This bill adds a new Chapter 54 to Title 28 (the uniform commercial code) and creates the Consumer Payment Rights and Transparency Act. It defines "programmable money" broadly to include tokens or digital assets encoded to approve/deny transactions, impose time/location/use restrictions, expire, or implement social‑credit features.
The bill bars issuers from requiring programmable money, from denying transactions based on a long list of lawful personal characteristics or behaviors, and from using social‑credit systems to restrict payments.
The statute creates both civil and criminal enforcement paths. Consumers may seek declaratory or injunctive relief plus actual and punitive damages and attorneys' fees; courts can revoke an issuer's Idaho authorization for intentional or repeated violations.
The measure also makes each unjustified denial a misdemeanor punishable by up to $10,000 per violation and up to one year in jail, while preserving narrow exceptions for transactions that are criminal in nature and explicitly not banning purchases or sales of cryptocurrency.
At a Glance
What It Does
The bill adds a UCC‑style chapter that (1) defines "programmable money," (2) prohibits requiring its use and bans transaction denials based on specified lawful activities or characteristics, and (3) mandates a notice-and-response process when a transaction is denied. It establishes private civil remedies, attorneys' fees, potential administrative revocation, and criminal penalties tied to each unjustified denial.
Who It Affects
Issuers of programmable tokens and digital‑asset platforms, banks or fintechs that create or distribute conditional digital payments, payment processors integrating programmable features, and Idaho consumers and merchants transacting in programmable mediums.
Why It Matters
By placing state‑level limits on behavior‑driven controls embedded in digital money, the bill constrains how payment token features can be designed and used. It shifts some compliance and enforcement risk from consumers and regulators onto issuers and platforms—and does so with both civil remedies and criminal exposure per transaction, a combination that can materially change product roadmaps for payment and token issuers.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill first revises existing UCC definitions and then inserts a standalone chapter labeled the Consumer Payment Rights and Transparency Act. That chapter starts by defining three core terms: "automation" (actions performed by code or AI for an issuer), "issuer" (any entity that creates, controls, or distributes programmable money), and a detailed definition of "programmable money." The statutory definition is deliberately broad: it covers any medium of exchange—public or private—that can be encoded to approve or deny transactions, restrict use by time, place, identity, or otherwise be made to expire or implement social‑credit style controls.
Next, the statute draws a line around prohibited practices. Issuers cannot force a customer to use programmable money without providing a non‑digital alternative at no charge.
The bill lists a set of factors—race, sex, political opinion, medical history, purchase history, location, trade or profession, application of a social credit score, and other lawful activity—on which an issuer may not base a denial. The prohibition reaches both manual denials and automatic, programmatic refusals, and it makes explicit that employing automation or code to accomplish a banned denial is covered.The bill builds a two‑step transparency and appeal mechanism: an aggrieved party has 90 days after a denial to request a "statement of specific reason," and the issuer then has 30 days to reply.
The required reply must state the reason, cite the precise terms of service relied on, provide contact information for further inquiry, and include a copy of the terms of service. That creates an operational obligation for issuers to log denials, map denials to TOS provisions, and maintain reachable customer‑service channels.For remedies, the statute gives consumers a private right of action for declaratory or injunctive relief and permits recovery of actual and punitive damages; it also mandates attorneys' fees to prevailing parties.
If a court finds intentional, knowing, or repeated violations by a preponderance of the evidence, it may order revocation of the defendant's authorization to do business in Idaho. Finally, the bill criminalizes violations: each unjustified denied or failed transaction (unless clearly involving criminal activity) is a separate misdemeanor offense punishable by up to $10,000 and up to one year in jail.
The statute clarifies it does not criminalize the lawful purchase or sale of cryptocurrency.
The Five Things You Need to Know
The bill's statutory definition of "programmable money" covers tokens or digital assets encoded to deny/approve transactions, impose location/time/identity limits, expire, diminish, or implement social‑credit style controls.
An issuer may not require programmable money for a transaction unless it also offers a non‑digital alternative that is free of charge to the consumer.
A consumer has 90 days after a denial to request a 'statement of specific reason'; the issuer must respond within 30 days with the reason, a citation to the specific terms of service relied on, contact details, and a copy of the terms of service.
Civil causes of action allow declaratory or injunctive relief, actual and punitive damages, and mandatory recovery of reasonable attorneys' fees; a court may revoke an issuer's Idaho authorization for intentional or repeated violations.
Each unjustified denial or failed transaction is a separate misdemeanor punishable by up to $10,000 per violation, up to one year in jail, or both, with a carved‑out exception for transactions that constitute criminal activity.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Definitions: issuer, automation, and programmable money
This section sets the scope the rest of the chapter uses. "Issuer" is broad—any entity that creates, controls, or distributes programmable money—so both centralized providers and decentralized projects with identifiable controllers could be captured. "Programmable money" is defined by capability (deny/approve transactions; enforce time, place, identity constraints; expire or diminish; or support social‑credit systems) rather than by a particular technology, which means off‑chain tokens, stablecoins with embedded rules, and smart‑contract tokens are all within reach. The section also defines "social credit score system" with illustrative examples (e.g., firearm purchases, fossil‑fuel activities, DEI participation), signaling that the statute targets economic exclusion tied to lawful behavior.
Prohibitions on requiring programmable money and on denial criteria
This operative provision makes three enforcement pivots. First, issuers may not force consumers to use programmable money unless a non‑digital, free alternative exists. Second, issuers may not deny transactions based on an enumerated set of protected or lawful activities (race, political opinion, medical history, purchase history, location, profession, application of a social‑credit score, and 'any other lawful activity'). Third, the ban covers both human decisions and automated code—so automated filters, smart contracts, or AI decisioning that produces a forbidden denial are actionable. Practically, this requires product teams to demonstrate that their rules and automation do not produce denials for the prohibited reasons, and it emphasizes transparency where a denial occurs.
Civil remedies, attorney fees, and administrative revocation
This section creates a private right of action enabling declaratory or injunctive relief and recovery of actual and punitive damages. It mandates reasonable attorney fees to the prevailing party on each separate cause of action, increasing the litigation risk for issuers. Notably, the court may revoke an issuer's authority to do business in Idaho where violations are intentional, knowing, or repeated, which exposes providers to an administrative consequence beyond damages—raising stakes for compliance and potentially affecting licensing and registration considerations.
Criminal penalties tied to each denial and an explicit exception for criminal acts
The statute makes each unjustified denial or failed transaction a separate misdemeanor, punishable by up to $10,000 per violation and up to one year imprisonment. The language explicitly preserves an issuer's ability to decline transactions that constitute criminal conduct, but it otherwise treats programmatic or manual denials as potential criminal acts. The multiplicity of offenses (each denial as a separate count) increases exposure for systems that generate many automated denials, and raises questions about prosecutorial discretion and proof in algorithmic decisioning cases.
Severability and emergency effective date
The bill includes a standard severability clause and declares an emergency, making the act effective July 1, 2026. The emergency/effective‑date language means compliance deadlines and the statute's civil and criminal provisions would begin on a specific date rather than staging in over time, which compresses the window for issuers to adapt operations if the bill becomes law.
This bill is one of many.
Codify tracks hundreds of bills on Finance across all five countries.
Explore Finance in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Idaho consumers transacting with programmable payment methods — they gain explicit protection against being denied payments or access to services based on enumerated lawful activities and get a transparent route to ask for reasons and seek remedies.
- Civil‑rights and privacy advocates — the statute constrains use of behavior‑based exclusion mechanisms and social‑credit style controls, aligning technology design with nondiscrimination norms.
- Merchants and customers preferring conventional payments — the requirement to offer a non‑digital, no‑cost alternative prevents vendors from forcing adoption of restrictive programmable tokens in transactions.
Who Bears the Cost
- Issuers, token designers, and digital‑asset platforms — they must audit and likely redesign token rules, automation, and smart contracts to avoid prohibited denial criteria, build notice and customer‑response processes, and face potential civil damages and criminal exposure.
- Payment processors and fintechs integrating programmable features — operational costs will rise from logging denials, mapping denials to TOS provisions, and implementing compliance controls to avoid repeated violations.
- Idaho regulators and courts — they will absorb enforcement workload and fact‑intensive adjudication tasks (e.g., assessing automated decisioning, intent, and whether a denial was 'justified'), with attendant resource and evidentiary challenges.
Key Issues
The Core Tension
The central dilemma is protecting consumers from opaque, behavior‑based financial exclusion while preserving legitimate technical and compliance uses of conditional payment controls: the bill curbs discriminatory or social‑governance denials, but its broad definitions and per‑transaction criminal exposure risk chilling lawful fraud prevention, sanctions compliance, and product innovation—forcing courts and regulators to decide which harms (discrimination vs. fraud and systemic risk) take priority.
The bill is precise in some places (deadlines, damages, per‑transaction criminal exposure) but leaves critical operational questions unresolved. The definition of "issuer" is broad enough to capture a range of participants from centralized custodians to developers if they 'create, control, or distribute' programmable money—raising questions about whether protocol contributors, open‑source developers, or cross‑border service providers fall within scope. "Programmable money" is capability‑based rather than technology‑based, which helps capture emergent payment mechanisms but creates ambiguity at the margins: are merchant‑side filters, conditional escrows, or two‑factor off‑chain controls 'programmable money' when they interact with conventional legal tender?
Enforcement poses hard evidentiary problems. Proving a prohibited factor drove an algorithmic denial requires access to logs, model inputs, and training data.
The statute requires issuers to respond with a citation to terms of service, but it does not specify document retention, audit rights for plaintiffs, or standards of proof for algorithmic causation. Criminalizing each unjustified denial raises the specter of mass misdemeanor exposure for high‑volume automated systems that produce false positives; this could chill automated fraud‑prevention measures unless prosecutors exercise restraint.
Finally, the interplay with federal law and interstate commerce is unsettled—the bill applies to entities doing business in Idaho, but cross‑jurisdictional token flows and federally chartered banks may raise preemption or commerce‑clause questions not addressed in the text.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.