You don’t put identity documents on-chain. KYC runs off-chain with a licensed provider. The on-chain artifact is only a result: an allowlist entry or a signed credential bound to the wallet, carrying claims like accredited or not-sanctioned, never the documents.
The mistake is thinking KYC happens on the blockchain. It doesn’t. Identity verification is an off-chain process; the chain only stores the verdict.
Why
A public blockchain is a permanent, world-readable ledger. Passport scans, addresses, and dates of birth do not belong there. So the architecture splits in two.
Off-chain, a licensed KYC/AML provider collects the documents, runs sanctions and accreditation checks, and holds the file. On-chain, the result is written as a claim bound to the holder’s wallet. That claim says something narrow, like “accredited investor” or “jurisdiction permitted” or “not sanctioned.” It never carries the underlying data.
Two standards define how that claim is expressed. A Decentralized Identifier (DID) is an identifier the holder controls, resolvable without a central registry. A Verifiable Credential (VC) is a signed attestation an issuer makes about that identifier, cryptographically checkable by anyone, revealing nothing beyond the claim itself.
The ERC-3643 model wires this into the token. An on-chain identity registry (ONCHAINID) holds the claims for each wallet. When a transfer is attempted, the token contract checks the registry: does the sender hold a valid claim, does the receiver, is the transfer allowed. If not, the transfer reverts. Eligibility is enforced at the transfer layer, not at the point of sale.
Zero-knowledge and selective-disclosure proofs push this further. A holder can prove “I am over 18” or “I am accredited” without exposing the value behind the claim, and in some designs without exposing which specific wallet they are.
The edge cases
“Private” is not “anonymous to everyone.” Someone still knows who the holder is: the issuer, the transfer agent, and the licensed provider who ran the check. That is deliberate. Regulators, auditors, and court orders require a real identity behind the wallet. If no one can produce it, the structure is not compliant, it is just hidden.
Claims also expire. Sanctions lists change; accreditation lapses. A credential written once and never re-checked is a liability. The registry has to support revocation and re-verification, or the allowlist goes stale.
And the wallet-to-person binding is only as strong as the enrollment. If a holder hands their key to someone else after passing KYC, the on-chain claim still reads valid. Key custody is a separate problem the credential does not solve.
What this means for your structure
Decide who holds the off-chain identity file and under what legal duty, before you pick a chain or a token standard. That party is your point of contact for regulators.
Stobox keeps identity off-chain and enforces eligibility at the token transfer layer. We are a non-custodial technology provider, not a broker-dealer or law firm; the licensed KYC/AML and legal roles sit with your providers.
Gene Deyev’s take

I’ve watched teams treat “private” as if it means “no one can ever produce the identity.” That is not privacy, it is a compliance gap you haven’t found yet. The right design keeps documents off-chain with a licensed provider and writes only the verdict to the token, then enforces eligibility at the transfer layer so an ineligible transfer simply reverts. Pick open standards for the claim and the registry: if your credential format is proprietary, you’ve traded doxxing risk for vendor lock-in, and the ownership record still has to outlive whatever platform issued it.
— Gene Deyev, CEO & Co-Founder, Stobox. Co-author of the Stobox Tokenization Framework and the STV3 protocol; ERC-7943 backer; SEC Crypto Task Force roundtable participant (2025).
Related questions
- ERC-3643 vs ERC-7943 (uRWA)
- How to choose a tokenization platform
- What happens to your tokens if the platform disappears
Last updated: 2026-07-12.