Move-based platforms like Sui and Aptos define tokens through capabilities. Authority, enforcement, and governance are embedded at the structural level. Token design becomes architecture.

Sui enforces regulated token access through DenyCap objects linked to protocol-level deny lists. Restrictions propagate at epoch boundaries, aligning enforcement with network-defined intervals.

Mid-epoch access control introduces a measurable propagation delay. Designs for custody, slashing, and compliance must synchronize with this temporal model to ensure effective restriction.

Aptos enables override of core token operations via dispatch hooks registered at creation. Custom logic for withdrawals, deposits, and supply flows replaces default behavior and defines canonical execution paths.

Capability objects represent the root of control across both platforms. Security reviews must validate their custody, rotation pathways, delegation mechanisms, and failure scenarios.