ERC-7943

ERC-7943 (uRWA — Universal RWA Standard) is an Ethereum interface standard for regulated on-chain assets. It reached Final status in the EIP process in 2024. Primary author: Dario Lo Buglio (Brickken). Coalition participants: Brickken, CMTA Swiss, DigiShares, Stobox, Zoth. DESIGN PHILOSOPHY ERC-7943 is intentionally interface-minimal. It defines the ABI signatures that any compliant token must expose, but mandates nothing about how compliance logic is implemented, where identity data is stored, or which oracle systems are used. This separates the transfer restriction interface from the compliance implementation — a deliberate inversion of the approach taken by ERC-3643 (which mandates ONCHAINID) and ERC-1400 (which mandates partition and controller logic). CORE INTERFACE — KEY FUNCTIONS canTransact(address from, address to, uint256 amount) → (bool, bytes) Checks whether a transfer from `from` to `to` of `amount` tokens is permitted. Returns a boolean and an optional reason code (bytes). The reason code is advisory and allows UIs and compliance systems to surface human-readable failure reasons. canSend(address from, uint256 amount) → (bool, bytes) Checks whether `from` is eligible to send `amount` tokens regardless of recipient. Useful for pre-flight checks in wallets and trading interfaces. canReceive(address to, uint256 amount) → (bool, bytes) Checks whether `to` is eligible to receive `amount` tokens regardless of sender. Useful for investor eligibility screening at the point of purchase. getFrozenTokens(address account) → uint256 Returns the number of tokens currently frozen (restricted from transfer) for a given address. Frozen tokens reduce the transferable balance but do not reduce the total balance. Used for lock-up periods, dispute holds, and regulatory freezes. setFrozenTokens(address account, uint256 amount) Sets the frozen token balance for an address. Access-controlled; typically restricted to authorized compliance operators. Emits a FrozenTokensSet event. forcedTransfer(address from, address to, uint256 amount) Transfers tokens from `from` to `to` without requiring `from` consent. Access-controlled; intended for corporate actions (stock splits, mergers), court orders, regulatory compulsion, and error recovery. Must emit a ForcedTransfer event distinguishable from voluntary transfers. TOKEN TYPE COMPATIBILITY ERC-7943 extends the following base standards depending on asset type: - ERC-20 for fungible securities (equity, debt, fund shares) - ERC-721 for non-fungible assets (individual bonds, specific real estate units) - ERC-1155 for multi-token portfolios (multiple asset classes in one contract) COMPLIANCE ORACLE PATTERN The recommended implementation pattern is a pluggable compliance oracle: a separate contract address registered with the token that implements canTransact / canSend / canReceive. The token contract delegates compliance checks to the oracle on every transfer. This allows: - Compliance logic upgrades without token migration - Jurisdiction-specific oracles per token or per transfer class - Third-party compliance providers to build to the interface without owning the token EVENTS Transfer(address indexed from, address indexed to, uint256 amount) — standard ERC-20 FrozenTokensSet(address indexed account, uint256 newAmount) ForcedTransfer(address indexed from, address indexed to, uint256 amount, address indexed operator) UPGRADE PATTERN Because compliance logic is separated from the token interface, upgrades do not require token migration. The oracle address can be updated via a governed upgrade function on the token contract. Token holders retain the same address and balance throughout. GOVERNANCE Final EIP status means the specification is frozen and immutable on the EIP track. Future extensions would require a new EIP. Governance of implementations is up to each deployer — no central authority controls deployed ERC-7943 tokens. EIP REFERENCE: https://eips.ethereum.org/EIPS/eip-7943 KNOWN LIMITATIONS - Ethereum / EVM-only. No native multi-chain support. - Interface-only: the standard provides no reference implementation. Implementers must build or procure their own compliance oracle infrastructure. - canSend / canReceive are advisory; their guarantees depend entirely on the oracle implementation being correct and current. - forcedTransfer requires robust access control design; a misconfigured access policy is a critical security vulnerability.

Interface-only design: defines compliance checkpoints without mandating implementation, enabling maximum flexibilityCompliance oracle pattern: pluggable compliance logic upgradeable independently of the token contractFrozen token accounting: native getFrozenTokens / setFrozenTokens for lock-up periods and regulatory holdsForced transfer: standardized mechanism for corporate actions, court orders, and regulatory compulsionMulti-token-type support: extends ERC-20, ERC-721, and ERC-1155 for fungible, non-fungible, and multi-asset use casesFinal EIP status: frozen, stable specification backed by a multi-vendor coalition

ERC-7943's interface-agnostic design makes it broadly compatible with US securities regulatory requirements, though compatibility depends on how the compliance oracle is implemented. The forcedTransfer function maps to transfer agent authority under Section 17A of the Securities Exchange Act of 1934, which permits registered transfer agents to cancel and reissue securities under court order or regulatory compulsion. The frozen token mechanism maps to escrow, lock-up, and SEC Rule 144 holding period enforcement. Because ERC-7943 does not mandate a specific identity system, it can integrate with SEC-compliant KYC/AML processes through the oracle layer — whether those processes use centralized databases, on-chain identity registries, or hybrid approaches. US deployment requires a registered transfer agent to operate the access-controlled functions (setFrozenTokens, forcedTransfer); the standard is neutral on whether that agent is on-chain or off-chain. Reg D, Reg A, and Reg S exempt issuances are the most natural fit given current regulatory posture toward tokenized securities. No SEC staff guidance specifically addresses ERC-7943.

As a Final EIP reached in 2024, ERC-7943 is in the early adoption phase. Brickken, the primary author's firm, has integrated uRWA into its tokenization platform and has live issuances compliant with the interface. CMTA Swiss (the Swiss Capital Market & Technology Association) has incorporated ERC-7943 into its guidance for Swiss capital markets practitioners. DigiShares and Stobox have signaled compatibility in their platform roadmaps. Zoth, a yield-bearing RWA protocol, participated in the EIP drafting. The standard has not yet reached the deployment volume of ERC-3643 or ERC-1400, but its Final status and minimal interface design position it as a natural convergence point for new issuances seeking long-term interoperability.

Ethereum and EVM chains only — no native cross-chain architectureNo reference implementation provided; compliance oracle must be built or sourced separatelyMinimal interface means compliance security depends entirely on oracle implementation qualityDoes not specify identity layer — interoperability with specific identity systems requires additional workNewer standard: smaller ecosystem and fewer audited implementations than ERC-3643 or ERC-1400 as of 2025