ERC-3643

ERC-3643 (T-REX — Token for Regulated EXchanges) is an Ethereum security token standard created by Tokeny Solutions, submitted as EIP-3643, and reaching Final status on the EIP track. Tokeny was acquired by Apex Group in 2023, transferring governance of the standard and its ecosystem to Apex. The standard is open-source but practically vendor-controlled. ARCHITECTURE OVERVIEW T-REX is an opinionated full-stack standard. It defines: 1. Token contract interface (extends ERC-20) 2. Mandatory identity layer: ONCHAINID (a separate EIP — EIP-734/735) 3. Compliance module interface: pluggable rule sets checked on transfer 4. Identity registry: on-chain mapping of investor addresses to ONCHAINID contracts 5. Trusted issuers registry: defines which entities are authorized to issue claims CORE CONTRACTS Token Contract (IERC3643) Extends ERC-20. Key additions: - transfer() and transferFrom() call the compliance module before execution - forcedTransfer(address from, address to, uint256 amount) — agent-only - mint() and burn() — agent-only - freeze(address account, bool frozen) — agent-only - batchTransfer(), batchForcedTransfer() — gas optimization for bulk ops - setCompliance(ICompliance compliance) — updates the compliance module - setIdentityRegistry(IIdentityRegistry registry) — updates the identity registry Identity Registry (IIdentityRegistry) On-chain mapping: investor wallet address → ONCHAINID contract address + country code - registerIdentity(address wallet, IIdentity identity, uint16 country) - updateIdentity(address wallet, IIdentity newIdentity) - deleteIdentity(address wallet) - isVerified(address wallet) → bool — checks that wallet has a registered ONCHAINID with valid, non-expired claims satisfying the compliance module ONCHAINID (EIP-734 / EIP-735) Each investor has their own on-chain identity contract (ONCHAINID). This contract stores claims — attestations from authorized issuers about the investor: - KYC verified (claim topic 1) - Accredited investor (claim topic varies) - Country of residence (claim topic varies) - AML cleared (claim topic varies) Claims are signed by authorized Trusted Claim Issuers. The token's compliance module specifies which claim topics are required and which issuers are trusted. Trusted Issuers Registry Lists ONCHAINID addresses of entities authorized to issue claims for this token. The token owner updates this registry to add or remove claim issuers. Compliance Modules Pluggable rule contracts implementing ICompliance. Standard modules include: - CountryAllowModule: whitelist of permitted investor countries - CountryRestrictModule: blacklist of prohibited countries - MaxBalanceModule: maximum token holdings per investor - SupplyLimitModule: cap on total supply minted to specific investor classes - TransferRestrictModule: additional per-address transfer locks Multiple modules can be composed on a single token. ROLES AND ACCESS CONTROL - Owner: deploys and administers the token; sets compliance and registry - Agent: authorized to freeze, forcedTransfer, mint, burn; maps to transfer agent role - Compliance: the compliance module contract (automated) TRANSFER FLOW 1. Caller invokes transfer(to, amount) 2. Token checks: sender not frozen, recipient not frozen 3. Identity registry checks: both addresses have registered, verified ONDHAINIDs 4. Compliance module checks: all configured module rules pass 5. If all pass: ERC-20 transfer executes and Transfer event emits 6. If any fail: transaction reverts with reason code UPGRADE PATH Token contract is not upgradeable by default. Compliance modules and identity registry CAN be updated via setter functions (owner-only). Replacing the compliance module or registry mid-life requires careful governance to avoid compliance gaps during transition. Major version migrations (e.g. T-REX v3 to v4) have historically required new token deployments with migration tooling provided by Tokeny. GOVERNANCE NOTE While EIP-3643 is Final status (specification frozen), the ONCHAINID ecosystem, compliance module library, and Trusted Issuers Registry tooling are maintained by Tokeny/Apex Group. Platforms using T-REX have practical dependency on Tokeny's infrastructure for full functionality even though the core contracts are open-source. EIP REFERENCE: https://eips.ethereum.org/EIPS/eip-3643 ONCHAINID: https://onchainid.com

On-chain identity with ONCHAINID: atomic compliance verification at the point of transfer, no off-chain lookup requiredComposable compliance modules: pluggable rule sets (country restrictions, investor caps, supply limits) configurable per tokenTrusted Issuers Registry: fine-grained control over which KYC/AML providers' attestations the token acceptsForced transfer and freeze: agent-controlled functions map to transfer agent authority for corporate actions and regulatory compulsionBatch operations: batchTransfer and batchForcedTransfer reduce gas costs for portfolio-scale distributionsMost deployed security token standard: the largest ecosystem of ONCHAINID-compatible claim issuers and compliance module providers

T-REX can be deployed for US securities, and several US-adjacent platforms have done so, but the standard is optimized for European regulatory frameworks. The on-chain identity model via ONCHAINID does not have a native mapping to SEC transfer agent record-keeping requirements under Section 17A of the Securities Exchange Act. US registered transfer agents must maintain shareholder records in a form accessible to EDGAR, DTC, and regulatory examiners — a requirement that on-chain records satisfy only if the regulator accepts on-chain ledgers as the official book of record, which the SEC has not formally confirmed. US deployments of T-REX tend to be in Regulation D, Regulation A, or Regulation S exempt securities, where the compliance framework is more permissive and the transfer agent requirements are less rigid than for registered securities. Tokeny has engaged with US regulatory discussions and published guidance on US use cases, but the standard's primary design target remains EU institutional issuers. Platforms deploying T-REX for US securities should plan for additional compliance infrastructure to bridge the on-chain identity model to SEC-recognized record-keeping obligations.

T-REX has the largest live deployment portfolio of any security token standard as of 2025. Tokeny's platform has facilitated issuances for institutional clients across Luxembourg, Singapore, Switzerland, and other jurisdictions. Notable deployment contexts include: structured product issuances on Luxembourg blockchain infrastructure; tokenized bond programs from European financial institutions; national digital asset pilot programs in France and the Middle East. The ONCHAINID ecosystem includes multiple authorized claim issuers including global KYC providers integrated into Tokeny's onboarding workflow. Apex Group's acquisition of Tokeny has expanded the standard's reach into Apex's fund administration and custody client base, adding significant institutional distribution. The ERC-3643 Association, a non-profit entity, was established to steward the standard's broader ecosystem, though Tokeny/Apex Group remain the dominant contributors.

Vendor governance: despite Final EIP status, the practical roadmap and ONCHAINID ecosystem are controlled by Tokeny/Apex GroupMandatory ONCHAINID coupling: identity layer is not pluggable; platforms that want a different identity system must fork or wrapEthereum-only: no native multi-chain architecture; cross-chain deployments require custom bridging or separate deploymentsToken migration required for major version upgrades: compliance module updates are possible, but token contract changes require reissuanceEuropean-optimized: ONCHAINID and claim structure are designed for EU compliance frameworks; US deployment requires adaptation