Why "on-chain" and "borderless" are not the same thing
The pitch for tokenized real-world assets is simple: put a Treasury bill, a share of private credit, or a gold bar on a blockchain, and the asset can travel anywhere the internet reaches. For a permissionless crypto token like BTC or ETH, that framing is mostly accurate. The network is open, the ledger is global, and any self-custody wallet can receive the asset without asking permission.
For tokenized securities, the picture is different. The token is a digital receipt for a legal claim, and that claim lives inside a specific legal system. A tokenized US Treasury fund is still a US securities offering. A tokenized money-market fund domiciled in Luxembourg is still a Luxembourg fund. The blockchain layer changes how the receipt moves, but it does not change who is allowed to hold the underlying instrument under the issuer's prospectus and the local regulator's rules.
This is why products like BlackRock's BUIDL, Ondo's OUSG, and Paxos's PAXG look similar on a block explorer but behave very differently in practice. Each one carries a legal wrapper that defines who the issuer will contract with, where the offering is registered, and what happens if a non-eligible address somehow ends up holding the token. The token can be moved by a smart contract. The legal rights cannot.
The real failure modes: what happens to ineligible holders
Risk in the RWA cross-border context is not abstract. It shows up in three concrete ways: contracts that cannot be enforced, tokens that can be frozen, and users who unknowingly violate securities or sanctions law. None of these risks are visible in the token's price chart.
First, an ineligible holder has no standing in the issuer's jurisdiction. If you are a retail investor in a country that is excluded from BUIDL's offering documents, the contract that supposedly gives you a claim on the underlying US Treasuries is, from the issuer's perspective, not a contract you were ever party to. Courts in major jurisdictions have repeatedly held that offering documents and subscription agreements control, and an off-channel purchase is treated as a void or rescindable transfer rather than a protected share ownership.
Second, issuers and transfer agents can freeze or burn tokens. The most cited case so far involves BUIDL restricting access from certain geographies, with wallet addresses reclassified and redemption rights curtailed. The technical mechanism is straightforward: the token contract has an allowlist, minting and redemption are permissioned, and a centralized administrator can blacklist addresses. This is sometimes sold as a safety feature, but for an investor who bought through a secondary venue without proper onboarding, it can mean their token becomes a non-redeemable digital artifact with no path back to dollars.
Third, sanctions law is a strict-liability regime for issuers. Under OFAC rules administered by the US Treasury, any US person or US-domiciled entity that facilitates a transaction with a sanctioned address can face civil and criminal penalties. Tokenized RWA issuers are US persons, so they must screen every wallet that interacts with their contracts. This is why OFAC compliance, not just KYC, is the dominant operational concern for permissioned RWAs, and why even a small protocol error can force a wind-down of a pool.
Accredited investor and KYC gates
Almost every yield-bearing RWA token in circulation today carries an accredited investor or professional investor gate. BUIDL is limited to eligible non-US persons, qualified purchasers, and accredited investors. OUSG carries similar restrictions, and Ondo's broader product suite is structured around a non-US retail category called ONDO Global Markets, which itself requires KYC and excludes US persons outright.
PAXG is the partial exception. PAXG is a gold token issued by Paxos, a New York trust company, and each token is backed by one fine troy ounce of physical gold stored in Brink's vaults in London. While Paxos performs KYC and complies with sanctions, PAXG trading is available to a broader retail audience than BUIDL or OUSG, and the token is widely listed on retail exchanges. The trade-off is that the legal claim to the underlying gold is governed by New York and English law, and the fine print of Paxos's terms of service matters more than the token's ticker.
What "accredited investor" means in the US is defined by the SEC. It generally requires an annual income above 200,000 dollars for individuals (or 300,000 dollars joint), or a net worth above 1 million dollars excluding the primary residence, or a specific professional license. In the EU, the analogue is the professional client test under MiFID II, which uses asset thresholds and experience criteria. In Singapore and Hong Kong, the rules use the accredited investor, expert investor, and professional investor labels with their own thresholds.
These gates are not marketing. They are securities law. An issuer that sells to a non-accredited investor outside the permitted channels is, in the regulator's view, conducting an unregistered public offering. The fact that the buyer used a wallet instead of a brokerage account does not change the analysis. This is why RWA platforms invest heavily in onboarding flows, and why secondary markets for tokens like BUIDL are thin: the legal and compliance cost of reselling to an unknown wallet is high enough that most transactions happen inside the issuer's own platform.
Geofencing, IP blocking, and wallet screening
Once the legal gate is defined, the next question is how issuers enforce it. The answer is a stack of technical controls that the average user never sees.
The first control is KYC at onboarding. The user submits identity documents, proof of address, and sometimes source-of-funds information, and the issuer runs checks against sanctions lists, PEP databases, and adverse media. Tokens are then minted to a whitelisted address, usually a custodial wallet inside the issuer's platform. This is why most BUIDL and OUSG holders interact with the token through Ondo Finance's interface or through a partner such as Securitize, rather than through a generic DEX.
The second control is IP geofencing. The issuer's web app reads the visitor's IP address and refuses to serve the onboarding flow to addresses in excluded jurisdictions. VPNs complicate this, but they do not defeat it: IP intelligence services can flag known VPN endpoints, datacenter ranges, and residential proxy networks with reasonable accuracy. Users who successfully onboard through a VPN typically find that withdrawal or redemption flows add an extra layer of review.
The third control is wallet screening. Every address that touches an issuer's contract is checked against sanctions lists (OFAC, EU, UK, UN) and against heuristics that flag mixers, bridge exploits, and known illicit sources. Tools from companies like Chainalysis, TRM Labs, and Elliptic are standard infrastructure for RWA issuers. If a wallet is flagged, the issuer can refuse to redeem, freeze the token balance, or report the activity to regulators.
Together, these controls mean that an "on-chain" RWA is, in practice, a permissioned product with a permissionless veneer. The token can move; the legal wrapper cannot. And the issuer's compliance team, not the smart contract, decides who is allowed in.
Sanctions, OFAC, and permissioned RWAs
Sanctions enforcement is where the cross-border story turns from inconvenient to dangerous. OFAC administers the SDN list, which names individuals, entities, and addresses controlled by sanctioned jurisdictions. For a traditional bank, compliance is a matter of screening wire transfers. For a tokenized RWA issuer, the equivalent step is screening every wallet that touches the contract, on every block, in real time.
This is not theoretical. In 2022, the US Treasury sanctioned the Tornado Cash smart contract, and later the OFAC list expanded to include specific addresses linked to North Korean hacking groups, Russian sanctions evaders, and a long list of mixer services. Several RWA issuers responded by tightening their wallet-screening rules and by publishing their compliance policies. A few paused onboarding in jurisdictions on the FATF grey list, including parts of the Caribbean and Southeast Asia.
The legal question that follows is whether holding a token is itself a sanctions violation. The current OFAC guidance, including the 2023 and 2024 updates, treats tokenized securities issued by a US person as property of a US person, and treats transactions in those tokens by sanctioned addresses as prohibited if facilitated by a US person. This means an RWA issuer that redeems a token for a sanctioned address can be liable, even if the on-chain transfer happened months earlier and the address was not on the SDN list at the time.
For investors, the practical lesson is that wallet hygiene matters more in RWA markets than in pure crypto markets. Receiving a small amount of RWA tokens from a flagged address, even by accident, can lock the wallet out of redemptions. This is a different failure mode from a smart-contract exploit: the user's funds are technically in their wallet, but functionally unreachable.
MiCA, passporting, and the EU advantage
MiCA, the EU's Markets in Crypto-Assets regulation, came into full effect in 2024 and 2025. It creates a single rulebook for crypto-asset issuers and service providers in the EU, and it allows a product authorized in one member state to be marketed across the bloc, a process called passporting. For RWA issuers, this is the closest thing to a true cross-border regime that exists today.
Under MiCA, an asset-referenced token (ART) or e-money token (EMT) authorized in, say, France can be offered to retail and professional investors in Germany, Italy, and the rest of the EU without a separate authorization in each country. Several European issuers, including Societe Generale's stablecoin and various euro-denominated treasury products, have used this passport to reach a pan-European customer base.
However, MiCA has limits. It does not authorize a product for US persons, UK persons, or any non-EU resident. The passport stops at the EU's external border. A French product cannot be sold into Switzerland or the UK without separate authorization, and selling into the US is, with rare exceptions, a non-starter under US securities law. MiCA also does not override national rules on who can hold which product, and several member states have used national discretion to restrict certain token categories.
The US side is more fragmented. There is no equivalent of MiCA. Tokenized US Treasuries are typically structured as regulated funds or as private placements under Rule 506(b) or 506(c) of Regulation D, both of which restrict the buyer pool. Public token offerings to US retail investors remain effectively impossible under current SEC guidance. Some issuers have experimented with parallel structures, one product for US persons, another for non-US persons, but this adds cost and complexity.
What "owning a tokenized share" actually means in court
The deepest jurisdictional question is whether the token is the asset or just a pointer to the asset. In most current RWA structures, the answer is: the token is a pointer. The legal ownership of the underlying share, bond, or gold bar is recorded in the issuer's books, not on the blockchain. The token is a representation of that record, and the issuer's subscription agreement is what gives it legal force.
This matters when things go wrong. If the issuer is sued, goes bankrupt, or is hacked, the token holder's claim is determined by the issuer's jurisdiction's law, not by the blockchain's consensus rules. In a US Chapter 11, for example, token holders are unsecured creditors whose recovery is determined by the bankruptcy court. The fact that they hold a token does not elevate them above other claimants, and the bankruptcy estate controls the underlying assets.
Several legal scholars have proposed on-chain entity structures, including the Delaware LLC + token, the Wyoming DAO LLC, and various Cayman and BVI vehicles, that try to make the token itself the legal ownership record. These are promising experiments, but they are not yet standard, and they have not been tested in major disputes. For the foreseeable future, the practical rule is: read the offering documents. The token's legal rights are defined there, and the blockchain is just the delivery mechanism.
How to think about RWA cross-border restrictions as an investor
For an investor evaluating an RWA product, the cross-border question is not a footnote. It is the first thing to check. Start with the offering documents: who is eligible, what jurisdictions are excluded, and what is the accredited investor standard? Then check the issuer's enforcement: do they screen wallets, do they geofence the onboarding, and do they publish a sanctions policy? Then check the redemption path: who can redeem, on what timeline, and what happens if you become ineligible after buying?
None of this is a reason to avoid tokenized assets. The category is real, the yields are real, and the operational advantages over traditional funds are meaningful. But it is a reason to treat the marketing claim of "global access" as a sales pitch rather than a description. A tokenized Treasury on a public chain is still a security offering with a defined eligible investor pool, and the user's job is to confirm they are inside that pool before they buy.
How to follow RWA cross-border developments the smart way
RWA cross-border rules move in three lanes at once: securities regulators updating accredited investor definitions, sanctions authorities updating wallet screening guidance, and tax authorities deciding how to treat tokenized income. Tracking all three manually is a losing game. Zippfeed surfaces RWA headlines with sentiment scoring (bullish, neutral, or bearish) and an importance rating, so you can spot the regulatory shifts and product launches that actually change eligibility, before they hit your portfolio.
