Regulatory Sandbox

A regulatory sandbox is a controlled environment in which financial firms — including crypto and tokenisation businesses — can operate a product or service with a limited customer base under relaxed regulatory requirements, subject to heightened supervisory monitoring. Sandboxes exist to allow regulators to learn from innovation in real conditions, and to allow innovators to test whether their product is commercially viable and regulatorily workable before committing to full licensing.

Origins: FCA Project Innovate

The world’s first financial regulatory sandbox was launched by the UK Financial Conduct Authority in 2016 as part of its Project Innovate initiative. The FCA’s design established a template adopted globally: firms apply for a sandbox authorisation; successful applicants receive individual guidance letters, time-limited waivers or modifications of specific regulatory rules, and in some cases “no-action” comfort; they operate with a restricted customer base and transaction limits; and at the end of the period they either graduate to full authorisation or exit. The FCA’s sandbox cohorts have included numerous crypto and tokenisation businesses, and several early participants subsequently obtained full FCA registration, gaining a demonstrable track record.

Design Features

Sandboxes typically share several design elements. Legal waivers or modifications allow firms to operate without complying with one or more normally applicable requirements — such as prospectus obligations or specific licensing categories — for the duration of the trial. Time limits (commonly 12 to 24 months) prevent the sandbox from becoming a permanent alternative to full authorisation. Scale caps (limits on total customers, transaction volumes, or assets under management) contain systemic risk while the product is unproven. Exit pathways are defined in advance: firms know before entering what they must demonstrate to qualify for full authorisation.

Major Examples

The Monetary Authority of Singapore launched its FinTech Regulatory Sandbox in 2016, closely modelled on the FCA template, and has used it extensively for payments, digital asset custody, and tokenised securities experiments. The EU’s DLT Pilot Regime, operational since March 2023, is a regulatory sandbox at supranational scale: it provides temporary exemptions from MiFID II and CSDR requirements for DLT-based trading and settlement infrastructure, with a maximum value of securities admitted set at €6 billion per operator. VARA in Dubai offers sandbox access alongside its full licensing categories. ADGM’s RegLab in Abu Dhabi has been used for tokenised real estate and digital securities pilots. The SEC’s LabCFTC (CFTC) and Innovation Office (SEC) in the US provide informal engagement but fall short of the legal waiver model of true sandboxes.

What Sandboxes Have Achieved in Crypto

Sandboxes have served as evidence-generation mechanisms. Regulators have used sandbox data to calibrate what requirements are actually necessary and which are merely conventional. The FCA’s sandbox cohorts generated evidence that underpinned the UK’s Electronic Money Regulations amendments and, more recently, the Financial Services and Markets Act 2023 provisions on digital securities. The DLT Pilot Regime’s first operational results — projected for ESMA’s review — are expected to inform whether the EU should create a permanent regime for tokenised securities settlement outside the CSDR framework.

Criticisms

Sandboxes face recurring criticisms. Scale limitations mean that findings may not be commercially representative: a product that works with 500 test customers may encounter very different dynamics at 500,000. Regulatory capture risk is raised by critics who note that extended informal relationships between sandbox participants and their supervisors may generate special treatment. Administrative complexity can make sandbox applications inaccessible to smaller innovators — only well-resourced firms with legal teams can navigate the application process. And sandbox “graduation” rates are often low: many entrants never achieve full authorisation.

ESMA’s June 2025 DLT Pilot Review

ESMA published its review of the EU DLT Pilot Regime in June 2025, noting that take-up had been limited but that early participants demonstrated technical feasibility of DLT-based settlement for equities and bonds. ESMA recommended extending the Pilot and expanding the eligible securities categories, while flagging that the €6 billion per-operator cap was constraining commercial scaling. The review is feeding into EU deliberations about permanent tokenised securities infrastructure rules.