A clause added to the Bitcoin ATM bill would require hardware wallet manufacturers to provide credential recovery mechanisms.
Kentucky‘s House Bill 380 (HB380), a 77-page proposal primarily focused on the regulation and licensing of Bitcoin ATMs operators has drawn sharp criticism from the community following the introduction of an amendment targeting hardware wallet providers. The bill has already passed the Kentucky House of Representatives and is currently under review in the Senate.
The contentious point is Section 33, added as an amendment to the bill’s text. It stipulates that a hardware wallet provider must “provide a mechanism and assist any person” in resetting wallet access credentials, including passwords, PINs, or seed phrases. For non-custodial wallets, however, this requirement is by definition unenforceable.
The Bitcoin Policy Institute was the first to flag the issue, calling the requirement “technologically impossible” for non-custodial wallets and warning that the rule could push users toward centralized custodians. “Requiring a backdoor breaks Bitcoin’s fundamental security guarantees,” the organization wrote in a post on X. Conner Brown, the institute’s managing director, stated that “Kentucky is suddenly about to ban self-custody.“
The amendment stands in direct contradiction to the legislative stance Kentucky itself had previously taken. In March 2025, the state had enacted House Bill 701, a law establishing protections for individuals designed to “allow self-hosted wallet owners to maintain independent control of protected digital assets and private keys.” That legislation had been widely interpreted as a reinforcement of the right to self-custody and a limitation on regulatory interference.
The main body of HB380 sets out requirements for Bitcoin ATMs operators, including licensing, compliance standards, transaction limits, and consumer protections. As the bill is still under Senate review, legislators retain the opportunity to amend or remove the provision before the final vote.
