Few questions in crypto have generated more litigation and confusion than whether a given token is a security. The answer does not come from a crypto-specific statute, because there largely isn't one on this point. It comes from a test the U.S. Supreme Court articulated in 1946, in SEC v. W.J. Howey Co., and the SEC has published guidance explaining how it applies that test to digital assets. That guidance, the "Framework for Investment Contract Analysis of Digital Assets," is the document to read before accepting anyone's claim that a token is or is not a security.

The federal securities laws define "security" to include an "investment contract," alongside instruments such as stocks and bonds. The SEC framework explains that a digital asset should be analyzed to determine whether it has the characteristics of any product that meets the definition of a security, and it focuses on the investment-contract route because that is the category courts use for novel arrangements. An investment contract, the framework states, exists when there is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others. Those are the prongs of the Howey test.

"The so-called 'Howey test' applies to any contract, scheme, or transaction, regardless of whether it has any of the characteristics of typical securities."— SEC, source

That sentence is the reason a token's branding does not settle the question. The framework states that the focus of the Howey analysis is not only on the form and terms of the instrument itself but on the circumstances surrounding the digital asset and the manner in which it is offered, sold, or resold. A token marketed as a "utility token" can still be an investment contract if the economic reality of how it is sold satisfies the prongs; conversely, the prongs can cease to be satisfied as a network and its asset evolve.

The four prongs, mapped to tokens

The first prong, an investment of money, is usually the easiest to meet, since purchasers typically pay fiat or other digital assets to acquire a token. The second, a common enterprise, the framework treats as typically satisfied in the digital-asset context. The real analysis, the SEC indicates, concentrates on the remaining two prongs. The "reasonable expectation of profits" prong asks whether buyers are motivated by the prospect of gains, including from price appreciation, rather than by a desire to consume or use the token. And the "efforts of others" prong asks whether those expected profits depend on the managerial or entrepreneurial efforts of an identifiable third party, such as a promoter or active development team, rather than on the buyer's own efforts or on a fully decentralized network with no one in such a role.

The framework also lists factors that point the other way, toward a digital asset being less likely to satisfy the investment-contract analysis. These include situations where the network on which the token functions is fully developed and operational, where token holders can use the token immediately for its intended consumptive purpose on the network, where prospects for appreciation are limited, and where the asset is marketed in a way that emphasizes its functionality rather than its potential for profit. The presence of these characteristics, the framework indicates, weighs against finding the reasonable-expectation-of-profits and efforts-of-others prongs satisfied. The upshot is a balancing exercise rather than a single bright-line switch: the SEC presents lists of factors cutting in each direction, and the analysis weighs them against the specific facts of how a token is offered, sold, and used.

Why the "efforts of others" prong does the heavy lifting

The framework devotes the most attention to whether purchasers reasonably expect to rely on the efforts of an active participant, often described as an "active participant" or "AP." It lists characteristics that point toward such reliance, including a promoter responsible for the development, improvement, operation, or promotion of the network, and situations where the network is not yet fully functional at the time of sale. The implication is that the same digital asset could fall inside or outside the definition depending on the stage of the network and the role its sponsors play. Where purchasers no longer reasonably expect a third party to carry out essential managerial efforts, the analysis can come out differently than it did at the initial sale.

It is worth being precise about what the framework is and is not. It is staff guidance, not a binding rule, and the SEC states that it is not an exhaustive overview of the law. It does not declare any particular token to be or not to be a security; it sets out the factors. The legal force comes from Howey and the subsequent case law the framework cites, applied to the specific facts of how a token is offered and sold. That is why two tokens with similar technology can be analyzed differently, and why the same token can be analyzed differently over time.

The durable takeaway is the test itself. To gauge whether a crypto token is a security, the SEC framework directs the reader to ask the Howey questions: was there an investment of money, in a common enterprise, with a reasonable expectation of profits, derived from the efforts of others. The label on the token, and the promises in its whitepaper, are inputs to that analysis rather than answers to it.