Illinois Crypto Laws and Coinbase’s Preemption Push: What Crypto Firms Need to Know

Crypto regulation in the United States is in flux, shaped by overlapping pressures from Congress, federal agencies, and the marketplace itself. Coinbase recently asked the Department of Justice to support broad preemption of state laws in pending crypto market structure legislation to reduce what it calls the regulatory “patchwork” affecting intermediaries. At the same time, Illinois has enacted sweeping laws (SB 1797 and SB 2319) that vest regulatory power over digital asset businesses and crypto kiosks in the Illinois Department of Financial and Professional Regulation (IDFPR). For a crypto founder, these developments raise questions about strategy, compliance, and risk management. They also raise considerations about due process and legal oversight in state regulation.

The Coinbase and DOJ Preemption Push

Coinbase has formally asked the Department of Justice to send Congress a “views letter” recommending that any new federal crypto legislation include strong preemption provisions. Preemption means that when federal law speaks clearly, it overrides conflicting state laws. In this context, Coinbase wants federal rules to take priority over state “blue sky” securities laws and state licensing regimes that currently govern crypto intermediaries. The argument is that state-level regulation is increasingly inconsistent, costly, and hampers innovation.

Coinbase notes the fragmented nature of state oversight, pointing to lawsuits, cease-and-desist orders, divergent licensing regimes, and other enforcement activity, including recent actions in Oregon. These developments illustrate how varying state requirements can create overlapping, and at times conflicting, compliance obligations for crypto intermediaries.

These actions stem in part from the absence of consistent, binding federal rules, as rulemaking by the SEC, CFTC, and other agencies remains incomplete. Despite numerous agency statements signaling an intention to establish comprehensive oversight, there is still no unified federal regulatory regime for crypto. Coinbase’s position is that federal preemption would create clearer and more uniform obligations, reducing legal risk and operational friction for firms operating in multiple states.

Illinois’s New Laws: SB 1797 and SB 2319

On August 18, 2025, Governor J. B. Pritzker signed two bills into law in Illinois: the Digital Assets and Consumer Protection Act (DACPA, SB 1797) and the Digital Asset Kiosk Act (SB 2319). These are among the most significant state-level crypto regulatory laws passed in the Midwest.

SB 1797 gives IDFPR authority to regulate and supervise digital asset businesses and exchanges under a framework that includes customer disclosures, asset protections, cybersecurity, fraud prevention, and capital and liquidity requirements. SB 2319 focuses on digital asset kiosks, imposing registration requirements, caps on transaction size for new customers, fee caps, refund rights for scam victims, and consumer protection officer obligations. Certain consumer protection provisions take effect immediately, while registration deadlines extend out, in some cases to mid-2027. Illinois joins states like New York, California, and Louisiana in adopting robust digital asset regulation.

Yet it is also unclear whether the push to regulate crypto through administrative bodies, as led by Governor Pritzker, is entirely about consumer protection. It may also be part of a larger political battle with the federal government over jurisdiction. In effect, state regulators are stepping in to assert authority in an area where federal agencies have been slow to provide comprehensive rules. This raises questions about whether Illinois’s approach is designed to fill a genuine regulatory vacuum, or whether it is intended to push back against federal primacy in setting national standards for digital assets. If it is the latter, there are some risks for industry.

Procedural Safeguards, Agency Composition, and Legal Risk

While Illinois’s laws offer clarity and stronger consumer protections, they also raise several concerns from a founder’s perspective about legal process, institutional expertise, and risk of enforcement.

Unlike federal courts or Article III judges, who are appointed for life, insulated from political pressures, and bound by judicial precedents and constitutional due process protections, regulatory agencies like IDFPR are executive branch entities. Administrative panels within such agencies may not be composed of judges at all and, in some cases, decision-makers are not trained lawyers or experienced in applying constitutional or evidentiary standards. Their decisions often rest on rulemaking, administrative adjudication, or licensing and enforcement actions conducted without the full procedural safeguards of the judicial system.

Regulated firms may face examinations, penalties, or license revocation without a jury trial and without meaningful due process. In many cases there is only limited ability to appeal beyond administrative or state-court review.

Another concern is domain expertise. The SEC and CFTC, along with self-regulatory organizations like the NFA and FINRA, are staffed with individuals who have decades of deep technical and market experience in trading, clearing, and compliance. By contrast, the IDFPR has historically overseen professions and financial services and may generally lack staff with any background in crypto, DeFi, stablecoins, or algorithmic risk. Regulation at the state level could therefore create overlapping and sometimes conflicting obligations, meaning firms would face double regulation. Proceedings before such agencies can sometimes resemble improvised forums, with decision-makers lacking the legal training, independence, or procedural rigor expected in judicial settings, raising concerns about both fairness and predictability. This may ultimately push businesses to relocate or focus operations in states perceived as more crypto-friendly.

Procedural due process in state agency enforcement may also involve fewer protections. Administrative panels are not bound by federal precedent, and their decisions often reflect agency policy rather than established case law, leaving firms with fewer procedural protections. Burden of proof standards may shift, notice and opportunity to respond may be narrower, and property rights in customer assets or contracts may be subject to broad mandates. These differences create an enforcement environment that can feel unpredictable compared to federal regulators.

Implications for Crypto Firms

For crypto industry these developments carry several practical implications.

When deciding where to build or base operations, it is now essential to track both federal and state law developments. Illinois is one of the states with a detailed regulatory framework for digital asset businesses, and compliance obligations will affect any firm serving Illinois residents.

Founders should carefully evaluate whether their product or service will need to register under new laws like DACPA, especially if interacting with Illinois residents, operating kiosks, holding assets in custody, or offering exchange services.

It is also important to anticipate regulatory requirements beyond those already considered. Capital or liquidity reserves, cybersecurity and fraud programs, customer disclosures, refund obligations for scams, and kiosks’ transaction limits or fee caps could all apply.

Preparing early can make a significant difference. Document compliance policies, plan licensing strategies, and consider how to respond if the agency opens an examination. State enforcement may move more quickly than federal rulemaking, so firms must be ready.

Finally, legal risk is not only about the substance of requirements but also about process. How you will be treated, what rights you will have to challenge decisions, and what appeal mechanisms exist matter greatly. These issues could determine whether a firm survives a regulatory conflict.

Conclusion

Taken together, the Coinbase preemption push and Illinois’s new laws illustrate the double-edged sword facing the crypto industry in the United States. On one side is the promise of clarity and consumer protection. On the other is a patchwork of state enforcement that can expose firms to duplicative oversight and heightened risk.

Federal regulators such as the SEC, CFTC, NFA, and FINRA have deep experience and well-established processes, which makes their oversight more predictable even if burdensome. By contrast, state-level regulation often introduces uncertainty, with fewer procedural safeguards and the possibility of overlapping or duplicative requirements. For many businesses, this dynamic may encourage shifting operations to more crypto-friendly states or even to offshore jurisdictions.

State initiatives such as those in Illinois may not be entirely separate from broader political disputes with Washington. By assigning agencies like the IDFPR a prominent role in crypto oversight, state leaders risk creating a regulatory environment shaped as much by political rivalry as by policy considerations.

For founders, the best strategy involves engagement at both levels. Stay connected to federal policy debates to influence the scope of preemption and uniform standards. At the same time, build resilience by preparing for state frameworks like those enacted in Illinois. This is an area our firm watches closely, and we welcome inquiries from businesses seeking guidance on how these developments may affect their operations.

Sources

Letter from Paul Grewal, Legal Chief at Coinbase, to U.S. Department of Justice (2025).

IDFPR, Gov. Pritzker Signs Historic Legislation to Protect Consumers from Cryptocurrency Scams (Aug. 18, 2025), https://idfpr.illinois.gov/news/2025/gov-pritzker-signs-historic-legislation-to-protect-consumers-from-cryptocurrency-scams.html.