What the regulator actually looks for, and how smart sponsors get approvals faster

The moment every tokenisation project hits reality

It happens quietly.

Usually after months of excitement.

The tech is built.
The pitch deck looks beautiful.
The “token economics” slide is polished.
Investors are warming up.

Then someone says:

“We should probably check what the regulator requires.”

That’s the moment fantasy meets law.

Because in Saudi Arabia, tokenisation is not governed by:

  • innovation
  • trends
  • or what worked in another country

It is governed by one thing:

securities regulation

And specifically, the expectations of the
Capital Market Authority

This is where many promising projects stall.

Not because tokenisation is illegal.

But because it was structured backwards.

This article is your shortcut.

A practical, regulator-first playbook for compliant tokenisation in KSA, built from what actually gets approved, not what sounds good on stage.

First Principles: How the CMA Thinks About Tokenisation

Before you talk about blockchain, tokens, or platforms, understand something critical:

The CMA does not regulate “tokens.”

It regulates:

securities offerings

So when you say:

“real estate token”
“gold token”
“asset token”

The CMA hears:

  • equity
  • fund units
  • debt
  • investment contracts

The label doesn’t matter.

The economics do.

If investors expect:

  • profit
  • yield
  • ownership
  • exposure

It’s regulated.

This mindset shift is everything.

Because once you accept you’re running a capital markets transaction, the correct path becomes obvious.

Why Saudi Is Not a “Crypto Grey Zone”

Many international founders assume:

“Let’s launch first and ask forgiveness later.”

That strategy might work in lightly regulated jurisdictions.

It does not work in Saudi Arabia.

Saudi markets are:

 formal
rule-based
institution-driven
documentation heavy

But here’s the surprising part:

This is actually an advantage.

Because serious capital prefers clarity.

Family offices and funds don’t want “grey.”

They want:

  • enforceable
  • defensible
  • regulator-recognised

So compliance isn’t a burden.

It’s a competitive edge.

The 5 Regulatory Decisions That Determine Your Entire Strategy

Through years of structuring GCC digital asset deals, we’ve noticed something:

Every tokenisation project in Saudi boils down to five early decisions.

Get these right → smooth approval
Get them wrong → expensive delays

Let’s walk through them.

Decision 1 : What Is Your Instrument Legally?

This is the step almost everyone skips.

Before anything else, you must answer:

“What is this legally?”

Not:
“What do we call it?”

But:
“What would a regulator call it?”

Examples:

Real estate token

Usually:

  • equity security
  • fund unit
  • income note

Gold token

Usually:

  • asset-backed note
  • warehouse receipt
  • investment contract

This classification determines:

  • offering rules
  • disclosures
  • investor eligibility
  • licensing requirements

Without this memo, you’re guessing.

Sophisticated sponsors always start with a formal classification analysis.

Decision 2 : Private Placement or Public Offering?

This is the most commercially impactful decision you’ll make.

And the one most sponsors misunderstand.

Private placement (institutional)

  • faster
  • cheaper
  • lighter disclosure
  • weeks to market

Public/retail (prospectus)

  • heavy documentation
  • regulator review
  • longer timeline
  • significantly higher cost

If you’re testing security token offerings in Saudi Arabia, 90% of the time the smart move is:

Start institutional.

Prove the model.

Scale later.

Trying retail first often kills momentum.

Decision 3  : Who Actually Owns the Asset?

This is where legal reality hits.

Because blockchain does not equal ownership.

Courts enforce:

  • title
  • contracts
  • legal rights

Not:
wallet addresses.

So regulators always ask:

“For real estate, where is the title deed?”
“For gold, who holds the bullion?”

If the answer is “the sponsor,” that’s risky.

The standard solution?

SPV (Special Purpose Vehicle)

A bankruptcy-remote entity that:

  • holds the asset
  • issues the securities
  • protects investors

This is non-negotiable for serious offerings.

Decision 4 : Who Can You Sell To?

Marketing rules in Saudi are stricter than many expect.

You can’t simply:

  • advertise online
  • tweet offerings
  • accept random investors

Depending on your structure:

You may need:

  • qualified investors only
  • whitelisted participants
  • suitability checks
  • risk acknowledgements

Which means:

Your token system must enforce investor restrictions, not just your lawyers.

This is why permissionless tokens rarely work in Saudi.

Compliance must be coded into the system.

Decision 5 : When Does Tokenisation Actually Happen?

Here’s the counterintuitive truth.

Tokenization is the last step.

Not the first.

But most teams do the opposite.

They start with:

  • blockchain architecture
  • smart contracts
  • UI

Then try to “make it compliant.”

That’s backwards.

The correct sequence is:

  1. classify
  2. structure
  3. document
  4. file
  5. THEN tokenise

If you remember nothing else from this article, remember this sequence.

It saves months of pain.

Visualising the Correct Order

Most teams:
Tech → Law → Regulator 

Successful teams:
Law → Structure → Regulator → Tech 

Simple difference.

Massive consequences.

What the CMA Actually Reviews (Behind the Scenes)

Many sponsors imagine regulators focus on tech.

They don’t.

They look at:

  • ownership proof
  • custody arrangements
  • investor protections
  • Disclosures
  • offering pathway
  • Governance
  • licensed intermediaries

Rarely:
“What blockchain are you using?”

If your structure looks like:
a normal fund/debt/equity issuance with a digital register…

approval is smooth.

If it looks like:
a crypto experiment…

expect questions.

Lots of them.

The Hidden Cost of Getting It Wrong

We’ve seen projects that:

  • built for 6 months
  • spent hundreds of thousands on tech
  • launched marketing

only to discover they needed:

  • a new SPV
  • different investor restrictions
  • revised documentation
  • regulator filings

Essentially rebuilding everything.

Compliance-first is cheaper.

Every time.

Even if it feels slower initially.

The CRYPTOVERSE Regulatory Playbook

This is the framework we use with clients entering the Saudi tokenisation market.

Not theory.

Practice.

Phase 1 : Classification memo

Define legal character

Phase 2 : Offer pathway strategy

Private vs public

Phase 3 : SPV & asset structure

Ownership enforceability

Phase 4 : Documentation

PPM/prospectus/subscription

Phase 5 : Regulator engagement

Align expectations early

Phase 6 : Token integration

Whitelist + restricted transfers

This order dramatically reduces regulator friction.

The Strategic Insight Smart Sponsors Understand

Here’s what sophisticated players quietly realise:

Tokenization doesn’t replace regulation.

It makes regulation easier.

Because:

  • digital ledgers improve transparency
  • permissioned transfers improve control
  • compliance can be automated

Regulators actually prefer structured digital systems over informal paper-based ones.

Which is why compliant tokenisation is welcomed.

But only when structured properly.

If You’re Planning a Security Token Offering in Saudi Arabia…

Ask yourself:

Have we:
formally classified the instrument?
chosen the correct offer pathway?
structured asset ownership via SPV?
aligned marketing rules?
sequenced tokenisation last?

If not, you’re still early.

Which is good.

Because it’s easier to fix early than late.

Ready to Structure It the Right Way?

At CRYPTOVERSE Legal, we help sponsors:

  • navigate CMA tokenisation regulation
  • structure compliant real estate & commodity offerings
  • design private placements
  • prepare regulator-ready documentation
  • integrate compliant token models

We don’t sell tokens.

We design structures regulators approve.

Because in Saudi:

Regulatory credibility beats innovation theatre.

Every time.

 Let’s talk

If you’re exploring tokenisation of real estate or commodities in Saudi Arabia, we’re happy to discuss:

  • regulatory pathway
  • timeline
  • structuring strategy
  • approval planning

FAQs

1. Is real estate tokenisation legal in Saudi Arabia?

Yes, real estate tokenisation is permitted in Saudi Arabia when structured as a regulated securities offering under CMA rules. The legality depends on the economic rights offered, not the technology used.

2. Does the CMA regulate crypto or blockchain tokens?

The CMA does not regulate tokens by name. It regulates securities and investment contracts, including any token that offers profit, yield, or ownership exposure.

3. What assets can be tokenised under CMA regulations?

Assets such as income-generating real estate, development projects, and commodities like gold can be tokenised, provided ownership, custody, and investor rights are legally enforceable.

4. Is CMA approval required before launching a tokenised offering?

Yes. If a token qualifies as a security, it must follow an approved CMA offering pathway before marketing or onboarding investors in Saudi Arabia.

5. Why is an SPV required for tokenised real estate or commodities?

An SPV legally holds the underlying asset and issues the securities, ensuring investor protection, ownership clarity, and compliance with CMA expectations.

6. Who can invest in tokenised securities in Saudi Arabia?

Investor eligibility depends on the structure, but most offerings are restricted to qualified or institutional investors, with suitability and onboarding controls required.

Newer Dubai vs Saudi Arabia for Tokenisation: Where Should You Launch Your Real Estate or Gold Offering First?
Back to list
Older Vietnam’s Crypto Moment: Inside the Government’s First Real Move to Regulate Digital Asset Markets