SEC, and other financial regulations
- Required for onboarding investors in most jurisdictions
- Enables whitelisting and permissioned access to tokens — enforced on-chain through Stobox DID, so eligibility is proven without the issuer or Stobox storing investor identity documents
- Builds trust with platforms, custodians, and regulators
Privacy Policy
Issuers collect and process sensitive investor data (e.g., contact details and wallet addresses). A clear privacy policy is legally required under GDPR, CCPA, and other data protection laws.
Key reasons to adopt and maintain it:
- Defines how investor data is collected, used, stored, and protected
- Required to operate legally in most jurisdictions
- Avoids fines and enforcement under global data-privacy laws
- Builds investor confidence in the issuer’s transparency and integrity
Terms of Use
Terms of Use set out the legal agreement between the issuer and the user/investor, defining access, token use, limitations of liability, dispute resolution, and platform rules.
Key reasons to adopt and maintain it:
- Provides a legal framework for using the token and any associated dashboard or platform
- Protects the issuer from legal claims or misuse
- Ensures token holders are aware of their rights, responsibilities, and platform conditions
- Aligns with investor onboarding and transaction compliance
Conflict of Interest Policy
A Conflict of Interest Policy defines how the issuer identifies, manages, and discloses situations where personal or financial interests could improperly influence decision-making in the project.
Key reasons to adopt and maintain it:
- Promotes transparency and integrity in the project’s governance and operations
- Reduces the risk of biased decisions that could harm investors or stakeholders
- Builds trust with regulators and investors by demonstrating responsible management
- Aligns with best practices for corporate governance and regulatory compliance
Legal Token Issuance Verification
A Legal Token Issuance Verification is a formal document issued by a licensed attorney or law firm that certifies the lawful issuance of a token — confirming it is properly structured, authorized, and compliant with the legal and regulatory framework of the issuing jurisdiction. It acts as a legal checkpoint, confirming that all required steps have been taken to link the token to enforceable rights and a registered legal entity.
Objective: to obtain official confirmation that the issuance process has been legally conducted, with valid authorization from the issuing company, and that the token reflects legitimate rights tied to a compliant business or asset structure.
Key Components
- Issuing Company Validation — confirms the legal status and registration of the issuing entity (e.g., SPV, operating company), including verification of directors, shareholders, and authorization to issue tokens.
- Token-to-Entity Linkage — validates that the token is legally attached to the company through proper documentation such as board resolutions, articles of association, and asset-ownership proof.
- Authorization & Governance — verifies that the company has lawfully approved the issuance through its governing body and internal rules.
- Token Rights Confirmation — describes the rights granted to token holders (e.g., ownership, dividends, revenue share) and confirms they are enforceable under applicable law.
- Issuance Procedure Review — ensures the token was issued using a process aligned with legal standards, including smart-contract deployment, investor onboarding, and technical compliance. Stobox tokens are issued under the STV3 protocol (Stobox’s programmable security-token architecture) and the ERC-7943 (uRWA) open standard that Stobox backs for compliant issuance.
- Assumptions and Disclaimers — outlines any legal or procedural assumptions (e.g., that investors are KYC-verified or that licenses apply) and limits liability if those assumptions change.
Why It Matters
This document is a critical legal safeguard for issuers, platforms, and investors. It demonstrates that the token is not merely a digital object but is backed by legally recognized rights, offering protection against disputes and enhancing trust in the project. It also supports due diligence, exchange listing, and regulatory review.
Stobox and its legal partners can support this step — verifying company registration and legal authority, drafting and reviewing board resolutions and shareholder agreements, assessing token-to-entity linkage, preparing compliant issuance reports, and integrating regulatory, corporate, and AML frameworks. Verification can be tailored to the requirements of the EU, US, BVI, Switzerland, Liechtenstein, and other supported jurisdictions.
Required deliverable: a signed Legal Token Issuance Verification from your legal counsel or a qualified law firm, referencing the issuing company and jurisdiction, the Token Issuance Specification, legal authorization and governance records, the defined token-holder rights and disclosures, and the legal basis for compliance and enforceability.
Legal Opinion
A Legal Opinion is a formal document issued by a licensed legal expert or law firm that confirms the legal structure, classification, and regulatory compliance of the tokenized offering. It serves as both a legal shield and a signal of credibility to investors, platforms, and regulators.
Objective: to obtain a professional legal assessment confirming that the offering is lawful, compliant, and properly structured under the applicable framework of the selected jurisdiction.
Key Components
- Token Classification — confirms whether the token qualifies as a security, utility, commodity, payment instrument, or hybrid under local and international standards (e.g., the Howey Test, MiFID II, FINMA, MAS, VARA).
- Regulatory Compliance — assesses the issuer’s adherence to securities laws and licensing obligations; investor eligibility and disclosure requirements; Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) laws; and data-protection regulations (e.g., GDPR, CCPA).
- Legal Structuring Validation — reviews the corporate structure, SPV/SPC linkage, token rights, and governing contracts (e.g., Token Issuance Specification, Articles of Association, Board Resolutions).
- Jurisdictional Coverage — identifies where the tokens can legally be offered and what restrictions (if any) apply to investor onboarding, token transferability, or marketing.
- Assumptions and Disclaimers — lists assumptions made in evaluating the structure (e.g., licensing status, investor vetting) and limits liability if those assumptions later prove false.
Why It Matters
| Reason | Benefit |
|---|---|
| Regulatory approval | Many jurisdictions require a legal opinion to launch a compliant STO |
| Exchange / platform listing | Needed to onboard tokens to regulated marketplaces or trading venues |
| Investor assurance | Demonstrates that the token has been reviewed by qualified legal counsel |
| Liability protection | Shields the issuer and partners from claims of negligence or noncompliance |
| Audit trail & documentation | Part of the required legal and compliance file for STO due diligence |
Stobox’s legal partners can provide support across the process — legal opinion drafting and issuance, token-classification assessments (security vs. utility vs. hybrid), jurisdictional structuring and regulatory mapping, investor-protection and AML policy integration, and supporting legal documentation (Terms of Use, TIS, Board Resolutions). Legal opinions can be tailored for local compliance in the EU, US, UK, Switzerland, UAE, Singapore, and other supported jurisdictions.
Required deliverable: a signed Legal Opinion from your legal counsel or a qualified law firm, referencing the Token Issuance Specification, asset documentation, token rights and investor disclosures, and the jurisdiction and corporate structure.
Note: Stobox can coordinate an introduction to qualified counsel for a jurisdiction-specific legal opinion where issuers do not already have their own advisors. The engagement is between the issuer and the law firm; Stobox does not provide the opinion itself.
Tax Considerations in Tokenized Asset Issuance
Important: The figures below are illustrative and are not tax advice. Tax rules and rates change frequently and vary by structure and residency — verify current rates and treatment with qualified tax counsel before relying on them.
Tax efficiency is a core consideration in structuring any Security Token Offering. Issuers must account for tax obligations across three levels: where the asset is located, where the issuing entity (SPV/SPC) is established, and where investors reside. Understanding the interaction between these domains is critical to maintaining compliance, protecting investor returns, and optimizing the overall structure.
Key Areas of Tax Exposure
- Income tax on revenue-generating assets — recurring income from rental properties, royalties, or operating businesses is typically taxed where the asset is located. If the SPV receives this income, corporate tax may also apply in the issuing jurisdiction, unless it operates as a tax-transparent vehicle or under a treaty-exempt structure.
- Capital gains tax on asset or token sale — gains may be taxed at the SPV level (if the SPV sells the asset) or at the investor level (if the investor sells tokens at a profit). The applicable treatment depends on both the SPV jurisdiction and the investor’s tax residency.
- Withholding tax on distributions — dividends or revenue payouts to token holders may be subject to withholding tax in the SPV’s jurisdiction, particularly for cross-border distributions. Tax treaties can reduce or eliminate this obligation.
- Transaction-based taxes (stamp duty, VAT) — some jurisdictions tax the transfer of tokenized assets. Stamp duties may apply to equity- or real-estate-backed tokens; VAT may apply to tokenized commodities or non-financial products. Financial securities are commonly exempt from VAT in token-friendly jurisdictions.
- Investor-level reporting — investors may need to report and pay tax on capital gains from token sales, dividend or interest income, and foreign digital-asset holdings under CRS or FATCA regulations.
Tax Impact Matrix (Select Jurisdictions — Illustrative Only)
The table below is a high-level, illustrative snapshot to show how treatment differs by jurisdiction. It is not a schedule of current rates; where a percentage is shown, treat it as indicative and confirm the prevailing figure with local counsel.
| Jurisdiction | Corporate Income Tax | Capital Gains Tax | Withholding Tax | VAT / Stamp Duty | Investor Reporting |
|---|---|---|---|---|---|
| British Virgin Islands (BVI) | None | None | None | None | Yes (based on investor residency) |
| Liechtenstein | Yes (low, flat corporate rate) | Yes | Depends on treaty | Generally exempt for financial instruments | Yes |
| Switzerland | Yes (federal & cantonal) | Yes | Yes (subject to treaty) | Generally exempt for regulated securities | Yes |
| Germany | Yes (corporate + trade tax) | Yes | Yes (treaty reduction possible) | VAT-exempt for financial securities | Yes |
| France | Yes | Yes | Yes | Yes (if non-financial) | Yes |
Best Practices for Tax-Efficient Tokenization
| Strategy | Benefit |
|---|---|
| Incorporate the SPV in a tax-neutral or treaty-favorable jurisdiction | Reduces income and withholding tax exposure |
| Use transparent or pass-through structures | Avoids double taxation at the SPV level |
| Align distribution models with treaty structures | Minimizes cross-border withholding tax |
| Educate investors on their reporting obligations | Ensures compliance and reduces reputational risk |
| Engage local counsel and tax advisors | Avoids penalties and ensures treaty benefits apply |
Tax is not just a back-office concern — it is a strategic lever in token design. Optimizing tax at the asset, SPV, and investor levels helps maximize net returns and reduce friction in cross-border offerings. See the jurisdiction guides for structure-specific detail.
Offering Legal Documentation
The set of offering documents depends on whether you pursue a registered public offering or an exempt private one. Both paths share a common corporate and policy core; they differ in the primary disclosure instrument and in the investor-eligibility and transfer-restriction documents. The regulatory path itself is set in Phase 5, and Raisable is the layer that helps prepare these compliant offering documents.
For Registered Offerings
(e.g., public offerings under the SEC, FCA, BaFin, FINMA, and comparable regulators)
- Prospectus (Offering Memorandum) — required for public offerings; includes full financial, legal, risk, and project disclosures, and is submitted to the relevant regulator for approval.
- Board of Directors Resolution — official corporate approval of the issuance, confirming purpose, use of company resources, and governance authorization.
- Amended Articles of Association / Corporate Charter — legally enables the company to issue tokenized securities; may define token-holder rights (voting, dividends, governance).
- Token Issuance Specification (TIS) — defines the technical and legal parameters of the token (supply, rights, redemption, etc.).
- Terms of Use — legal agreement governing user participation, liability limits, and platform terms.
- Privacy Policy — details how investor data is collected, processed, and protected (GDPR/CCPA compliance).
- AML/KYC Policy — explains investor vetting procedures, recordkeeping, and reporting practices.
- Risk Disclosure and Liability Statement — lists material risks, including investor assumption of risk and limitation of issuer liability.
- Legal Opinion — issued by a licensed law firm confirming token classification and legal compliance.
For Exempt Offerings
(e.g., Regulation D, Regulation S, small-offer and qualified-investor exemptions)
- Private Placement Memorandum (PPM) — provides the disclosures required in lieu of a full prospectus, including company background, risk factors, and use of proceeds.
- Subscription Agreement — a contract confirming the investor’s participation and obligations; may incorporate or refer to the Security Token Purchase Agreement.
- Security Token Purchase Agreement (STPA) — the main investment contract outlining payment, token delivery, rights, restrictions, and disclaimers.
- Simple Agreement for Future Tokens (SAFT) (if used) — used in early rounds where tokens are delivered later, upon launch or regulatory clearance.
- Accredited / Qualified Investor Certification — verifies investor eligibility under the exemption framework.
- Lock-Up Agreement / Transfer Restriction Notice — establishes holding periods or resale limitations (e.g., 12 months under Rule 144).
- All general corporate documents — Board Resolution, Amended Articles of Association (if needed), Token Issuance Specification (TIS), AML/KYC Policy, Terms of Use, Privacy Policy, Risk Disclosure Statement, and Legal Opinion.
Summary Table — Legal Documents by Offering Type
| Document | Registered Offering | Exempt Offering | Required or Optional |
|---|---|---|---|
| Prospectus (Offering Memorandum) | Yes | No | Required for registration |
| Private Placement Memorandum (PPM) | No | Yes | Required in private sales |
| Security Token Purchase Agreement | Yes | Yes | Always required |
| Subscription Agreement | No | Yes | Required in exempt offerings |
| SAFT (if applicable) | No | Yes | Optional in early rounds |
| Board Resolution | Yes | Yes | Required |
| Amended Articles of Association | Yes | Optional | Recommended |
| Token Issuance Specification (TIS) | Yes | Yes | Required |
| Terms of Use | Yes | Yes | Required |
| Privacy Policy | Yes | Yes | Required |
| AML/KYC Policy | Yes | Yes | Required |
| Risk Disclosure Statement | Yes | Yes | Required |
| Legal Opinion | Yes | Yes | Required / highly recommended |
| Investor Eligibility Forms | No | Yes | Required for exemptions |
| Lock-Up / Transfer Restrictions | No | Yes | Required under Reg D, Reg S |
Project Documentation
Beyond the strictly legal file, a set of supporting business documents builds investor confidence, reinforces regulatory alignment, and provides a transparent foundation for the offering. Below is an overview of the materials issuers typically prepare.
Pitch Deck
A high-level presentation summarizing the project’s vision, market opportunity, business model, token utility, and fundraising goals. Often the first document shared with potential investors and partners.
Purpose: quickly communicate value and attract interest.
Business Plan
A detailed document outlining strategy, market analysis, competitive landscape, revenue model, team, and growth roadmap. It helps stakeholders understand how the project will operate and scale.
Purpose: demonstrate viability, strategic planning, and long-term potential.
Audit Reports (if available)
Third-party audits of smart contracts, financials, or operations validate the project’s integrity and functionality. Smart-contract audits are especially important for security tokens.
Purpose: prove trustworthiness and technical soundness.
Financials & Valuation
Balance sheets, cash-flow statements, and projected financial performance, along with a clear valuation of the tokenized asset. This supports token pricing and informs investor decisions.
Purpose: justify fundraising goals and establish financial credibility.
Revenue & Operational Documentation (if applicable)
For projects with existing operations: revenue reports, customer data, contracts, and supply-chain details that demonstrate real-world traction.
Purpose: provide proof of performance and sustainability.
Jurisdictional & Regulatory Compliance
Outlines the legal framework of the offering — licensing status, applicable exemptions, and alignment with securities laws — and may include a legal opinion or compliance checklist.
Purpose: show adherence to legal requirements and reduce regulatory risk.
Corporate Authorization Documents
Certificates of incorporation, board resolutions, shareholder consents, and powers of attorney that authorize the issuance and fundraising activities.
Purpose: confirm the legal authority to issue tokens and engage investors.
Collectively, these documents form the backbone of the tokenization project. They establish transparency, legal clarity, and strategic alignment, making the offering more credible to regulators, investors, and partners. Underpreparing them can slow fundraising, limit investor participation, or create regulatory setbacks.
What You Carry Into the Next Phase
You leave Phase 6 with a complete legal file — SPV-to-asset linkage, governance and authorization records, required issuer policies, a Legal Token Issuance Verification, a Legal Opinion, tax structuring, and the offering documents matched to your registration path. In Phase 7 this file is validated and the token is deployed through Stobox Compass, turning the documented structure into a live, compliant on-chain offering.