# Country Restrictions Source: https://docs.settlemint.com/docs/compliance-security/compliance/country Choose CountryAllowList or CountryBlockList to permit or exclude token recipients by ISO 3166-1 country code, covering MiCA jurisdiction selection, OFAC sanctions screening, and similar regulatory requirements. Country restrictions let an asset accept or reject token recipients based on the country code stored on the recipient's identity. The platform evaluates these controls before minting or transferring regulated tokens. Use CountryAllowList when you need to limit distribution to a defined set of jurisdictions. Use CountryBlockList when you need to exclude specific jurisdictions while the rest remain eligible. ## Decide which country control to use [#decide-which-country-control-to-use] | Policy goal | Use this module | Result | | ----------------------------------------------- | --------------------- | --------------------------------------------------------------------------- | | Limit distribution to a defined market | CountryAllowList | Recipients must have one of the configured ISO 3166-1 numeric country codes | | Exclude sanctioned or unsupported jurisdictions | CountryBlockList | Recipients must not have one of the configured blocked country codes | | Combine permitted and prohibited jurisdictions | Both modules together | The recipient must pass both checks before DALP allows the token operation | Country modules check the recipient's country code from identity registry storage. The recipient must already have a registered identity with a non-zero country code before the platform can evaluate the module. ## Where these modules apply [#where-these-modules-apply] | Operation | CountryAllowList | CountryBlockList | | ---------------- | ------------------------ | ------------------------ | | Minting | Checks recipient country | Checks recipient country | | Transfers | Checks recipient country | Checks recipient country | | Burns | Not applicable | Not applicable | | Forced transfers | Not applicable | Not applicable | ## Configure country restrictions [#configure-country-restrictions] 1. Choose your asset's policy requirement: allow only selected countries, block selected countries, or combine both. 2. Convert each jurisdiction to its ISO 3166-1 numeric country code. 3. Add the chosen country module when configuring the asset's compliance controls. 4. Enter the country-code list for that module. 5. Confirm each recipient's identity record has the expected country code before you mint or transfer tokens. 6. Test with one eligible recipient and one ineligible recipient before you open the asset to wider operations. ### Interface (capabilities) [#interface-capabilities] **CountryAllowList** | Capability | Who can call | Inputs | On-chain effect | Emits | Notes | | --------------------- | ---------------------------- | ----------------------------------------- | ---------------------------------------------------- | ----- | ------------------------------------------------ | | `setModuleParameters` | Token admin (via compliance) | Array of ISO 3166-1 numeric country codes | Stores allowed country list | None | Empty list blocks all transfers | | `canTransfer` | Compliance engine | Sender, recipient, amount | Checks recipient's country code against allowed list | None | Country code read from identity registry storage | **CountryBlockList** | Capability | Who can call | Inputs | On-chain effect | Emits | Notes | | --------------------- | ---------------------------- | ------------------------------ | ---------------------------------------------------- | ----- | ------------------------------------------- | | `setModuleParameters` | Token admin (via compliance) | Array of blocked country codes | Stores blocked country list | None | Empty list permits known-country recipients | | `canTransfer` | Compliance engine | Sender, recipient, amount | Checks recipient's country code against blocked list | None | Unknown identity or country still fails | ![Country allowlist configuration for geographic transfer restrictions](/docs/screenshots/asset-designer/asset-designer-compliance-country-allowlist.webp) ## Use cases [#use-cases] | Use case | Module | Example | | ------------------------ | ---------------- | ----------------------------- | | MiCA EU compliance | CountryAllowList | 27 EU member state codes | | OFAC sanctions screening | CountryBlockList | Sanctioned jurisdiction codes | | Reg D (US only) | CountryAllowList | `[840]` (United States) | | Singapore MAS | CountryAllowList | `[702]` (Singapore) | | Japan FSA | CountryAllowList | `[392]` (Japan) | | UK FCA | CountryAllowList | `[826]` (United Kingdom) | ## ISO 3166-1 numeric codes [#iso-3166-1-numeric-codes] A selection of common codes appears below. The MiCA EU Standard template includes the full set of EU 27 member state codes. For other jurisdictions, consult the ISO 3166-1 numeric code list directly. | Country | Code | | -------------- | ---- | | United States | 840 | | United Kingdom | 826 | | Japan | 392 | | Singapore | 702 | | Germany | 276 | | France | 250 | ## Key invariants [#key-invariants] * Country check applies to the recipient, not the sender. * The recipient must have a registered identity and a non-zero country code before the platform can approve the operation. * Combining CountryAllowList and CountryBlockList creates a combination restriction. Both modules must pass. * An empty allow list blocks all recipients. An empty block list permits recipients with known countries. ## Operational signals [#operational-signals] These modules emit no events. Monitor for `ComplianceCheckFailed` revert errors in failed transactions when transfers violate country restrictions. Inspect the revert reason string to identify the blocked direction. ## Failure modes & edge cases [#failure-modes--edge-cases] Each item below describes the trigger and the revert that the platform returns: * Recipient identity not registered: reverts with `ComplianceCheckFailed("Receiver identity unknown")`. * Recipient country code not set or stored as zero: reverts with `ComplianceCheckFailed("Receiver identity unknown")`. * Recipient country absent from CountryAllowList: reverts with `ComplianceCheckFailed("Receiver country not allowed")`. * CountryBlockList includes the recipient country: reverts with `ComplianceCheckFailed("Receiver country blocked")`. * Sanctioned country added to the block list after tokens already transferred: existing holders keep their tokens until they attempt a new transfer. * Combining CountryAllowList and CountryBlockList creates a combination restriction. Both must pass independently. ## See also [#see-also] * [Asset policy](/docs/architecture/concepts/asset-policy): how this module fits into per-asset compliance checks * [Compliance overview](/docs/compliance-security/compliance): module architecture and regulatory templates * [Identity verification](/docs/compliance-security/compliance/identity-verification): verifying that country claims are properly attested * [Identity lists](/docs/compliance-security/compliance/identity-lists): granular identity and address-level access control * [Supply & investor limits](/docs/compliance-security/compliance/supply-investor-limits): InvestorCount enforces per-country investor limits