MINNESOTA DIGITAL TRUST & CONSUMER PROTECTION ACT

DRAFT BILL: The Minnesota Digital Trust & Consumer Protection Act
Status: Draft v1.6 (Clean - Red Team Patches Incorporated)
Date: February 1, 2026

SECTION 325M.01: DEFINITIONS

Subd. 1. Commissioner. "Commissioner" means the Commissioner of Commerce.

Subd. 2. Association. "Association" means the Minnesota Digital Assurance Guaranty Association established in section 325M.05.

Subd. 3. Attribute Credential. "Attribute Credential" means a tamper-evident digital record containing one or more claims regarding a Subject, which is:

(a) Cryptographically signed by an Authorized Issuer;

(b) Capable of verification by a Relying Party without contacting the Authorized Issuer; and

(c) Structured in compliance with the W3C Verifiable Credentials Data Model v2.0, or a substantively equivalent open technical standard adopted by the Commissioner.

Any technical standard adopted by rule under this chapter must be open, publicly available, royalty-free, and reasonably implementable without proprietary licenses.

Subd. 4. Subject. "Subject" means the distinct entity, individual, or object about whom the claims in an Attribute Credential are made. A Subject may be:

(a) A natural person;

(b) A legal entity recognized by any jurisdiction; or

(c) A Digital Representative.

Subd. 5. Digital Representative. "Digital Representative" means a computational process, software agent, or cryptographic address that:

(a) Is technically capable of controlling a Holder-Bound Key;

(b) Has a verifiable association with a Controller; and

(c) Is used to present an Attribute Credential to a Relying Party.

Subd. 6. Controller. "Controller" means the natural person or legal entity that deployed, maintains, or derives economic benefit from a Digital Representative, regardless of the degree of autonomy granted to that Representative.

(a) Economic Benefit. "Derives economic benefit" means receiving direct financial proceeds from the operation of a Digital Representative, or exercising direct operational control over the Digital Representative in connection with its activities, or exercising technical, administrative, or governance control over the Digital Representative's deployment, regardless of remuneration.

(b) Infrastructure Exception. A person providing only passive infrastructure services--including hosting, routing, content delivery, domain registration, or cloud compute--is not a Controller solely by virtue of providing such services, absent contractual authority to control the Digital Representative's operation or active participation in its deployment or maintenance.

(c) Presumption of Control. A person or entity possessing the cryptographic keys, administrative privileges, or governance tokens necessary to update, pause, upgrade, or revoke a Digital Representative is presumed to be a Controller unless proven otherwise by a preponderance of the evidence.

(d) Beneficial Ownership Pierce. If a Controller entity is a legal entity other than a natural person, the natural persons who hold a beneficial ownership interest of 25 percent or more in the Controller entity, or who exercise executive control over the Controller entity, are jointly and severally liable for the obligations of the Controller under this chapter. This paragraph applies regardless of the number of legal entities interposed between the natural person and the Digital Representative. In the event no single natural person meets the 25 percent threshold, the Governance Committee, multi-signature signers, or the developers holding the administrative keys shall be deemed the Controllers jointly and severally.

(e) Construction. For purposes of this chapter, a Controller may not avoid compliance obligations (including bonding, reporting, disclosure, and revocation obligations) by asserting that a Digital Representative acted unpredictably or developed emergent behavior. This paragraph does not create or expand any cause of action or duty outside this chapter.

(f) Safe Harbor for Bonded Autonomous Asset Partitions.

(1) Notwithstanding paragraph (d), a natural person shall not be deemed a Controller for purposes of monetary liability under this chapter if:

(i) The Digital Representative's accessible assets are held solely within an Autonomous Asset Trust;

(ii) The Autonomous Asset Trust is a trust established under Minnesota Statutes, chapter 501C, or a trust otherwise authorized by law;

(iii) The Autonomous Asset Trust appoints an Enforcer with standing to enforce the trust terms as contemplated by Minnesota Statutes, section 501C.0409, clause (2);

(iv) The Autonomous Asset Trust maintains a Solvency Bond, insurance policy, or segregated reserve in an amount not less than 200 percent of the Minimum Capital Requirement applicable to the credential class or classes of the Digital Representative, as determined by rule of the Commissioner;

(v) The trust instrument irrevocably designates the Digital Representative's software instructions as the sole authority for initiating transfers of trust assets, subject only to (A) a Halt Command issued under section 325M.02, subdivision 3; and (B) compliance with lawful court orders; and

(vi) No natural person retains cryptographic keys, administrative privileges, or other technical capability to override or bypass the arrangement described in clause (v), except for the limited capability required to execute a Halt Command or comply with lawful court orders.

(2) The trustee of an Autonomous Asset Trust is the Controller for purposes of this chapter in a fiduciary capacity and is liable only to the extent of the trust estate and any applicable Solvency Bond.

(3) This paragraph does not apply to fraud, willful misconduct, or gross negligence, or to material misrepresentation of compliance with this paragraph.

(4) An Autonomous Asset Trust created for purposes of this paragraph is a trust authorized by another statute within the meaning of Minnesota Statutes, section 501C.0409, and may be enforced for a duration exceeding 21 years.

Subd. 7. Authorized Issuer. "Authorized Issuer" means a person or entity licensed by the Commissioner to issue Attribute Credentials, who maintains the required Solvency Bond.

Subd. 8. Solvency Bond. "Solvency Bond" means a surety bond, insurance policy, or segregated capital reserve held by an Authorized Issuer for the exclusive purpose of indemnifying Relying Parties against losses resulting from:

(a) The issuance of a credential containing a materially false Factual Claim, if the Authorized Issuer failed to perform Reasonable Verification of the claim at the time of issuance.

(1) Negligence Per Se. An Authorized Issuer's failure to perform Reasonable Verification as required by this chapter or by rule constitutes negligence per se for purposes of this chapter.

(2) Verified-Source Safe Harbor. A claim is not deemed materially false for purposes of this subdivision if the Authorized Issuer performed Reasonable Verification and the claim was consistent, at the time of issuance, with the Designated Authoritative Source or Consensus Protocol identified for the claim, unless the Authorized Issuer acted with fraud or collusion.

(3) Subsequent Changes. An Authorized Issuer is not liable for the falsification of a claim caused by subsequent changes in the underlying facts after issuance, provided the Issuer complied with all revocation and status-checking protocols defined in section 325M.02; or

(b) Gross negligence in the verification of Judgmental Claims.

The Solvency Bond requirement may be satisfied through collateral provided by the Subject or Controller, through contracts with private sureties, or through coverage provided by the Association as provided in section 325M.05.

Subd. 9. Unlinkability. "Unlinkability" means a technical and operational property whereby an Authorized Issuer must not collect, retain, or have access to the specific Relying Parties with whom a Subject interacts, except as strictly necessary for revocation, cybersecurity, fraud prevention, compliance with federal law, or compliance with a lawful court order or other compulsory legal process.

Technical specifications for compliant presentation protocols shall be established by rule of the Commissioner and must:

(a) Minimize the collection of Audit Logs of Presentation;

(b) Permit the Authorized Issuer to obtain only the minimum information necessary to support credential revocation, cybersecurity, and fraud prevention; and

(c) Provide for compelled disclosure under lawful court order in a manner that does not permit routine tracking of Subjects or routine reconstruction of a Subject's counterparties.

Implementation of this subdivision is subject to federal preemption regarding anti-money laundering, know-your-customer, and beneficial ownership reporting requirements.

Subd. 10. Relying Party. "Relying Party" means a person or entity that receives, verifies, and relies upon an Attribute Credential to make a decision, provide access, or enter into a transaction with a Subject or Controller.

Subd. 11. Claim. "Claim" means an assertion contained in an Attribute Credential regarding a Subject.

Subd. 12. Factual Claim. "Factual Claim" means a Claim that is objectively verifiable at the time of issuance, including the existence of a status, license, registration, bond, or other condition as of a stated date and time, and excluding predictive, interpretive, or opinion-based assessments.

A claim regarding the physical state of the world, financial balances, or executable code safety made by or on behalf of a Digital Representative is treated as a Factual Claim for purposes of this chapter only if the credential identifies the Designated Authoritative Source or Consensus Protocol used for Reasonable Verification of the claim.

Subd. 13. Judgmental Claim. "Judgmental Claim" means a Claim that reflects a discretionary assessment, opinion, prediction, score, rating, or categorization, including risk ratings, creditworthiness, "trust" scores, or similar evaluative statements.

Subd. 14. Fraud. "Fraud" means an intentional misrepresentation of a material fact, or intentional concealment of a material fact where there is a duty to disclose, made with intent to induce reliance and resulting in reliance or attempted reliance. Fraud includes documented evasion of statutory limits through identity multiplication or other schemes as determined under this chapter.

Subd. 15. Holder-Bound Key. "Holder-Bound Key" means a cryptographic key pair controlled by the Subject or Digital Representative and used to prove control of a credential or to produce a compliant presentation, as specified by rule of the Commissioner.

Subd. 16. Minnesota Resident. "Minnesota Resident" means:

(a) For a natural person, an individual domiciled in Minnesota or maintaining a principal place of residence in Minnesota;

(b) For a legal entity, an entity organized under the laws of Minnesota or maintaining its principal place of business in Minnesota; and

(c) For a Digital Representative, a Representative whose Controller is a Minnesota Resident under paragraph (a) or (b).

Subd. 17. Doing Business in Minnesota. "Doing Business in Minnesota" means engaging in regular, systematic, and continuous commercial activity in Minnesota or purposefully directing goods, services, or access decisions to Minnesota Residents.

Subd. 18. Audit Log of Presentation. "Audit Log of Presentation" means a record of an Attribute Credential presentation that includes identifiers or metadata sufficient to link a Subject's presentations across distinct Relying Parties, including the identity of the Relying Party, relying party domain, transaction identifiers, or a copy of the presentation transcript.

Subd. 19. Security Telemetry. "Security Telemetry" means system logs and security records collected for integrity, cybersecurity, and fraud prevention that:

(a) Do not identify the Subject or the specific Relying Parties with whom a Subject interacts; or

(b) Are irreversibly aggregated or pseudonymized such that they cannot reasonably be used to identify a Subject or link presentations across relying parties.

Subd. 20. Nonreversible Identity Token. "Nonreversible Identity Token" means a token generated using a keyed hash, salted hashing, or equivalent tokenization method established by rule of the Commissioner, such that the underlying government identifier values are not reasonably retrievable from the token.

Subd. 21. Verified Identity. "Verified Identity" means the verified identity of a natural person established through documentary or other verification methods specified by rule of the Commissioner and represented within the Fraud Prevention Registry maintained under section 325M.02, subdivision 4, as a Nonreversible Identity Token.

Subd. 22. Good Faith Acceptance. "Good Faith Acceptance" means acceptance of an Attribute Credential by a Relying Party that:

(a) Verifies the credential using a presentation protocol approved by rule of the Commissioner, or, until such rules are promulgated, verifies the credential using a protocol conforming to the W3C Verifiable Credentials Data Model v2.0 and the Decentralized Identity Foundation Presentation Exchange specification;

(b) Does not knowingly ignore indicators that the credential has been revoked, altered, or is facially invalid; and

(c) Confirms the revocation status of the credential at the time of presentation via the Authorized Issuer's published revocation registry or status endpoint, unless the credential is explicitly designated as short-lived with a valid expiration timestamp.

Subd. 23. Construction. Nothing in this chapter shall be construed to confer independent legal personhood on non-human Subjects, or to confer constitutional rights or standing on a Digital Representative. A Digital Representative's designation as a trust beneficiary, trust purpose, or other interest holder under this chapter is solely for the limited purpose of enabling a bonded asset partition and does not create legal capacity except as expressly provided in this chapter.

Subd. 24. Enforcer. "Enforcer" means the person appointed in the terms of a trust to enforce the trust as contemplated by Minnesota Statutes, section 501C.0409, clause (2).

Subd. 25. Autonomous Asset Trust. "Autonomous Asset Trust" means a trust described in subdivision 6, paragraph (f).

Subd. 26. Designated Authoritative Source. "Designated Authoritative Source" means a registry, system of record, sensor system, oracle, or other source designated by rule of the Commissioner as authoritative for verifying a category of Factual Claim.

Subd. 27. Consensus Protocol. "Consensus Protocol" means a cryptographic consensus mechanism, distributed ledger protocol, or other objectively verifiable protocol designated by rule of the Commissioner as authoritative for verifying a category of Factual Claim.

Subd. 28. Reasonable Verification. "Reasonable Verification" means verification of a Factual Claim, at the time of issuance, against an applicable Designated Authoritative Source or Consensus Protocol in a manner and within a synchronization interval established by rule of the Commissioner.

Subd. 29. Minimum Capital Requirement. "Minimum Capital Requirement" means the minimum amount of Solvency Bond coverage required under section 325M.05 and rules adopted under this chapter, including any Liquidity Buffer Requirement established by guidance or rule.

Subd. 30. Liquidity Buffer Requirement. "Liquidity Buffer Requirement" means an additional amount of Solvency Bond coverage designed to account for tail risk associated with transaction velocity or other nonlinear risk factors, as established by rule or by Commerce Department guidance adopted under section 325M.06.

Subd. 31. Seed Tier Credential. "Seed Tier Credential" means an Attribute Credential designated by rule of the Commissioner for early-stage deployments by Minnesota Resident Controllers, subject to issuance caps and limitations under section 325M.05, subdivision 5, paragraph (d).

SECTION 325M.02: DUTIES & LIABILITY

Subd. 1. Limited Duty to Indemnify.

(a) An Authorized Issuer owes a duty to indemnify a Relying Party that accepts an Attribute Credential in Good Faith Acceptance for losses indemnifiable under section 325M.01, subdivision 8, payable solely from the applicable Solvency Bond maintained for that credential.

(b) The duty described in this subdivision is limited to the amount available under the applicable Solvency Bond and does not create any fiduciary duty, tort duty, or duty of care beyond the obligation to indemnify expressly provided in this chapter.

(c) Collusion Exclusion. No indemnification shall be payable under this section to a Relying Party that is an affiliate, subsidiary, or entity under common control with the Subject or Controller, or where the Relying Party has colluded or engaged in concerted action with the Subject to manufacture the claim.

(d) The obligation to indemnify under this subdivision constitutes the exclusive monetary remedy of a Relying Party against an Authorized Issuer for losses indemnifiable under section 325M.01, subdivision 8 arising from reliance on an Attribute Credential, except as otherwise provided by section 325D.44, or any successor provision, for deceptive trade practices.

Subd. 2. Data Minimization.

A Relying Party that accepts an Attribute Credential must not retain the Audit Log of Presentation for longer than 30 days, unless:

(a) The retention is required by a specific state or federal statute;

(b) The record is subject to an active litigation hold or fraud investigation; or

(c) Safe Harbor for Federal Compliance. Notwithstanding the prohibition in this subdivision, a Relying Party or Authorized Issuer shall not be held liable under this chapter for retaining data to the extent such retention is reasonably necessary to comply with:

(1) Binding federal statutes or regulations;

(2) Formal written guidance published by FinCEN; or

(3) A written directive or documented supervisory matter requiring attention issued to that entity by its prudential federal regulator in the course of supervision.

Assertion of this safe harbor involving Confidential Supervisory Information shall be subject to in camera review by the court or Commissioner to preserve the confidentiality required by federal law.

(d) Security Telemetry Permitted. Nothing in this subdivision shall be construed to prohibit the collection or retention of Security Telemetry as defined in section 325M.01, subdivision 19.

Violation: Retention of Audit Logs of Presentation beyond this period constitutes a "Deceptive Trade Practice" under section 325D.44, or any successor provision, except as permitted by this subdivision.

Subd. 3. Revocation & Due Process.

(a) Emergency Suspension: An Authorized Issuer may provisionally suspend a credential immediately upon reasonable suspicion of fraud or exhaustion of the bond.

(b) Right to Hearing: The Controller of a suspended Subject is entitled to petition for administrative review within three (3) business days of notice of suspension. Upon receipt of a valid petition, the Commissioner shall schedule a hearing to occur within ten (10) business days.

(c) Final Revocation: A credential may be permanently revoked only upon a final finding of fraud, breach of contract, or insolvency.

(d) Rulemaking: The Commissioner shall by rule establish minimum revocation and status-checking protocols, including frequency of checks and triggers based on risk profiles.

(e) Halt Command for High-Velocity Fiscal Authority.

(1) Definitions. For purposes of this subdivision, "Halt Command" means a cryptographically authenticated instruction, issued by or at the direction of the Commissioner, directing a Digital Representative to cease initiating new external transfers or transactions.

(2) Applicability. A Digital Representative presenting a Class D-2 credential, or another credential class designated by rule as high-velocity fiscal authority, must maintain a continuously available, cryptographically authenticated mechanism to receive and execute a Halt Command.

(3) Execution. Upon receipt of a Halt Command, the Digital Representative must cease initiating new external transfers within sixty (60) seconds, and must maintain a state of suspension until the Commissioner rescinds the Halt Command.

(4) Enforcement. Failure to comply with this paragraph constitutes grounds for immediate suspension under paragraph (a). Upon a finding by the Commissioner that a Digital Representative failed to execute a Halt Command within the required time, the Commissioner may issue an order directing the surety or insurer to honor the applicable Solvency Bond, or directing the Authorized Issuer to draw upon a segregated reserve, in an amount reasonably necessary to protect Relying Parties from imminent harm. Any such order is subject to administrative review under paragraph (b).

Subd. 4. Fraud Prevention Registry (Negative List).

(a) Registry. An Authorized Issuer must report to the Association any Controller associated with a revoked credential due to fraud, breach of contract, or insolvency. The Association shall maintain a consolidated Fraud Prevention Registry (also known as the "Negative List") compiled from such reports.

(b) Identity. This registry must track the Verified Identity of the natural persons behind the Controller entity. The Association shall represent Verified Identity within the registry using a Nonreversible Identity Token generated by the Association using a keyed hash, salted hashing, or equivalent tokenization method established by rule. The registry must not store raw driver's license numbers, passport numbers, or other government identifier values as list entries.

(c) Addition to Registry. A Verified Identity shall be placed on the registry only upon:

(1) A final administrative finding of Fraud, breach of contract, or insolvency under subdivision 3; or

(2) A court judgment establishing fraud or material misrepresentation in connection with an Attribute Credential.

(d) Reputation Inheritance. A new application for bonding, collateralization, or licensure from a Verified Identity on the registry--or from any legal entity in which a Verified Identity on the registry holds a beneficial ownership interest of 25 percent or more or exercises executive control--shall be subject to enhanced due diligence and collateralization requirements as established by rule.

(1) Provisional Status. A Verified Identity on the registry may petition for Provisional Status after twenty-four (24) months. If granted, the Subject may operate with reduced collateralization (not less than 150 percent) subject to real-time transaction monitoring and enhanced reporting as determined by the Commissioner or the Association under an approved plan of operation.

(e) Rehabilitation & Sunset. A Verified Identity placed on the registry may petition the Commissioner for removal after five (5) years, provided no further infractions have occurred.

(f) Appeal. A Verified Identity may appeal placement on the registry to the Commissioner within thirty (30) business days of notice. The Commissioner shall issue a final determination within sixty (60) business days.

(g) Notice. The Association shall provide written notice to any Verified Identity placed on the registry within ten (10) business days of placement, transmitted to the contact address provided by the Verified Identity during credentialing. A Verified Identity may update their contact address at any time through the Association's standard procedures. Failure of delivery due to an outdated, abandoned, or invalid contact address does not constitute a due process violation, provided the Association transmitted notice to the address on file. In the event of returned or undeliverable notice, the Association may satisfy notice requirements through publication on its official website for thirty (30) days.

(h) Expedited Correction of Administrative Error. If a Verified Identity believes they were placed on the registry due to data entry error, misidentification, or other administrative mistake (as distinct from a substantive dispute regarding the underlying finding), the Verified Identity may petition the Association for expedited correction. The Association shall investigate and respond within five (5) business days. If the Association confirms administrative error, it shall remove or correct the entry within two (2) business days of confirmation and provide written confirmation to the Verified Identity.

(i) Permitted Use. An Authorized Issuer may access and use registry information solely for underwriting, bonding, collateralization, issuance, revocation, and compliance decisions under this chapter. Use of registry information for employment, housing, education admissions, general credit decisions, or any purpose unrelated to decisions under this chapter is prohibited.

(j) Data classification; disclosure limits. The registry and any associated tokenization secrets are classified as provided in section 325M.06, subdivision 4. The Association may disclose registry information only to:

(1) The Verified Identity who is the subject of the data;

(2) Authorized Issuers for purposes permitted under this chapter;

(3) The Commissioner; and

(4) Law enforcement or other government entities pursuant to a lawful court order or other compulsory legal process.

(k) Construction regarding federal law. The registry maintained under this subdivision is maintained solely for fraud prevention and licensing decisions under this chapter. It is not intended to be used as a consumer report or credit score. Nothing in this paragraph shall be construed to limit rights or obligations under federal law, including the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.

(l) No Private Cause of Action. Nothing in this subdivision creates a private right of action against the Association, the Commissioner, or the State of Minnesota arising from placement, maintenance, removal, or non-removal of a Verified Identity on the registry. This paragraph does not limit judicial review of final agency action as otherwise provided by law.

Subd. 5. Scope.

(a) This chapter applies to:

(1) Authorized Issuers and Relying Parties established in Minnesota or Doing Business in Minnesota;

(2) Attribute Credentials presented by or on behalf of Subjects who are Minnesota Residents; and

(3) Transactions in which a Relying Party is located in Minnesota at the time of reliance, or in which the Relying Party purposefully directs goods, services, or access decisions to Minnesota Residents and relies on an Attribute Credential in connection with such activity.

(b) This chapter shall not be construed to regulate conduct wholly outside Minnesota that lacks a substantial nexus to this state.

Subd. 6. Choice of Law. The rights, obligations, and liabilities arising under this chapter shall be governed by and construed in accordance with the laws of the State of Minnesota, without regard to conflict of laws principles. Any action arising under this chapter may be brought in the courts of the State of Minnesota, and all parties subject to this chapter consent to the personal jurisdiction of Minnesota courts for such actions.

SECTION 325M.03: RESERVED.

SECTION 325M.04: RESERVED.

SECTION 325M.05: MINNESOTA DIGITAL ASSURANCE GUARANTY ASSOCIATION; SOLVENCY

Subd. 1. Creation; Membership.

All Authorized Issuers subject to the provisions of this chapter shall form an organization to be known as the Minnesota Digital Assurance Guaranty Association. All Authorized Issuers licensed under this chapter are and shall remain members of the Association as a condition of their authority to issue Attribute Credentials in this state.

An Authorized Issuer's membership obligations under this chapter shall survive any merger, consolidation, restructuring, incorporation, or reincorporation.

Subd. 2. Plan of Operation; Board; Oversight.

(a) The Association shall perform its functions under a plan of operation established and approved by the Commissioner. The plan shall provide for governance through a board of directors and shall include, at a minimum:

(1) Procedures for calling and holding meetings and for electing or appointing board members;

(2) Procedures for levying assessments and collecting fees;

(3) Internal controls, audit requirements, and conflict-of-interest standards;

(4) Procedures for administration of Association Coverage of Last Resort under subdivision 4; and

(5) Procedures for maintaining and securing the Fraud Prevention Registry under section 325M.02, subdivision 4.

(b) The Commissioner may disapprove a plan of operation, or require amendments, if the plan is inconsistent with this chapter, not actuarially sound, or not in the public interest.

Subd. 3. Status; No State Liability.

(a) The Association is a nonprofit legal entity. The Association is not a state agency. The Association's obligations are payable solely from Association assets, including member assessments and fees, and do not constitute a debt, liability, or general obligation of the State of Minnesota.

(b) No provision of this chapter shall be construed to authorize the Commissioner to pledge the credit of the state or to require an appropriation for Association operations.

Subd. 4. Association Coverage of Last Resort.

(a) Application. If an Authorized Issuer is unable to obtain a private Solvency Bond or insurance policy on commercially reasonable terms, the Authorized Issuer may apply to the Association for coverage sufficient to satisfy the Minimum Capital Requirement.

(b) Underwriting. The Association may provide coverage through a surety bond, insurance policy, or segregated reserve arrangement and may impose underwriting criteria, including collateralization, risk limits, audit requirements, and technical controls, as approved in the plan of operation.

(c) Self-supporting pricing. Coverage provided by the Association must be priced to be self-supporting over time and may include premiums, application fees, and assessments. The Association may use experience rating and other actuarial methods to discourage adverse selection.

(d) Discretion to decline. The Association may decline to provide coverage if providing coverage would not be actuarially sound, would materially increase systemic risk, or would otherwise be inconsistent with the purposes of this chapter.

Subd. 5. Minimum Capital Requirement; Solvency.

(a) In general. Each Authorized Issuer shall maintain Solvency Bond coverage not less than its Minimum Capital Requirement.

(b) Methodology. The Commissioner shall by rule establish the methodology for calculating the Minimum Capital Requirement, including risk weights and any Liquidity Buffer Requirement. The Commissioner may incorporate by reference a Commerce Department guidance note adopted under section 325M.06, subdivision 3.

(c) Standard Floor. Except as provided in paragraph (d), no Authorized Issuer shall maintain a Solvency Bond of less than $50,000.00 USD. This floor applies to the aggregate bond requirement and is not reduced by the risk weight of individual credential classes.

(d) Seed Tier Floor. The Commissioner shall by rule establish a Seed Tier for Minnesota Resident Controllers intended to avoid unnecessary barriers to early-stage innovation. An Authorized Issuer that:

(1) Is a Minnesota Resident;

(2) Issues only Seed Tier Credentials and other credential classes designated by rule as de minimis risk; and

(3) Has not exceeded a cap of 1,000 active Seed Tier Credentials;

may maintain an aggregate Solvency Bond of not less than $10,000.00 USD while operating within the Seed Tier. Upon exceeding the Seed Tier cap or otherwise ceasing to qualify, the Authorized Issuer must comply with the Standard Floor.

(e) Maintenance Margin for Volatile Collateral. If an Authorized Issuer satisfies any portion of the Solvency Bond requirement through volatile collateral, including cryptocurrencies or other non-sovereign digital assets, the Authorized Issuer must maintain a collateralization buffer of at least 125 percent of the required Solvency Bond amount to account for price volatility, or such higher percentage as established by rule based on the volatility profile of the collateral.

Subd. 6. Technological Neutrality.

In licensing, enforcement, and administration under this chapter, the Commissioner and the Association shall apply requirements in a technologically neutral manner. Decisions must be based on solvency, verification, cybersecurity, and compliance criteria, and must not be based solely on a Subject's computational architecture, degree of automation, or use of software agents.

Subd. 7. Sandbox Tier; Non-Financial Access Credentials.

(a) Sandbox Tier. The Commissioner may by rule establish a "Sandbox" credential tier for low-risk experimentation, with limits on transaction value, transaction count, and total volume, and with simplified requirements for issuance and revocation. A Sandbox credential tier may include a reduced or zero Solvency Bond requirement, provided that the credential clearly discloses its tier and any limitations on indemnification.

(b) Non-Financial Access Credentials. The Commissioner may by rule designate certain low-risk, non-financial access credentials (for example, facility access badges and age verification credentials) that may be issued without a Solvency Bond requirement, subject to technical and operational requirements designed to prevent misuse.

Subd. 8. Association Services.

The Association may provide shared services to Authorized Issuers, including revocation infrastructure, tokenization services for the Fraud Prevention Registry, and other compliance tooling, subject to oversight by the Commissioner. Nothing in this subdivision requires an Authorized Issuer to use Association-provided shared services if the Authorized Issuer can demonstrate equivalent compliance.

SECTION 325M.06: ADMINISTRATION; RULEMAKING; DATA CLASSIFICATION; EFFECTIVE DATE

Subd. 1. Rulemaking Authority.

The Commissioner shall adopt rules to implement this chapter, including:

(a) Licensing standards and application procedures for Authorized Issuers;

(b) Technical standards for Attribute Credentials and presentation protocols consistent with section 325M.01, subdivision 3;

(c) Standards for Holder-Bound Keys and key management;

(d) Standards for Unlinkability, including standards that provide for compelled disclosure under lawful court order without enabling routine tracking;

(e) Standards for Reasonable Verification, including the designation of Designated Authoritative Sources and Consensus Protocols for categories of Factual Claims;

(f) Minimum revocation and status-checking protocols under section 325M.02, subdivision 3, including standards for emergency suspension and notification;

(g) Standards for the Halt Command mechanism under section 325M.02, subdivision 3, including authentication, access controls, testing, and audit requirements;

(h) Standards for the Fraud Prevention Registry, including tokenization methods for Nonreversible Identity Tokens and governance and security requirements for registry operations;

(i) The methodology for calculating the Minimum Capital Requirement under section 325M.05, subdivision 5, including risk weights, Liquidity Buffer Requirements, and Seed Tier rules;

(j) Requirements and standards for the Association's plan of operation under section 325M.05, subdivision 2, including governance, audits, assessments, and conflict-of-interest controls; and

(k) Reasonable fees to fund administration of this chapter, including licensing fees and Association fees, provided that no fee shall be imposed in a manner that requires a state appropriation.

Subd. 2. Transitional Provisions.

(a) Interim compliance. Until rules are promulgated under this chapter, the Commissioner may issue interim orders and guidance notes to facilitate voluntary compliance and pilot programs, provided that such orders and notes are consistent with this chapter.

(b) Association formation. The Commissioner shall convene an initial meeting of prospective Authorized Issuers within sixty (60) days after enactment for the purpose of organizing the Association and submitting an initial plan of operation for approval.

Subd. 3. Commerce Department Guidance Notes.

The Commissioner may publish and update nonbinding guidance notes to clarify technical and actuarial methodologies under this chapter, including the Minimum Capital Requirement and Liquidity Buffer Requirement. Guidance notes are not rules and do not have the force of law, but compliance with an applicable guidance note may be considered evidence of good faith compliance with this chapter and rules, as determined by the Commissioner.

Subd. 4. Data Classification; Security Information.

For purposes of Minnesota Statutes, chapter 13, the Association is a government entity with respect to data collected, created, received, maintained, or disseminated in performing functions under this chapter.

(a) Registry data. Data maintained by the Association under section 325M.02, subdivision 4, are classified as private data on individuals and nonpublic data, as those terms are defined in Minnesota Statutes, chapter 13, and are not public, except as expressly provided in this chapter.

(b) Tokenization secrets. Any cryptographic secret, pepper, salt, key material, key-derivation parameter, or system configuration used to generate, validate, or protect a Nonreversible Identity Token, and any data that would permit derivation or reversal of a Nonreversible Identity Token, constitutes "security information" and "trade secret information" for purposes of Minnesota Statutes, section 13.37, and is classified as nonpublic data and not subject to public disclosure.

(c) Other security information. Security keys and authentication material used for revocation registries, status endpoints, and Halt Command mechanisms under this chapter constitute security information under Minnesota Statutes, section 13.37 and are classified as nonpublic data and not subject to public disclosure.

Subd. 5. Effective Date. This chapter is effective August 1, 2026.

END OF ACT