Crypto Law Profile
Illinois DACPA creates a state registration and supervision regime for digital asset business activity, with disclosures, custody rules, compliance programs and phased 2027 registration.
Illinois Digital Assets and Consumer Protection Act, or DACPA, is a United States state-level digital asset statute codified at 205 ILCS 731. The Act was enacted through SB1797 as Public Act 104-0428, was approved by the Governor on Aug. 18, 2025, and took effect the same day. As of June 5, 2026, DACPA is active, but several core compliance provisions are subject to statutory transition periods that run into 2027.
DACPA gives the Illinois Department of Financial and Professional Regulation, or IDFPR, authority over digital asset business activity involving Illinois residents. IDFPR describes the law as creating safeguards for digital assets and giving the Department authority to regulate the industry to protect consumers. The Department has also published proposed first-notice administrative rules and is accepting public comment on those proposed rules until June 29, 2026.
DACPA requires a person engaging in digital asset business activity with or on behalf of an Illinois resident to register with IDFPR unless an exemption applies. The Act defines covered digital asset business activity to include exchanging, transferring, or storing digital assets as part of a business or on behalf of a customer. The statutory definition excludes several activities, including peer-to-peer transfers, certain decentralized exchange activity conducted solely through software or protocols, software development by itself, NFT issuance by itself, validation, node operation, and similar blockchain-network activity.
Article 5 creates consumer-facing protections. Covered persons must provide customer disclosures before engaging in digital asset business activity with a resident, including disclosures on fees, risks, transfer finality, liability for unauthorized or mistaken transfers, error resolution, stop-payment or revocation rights where applicable, and other information. The Act also requires a separate bold disclosure that the State of Illinois has not approved or endorsed any digital asset or determined whether the customer disclosure is truthful or complete. At the conclusion of a digital asset transaction, covered persons must provide a confirmation or, in some cases, daily confirmation.
For custody, DACPA requires covered persons that store, hold, or maintain custody or control of digital assets to maintain sufficient assets of each type to satisfy aggregate customer entitlements, segregate customer digital assets from company assets, and avoid selling, lending, pledging, hypothecating, or otherwise using customer assets except at the direction of the entitled person. The Act states that covered customer digital assets are not property of the covered person, are not subject to creditor claims, and are held in statutory trust in insolvency-related circumstances.
DACPA requires registrants to designate qualified compliance personnel and maintain written compliance policies approved by their board or equivalent governing body. Required policies include cybersecurity, business continuity, disaster recovery, anti-fraud, AML/CFT, operational security, and general legal-compliance programs. IDFPR may also require reports filed with other federal or state authorities.
Covered exchanges must certify listed digital assets unless an exception applies, including review of securities-law risk, conflict disclosures, cybersecurity and malfeasance risks, code or protocol defect risk, market risks, price manipulation and fraud risks, and continued-listing policies. Covered exchanges must also review resident trading records against execution-quality benchmarks at least every six months.
The statute took effect on Aug. 18, 2025, but the Act’s transition section delays violation treatment for several requirements. Customer disclosure, custody and customer-service provisions, and covered-exchange listing certification are phased to Jan. 1, 2027. The general registration and collection-of-compensation transition runs to July 1, 2027. IDFPR may adopt implementing rules, but statutory text provides that such rules may not take effect earlier than Jan. 1, 2026.
Editors should also track HB5303, a 2026 Illinois bill that would amend DACPA by adding a small-business threshold, changing licensing timelines, replacing renewal provisions with annual reporting provisions, and extending certain transition dates. As of the reviewed official bill page, HB5303 was assigned to the House Financial Institutions and Licensing Committee and had not amended the currently codified Act.
Requires covered digital asset business activity with Illinois residents to be registered with IDFPR unless an exemption applies.
Covers exchange, transfer, storage and administration of digital assets, while excluding peer-to-peer transfers, software-only activity, NFTs by themselves and node activity.
Requires pre-transaction disclosures on fees, risks, transfer finality and liability, plus transaction or daily confirmations.
Requires sufficient customer assets, segregation from company assets and statutory trust treatment for covered customer digital assets.
Requires policies for cybersecurity, business continuity, disaster recovery, anti-fraud, AML/CFT, operational security and legal compliance.
Requires exchange certifications covering securities-law risk, conflicts, cybersecurity, protocol, market and fraud risks before listed offerings.
Authorizes examinations, subpoenas, registration suspension or revocation, cease-and-desist orders, receiverships, injunctions, civil penalties and restitution.
Sen. Mark L. Walker filed SB1797 in the Illinois Senate.
The Illinois Senate passed SB1797 on third reading.
The Illinois House passed SB1797 on third reading.
The Senate concurred in the House amendment and SB1797 passed both houses.
Governor approved SB1797; the measure became Public Act 104-0428 and took effect.
IDFPR issued an advisory to digital asset businesses and kiosk operators on DACPA and DAKA.
HB5303, a proposed DACPA amendment bill, was assigned to House Financial Institutions and Licensing Committee.
IDFPR listed first-notice proposed rules for 38 Ill. Adm. Code 1031 in the Illinois Register.
Governor of Illinois, Illinois Attorney General, Illinois Department of Financial and Professional Regulation, Illinois General Assembly
Crypto assets, Digital assets, Stablecoins
State law, not federal legislation. DACPA is effective, but several compliance provisions have transition dates through Jan. 1 and July 1, 2027. IDFPR proposed rules remained in first-notice comment period as of June 5, 2026.
