The question sounds like it should have a simple yes or no. It doesn't.
"Are all tokens securities?" is really asking how a 1946 Supreme Court test — written to catch fraudulent orange grove investment schemes — applies to digital assets that didn't exist when the law was drafted. The answer turns out to be: it depends on the specific token, how it was sold, and who controls the network it runs on.
Neither "all tokens are securities" nor "no tokens are securities" is correct. But large numbers of tokens probably do meet the legal definition, which has real consequences for projects, exchanges, and holders.
The Howey Test and How It Works
US securities law uses what's called the Howey Test to determine whether something is a security. The test comes from SEC v. W.J. Howey Co. (1946), a case involving land sales and citrus groves. The Supreme Court defined a security as any arrangement involving: (1) an investment of money, (2) in a common enterprise, (3) with an expectation of profit, (4) derived primarily from the efforts of others.
All four elements must be present. The test focuses on economic reality — how something actually functions — not what it's called.
When you apply that framework to a typical token sale: buyers send money to a project, they share in the project's fortunes (common enterprise), they generally expect the tokens to appreciate (profit), and whether the tokens become valuable depends largely on whether the founding team successfully builds the product (efforts of others). That's a strong match to Howey.
The complication is that this analysis can change over time. A token sold in a fundraising round before the network exists looks a lot like a security. But once the network is genuinely decentralized — once no single entity controls its development or can materially affect its value — the "efforts of others" element weakens. This is why Bitcoin, which was never sold in a fundraising round and has no controlling development team, has been treated differently than most altcoins.
In 2018, the SEC's director of corporate finance, William Hinman, gave a speech suggesting that sufficiently decentralized networks might not involve securities even if early token sales did. That speech was never formal SEC policy, and Hinman left the agency in 2020, but the concept has shaped the debate ever since.
Why "Tokens" Isn't a Useful Category
The word "token" describes a technical fact — something recorded on a blockchain — not an economic relationship. From a legal standpoint, it's like asking whether "pieces of paper" are securities. Some pieces of paper are; most aren't.
Utility tokens present the clearest conceptual challenge. In theory, a token that grants access to a specific service — compute resources, storage, bandwidth — might not satisfy Howey if buyers are purchasing for use rather than profit. The problem is that secondary market speculation has made "purchasing for access" implausible for most tokens. People buy them expecting to sell at a higher price, which is exactly the profit expectation Howey is looking for.
XRP is a useful real-world example. The SEC sued Ripple in 2020 claiming XRP is a security. The 2023 ruling from Judge Torres split the difference: XRP sold to institutional buyers in private placements was a security (they had profit expectations tied to Ripple's efforts), but XRP sold programmatically on secondary markets to retail buyers was not (those buyers couldn't reasonably identify a common enterprise). Same token, two different conclusions depending on who bought it and under what circumstances.
That ruling is still being appealed and isn't precedent for other courts, but it illustrates how the question doesn't have a single answer even for a single asset.
Where the Constraints Live
The core constraint in the US is that securities classification happens through enforcement rather than advance guidance. There's no form a project can file to get a "not a security" determination before launching. Projects have to launch and see whether the SEC takes action — which creates real risk for anything that looks even partially like a fundraising mechanism.
The SEC and CFTC have overlapping and sometimes competing jurisdiction. Bitcoin is treated as a commodity under CFTC authority. Most other tokens exist in a gray zone that neither agency has fully claimed. Congress has not passed legislation clarifying how existing frameworks apply to crypto, though several bills have been proposed.
Europe took a different approach. The Markets in Crypto-Assets (MiCA) regulation, which became effective across EU member states in 2024-2025, created a purpose-built framework with distinct categories: asset-referenced tokens, e-money tokens, and other crypto-assets. Projects operating in the EU now have clearer rules, even if those rules don't answer the US question.
What's Changing
Two things are shifting. The first is litigation. Active court cases — including the SEC's case against Coinbase and the continuing Ripple proceedings — are building case law around when and how Howey applies to crypto. Each ruling narrows or expands the interpretive space.
The second is legislative. The FIT21 Act passed the US House in 2024, proposing a framework that would distinguish "digital commodities" from "digital securities" based on decentralization and functional use. Whether any version clears the Senate and becomes law is uncertain, but the direction is toward explicit statutory categories rather than indefinite case-by-case enforcement.
What Would Confirm This Direction
Congress passes market structure legislation creating a formal pathway for tokens to be classified as commodities once sufficient decentralization is demonstrated. Courts establish consistent precedent on when the "efforts of others" element is satisfied in crypto contexts. Projects can rely on advance legal clarity before conducting token launches.
What Would Invalidate It
The SEC wins major enforcement actions establishing that decentralization doesn't affect security status — that any token sold for profit qualifies regardless of network structure. Congress fails to pass clarifying legislation for another several years. Court rulings remain fragmented and jurisdiction-specific, leaving enforcement risk as the permanent baseline.
Timing
Now — US classification is genuinely unclear for most tokens; enforcement risk is real, particularly for projects that raised capital through public token sales. Bitcoin is the clearest case (commodity). Most everything else is unsettled. EU operators have clearer rules under MiCA.
Next — Active court cases in the US should produce additional precedent within 12-24 months. Legislative movement possible but not guaranteed.
Later — Whether the US adopts a purpose-built framework or whether existing securities law fully absorbs the asset class remains unresolved.
Boundary
This post explains how the securities law framework applies to tokens and where that framework stands as of May 2026. It doesn't provide legal advice, tax guidance, or any assessment of specific token projects.
The legal status of any particular token depends on facts specific to that token — how it was sold, what rights it grants, how decentralized the underlying network is — and should be assessed by qualified legal counsel applying current case law. The mechanism here is established law meeting unanticipated technology. The outcome is still being written.
