ICO, STO & Coin/Token Offering Legal Advisory in UAE: Q&A Guide

Legal Experts

Picture of Nikolas Kairis
Nikolas Kairis

Senior Partner - Financial Markets and Digital Assets ( USA, Greece, Germany, Cyprus, UAE)

Picture of Fahad Al Howdari

Fahad Al Howdari

Principal Advocate - Litigation (UAE)

Picture of Ghassan Makki

Ghassan Makki

Founder and Managing Partner - Financial Markets and Digital Assets

View All Professionals

Table of Contents

Q1: What are ICOs and STOs, and are they allowed in the UAE?

A: ICO (Initial Coin Offering) and STO (Security Token Offering) are both methods of raising funds through the issuance of digital tokens, but they differ in the nature of the token being offered:

 

In an ICO, the token sold is typically a utility token or cryptocurrency that is not officially classified as a security. ICOs gained fame in 2017-2018 as a way for blockchain startups to crowdfund by selling tokens that might have future use on a platform or simply be speculative assets. 

 

In an STO, the token is structured as a security token – meaning it represents an investment contract or regulated financial instrument, like shares in a company, profit-sharing rights, or a bond. STOs are essentially the crypto equivalent of an IPO or bond issuance, done in compliance with securities laws. 

 

In the UAE, both ICOs and STOs are allowed provided they comply with regulations. The wild west days of unregulated ICOs are over here. The UAE was actually among the first in the region to issue guidance and regulations for token offerings:

  • Back in 2019, the UAE’s Securities and Commodities Authority (SCA) released regulations concerning Crypto Asset fundraising. The SCA basically treats most token offerings as either securities or commodities that need approval. Under SCA’s framework (Decision No. 23 of 2020), any public offering of tokens in the UAE’s mainland must be approved by SCA, ensuring investor protections similar to those in stock offerings. In fact, the SCA classifies tokens with security-like characteristics as security tokens that fall under UAE securities law.

  • Dubai’s VARA now also oversees token offerings that occur in Dubai (outside DIFC). VARA’s Issuance rulebook (part of the 2023 VARA regulations) requires that any entity issuing a new token (that qualifies as a virtual asset) from Dubai must comply with certain disclosure and registration requirements. Practically, this means preparing a whitepaper or prospectus and getting VARA’s nod before selling tokens to the public from Dubai.

  • ADGM and DIFC: These financial free zones have their own frameworks. ADGM allows STOs under its Financial Services regulatory regime – in fact, ADGM saw one of the region’s first STOs when a company tokenized its shares and offered them under ADGM oversight. ADGM requires an approved prospectus or an exemption (like offering only to professional investors) for security tokens, just like any conventional securities offering. DIFC’s DFSA introduced an Investment Tokens regulatory framework in 2021, which

    covers security tokens and derivatives tokens. In the DIFC, an STO can be done with DFSA approval and is subject to similar prospectus or exempt

    offering rules as ADGM/SCA. DIFC also requires any trading of such tokens to occur on a DFSA-authorized exchange.



In short, launching an ICO/STO in the UAE is feasible and the country welcomes it as part of being a fintech hub – but you must do it legally. Unregistered token sales to the public are not allowed, and enforcement has occurred against those who tried (the SCA has previously cautioned investors about unregulated ICOs). The good news is, with the right legal guidance, you can structure a token offering that meets compliance and taps into the region’s robust investor community.

Q2: What steps are involved in launching a compliant token offering (ICO or STO) in the UAE?

A: Launching a compliant token offering involves careful planning and regulatory engagement:

 

  • Determine Token Classification: First, we analyze the token’s characteristics. Does it give holders any rights like profits, equity, governance in a project? If yes, it likely qualifies as a security token (STO). If it’s purely a utility token (e.g., used for accessing a platform service, with no share in profits), it might be possible to do an ICO-style sale, but even then we tread carefully because even “utility” tokens can be deemed investments by regulators if buyers have an expectation of profit. In the UAE, we often err on the side of treating a token as regulated to be safe. We may seek an informal view from SCA or VARA on the classification if it’s borderline.
  • Choose Jurisdiction: Based on the above, choose where to conduct the offering:
    • For an STO targeting sophisticated investors, ADGM or DIFC could be ideal because they have established capital markets infrastructure (licensed custodians, exchanges, etc.) and clear rules for private placements. One might incorporate a company in ADGM and issue tokens under FSRA supervision. ADGM even has listing venues for tokens (e.g., FADX in ADGM for digital assets).
    • For a broader ICO to retail investors, VARA in Dubai or under SCA oversight is relevant. If doing it in Dubai, the project team might set up in a free zone like DMCC or DWTC (Dubai World Trade Centre free zone, where VARA is based) and seek VARA approval for a token sale to the public (likely a first-of-its-kind scenario that VARA is gearing up for). If doing it in mainland UAE (outside free zones), SCA’s framework applies – potentially partnering with a local financial institution to manage the offering might be needed as SCA may require a locally licensed arranger.
  • Regulatory Approval & Documentation: For an STO, this typically means preparing an Offering Memorandum or Prospectus. Hoot will draft this comprehensive document much like a stock prospectus, containing business information, risk factors, terms of the token (rights, lock-ups, etc.), and financials. We then liaise with the regulator (SCA/FSRA/DFSA) for approval or waiver. For a VARA-overseen offering, a detailed whitepaper must be filed with VARA, including required disclosures (project description, tokenomics, team info, risks) – we prepare that to meet VARA’s expected standards. Regulators will review these documents; expect a round of comments. With our experience, we craft disclosures that pre-empt many questions. For example, we always include a clear explanation of the token’s utility and why it’s not a traditional security (if we’re arguing it’s a utility token), which addresses regulator concerns upfront.
  • Investor Eligibility & Marketing: Part of the plan is deciding who can buy. In many cases, especially for STOs, offerings are limited to professional (accredited) investors to utilize exemptions and ease the approval process. If retail investors are allowed, the compliance bar is higher (a fully approved prospectus likely needed, plus perhaps caps on investment amounts per investor for their protection). Marketing materials (website, social media, roadshow decks) must be carefully vetted. UAE regulators forbid making misleading statements or guaranteeing returns. All marketing likely needs a disclaimer that approval is obtained (or pending) and where to find the official offering document. Hoot reviews all promotional content to ensure consistency with the official prospectus/whitepaper and adds required legends (like “This token does not represent equity and may lose value,” etc.). For Dubai, VARA also has marketing guidelines – e.g., requiring that only factual, non-misleading info be presented and no promotional targeting of vulnerable investors. We ensure adherence to these rules in your campaign.
  • AML/KYC and Platform Setup: The offering platform (whether it’s through an exchange, a launchpad, or your own website) must implement KYC for all token purchasers, to comply with UAE AML laws. We help set up these processes: investors will typically need to sign a token purchase agreement and provide ID documents. If raising crypto (some ICOs accept ETH/BTC), you must vet those funds’ source too – often by using blockchain analytics on incoming transfers. We incorporate those steps into the offering process (e.g., in the terms, buyers consent that their crypto may be screened and any suspicious contributions refused and returned). Fiat contributions need to go through a UAE bank or payment processor, which requires the entity to have at least a bank account – we assist with that banking setup by presenting your compliance measures to banks.
  • Token Issuance and Post-Offering: If the offering is successful, tokens are issued/distributed to investors. For an STO, this might involve using a
    regulated tokenization platform – in ADGM, for instance, the tokens might be created on a blockchain that an ADGM custodian oversees. We ensure the legal transfer of rights is effective (for example, if tokens represent shares, making sure the corporate share registry in ADGM or the DIFC Trust structure reflects the token holders properly). Post-offering, there may be ongoing obligations: periodic reports to investors (SCA may require an STO issuer to publish semiannual progress reports or financial statements), maintaining an open channel for investor inquiries, and abiding by any lock-up or trading restrictions (often early investors cannot sell immediately on secondary markets without certain conditions). If the token will be listed on secondary exchanges, we liaise to get necessary approvals for listing (the exchange will require legal opinions and confirmations of compliance which we prepare).

 

While this process can be complex, Hoot Innovation Hub handles the heavy lifting, coordinating with all parties (regulators, tech providers, banks or crypto exchanges) so that the token offering is executed smoothly and lawfully.

Q3: How does Hoot assist in the token design and documentation (whitepaper/prospectus)?

A: One of the most important documents in any coin or token offering is the Whitepaper (for ICOs) or Prospectus/Information Memorandum (for STOs). Hoot’s role includes:

 

  • Legal Review of Whitepaper: If your team has drafted a whitepaper explaining the project and tokenomics, we review it meticulously to ensure all statements are accurate and not misleading. We often add a “Legal Considerations” section covering the regulatory status of the token, the rights of holders, and risk factors. Any forward-looking statements (e.g., “Token value will increase as adoption grows”) need proper cautionary language to avoid being seen as a guarantee or unwarranted forecast. We calibrate the language to excite investors about the project’s potential while clearly stating the risks and absence of guarantees. This builds credibility with both investors and regulators reviewing the document.
  • Drafting Terms and Conditions of the Token Sale: This is typically a separate document or section that every participant agrees to (sometimes embedded in the whitepaper or as a click-through on the sale platform). It covers eligibility (only certain jurisdictions or investor categories can
    participate), obligations (e.g., investor won’t sell tokens in restricted markets), company’s limited liability regarding the token (e.g., not liable for market volatility), and how disputes would be handled. We ensure this aligns with UAE law and international best practices. For example, we include choice-of- law and forum clauses (often choosing DIFC courts or arbitration for international investor friendliness), and representations from the buyer that they are not a sanctioned person and that they understand the token’s risks.
    These terms act as a contract governing the sale; if any issues arise (like an investor claims they didn’t receive tokens), these terms will be key to resolving it.
  • Prospectus/Offering Memorandum Drafting: For STOs, we often take the lead in drafting a full prospectus if needed. This involves working closely with your team to gather business and financial information, and writing it in the format regulators expect. We highlight things like the use of proceeds from the token sale (regulators want assurance funds will be used for the stated project and not diverted), rights attached to tokens (e.g., profit share, voting, or none if it’s a utility token), and detailed risk factors. Risk disclosures are crucial: we cover technology risks (hacks, bugs), market risks (token price could go to zero), regulatory risks (laws could change making operations difficult), etc. A comprehensive risk section not only is legally required but also manages investor expectations and liability. UAE regulators will check that you’ve adequately warned investors of what could go wrong, from volatility to regulatory changes. Our familiarity with common risk language (including VARA’s specific recommended risk disclosures for virtual assets) helps ensure this section is thorough.
  • Token Terms (Utility vs Security): If it’s a utility token, we define what that utility is in legal terms. For example, “Token X can be used to pay for services on Platform Y with a 10% discount, but confers no ownership rights.” We clarify that holding the token doesn’t equate to ownership of the company or guaranteed profits. Conversely, if it’s a security token, we detail the rights (e.g., “each token represents one share in XYZ Ltd., with rights to dividends and voting as per shareholder agreement”). We ensure that whatever the structure, the legal realities match the promises in the marketing.
  • Aligning with International Law: Many token sales involve international investors. We craft the documentation to not violate other major jurisdictions’ laws. For instance, we typically exclude U.S. persons to avoid SEC issues (and include a legend that tokens are not offered in the US or to US persons). We also consider EU laws – currently, before MiCA is in effect, some EU countries treat tokens as securities or crypto-assets with notification requirements. Our documents often say that no offering is made in any jurisdiction where it’s not permitted, effectively limiting liability if someone sneaks in from a restricted country. If needed, we can arrange for parallel compliance in friendly jurisdictions (e.g., file the whitepaper with Swiss authorities if targeting European investors under their DLT laws), working with foreign counsel.
  • Regulator Liaison: After drafting, we handle the submission to the relevant regulator and respond to their queries or comments. We make sure any edits they require are incorporated properly without altering the token’s
    fundamental economics unless absolutely necessary. Because we know what regulators tend to focus on (e.g., SCA might focus on how custody of funds is handled, VARA might focus on marketing language), we prepare accordingly, often resulting in quicker approval.

 

Q4: What real-world examples are there of token offerings Hoot has advised on?

A: Hoot Innovation Hub has a track record in this area:


  • Case Study – Utility Token Sale (ICO): We advised a fintech startup in Dubai that wanted to issue a utility token to power its payments and rewards ecosystem. The token wasn’t a share in the company, but we needed to ensure the sale stayed on the right side of regulation. We helped structure the offering as a private pre-sale to strategic partners and a public sale to retail under VARA’s supervision. We worked to get a provisional no- objection from VARA given the token’s clear utility use-case and the fact the sale was capped and marketed only within the crypto community (reducing public risk). We drafted a comprehensive whitepaper and token purchase terms. In the end, the sale was conducted via an authorized crowdfunding platform in Dubai (to add an extra layer of investor protection and comply with onshore rules) and successfully raised several million dollars. Because we did it through proper channels, the company built credibility – local banks were even willing to work with them, knowing they followed regulations. The token launched and is used on the platform, and because we future-proofed the legal structure, the token later got listed on a major exchange without legal hurdles.
  • Case Study – Security Token Offering: Another client, a real estate investment firm, sought to tokenize shares in a property fund (essentially an STO where tokens represent units in a real estate portfolio). We chose ADGM for this due to its sophisticated regulatory environment for funds and digital securities. The firm set up an ADGM Special Purpose Vehicle (SPV) to be the issuer of tokens. We coordinated with ADGM’s FSRA to classify it as an Exempt Offer (offered only to accredited investors, thus no public prospectus needed under ADGM rules). We drafted an Offering Memorandum in line with ADGM’s requirements and the digital securities framework. We also engaged a tokenization platform provider to handle the technical issuance on a permissioned blockchain, ensuring they met ADGM’s technology risk and custody standards. The STO raised funds from GCC investors who received security tokens entitling them to quarterly rental income from the underlying properties (distributed via smart contract). This was one of the early examples of a regulated real estate STO in the UAE, and our legal framework ensured that token holders had enforceable rights (backed by a proper fund structure) while the issuer complied with all fund regulations.
  • Case Study – Exchange Listing after ICO: Hoot assisted a blockchain gaming startup that had conducted an ICO abroad but wanted to list its token on a UAE-based exchange and relocate operations to Dubai. We helped them “localize” their compliance: we reviewed the token’s issuance history to ensure no regulatory breaches (they had excluded US and sanctioned countries in their ICO, which was good). We worked with VARA to get an acknowledgment that since their prior sale was outside UAE, they could proceed to use the token locally as a utility token, with VARA focusing on their ongoing activities. We then assisted with listing on a Dubai exchange (licensed under VARA). This required legal opinions to the exchange and VARA that the token is not a security under UAE law and that the prior sale was conducted in line with applicable laws. We also set up the company’s presence in Dubai and got a VARA provisional permit for the company as a Virtual Asset Issuer. Through our work, the token not only got listed successfully, but the company gained legitimacy to base in Dubai and even secured new funding from UAE investors since it was now seen as a compliant, home-grown project.

Q5: How do UAE’s token offering regulations compare to other countries?

A: The UAE takes a proactive yet cautious approach:

 

  • Unlike some countries that banned ICOs outright (e.g., China, which banned ICOs in 2017), the UAE chose to regulate and integrate them. This is similar to places like Singapore, which requires registration or exemption for token offerings, or Switzerland, which classifies tokens into categories (payment, utility, asset) and applies existing laws accordingly. The UAE’s SCA likewise provided a framework early on, signaling that legitimate token sales are welcome under oversight. It balanced innovation and protection by letting firms raise money while ensuring they do so transparently.
  • Compared to the US: In the US, many ICOs ran into trouble with the SEC as unregistered securities offerings. The SEC uses the Howey test (does the scheme involve an investment in a common enterprise with an expectation of profits from the efforts of others). By that broad standard, many utility tokens were deemed securities. The UAE provides clearer upfront paths. A project in UAE can approach VARA or SCA and say “here’s my token, how can I do this properly?” and get guidance or approval, whereas in the US it’s often uncertain until enforcement happens. However, the stringency is similar in that if a token looks like a security, UAE authorities will require it to be treated as such. The big difference is timing and cooperation – UAE regulators work with projects before launch, whereas US often addresses them after the fact with penalties.
  • Europe: The European Union’s MiCA (effective 2024/25) will create a single regime for public token offerings of crypto-assets (utility tokens) with required
    whitepapers notified to regulators, and separate rules for asset-referenced tokens (like stablecoins). The UAE already practices something analogous via SCA/VARA: requiring a form of whitepaper/prospectus and approval. In many ways, UAE is aligned with what’s becoming the international standard for token offerings. Also, Europe’s existing Prospectus Regulation requires even security offerings (STOs) to publish a prospectus or use exemptions – same as UAE’s approach. So for global firms, doing an offering in UAE feels familiar and acceptable to their legal counsel and investors, rather than some off-the- radar wildcard.
  • One advantage in the UAE is the availability of financial free zones (ADGM, DIFC) with experience in capital markets. A security token offering can tap into these ecosystems – e.g., list on an ADGM-recognized exchange or use DIFC’s legal system for dispute resolution – providing additional assurance to investors. This multi-jurisdictional makeup is unique to UAE and can be leveraged to structure offerings optimally.
  • Taxation: In many countries, raising funds through a token sale could have tax implications (e.g., treated as revenue). The UAE currently has no capital gains or income tax on such fundraising proceeds. Even with the new corporate tax, if structured correctly (especially in free zones or as qualifying funding transactions), a token raise might not be taxable revenue. This means projects can use more of the raised funds for development. However, one must be careful: if a token sale is structured as a pre-sale of services (utility), at some point providing those services would incur VAT obligations if within UAE – we plan for that to avoid surprises.
  • Investor perspective: UAE is seen as a reputable jurisdiction. A token
    offering approved by SCA or VARA signals a level of quality control. This is better for investor confidence compared to jurisdictions with no oversight. It can also make it easier to list on reputable exchanges, as those exchanges know a UAE-sanctioned offering met certain standards.

 

Q6: What services does Hoot provide for companies considering an ICO or STO in UAE?

A: Hoot Innovation Hub offers a suite of services:

 

  • Regulatory Strategy Consulting: Early on, we consult on whether an ICO/STO is the right approach or if alternatives (like private fundraising or an initial exchange offering “IEO” on a licensed exchange) might be more suitable. If proceeding, we map out whether to do it under VARA, SCA,
    ADGM, or DIFC. Sometimes a combination is best (e.g., incorporate in ADGM but market via VARA-approved channels). We have contacts at these regulators and can often get informal feedback on novel ideas before formally applying.
  • Liaising with Authorities: We handle communications with regulators. For example, submitting a formal token offering application to VARA and responding to their questions. Or meeting SCA officials to explain a unique token model (we’ve done presentations to regulators on how a utility token works in the context of a specific industry, to help them understand and obtain buy-in). Because we speak their language (in legal and often Arabic as needed), this can significantly smooth the process. We aim to make the regulator a partner in the project’s success (within the bounds of compliance).
  • Drafting Legal Documents: As discussed, we draft or review whitepapers, token sale agreements, prospectuses, SAFTs/SAFEs for pre-sale investors, marketing disclaimers, and more. We ensure all documents align with one another and with local law. Consistency is key: what you say in the whitepaper, legal terms, and regulatory filings must match to avoid any misrepresentation. We manage that consistency. We also often prepare an internal “legal memo” for the team outlining exactly what they can and cannot do in the token sale (like who they can market to, what representations staff can make, etc.), basically a compliance handbook for the raise, so everyone on the team is aligned and no one inadvertently violates rules.
  • Review of Technology and Token Economics: Interestingly, a legal advisory like ours also delves into the tech and economics at a high level. If a token’s code has features like the ability for the issuer to freeze transfers or mint additional tokens, we need to disclose that. We coordinate with developers to understand the token smart contract and even suggest modifications if it helps legal compliance (for instance, implementing a vesting schedule or lock-up via smart contract for certain tokens can reassure regulators that the team can’t just dump their allocation). We also check if the token economics (supply, allocation) could raise any red flags (like too much token going to insiders might worry investors/regulators – we might suggest a lock-up or escrow for those).
  • KYC/AML Setup for Token Sale: If doing the sale from UAE, we set up procedures for KYC and investor onboarding. This includes selecting a KYC provider or using a local UAE banking partner for processing fiat. We draft the necessary privacy policy and consent forms for collecting personal data during KYC, ensuring compliance with UAE’s data protection laws. We also help with sanctions screening setup – UAE is strict on not dealing with sanctioned individuals, so we make sure the subscription process checks names against the UAE and international sanctions lists.
  • Post-Launch Support: After the token sale, we often remain as counsel. This means handling any regulatory filings (some regulators may require a report on the offering result – e.g., how many tokens sold, amount raised, etc.), advising on secondary market activities (like rules on buybacks or additional
    issuances), and continuing to advise the issuer on corporate matters. For example, if token holders have governance rights via a DAO, we help set that up legally. Or if the company wants to use some of the raised crypto treasury for yield farming or other purposes, we counsel on the legal implications (ensuring that doesn’t breach any representation made to investors about fund use). We essentially ensure the company fulfills all promises made during the offering and stays compliant thereafter, building a long-term trust relationship with the investors and regulators.

 

Q7: What’s the long-term outlook for token offerings in the UAE and how can Hoot help maintain compliance in the evolving landscape?

A: The crypto fundraising landscape continues to evolve:


  • The era of pure hype-driven ICOs has given way to more regulated, serious offerings – a trend that the UAE is aligned with. We expect more STOs especially, as companies realize they can raise funds by tokenizing equity or debt and benefit from blockchain efficiency while still following laws. The UAE wants to be a hub for regulated digital securities (ADGM is already promoting itself as such). So opportunities for STOs (like tokenized funds, bonds, sukuks) will grow. Hoot is heavily invested in security token knowledge (we keep up with international standards like the ERC-1400 security token standard) so we can advise on technical compliance as well (like ensuring a security token has necessary transfer restrictions coded in, as required by ADGM rules).
  • The UAE might soon see retail-friendly token sale platforms – akin to crowdfunding portals but for tokens. SCA issued equity crowdfunding regulations; perhaps it will allow token offerings via approved crowdfunding sites. That will open opportunities for startups to raise from the public in smaller amounts under controlled environments. We’re watching for that, and will help clients leverage such platforms once available (preparing offerings that fit the criteria and ensuring their token is structured to be offered through those channels).
  • Global interoperability: As regulations standardize (with MiCA in EU, clearer SEC rules possibly in the US eventually, etc.), doing a multi-country token sale will become easier legally. UAE projects may concurrently register
    offerings in multiple jurisdictions. Hoot’s global network and knowledge means we can coordinate such multi-jurisdictional compliance to maximize the fundraising potential (for example, doing a GCC-wide offering by complying with UAE and a neighboring country’s laws simultaneously, something we’ve done by working with partner firms in Saudi Arabia, etc.).
  • Secondary Trading & Liquidity: After an STO, tokens may trade on secondary markets. UAE is fostering such markets (e.g., FADX in ADGM for digital assets trading, and VARA’s licensing of exchanges). We foresee new
    regulations about how security tokens can be traded peer-to-peer or on exchanges, how custody of security tokens should work, etc. Hoot will continuously update token issuers on these aspects, so they remain compliant when their tokens circulate. For instance, if a new rule requires security tokens only be held in approved wallets or custody, we’d assist in organizing that for our clients’ token holders or updating terms accordingly.
  • Integration with traditional finance: The line between crypto tokens and traditional securities will continue to blur. The UAE’s approach to treat similar things similarly (regulate tokens as securities if they are like securities) positions it well. Hoot keeps a foot in both worlds – we have traditional finance lawyers and crypto lawyers under one roof – so we’re prepared for a future where, say, a company might simultaneously do an IPO on DFM (Dubai Financial Market) and an STO in parallel. We could manage the legal requirements of both and ensure no conflicts (like making sure one doesn’t violate the disclosure rules of the other).

 

Hoot Innovation Hub is dedicated to staying ahead of regulatory changes. We participate in local blockchain and legal forums, sometimes even contributing to

consultation papers for new laws. This means our clients often get a heads-up long before a new rule hits, allowing them to adapt smoothly.

 

If you’re considering a token offering – be it an ICO for your utility token or an STO to tokenize assets – don’t navigate the complex regulations alone. Contact Hoot Innovation Hub and let our experts pave the way for a compliant, successful token raise in the UAE’s booming crypto market. We turn legal compliance from a hurdle into a strategic advantage for your fundraising journey.

Contact Us
Professional Legal Services Popup
×

Looking for Expert Legal Services for Crypto & Fintech in the UAE?

Navigate the complexities of UAE crypto and fintech regulations with our experienced legal team. Contact us today!

Send Email WhatsApp Us

Related Practice Areas

Next Project

DeFi & Decentralized Finance Advisory in UAE

Back to top