House Bill 709 adds a new chapter to Title 28 of the Idaho Code to create a legal regime for what the bill calls “programmable money.” It defines core terms, places limits on how an issuer may program controls into money, and establishes private remedies and criminal penalties for violations.
The measure also amends two existing UCC definitions to carve programmable money out of the statutory definitions of “money” and “deposit account.” The proposal is aimed squarely at entities that create, control, or distribute programmable currency features and at the businesses and consumers that use them.
At a Glance
What It Does
The bill defines “programmable money” and enumerates prohibited practices: it bars requiring programmable money without a free non‑digital alternative, forbids denying transactions based on protected characteristics or lawful activity (including use of a so‑called social credit score), and requires issuers to provide a written reason for denials on request within 30 days of a 90‑day request window. It also creates civil remedies, mandatory attorney’s fees for prevailing plaintiffs, and misdemeanor criminal penalties with fines and possible imprisonment per violation.
Who It Affects
State‑chartered and private issuers of programmable currency features, wallets, payment processors and fintech firms that build automated transaction rules, merchants that may be asked to accept programmable money, and consumers who receive or use programmable currency. The UCC amendments also affect secured‑transaction practitioners by excluding programmable money from the statutory definitions of “money” and “deposit account.”
Why It Matters
The bill imposes operational and compliance requirements on any entity that programs conditional controls into value tokens or digital cash, creates new litigation and criminal exposure for denials that are not tightly documented, and signals state‑level limits on feature design for digital currencies—potentially constraining product design and cross‑border operations.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill supplies a statutory vocabulary and an enforcement framework tailored to programmable value—digital units that carry embedded rules. It starts by inserting a new chapter into Title 28 that defines programmable money, an issuer, automation, and a concept the bill calls a social credit score system (a list of behavioral or affiliation‑based inputs that could be used to restrict access).
The new chapter sits alongside targeted edits to two UCC definitions so that programmable money is not treated as ordinary “money” or as a “deposit account” under Idaho’s commercial code. That distinction matters for secured transactions and banking law practitioners.
Operationally, the statute draws several hard lines. Issuers may not force customers to use programmable money without providing a free non‑digital alternative, and they may not deny transactions based on a list of personal attributes or lawful activities (race, political opinion, medical history, purchase history, geographic location, profession, or the application of a social credit system).
The bill covers denials that occur through direct intervention or through automation, and it creates a specific process for getting a written explanation: a party can request the reason within 90 days of a denial, and the issuer must provide a detailed statement within 30 days that cites the relevant terms of service and contact information for further inquiry.For enforcement, the bill gives consumers a private right to sue for declaratory or injunctive relief and for actual and punitive damages; the statute also mandates recovery of reasonable attorney’s fees by the prevailing party. On top of civil remedies, the bill criminalizes violations as misdemeanors, treating each unjustified denial or failed transaction as a separate offense carrying per‑violation fines and potential jail time, while preserving the issuer’s ability to decline transactions that are tied to criminal activity.
Finally, the act contains a severability clause and sets an effective date, so the new obligations operate as a discrete statutory package once in force.
The Five Things You Need to Know
The bill defines “programmable money” to include units encoded to approve/deny transactions, restrict by time, location, identity, expire or diminish, or be used to implement a social credit score.
It requires issuers to provide a written, itemized reason for any denied transaction within 30 days of a requester’s demand made within 90 days of the denial, including the exact terms of service relied on.
The statute makes it unlawful for an issuer to deny transactions based on sex, race, political opinion, medical history, purchase/browsing history, geographic location, profession, application of a social credit system, or other lawful activity.
A prevailing plaintiff in a private suit recovers actual and punitive damages plus reasonable attorney’s fees, and the court may revoke an issuer’s authorization to do business in Idaho for knowing or repeated violations.
Violations are misdemeanors with penalties of up to $10,000 per violation and up to one year imprisonment per violation; the bill treats each unjustified denial or failed transaction as a separate criminal offense.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
UCC definition: money excludes programmable money
The amendment to the general UCC definitions explicitly states that the statutory term “money” does not include programmable money. Practically, that removes programmable units from the default body of law that governs negotiable payments and certain secured‑transaction analyses and signals that programmable tokens will be regulated under the new chapter rather than under standard UCC money rules.
UCC definition: deposit accounts exclude programmable money
The financing‑statement definitions in chapter 9 are updated to exclude programmable money from the deposit account category. That change narrows the scope of Article 9 collateral rules as applied to programmable tokens and affects secured creditors, repo/rehypothecation risks, and collateral classification for security interests involving hybrid digital assets.
New definitions: issuer, automation, programmable money, social credit
The new chapter begins by defining core terms. It defines an issuer as anyone who creates, controls, or distributes programmable money; defines automation broadly to include code, algorithms, and AI acting for an issuer; and sets out attributes that qualify currency as programmable (deny/approve transactions, time/location/identity restrictions, expiration/diminution, use in a social credit system). It also defines a social credit score system as monitoring behavior to restrict access using ratings tied to lawful activities such as purchases, fossil fuel use, advocacy, or participation in diversity programs—an unusually specific and policy‑charged list that anchors later prohibitions.
Unlawful acts: prohibited conditioning and denial rules
This section lists the core prohibitions: issuers may not force programmable money upon users without providing a free non‑digital alternative, and they cannot deny transactions for the enumerated personal attributes, affiliation, or lawful activities. The prohibition extends to denials effected by programming or automation as well as direct human action. The section also creates a two‑step notice procedure: an aggrieved party may request a statement of specific reason within 90 days of the denial, and an issuer must reply within 30 days with a detailed explanation, terms of service citations, and contact information.
Civil remedies: damages, injunctions, attorneys’ fees, revocation
Aggrieved parties may sue for declaratory or injunctive relief and recover actual and punitive damages. The prevailing party is entitled to reasonable attorney’s fees for each separate cause of action. The statute also permits courts to order revocation of an issuer’s authority to do business in Idaho if the court finds intentional, knowing, or repeated violations—an administrative consequence layered on top of private damages remedies.
Criminal penalties and narrow exceptions
Violations are misdemeanors: each unjustified denial or failed transaction constitutes a separate offense punishable by up to $10,000 per violation, up to one year in jail, or both. The section clarifies that declines tied to criminal offenses are permitted and that the statute does not interfere with the purchase or sale of cryptocurrency or other assets generally—an explicit carve‑out aimed at avoiding unintended interference in ordinary crypto markets.
Severability and timing
The act contains a standard severability clause so that invalidation of any provision does not defeat the remainder. It also declares an emergency effective date (July 1, 2026 in the bill), which accelerates the statute’s operative effect on issuers and market participants once enacted.
This bill is one of many.
Codify tracks hundreds of bills on Finance across all five countries.
Explore Finance in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Consumers who use digital payments — gain a statutory right to a nondigital alternative and a formal process to obtain written reasons for denials, plus access to civil damages and attorneys’ fees if harmed.
- Small merchants and service providers — protected from being forced to accept programmable‑only payments, preserving low‑friction cash or traditional card options.
- Privacy and civil‑liberties advocates — obtain a legal tool against systems that would restrict financial access based on lawful, private behavior or affiliations.
- State regulators and plaintiffs’ bar — receive new statutory causes of action and enforcement levers (including the ability to seek business revocation) to police programmable‑money practices.
Who Bears the Cost
- Issuers, wallet providers, and fintech firms that implement programmable features — face compliance costs to redesign products, document decisioning logic, and defend against civil and criminal claims.
- Payment processors and acquirers — must adapt onboarding, risk‑scoring, and dispute workflows to avoid using prohibited factors in automated denials and to support the 30/90‑day response obligation.
- Developers of cross‑border programmable systems and protocol designers — encounter legal risk where jurisdictional reach or partner actions result in denials covered by Idaho law, potentially complicating international interoperability.
- State agencies and courts — bear indirect costs from increased enforcement caseloads, licensing revocation proceedings, and oversight if revocation authority is exercised regularly.
Key Issues
The Core Tension
The central tension is between protecting individuals from automated, behavior‑based restrictions on access to means of payment and preserving issuers’ ability to use programmable controls for fraud prevention, legal compliance, and legitimate product features; strict liability and criminal penalties guard consumers but also risk chilling innovation and pushing issuers to adopt blunt denials that harm legitimate users.
The bill draws bright lines but leaves several implementation questions unresolved. The definition of programmable money is broad and functional, which is useful for catching many token designs but may sweep in hybrid products that combine programmable features with traditional bank accounts.
Carving programmable money out of statutory definitions for “money” and “deposit account” creates legal separation, but it also raises practical questions about how other bodies of law (banking statutes, federal payments law, and federal preemption doctrines) will treat instruments that straddle definitions.
Operationally, the statute forbids denials based on a long and open‑ended list of factors and treats each unjustified denial as a separate criminal offense. That creates a risk that issuers will over‑restrict transactions (false positives) to avoid criminal liability or conversely that they will decline legitimate fraud‑prevention measures because those rely on behavioral or geographic signals.
The 90‑day request window and 30‑day response deadline are administrable in principle, but they require robust logging and an ability to tie a decision back to terms of service and automated logic—technical and evidentiary tasks that can be expensive and complex for distributed systems.
Finally, the social credit concept is defined by example, which makes the statute politically and technically specific but legally ambiguous: is a merchant refusing to accept certain products (e.g., fossil fuels) a forbidden exercise of a social‑credit mechanism, or a permissible merchant policy? The statute’s exceptions for crime‑related declines and for cryptocurrency trading mitigate some concerns but do not fully resolve cross‑border enforcement, interoperability, or how federal regulators might respond where state rules collide with national payments infrastructure.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.