Ownership·Custody·Possession
Before discussing property or custody, a more fundamental distinction must be established: the asset and its digital representation are not the same thing. All XRPL pedagogy rests on this.
A token on XRPL is not the asset. It is a representation of the asset. These two objects are distinct, connected by a legal or contractual bridge. Understanding this duality is understanding all of XRPL.
A fractional building
The physical building stays in Paris. 10 000 fractional shares circulate on XRPL.
A tokenized dollar
The dollar stays in the bank. One RLUSD circulates on XRPL for each dollar held.
The real asset
Exists in the physical or legal world, independent of any blockchain.
- · A building
- · A commercial receivable
- · A fund share
- · A dollar in a bank
- · A work of art
The token
Exists on the XRPL ledger. A token (IOU, MPT, NFT) that points to the asset.
- · A real-estate MPT
- · A receivable token
- · A tokenized fund share
- · An RLUSD
- · A certificate NFT
Representation = asset
No bridge. The token is the asset. No duality.
Representation ↔ asset
Two objects, a solid legal bridge. The standard for serious tokenization.
Representation without asset
The token claims to represent something that does not exist. Classic scam.
Reminder: these three concepts apply to the digital representation (the object handled on XRPL — the property in the sense of "what is owned"), not to the underlying real asset.
The legal title to the asset. Recognized by a court, enforceable against third parties, transferable by inheritance.
"This asset belongs to me under the law."
The formalized responsibility of keeping and protecting the asset on behalf of another. A role, not a fact.
"I am responsible for protecting this asset."
Material control. On XRPL: who holds the private keys at time T. No legal dimension.
"I can move this asset, right now."
Hover the dashed-underline terms for the glossary definition:Ownership·Custody·Possession·SPV·Freeze·Clawback
The car metaphor
Three people can have a relationship with a car, without having the same type of relationship.
The legal titleholder of the vehicle. The owner according to the State.
E.g.: your name on the title
The one officially in charge, by contract.
E.g.: the dealer during service
The one who can start it and drive, right now.
E.g.: the valet, or a thief
| Configuration | Ownership | Custody | Possession |
|---|---|---|---|
Startup treasury in self-custody Stablecoins paid by B2B clients | The company | The company | CEO + CFO (multisig) |
Tokenized loyalty program Customer points issued by a retailer | The customer | The brand's app | The brand's app |
Tokenized invoice (factoring) MPT representing a B2B receivable | The investor-buyer | Regulated platform (CASP / MSB) | Regulated platform |
SaaS billed in XRPL stablecoin International customer collection | The SaaS vendor | Crypto PSP (or ops wallet) | Crypto PSP |
Tokenized fund share On-chain money market fund | The investor | Regulated custodian | Regulated custodian |
Operational key compromise Phishing of a signatory executive | The company (legally) | — compromised — | The attacker |
Legal ownership transfers according to the country's applicable law.
tx_legal = notarial deed or contractual assignment
Custody responsibility transfers via depositary contract.
tx_mandate = new custody contract
Technical control transfers via an on-chain transaction signature.
tx_xrpl = Payment or signed OfferCreate
The three layers are synchronized
An investor buys a tokenized fund share. The regulated custodian receives the MPT on XRPL, KYC is validated, the legal title is registered in the investor's name.
The ledger and the law diverge
A real-estate token is stolen. On the XRPL ledger, the hacker has possession and can resell it. The law still recognizes the original owner. Conflict: the blockchain says A, the court says B.
XRPL provides native features — not smart contracts to code, but primitives built into the protocol — that allow a regulated issuer to maintain alignment between on-chain possession and legal ownership. Here are the six levers to know.
Trustlines
The holder must explicitly accept each token type. The issuer knows all its holders.
Credentials
On-chain attestations (KYC, accreditation, age) issued by an authority. Verifiable without revealing the raw data.
Permissioned Domains
Circulation spaces restricted to holders of valid credentials. Essential for compliant RWAs.
Freeze
The issuer can freeze a token on an account (court order, sanctions, fraud suspicion). The token stays but can no longer move.
Clawback
The issuer can claw back an issued token (error correction, theft, court order). The ledger catches up with the law.
MPT (Multi-Purpose Tokens)
Structured tokens with metadata and built-in rules (transferability, caps, conditions). Compliance in the token itself.
The three layers do not carry the same legal weight. Custody is the most regulated. Ownership inherits from classic law. Possession has no direct status but triggers obligations indirectly. This overview spans both EU (MiCA) and US (BitLicense, FinCEN, state trust charters) — always validate with a lawyer for your specific jurisdiction.
Ownership
Burden: Medium- · Civil law (property, contracts, inheritance)
- · Securities law if the token is a security
- · MiCA Title II if "other crypto-asset"
- · GDPR if personal data is attached
- · MiCA whitepaper (EU) / SEC disclosure (US)
- · Up-to-date holders' registry
- · Periodic disclosure
- · Disclosure document (prospectus if security)
- · Consumer law if general public
- · Terms of Token
- · Subscription Agreement
- · Risk Disclosure
Custody
Burden: Very heavy- · MiCA → mandatory CASP authorization (EU)
- · NY BitLicense / Trust Charter (US-NY)
- · FinCEN MSB (US federal)
- · AML Directive (EU AMLD) / Bank Secrecy Act (US BSA)
- · Minimum capital (€125K under MiCA / state-specific in US)
- · Strict segregation of client assets
- · Liability in case of loss
- · Business continuity plan (BCP)
- · Mandatory KYC / AML-CFT
- · Regular audits, regulator reporting
- · Insurance against losses
- · Detailed Custody Agreement
- · Service Level Agreement (SLA)
- · Key management policy
Possession
Burden: Indirect but insidious- · If possession for another → regulated custody
- · Criminal handling if asset stolen (even unintentionally)
- · OFAC / EU sanctions if funds linked to sanctioned entity
- · Employer liability if keys held by employee
- · Travel Rule (FATF) on transfers > thresholds
- · On-chain screening (Chainalysis, Elliptic)
- · Source-of-funds proof (provenance)
- · AML-CFT vigilance
- · Operational key security
- · Key Management Policy
- · Incident Response Plan
- · Screening procedure
The legal qualification of your token determines the stack of obligations that piles on top. This tree is a first sorting grid (EU/MiCA framework dominant) — definitive qualification requires formal legal advice.
Classic financial security, tokenized. Financial markets regime (MiFID II, prospectus, AMF, ESMA).
MiCA Title IV regime. Issuer must be authorized as an electronic money or credit institution.
MiCA Title III regime. Specific authorization, mandatory reserves, regulator-validated whitepaper.
Lighter MiCA Title II regime. Whitepaper required but no authorization. Exemption possible if closed network.
Residual MiCA Title II category. Whitepaper mandatory but lightest regime.
Before tokenizing anything,
ask yourself: who has what?
For every token you handle in your product: who is the owner, who has custody, who has technical possession? And what legal qualification applies to that token?
If you cannot clearly answer all four questions, you are not ready to launch.
A simple grid that avoids complex problems.
What now? Put the grid into practice
You now hold the conceptual grid. Here are the 3 Regul8 tools that apply directly to your case — from design diagnostic to regulatory obligation.
What power does your app take on assets? Read → propose → authorize → deposit.
Custodial / non-custodial / grey classification across the 10 XRPL methods.
EU custody licence obligation: €125K capital (Art.67 Class 2), segregation, liability.
General information only, not legal advice. Predominantly EU/MiCA framework; the US counterpart (Howey, BitLicense, FinCEN) is mentioned but final qualification must be validated by counsel in your jurisdiction.