Crypto Law Profile

Illinois Digital Assets and Consumer Protection Act

Illinois DACPA creates a state registration and supervision regime for digital asset business activity, with disclosures, custody rules, compliance programs and phased 2027 registration.

Illinois, U.S. Partially effective Act Aug 18, 2025
View official text Suggest correction

At a glance

Status Active Illinois statute with phased 2027 operative dates.
Regulator Administered by the Illinois Department of Financial and Professional Regulation.
Registration Digital asset business activity with Illinois residents requires IDFPR registration unless exempt.
Rulemaking IDFPR proposed rules are in first-notice comment period through June 29, 2026.

Bill details

Bill number
SB1797
Session
104th General Assembly
Chamber
Senate
Legislative stage
Enacted

Action

Last action
Governor approved SB1797 as Public Act 104-0428; effective Aug. 18, 2025.
Last action date
Aug 18, 2025

Sponsor

Primary sponsor
Sen. Mark L. Walker
Sponsor party
Democratic
Co-sponsors
Sen. Laura Ellman, Sen. Cristina Castro, Sen. Graciela Guzmán, Sen. Karina Villa, Sen. Rachel Ventura, Sen. Mike Porfirio, Sen. Paul Faraci, Sen. Christopher Belt, Sen. Javier Cervantes, Rep. Edgar González Jr., Rep. Camille Y. Lilly.

Source

Source provider
State legislature
Source ID
SB1797; P.A. 104-0428; 205 ILCS 731
State legislature
Official bill page

Overview

Illinois Digital Assets and Consumer Protection Act, or DACPA, is a United States state-level digital asset statute codified at 205 ILCS 731. The Act was enacted through SB1797 as Public Act 104-0428, was approved by the Governor on Aug. 18, 2025, and took effect the same day. As of June 5, 2026, DACPA is active, but several core compliance provisions are subject to statutory transition periods that run into 2027.

DACPA gives the Illinois Department of Financial and Professional Regulation, or IDFPR, authority over digital asset business activity involving Illinois residents. IDFPR describes the law as creating safeguards for digital assets and giving the Department authority to regulate the industry to protect consumers. The Department has also published proposed first-notice administrative rules and is accepting public comment on those proposed rules until June 29, 2026.

Key provisions of the Illinois Digital Assets and Consumer Protection Act

Registration for digital asset business activity

DACPA requires a person engaging in digital asset business activity with or on behalf of an Illinois resident to register with IDFPR unless an exemption applies. The Act defines covered digital asset business activity to include exchanging, transferring, or storing digital assets as part of a business or on behalf of a customer. The statutory definition excludes several activities, including peer-to-peer transfers, certain decentralized exchange activity conducted solely through software or protocols, software development by itself, NFT issuance by itself, validation, node operation, and similar blockchain-network activity.

Customer disclosures and transaction confirmations

Article 5 creates consumer-facing protections. Covered persons must provide customer disclosures before engaging in digital asset business activity with a resident, including disclosures on fees, risks, transfer finality, liability for unauthorized or mistaken transfers, error resolution, stop-payment or revocation rights where applicable, and other information. The Act also requires a separate bold disclosure that the State of Illinois has not approved or endorsed any digital asset or determined whether the customer disclosure is truthful or complete. At the conclusion of a digital asset transaction, covered persons must provide a confirmation or, in some cases, daily confirmation.

Custody and customer asset safeguards

For custody, DACPA requires covered persons that store, hold, or maintain custody or control of digital assets to maintain sufficient assets of each type to satisfy aggregate customer entitlements, segregate customer digital assets from company assets, and avoid selling, lending, pledging, hypothecating, or otherwise using customer assets except at the direction of the entitled person. The Act states that covered customer digital assets are not property of the covered person, are not subject to creditor claims, and are held in statutory trust in insolvency-related circumstances.

Compliance programs, AML/CFT, and cyber controls

DACPA requires registrants to designate qualified compliance personnel and maintain written compliance policies approved by their board or equivalent governing body. Required policies include cybersecurity, business continuity, disaster recovery, anti-fraud, AML/CFT, operational security, and general legal-compliance programs. IDFPR may also require reports filed with other federal or state authorities.

Exchange listing review and execution quality

Covered exchanges must certify listed digital assets unless an exception applies, including review of securities-law risk, conflict disclosures, cybersecurity and malfeasance risks, code or protocol defect risk, market risks, price manipulation and fraud risks, and continued-listing policies. Covered exchanges must also review resident trading records against execution-quality benchmarks at least every six months.

Status and timeline

The statute took effect on Aug. 18, 2025, but the Act’s transition section delays violation treatment for several requirements. Customer disclosure, custody and customer-service provisions, and covered-exchange listing certification are phased to Jan. 1, 2027. The general registration and collection-of-compensation transition runs to July 1, 2027. IDFPR may adopt implementing rules, but statutory text provides that such rules may not take effect earlier than Jan. 1, 2026.

Editors should also track HB5303, a 2026 Illinois bill that would amend DACPA by adding a small-business threshold, changing licensing timelines, replacing renewal provisions with annual reporting provisions, and extending certain transition dates. As of the reviewed official bill page, HB5303 was assigned to the House Financial Institutions and Licensing Committee and had not amended the currently codified Act.

Key provisions

Digital asset business registration

Requires covered digital asset business activity with Illinois residents to be registered with IDFPR unless an exemption applies.

Licensing & Registration Jul 1, 2027 Source

Covered activity and exemptions

Covers exchange, transfer, storage and administration of digital assets, while excluding peer-to-peer transfers, software-only activity, NFTs by themselves and node activity.

Regulatory perimeter Aug 18, 2025 Source

Customer disclosures and confirmations

Requires pre-transaction disclosures on fees, risks, transfer finality and liability, plus transaction or daily confirmations.

Disclosure & Marketing Jan 1, 2027 Source

Customer asset custody safeguards

Requires sufficient customer assets, segregation from company assets and statutory trust treatment for covered customer digital assets.

Custody Jan 1, 2027 Source

Compliance and risk programs

Requires policies for cybersecurity, business continuity, disaster recovery, anti-fraud, AML/CFT, operational security and legal compliance.

AML/CFT Aug 18, 2025 Source

Covered exchange listing certification

Requires exchange certifications covering securities-law risk, conflicts, cybersecurity, protocol, market and fraud risks before listed offerings.

Market structure Jan 1, 2027 Source

Supervision and enforcement powers

Authorizes examinations, subpoenas, registration suspension or revocation, cease-and-desist orders, receiverships, injunctions, civil penalties and restitution.

Enforcement Aug 18, 2025 Source

Timeline

  1. SB1797 filed

    Sen. Mark L. Walker filed SB1797 in the Illinois Senate.

    Introduced Source

  2. Senate passed SB1797

    The Illinois Senate passed SB1797 on third reading.

    Passed Source

  3. House passed SB1797

    The Illinois House passed SB1797 on third reading.

    Passed Source

  4. Passed both houses

    The Senate concurred in the House amendment and SB1797 passed both houses.

    Passed Source

  5. Public Act 104-0428 enacted

    Governor approved SB1797; the measure became Public Act 104-0428 and took effect.

    Effective Source

  6. IDFPR advisory issued

    IDFPR issued an advisory to digital asset businesses and kiosk operators on DACPA and DAKA.

    Enacted Source

  7. HB5303 amendment bill assigned

    HB5303, a proposed DACPA amendment bill, was assigned to House Financial Institutions and Licensing Committee.

    In committee Source

  8. Proposed rules first notice

    IDFPR listed first-notice proposed rules for 38 Ill. Adm. Code 1031 in the Illinois Register.

    Proposed Source

Who it affects

Actors

Governor of Illinois, Illinois Attorney General, Illinois Department of Financial and Professional Regulation, Illinois General Assembly

Asset classes

Crypto assets, Digital assets, Stablecoins

Official sources

205 ILCS 731 Digital Assets and Consumer Protection Act Illinois General Assembly Codified statute English Official Public Act 104-0428 Illinois General Assembly Public act Aug 18, 2025 English Official SB1797 bill status Illinois General Assembly Bill status Aug 18, 2025 English Official IDFPR Digital Assets page IDFPR Regulator page English Official IDFPR business resources page IDFPR Regulator guidance page English Official IDFPR proposed rules page IDFPR Proposed rules index English Official IDFPR DACPA and DAKA advisory IDFPR Agency advisory Oct 28, 2025 English Official HB5303 proposed DACPA amendment status Illinois General Assembly Bill status Mar 4, 2026 English Official context

Editorial note

State law, not federal legislation. DACPA is effective, but several compliance provisions have transition dates through Jan. 1 and July 1, 2027. IDFPR proposed rules remained in first-notice comment period as of June 5, 2026.