Section 33 of Kentucky's HB 380 mandates a cryptographic backdoor that doesn't exist and can't be built without destroying the security model it's meant to protect.

Dear President Stivers,

The Bitcoin Policy Institute (BPI) is a non-profit, non-partisan research and advocacy organization dedicated to advancing sound Bitcoin and digital asset policy. We write to share technical concerns about Section 33 of House Bill 380 and to respectfully urge the Kentucky Senate to remove that provision before passage. We also offer BPI as a resource to help address the underlying consumer concern through technically viable means.

Section 33 adds a new provision to KRS Chapter 369 that defines "hardware wallet provider" as "a person that offers or provides a hardware wallet" and mandates that such providers "[p]rovide a mechanism for, and assist any person who owns a hardware wallet that was provided by the provider with, resetting any password, pin, seed phrase, or other similar information that is necessary to access the contents of the hardware wallet." Violations are enforceable as unfair or deceptive trade practices by the Kentucky Attorney General under KRS 367.170, with the full range of remedies and penalties available under KRS 367.990.

A hardware wallet is a physical device to secure digital assets that generates and stores a user's cryptographic private keys offline, entirely on the device itself. When a user first sets up a hardware wallet, the device generates a seed phrase—a sequence of 12 or 24 words from which all of the user's private keys are mathematically derived—using cryptographically secure random number generation that never leaves the device. The seed phrase is never transmitted to or stored by the manufacturer, it resides entirely locally on the user's own device.

...read more at btcpolicy.org