ERC-1404: How Tokensoft Built the Compliance Standard for Security Tokens — and the Platform to Launch Them

Since 2017, Tokensoft has helped customers raise or process over $1,000,000,000 in compliant token offerings. At peak capacity, the platform processed 80,000 investors per hour through KYC and AML procedures — and $10,000,000 per hour for a single customer. More than 100 assets have launched on Tokensoft's infrastructure, including layer one blockchains like Avalanche, Tezos, Moonbeam, Acala, and Handshake, as well as the first SEC-registered security token IPO in history.

None of that would have been possible without ERC-1404 — the restricted token standard that Tokensoft co-authored, pioneered, and built the definitive reference implementation of. This is the story of both: the standard and the platform built on top of it.

The Problem Before ERC-1404

When Tokensoft was founded in 2017, the blockchain industry had no standard for compliant token transfers. ERC-20 — Ethereum's dominant token standard — was designed for permissionless systems. Any address could send any ERC-20 token to any other address, at any time. That worked fine for cryptocurrencies. It was disqualifying for securities.

Security tokens represent regulated financial instruments — equity, debt, real estate interests, fund shares. They are subject to SEC regulations that dictate who may hold them, under what conditions, and when they may be transferred. An ERC-20 token has no mechanism to enforce any of that. Any attempt to use a vanilla ERC-20 for a securities offering would require enforcement entirely off-chain, after the fact, by the issuer. That's not a compliance solution — it's a liability.

Tokensoft's answer was ERC-1404: a token standard that brings compliance enforcement on-chain, at the protocol level, where it cannot be bypassed.

What ERC-1404 Is

ERC-1404 extends ERC-20 with two additional functions that every token contract implementing the standard must expose:

function detectTransferRestriction(address from, address to, uint256 value) public view returns (uint8);
function messageForTransferRestriction(uint8 restrictionCode) public view returns (string memory);

Before any token transfer is executed, the contract evaluates detectTransferRestriction. If it returns a non-zero code, the transfer is rejected at the smart contract level — not by an off-chain monitoring system, not retroactively, but in the same transaction, before any tokens move. The messageForTransferRestriction function converts that numeric code into a human-readable explanation, so issuers and custodians know exactly why a transfer failed: "SENDER_NOT_WHITELISTED", "TOKENS_LOCKED", "RECEIVER_EXCEEDS_OWNERSHIP_LIMIT".

This design was deliberate. ERC-1404 was built with input from issuers, securities law firms, and exchanges. It was proposed as an Ethereum Improvement Proposal (EIP-1404), published on erc1404.org as an open-source standard, and adopted by financial institutions worldwide — appearing in SEC filings from Aptorum Group, Diginex, Theseus Debt Fund, and Arca US Treasury Fund. The Capital Markets and Technology Association (CMTA) in Switzerland incorporated ERC-1404 into their regulatory working group framework.

The Full Feature Set Tokensoft Built

Tokensoft didn't just author the standard — it built the most complete ERC-1404 implementation in existence. The Tokensoft reference implementation includes:

Investor Whitelisting & Segmentation

The bidirectional whitelist matrix allows issuers to maintain multiple investor lists simultaneously — US accredited investors, non-US persons, qualified institutional buyers, each with its own rule set. Transfer restrictions can be applied at the list level, blocking transfers between incompatible investor categories without affecting transfers within the same category. This is the technical implementation of Regulation D / Regulation S parallel offering structure, encoded in smart contract logic.

Ownership Limits

Issuers can cap token ownership at either a percentage of total supply or an absolute token count per address. This implements poison pill provisions — restricting any single entity from accumulating a controlling stake — directly in the token contract. No centralized monitoring required.

Flowback Prevention

Cross-jurisdictional transfers that would violate securities law — a US-restricted investor attempting to transfer tokens to a non-US person, for example — are blocked by the restriction logic before execution. This is flowback prevention at the smart contract layer.

Lockup Enforcement

Tokensoft implemented both time-based and price-based lockup enforcement. Time-based lockups prevent transfers until a specific date. Price-based lockups — an industry first — prevent transfers until a token price oracle reports that a threshold has been met. These are vesting terms from traditional equity agreements, implemented as on-chain financial instruments.

Token Lifecycle Management

The full lifecycle: mint new tokens (create new shares), burn tokens (retire them from circulation), revoke tokens (forcibly remove them from a wallet — for regulatory remediation), freeze individual addresses or all transfers globally. All role-protected, all auditable on-chain.

Dividend Support

Both push and pull dividend distribution mechanisms are built into the implementation. Push: issuer distributes to all holders in a single transaction. Pull: holders claim their proportional share from a distribution contract. Both approaches have their appropriate use cases depending on holder count and gas economics.

The Token Sale Platform

Built on ERC-1404's compliance foundation, Tokensoft's token sale platform handles the complete lifecycle of a compliant offering — from investor onboarding through fund settlement.

Compliance Automation at Scale

Every investor who participates in a Tokensoft-hosted offering goes through automated KYC/AML verification. Tokensoft supports compliance procedures for up to 56 countries, with jurisdiction-specific document requirements configured at the platform level. A US accredited investor sees different disclosure documents and signs different agreements than a non-US person. The platform enforces these differences automatically.

Geo-blocking is configurable by country and by US state. Sanctioned jurisdictions are blocked by default. Specific states — New York, for example, which has its own BitLicense requirements — can be excluded independently. OFAC screening runs against the SDN list before any investor completes registration.

Parallel Regulation D / S Offerings

Since Tokensoft's earliest days, the platform has supported simultaneous Regulation D (US accredited investors) and Regulation S (non-US persons) offerings on the same domain, at the same time. Each parallel tranche has its own compliance configuration, offering materials, and investor segmentation — managed through a single issuer dashboard.

Sale Configuration

The platform supports a wide range of sale structures:

• Individual contribution caps — limit each investor's maximum participation
• Sale contribution caps — close the sale at a specific raise target
• Investor count caps — limit to a specific number of participants
• Contribution-linked tiering — different pricing, vesting terms, and caps for different investment sizes within a single sale (Category A, B, C tranches)
• Registration and sale phases — a 1–2 week registration period for community building and compliance verification, followed by a 24–72 hour sale window

Vesting Infrastructure

Investors agree to vesting terms at the time of purchase. The platform supports time-based vesting (tokens unlock on a schedule), cliff vesting (tokens unlock in full after a specified period), and price-based vesting (tokens unlock when a cryptocurrency price oracle reports a threshold has been crossed). Price-based vesting was a Tokensoft innovation — turning vesting from a time function into a financial performance function.

Who Has Launched on Tokensoft

The platform's client list spans the defining names in blockchain infrastructure and the landmark regulatory milestones of the entire industry:

• Avalanche (AVAX) — Layer 1 blockchain token launch
• Tezos (XTZ) — Layer 1 blockchain token launch
• The Graph (GRT) — Decentralized indexing protocol
• Synthetix (SNX) — DeFi derivatives protocol
• Moonbeam — Polkadot parachain
• Acala — Polkadot DeFi hub
• Handshake (HNS) — Decentralized DNS protocol
• INX Limited — First SEC-registered security token IPO, $125,000,000 raised
• Connext (NEXT) — Cross-chain interoperability protocol; first cross-chain airdrop

In total: 100+ launches, $1,000,000,000+ processed, 1,000,000+ unique users through compliance procedures.

A Decade of Production Infrastructure

ERC-1404 is the compliance backbone of the digital securities market. Tokensoft co-authored it, built the reference implementation, and deployed it in production at institutional scale — including the first SEC-registered IPO in blockchain history.

The platform behind those deployments represents eight years of compliance automation — KYC pipelines, jurisdictional rule engines, parallel offering infrastructure, vesting primitives, and price oracle integrations validated across hundreds of live transactions. This is not prototype software. It is production infrastructure that has processed a billion dollars of regulated financial transactions.