Kentucky’s House Bill 380, a sweeping digital asset regulation bill, now includes a provision requiring hardware wallet providers to help users reset passwords, PINs, and seed phrases. The requirement, added through a floor amendment before the bill passed the House 85-0 on March 13, 2026, has drawn sharp criticism from crypto advocacy groups who argue it conflicts with the fundamental design of non-custodial wallets.
What Kentucky HB 380 actually added to the bill
HB 380 is primarily a digital asset business and virtual-currency kiosk regulation bill spanning 77 pages. The hardware wallet language was not part of the original draft. It entered the bill through House Floor Amendment 3, one of several amendments attached before the full House vote.
Section 33 of the amended bill defines a “hardware wallet provider” as any person that offers or provides a hardware wallet. It then requires such providers to offer a mechanism for, and assist owners with, resetting any password, PIN, seed phrase, or similar information necessary to access wallet contents.
The provision allows providers to require identity verification before giving assistance. Violations would be treated as unfair or deceptive trade practices under KRS 367.170, Kentucky’s existing consumer protection framework, rather than triggering a standalone crypto licensing regime.
Representatives Tom Smith and Aaron Thompson are listed as the bill’s sponsors. The unanimous House passage signals broad legislative support for the overall package, though the hardware wallet section represents a small portion of the full bill.
Why critics say the rule clashes with self-custody design
The Bitcoin Policy Institute was among the first to raise alarms, arguing that “the mandate is technologically impossible for non-custodial wallets.” The organization’s criticism frames the reset assistance requirement as effectively demanding a backdoor into devices designed to give users, and only users, control of their private keys.
Non-custodial hardware wallets are built so that the manufacturer never has access to a user’s seed phrase. That is the core security promise. If a user loses their seed phrase, the manufacturer cannot recover it because it was never stored on the company’s servers. Requiring providers to assist with seed phrase resets could, critics argue, force a redesign that undermines this architecture.
However, the current evidence base has limits. No named hardware wallet manufacturer has publicly confirmed that compliance is universally impossible. The “backdoor” characterization remains an advocacy interpretation rather than a settled technical conclusion. The bill text itself uses the word “assist” rather than mandating that providers maintain copies of user credentials.
The distinction matters. There is a gap between requiring customer support for password resets, which some wallet software layers already offer, and requiring recovery of a seed phrase that the provider never possessed. How regulators interpret that gap will likely determine the provision’s real impact, a dynamic similar to the evolving regulatory landscape facing Bitcoin protocol developers.
What the amendment could mean for consumers and wallet providers
Supporters of the provision can point to a straightforward consumer protection rationale. Users who lose access to hardware wallets containing significant value currently have no legal recourse against manufacturers. The amendment gives them a claim under existing trade practice rules.
The consumer protection argument gains weight when considering that many hardware wallet buyers are not deeply technical users. For someone who treats a hardware wallet like a bank account, the inability to recover access after forgetting a PIN may feel like a product failure, not a security feature.
On the other side, the crypto industry’s concern is that compliance could push wallet makers toward custodial or semi-custodial designs. If a provider must be able to help reset a seed phrase, it may need to store recovery data, creating exactly the kind of centralized vulnerability that hardware wallets exist to avoid. This tension between consumer access and security design echoes broader debates in crypto regulation, including how prediction market platforms navigate CFTC oversight and whether on-chain protocols can satisfy compliance without sacrificing decentralization.
The enforcement mechanism adds another layer of uncertainty. Because violations fall under general consumer protection law rather than a specialized crypto statute, enforcement would depend on how Kentucky’s attorney general or individual plaintiffs interpret “assist with resetting.” A narrow reading might require only good-faith customer support. A broad reading could demand technical capabilities that conflict with non-custodial design.
HB 380 now moves to the Kentucky Senate. The hardware wallet provision’s practical effect will depend on whether the Senate preserves, modifies, or removes the language, and ultimately on how enforcement agencies interpret the requirement if it becomes law.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
