Multi-Chain Tokenization Strategy Guide: Deploying Across CMA-Approved Protocols
Technical guide for issuers deploying tokenized securities across multiple CMA-approved blockchain protocols — covering Ethereum ERC-3643, Hyperledger Fabric, R3 Corda, Polygon zkEVM, and Hedera Hashgraph with protocol selection criteria and cross-chain interoperability considerations.
Technical guide for issuers deploying tokenized securities across multiple CMA-approved blockchain protocols — covering Ethereum ERC-3643, Hyperledger Fabric, R3 Corda, Polygon zkEVM, and Hedera Hashgraph with protocol selection criteria and cross-chain interoperability considerations.
Introduction
The CMA’s Securities Tokenization Standards approve 5 blockchain protocols for tokenized securities issuance. While Tadawul’s digital securities platform operates on R3 Corda, issuers may deploy on any approved protocol for private placement activities, and multi-chain strategies enable issuers to reach different investor segments through protocol-appropriate distribution channels.
This guide covers protocol selection criteria, multi-chain architecture design, regulatory compliance across chains, and cross-chain interoperability considerations — based on Saudi Blockchain Lab research and CMA published standards.
CMA-Approved Protocols
R3 Corda
Primary use: Tadawul exchange-listed tokenized securities and institutional settlement.
R3 Corda is the protocol powering Tadawul’s digital securities platform and Edaa’s DLT-based depository. Any issuer seeking exchange listing must deploy on R3 Corda. The Saudi Blockchain Lab’s protocol evaluation — assessing 42 criteria — selected Corda for its privacy architecture (transactions visible only to participants), regulatory compliance features, and enterprise integration maturity.
| Feature | R3 Corda Specification |
|---|---|
| Consensus | Notary-based (Edaa operates notary) |
| Privacy | Transaction-level privacy |
| Smart contracts | CorDapps (Java/Kotlin) |
| Settlement | T+0 atomic DvP (3-7 sec) |
| Throughput | 1,000+ TPS (configured for Tadawul) |
| Node requirement | Saudi-hosted, CMA-approved participants |
Ethereum ERC-3643
Primary use: Private placement tokenization with international investor reach.
ERC-3643 (formerly T-REX) is an institutional security token standard on Ethereum providing on-chain identity verification and transfer restrictions. This protocol is preferred by issuers seeking international investor distribution — ERC-3643 tokens are recognized by international custodians and can be held alongside other Ethereum-based assets.
CMA requirements for Ethereum deployment:
- Permissioned validator set (not public Ethereum mainnet for production)
- AML/CFT identity verification embedded in transfer restrictions
- Investor classification (QI, SQI, retail) enforced on-chain
- Saudi-hosted validator nodes for data residency compliance
Hyperledger Fabric
Primary use: Enterprise blockchain integration and supply chain-linked tokenized securities.
Hyperledger Fabric is the preferred protocol for Saudi corporate issuers with existing enterprise DLT deployments (12 major corporations). Issuers using Fabric for supply chain or trade finance blockchain can extend the same infrastructure to tokenized corporate sukuk or trade receivable tokens, creating a unified enterprise blockchain architecture.
Polygon zkEVM
Primary use: High-volume, low-cost tokenization for retail-accessible products.
Polygon zkEVM provides Ethereum compatibility with significantly lower transaction costs through zero-knowledge rollup technology. This protocol is suitable for retail-focused tokenized securities where high transaction volumes (profit distributions to thousands of retail holders) require cost-efficient on-chain operations. Two CMA sandbox participants are testing Polygon zkEVM for retail tokenized sukuk distribution.
Hedera Hashgraph
Primary use: High-throughput tokenization with deterministic finality.
Hedera’s hashgraph consensus provides deterministic transaction ordering and high throughput (10,000+ TPS) with low, predictable fees. Suitable for commodity token issuance requiring high-frequency price updates and tokenized fund unit operations with frequent NAV calculations.
Protocol Selection Framework
The Saudi Blockchain Lab recommends a structured selection process:
Step 1: Define Distribution Strategy
| Distribution Channel | Recommended Protocol | Rationale |
|---|---|---|
| Tadawul exchange listing | R3 Corda (mandatory) | Tadawul platform protocol |
| Saudi institutional private placement | R3 Corda or Fabric | Integration with Saudi enterprise DLT |
| International institutional | Ethereum ERC-3643 | Global custodian compatibility |
| Saudi retail via digital banking | Polygon zkEVM | Cost-efficient retail distribution |
| GCC cross-border | Protocol-dependent on counterparty exchange | Interoperability requirement |
| Commodity-backed | Hedera or Corda | High-throughput requirement |
Step 2: Assess Regulatory Requirements
All protocols must satisfy CMA Securities Tokenization Standards:
- Smart contract audit by CMA-approved auditor (6 approved firms)
- Investor protection transfer restrictions encoded on-chain
- AML/CFT screening integration
- Sharia compliance logic (if Sharia-certified)
- CMA emergency pause capability
- Saudi data residency for all nodes
- Annual smart contract re-audit
Step 3: Evaluate Technical Requirements
| Criterion | Weight | Assessment Method |
|---|---|---|
| Transaction throughput | High | Load testing under Saudi market conditions |
| Privacy architecture | High | Compliance with PDPL and CMA requirements |
| Smart contract capability | High | Support for required compliance functions |
| Enterprise integration | Medium | Compatibility with existing corporate DLT |
| International interoperability | Medium | Global custodian and exchange compatibility |
| Developer ecosystem | Medium | Availability of Saudi-based development talent |
| Total cost of ownership | Medium | Infrastructure, licensing, maintenance costs |
Multi-Chain Architecture Design
Step 4: Design Cross-Chain Settlement
Issuers deploying across multiple protocols must design cross-chain settlement for scenarios where:
- A token issued on Ethereum ERC-3643 is traded by an investor who settles through Tadawul’s R3 Corda platform
- A commodity token on Hedera needs to settle against SAR payment tokens on a different chain
- GCC cross-border trades involve tokens on Saudi R3 Corda and counterparty exchange infrastructure on a different protocol
Cross-chain settlement approaches under evaluation by the Saudi Blockchain Lab:
Bridge Contracts: Smart contracts on each chain that lock assets on one chain and mint equivalent representations on the other. Requires CMA approval for each bridge deployment and security audit of bridge contracts.
Hashed Timelock Contracts (HTLCs): Time-bound atomic swaps across chains. Preserves atomic settlement properties across different protocols. The Saudi Blockchain Lab has published technical specifications for HTLC-based cross-chain DvP.
Central Settlement Layer: Edaa as the unified settlement authority across all protocols — maintaining the definitive ownership register regardless of which protocol the token was issued on. This is the CMA’s preferred long-term architecture.
Step 5: Implement Unified Compliance
Multi-chain deployments must maintain consistent compliance across all protocols:
- Single AML/CFT program monitoring transactions across all chains
- Unified investor classification ensuring QI/SQI/retail restrictions apply regardless of protocol
- Consolidated disclosure reporting aggregating multi-chain data for CMA
- Cross-chain Sharia monitoring ensuring compliance across all protocol deployments
- Single custody provider managing keys across multiple chains (or coordinated multi-custodian arrangement)
Step 6: Smart Contract Standardization
The CMA encourages standardized smart contract interfaces across approved protocols to simplify multi-chain operations:
- Standardized token interface (issuance, transfer, redemption, pause)
- Standardized compliance interface (investor verification, transfer restriction, Sharia screening)
- Standardized reporting interface (CMA quarterly reporting, Edaa position reconciliation)
Cost Comparison
| Protocol | Node Infrastructure (Annual, SAR) | Smart Contract Audit (SAR) | Transaction Cost (per tx) |
|---|---|---|---|
| R3 Corda | 500K-1.5M | 200K-400K | SAR 1-5 |
| Ethereum ERC-3643 | 300K-800K | 250K-500K | SAR 5-50 (gas) |
| Hyperledger Fabric | 400K-1M | 200K-350K | SAR 0.5-2 |
| Polygon zkEVM | 200K-500K | 200K-400K | SAR 0.1-1 |
| Hedera Hashgraph | 200K-500K | 150K-300K | SAR 0.01-0.1 |
Multi-chain deployments multiply infrastructure costs but enable broader distribution reach. The total cost advantage depends on whether additional investor segments accessed through multi-chain deployment justify the infrastructure investment.
Common Pitfalls
- Deploying on non-approved protocols: Only the 5 CMA-approved protocols are permitted for production tokenized securities
- Public mainnet deployment: CMA requires permissioned deployments with Saudi-hosted nodes — public mainnet (e.g., Ethereum mainnet) is not approved for production
- Inconsistent compliance across chains: CMA enforcement applies to all protocol deployments equally
- Bridge security risks: Cross-chain bridges are high-value attack targets — CMA requires separate security audit for each bridge
- Data residency on international chains: All Saudi tokenized securities data must remain in Saudi-hosted infrastructure regardless of protocol
Outlook
The CMA’s long-term roadmap envisions convergence toward a unified multi-protocol settlement infrastructure with Edaa as the protocol-agnostic ownership register. The Saudi Blockchain Lab is researching universal interoperability standards that would enable seamless cross-protocol settlement without custom bridge implementations.
Resources
- CMA Securities Tokenization Standards — Protocol requirements
- Saudi Blockchain Lab — Protocol evaluation research
- Blockchain Settlement Infrastructure — Settlement architecture
- DeFi Considerations — Cross-chain protocol context
- Enterprise Blockchain Adoption — Corporate DLT landscape
- CMA Sandbox Application Guide — Licensing process
Related network sites: Saudi Tokenized Real Estate | Dubai Tokenisation | UAE Tokenization Regulations | Capital Tokenization
Saudi FinTech Strategy 2025 and Multi-Chain Ecosystem Development
The multi-chain tokenization landscape in Saudi Arabia operates within the institutional framework established by the Saudi FinTech Strategy 2025 — the joint SAMA-CMA policy initiative that supports protocol diversity while maintaining regulatory consistency across all approved blockchain platforms.
The Saudi Blockchain Lab’s protocol evaluation work — the 42-criteria assessment framework that informed the CMA’s approved protocol list — continues with ongoing evaluation of additional protocols for potential CMA approval. The Lab’s 35 researchers assess new protocols against performance requirements specific to Saudi market conditions, including throughput capacity for SAR 15-20 billion in daily settlement volume (the target for Tadawul’s full-scale digital securities operations by 2028).
PIF’s exploration of tokenization for portfolio company equity introduces institutional-scale multi-chain requirements. PIF portfolio companies span diverse sectors — energy (Aramco), telecommunications (stc), petrochemicals (SABIC), financial services (Saudi banks) — each with different technical requirements that may favor different protocols. A multi-chain strategy enables PIF-backed issuers to select the optimal protocol for their specific tokenization use case while maintaining settlement interoperability through Edaa’s protocol-agnostic ownership register.
Elm Company’s digital infrastructure — including the Nafath identity verification platform — provides the unified identity layer that multi-chain deployments require. Regardless of which CMA-approved protocol an issuer deploys on, investor onboarding and AML/CFT verification flow through the same Nafath-powered KYC process, ensuring consistent compliance standards across all protocol deployments.
The Saudi Digital Academy’s “Blockchain Protocol Engineering” certification program has trained 85 professionals in multi-chain architecture design, covering all 5 CMA-approved protocols. This workforce development addresses the talent gap identified by the Saudi Blockchain Lab — an estimated 500 additional qualified blockchain professionals are needed by 2028 to support the tokenization ecosystem’s growth across multiple protocols.
The CMA’s long-term convergence roadmap envisions Edaa evolving into a protocol-agnostic settlement authority that maintains the definitive ownership register regardless of underlying blockchain protocol. This architecture would enable issuers to freely select protocols based on technical merit while investors and custodians interact with a single settlement layer — reducing the complexity of multi-chain custody and compliance operations.
Saudi Arabia’s FATF membership (since 2019) ensures that AML/CFT compliance requirements apply uniformly across all protocol deployments, regardless of the underlying blockchain’s architecture or privacy characteristics. The CMA’s enforcement capability extends across all approved protocols, with blockchain analytics tools configured for each protocol’s transaction data model.
The GCC interoperability dimension of multi-chain strategy is particularly relevant as Tadawul engages in technical discussions with ADX, DFM, and Bahrain Bourse for cross-border digital securities trading. Multi-chain capability enables Saudi tokenized securities to settle on counterparty exchange infrastructure regardless of protocol choice, supporting the Kingdom’s objective of establishing Tadawul as the GCC’s primary digital securities venue.
The sovereign digital sukuk program (SAR 5 billion target, 2027 launch) will test multi-chain infrastructure at sovereign scale — with exchange-listed sovereign sukuk on R3 Corda through Tadawul and potential international distribution through Ethereum ERC-3643 for foreign institutional investors. This dual-protocol sovereign issuance would demonstrate the viability of multi-chain tokenization for the highest-grade Saudi securities and establish precedent for corporate issuers considering multi-protocol deployment strategies.
The CMA’s disclosure requirements mandate protocol-specific risk disclosure for each blockchain deployment, ensuring that investors understand the technical characteristics and risks of the specific protocol on which their tokenized securities are issued. The investor protection framework applies uniformly across all protocols, with Sharia compliance monitoring standards adapted to each protocol’s smart contract architecture. The IOSCO principles for financial market infrastructures inform the CMA’s multi-chain regulatory approach, ensuring that settlement finality, operational reliability, and custody standards are maintained regardless of which approved blockchain protocol an issuer selects for tokenized securities deployment. Issuers considering multi-chain deployment should engage CMA-approved smart contract auditors early in the design process, as each protocol requires independent audit certification and the audit timeline of 8-12 weeks per protocol represents the primary schedule risk in multi-chain issuance programs.
For guide-related inquiries: info@sauditokenisation.com
Subscribe for full access to all 7 analytical lenses, including investment intelligence and geopolitical risk analysis.
Subscribe from $29/month →