Revision: April 16, 2026, 8:06 a.m.
Rep. Ammon, Hills. 42
April 14, 2026
2026-1526h
07/09
Amendment to SB 482-FN
Amend the bill by replacing all after the enacting clause with the following:
1 Statement of Findings. The general court finds that digital asset transaction kiosks are a legitimate financial service used by consumers to buy and sell digital assets; that the state of New Hampshire has positioned itself as a leader in the digital asset economy; and that these kiosks have been exploited by criminals to defraud consumers, particularly adults over age 60, who, according to the Federal Trade Commission, are more than 3 times as likely as younger adults to report losing money through such kiosks. It is the intent of the general court to protect vulnerable consumers from fraud while preserving a regulatory environment that supports lawful digital asset commerce in New Hampshire.
2 New Chapter; Digital Asset Transaction Kiosks. Amend RSA by inserting after chapter 358-T the following new chapter:
CHAPTER 358-U
DIGITAL ASSET TRANSACTION KIOSKS
358-U:1 Statement of Purpose. It is the intent of the general court that this chapter establish reasonable and uniform consumer protections while permitting lawful and responsible digital asset transaction kiosk operations. Nothing in this chapter shall be construed to prohibit an operator from adopting policies or practices that provide greater protections to consumers than the minimum standards established in this chapter.
358-U:2 Definitions. In this chapter:
I. "Authorized delegate" means a person or entity contractually authorized by an operator to perform identity verification or other services on behalf of the operator in connection with kiosk transactions, including a third-party identity verification service.
II. "Customer" means a natural person who initiates or completes a transaction at a kiosk.
III. "Digital asset" means a digital representation of value recorded on a cryptographically secured distributed ledger or blockchain, including cryptocurrency.
IV. "Digital asset transaction kiosk" or "kiosk" means a self-service electronic terminal located in a public or retail setting that enables a person to buy, sell, or transfer a digital asset using cash or another payment method. The term does not include a general-purpose computer, mobile application, or web-based platform.
V. "Hold period" means the period of not less than 72 hours during which an operator delays the transmission or release of digital assets for a transaction initiated by a new customer, as described in RSA 358-U:4, I(a).
VI. "New customer" means a person who is using a kiosk operated by a particular operator for the first time, or whose identity was first verified by that operator fewer than 72 hours before the transaction in question, measured from the time the operator completed its initial identity-verification procedures for that customer.
VII. "New customer period" means the 72-hour period during which a customer is a new customer as defined in paragraph VI of this section.
VIII. "Operator" means a person or entity that owns, manages, or controls one or more kiosks in this state, whether directly or through a third-party host location.
IX. "Reference price" means a contemporaneous price for the digital asset derived from a publicly accessible exchange or composite index that is verifiable by the customer.
358-U:3 Identity Verification and Operator Obligations.
I. Prior to accepting payment from a customer at a digital asset transaction kiosk, the kiosk operator, or its authorized delegate, shall verify the identity of the customer in a manner consistent with applicable state and federal laws, including the Bank Secrecy Act, 31 U.S.C. section 5311 et seq., and regulations promulgated thereunder. Notwithstanding RSA 263:12, X, an operator or its authorized delegate may scan, record, store, or retain personal information from a driver's license or other government-issued identification for the sole purpose of verifying the customer's identity and preventing fraud, provided that the operator complies with the data privacy requirements of RSA 358-U:4, VI and with applicable federal law.
II. An operator shall not permit a transaction to be conducted under any false, fictitious, or assumed identity.
III. Each operator performing business in this state shall maintain a dedicated communications line for government agencies, accessible via a toll-free United States telephone number or monitored electronic mail address posted at each kiosk. The operator shall respond to inquiries received through said communications line within one business day.
IV. An operator that has a reasonable basis to believe a customer is a victim of fraud or is being directed by a third party to conduct a transaction may report such activity to local law enforcement or the department of justice, consumer protection and antitrust bureau. No operator shall be subject to civil liability for making or declining to make such a report in good faith.
V. Within 90 days of commencing kiosk operations in this state, and annually thereafter, each operator shall file a written notice with the department of justice, consumer protection and antitrust bureau, stating the operator's legal name, principal business address, a contact telephone number and electronic mail address, and the number and general locations of kiosks operated in this state. No fee shall be required. Failure to file shall not, by itself, constitute a violation of this chapter but may be considered by the attorney general in determining remedies for any other violation.
358-U:4 Core Consumer Protections.
I.(a) An operator shall delay the transmission or release of digital assets for each transaction initiated by a new customer for a period of not less than 72 hours from the time the customer confirms the transaction at the kiosk, after which time the operator may complete the transaction.
(b) The total dollar value of all digital asset transactions initiated by a new customer during the new customer period shall not exceed $3,000 in United States dollar value.
(c) During the hold period under subparagraph (a), a new customer may request cancellation of any held transaction. The operator shall refund the entire amount, including all fees, within 5 business days of receiving the request.
II. The requirements of this paragraph shall apply to all transactions, whether initiated by a new customer or an existing customer.
(a) Before accepting funds, each kiosk shall display warnings in a manner reasonably calculated to be noticed and understood by the customer, including that no government agency, law enforcement body, court, utility, bank, technology support service, employer, or retailer will ever demand payment by a kiosk or crypto ATM and that digital asset transactions are irreversible and that losses due to fraudulent or accidental transactions may not be recoverable.
(b) The kiosk shall require the customer to respond to fraud-screening prompts before the transaction may proceed, including whether the customer is being directed or coached by another person and whether the customer is the owner or intended beneficiary of the destination wallet address. Operators shall have the flexibility to update warning content and screening prompts as fraud tactics evolve, provided that any updated prompts remain consistent with the purposes of this chapter.
(c) If the customer indicates that another person is directing or coaching the transaction, or that the customer is not the owner or intended beneficiary of the destination wallet address, the kiosk shall block the transaction and display contact information for local law enforcement and the department of justice, consumer protection and antitrust bureau.
(d) Each kiosk shall display a clearly visible and legible warning on its physical exterior, readable before a customer begins a transaction, stating in substance: "WARNING: No government agency, bank, or business will ever ask you to pay by crypto ATM. If someone is telling you to use this machine, it may be a scam." The warning shall be printed in a font size of no less than 28 points. The operator shall be responsible for ensuring the warning remains displayed and legible at all times the kiosk is available for use.
III.(a) Operators shall use commercially available blockchain analytics software, of a type generally accepted in the digital asset industry, to screen and block transfers to or from wallet addresses flagged for association with scams, theft, sanctions violations, or other illicit activity.
(b) Operators shall maintain written anti-fraud and consumer protection policies and shall make such policies available for inspection by the department of justice, consumer protection and antitrust bureau, or by any member of the general public, upon request. The operator shall respond within 10 business days and may provide the policies in electronic form. An operator may redact proprietary security measures whose disclosure would undermine the anti-fraud program but shall inform the requestor that redactions have been made.
IV.(a) Before accepting funds, the kiosk shall disclose on-screen the reference price for the digital asset, all applicable fees, and the spread between the operator's price and the reference price expressed as a percentage of the reference price.
V. Upon completion of a transaction, the kiosk shall provide a printed or electronic receipt, including by text message, electronic mail, or online customer portal. The receipt shall include, at a minimum:
(a) The operator's legal name.
(b) A toll-free live customer service telephone number.
(c) The kiosk's physical location.
(d) The date and time of the transaction.
(e) The name and quantity of the digital asset.
(f) The reference price at the time of the transaction.
(g) The spread expressed as both a percentage and a dollar amount.
(h) All fees charged.
(i) The total amount paid by the customer.
(j) The destination wallet address or voucher identification number.
(k) Any applicable cancellation code.
(l) The operator's refund or cancellation policy.
VI.(a) Operators shall limit data collection to information reasonably necessary to verify the customer's identity and to comply with applicable state and federal laws. Data collected pursuant to this chapter shall not be used for any purpose other than verifying the identity of customers and complying with applicable law.
(b) An operator shall not condition a customer's access to a kiosk on the customer's agreement to receive marketing or promotional materials.
(c) A customer shall have the right to opt out of receiving marketing or promotional materials from the operator at any time, and the operator shall honor such request within 10 business days.
(d) An operator and any authorized delegate or third party that receives or processes photographs, facial images, biometric data, or copies of government-issued identification documents on behalf of the operator shall securely destroy or delete such data within 30 days after the date of collection, unless retention for a longer period is required by applicable federal law. The operator shall ensure by contract that any authorized delegate or third party complies with this requirement.
358-U:5 Preemption. No municipality or political subdivision of this state shall enact, adopt, or enforce any ordinance, resolution, or regulation governing the operation of digital asset transaction kiosks that is more restrictive than the provisions of this chapter. Any such ordinance, resolution, or regulation in effect on the effective date of this chapter shall be unenforceable to the extent that it conflicts with this chapter.
358-U:6 Remedies.
I. Any violation of this chapter shall constitute an unfair or deceptive act or practice within the meaning of RSA 358-A:2. Any right, remedy, or power set forth in RSA 358-A, including the investigative and enforcement authority of the attorney general, may be used to enforce the provisions of this chapter.
II. The rights, obligations, and remedies provided in this chapter shall be in addition to any other rights, obligations, or remedies provided for by law or in equity.
III. Notwithstanding RSA 358-A:10 or any other provision of law, no private right of action shall arise under this chapter, and no person shall have standing to bring a private civil action to enforce any provision of this chapter or to recover damages for an alleged violation of this chapter, whether such action is brought under this chapter, under RSA 358-A, or under any common-law or equitable theory arising from or relating to the subject matter of this chapter. Enforcement of the provisions of this chapter shall be exclusively by the attorney general pursuant to RSA 358-A.
IV. An operator that demonstrates compliance with all applicable provisions of this chapter at the time of a transaction shall not be subject to enforcement under this chapter solely because a third party defrauded the customer. The operator bears the burden of demonstrating compliance by a preponderance of the evidence.
358-U:7 Severability. If any provision of this chapter, or the application thereof to any person or circumstance, is held invalid, the invalidity shall not affect other provisions or applications of this chapter, which can be given effect without the invalid provision or application. To this end, the provisions of this chapter are severable.
3 Effective Date. This act shall take effect 180 days after its passage.