The Guiding and Establishing National Innovation for US Stablecoins Act — the GENIUS Act — passed the US Senate 68 to 30 on June 17, 2025, and the House 308 to 122 on July 17, 2025. The bipartisan margins were large enough that the legislation’s passage was never seriously in doubt once it cleared committee. What was left unresolved at enactment — deliberately, because these are technically and operationally complex questions — were the specific regulations governing issuer licensing requirements, capital adequacy standards, custody standards, anti-money laundering provisions, and a set of related operational requirements.
Those additional regulations are due from federal and state regulators on July 18, 2026. The gap between the GENIUS Act’s passage and the July 18 deadline is the compliance window most operators have underused. The regulation is law; the implementation details are the regulation within the regulation; and the deadline is 61 days away.
This piece examines what the July 18 deadline actually requires, who it applies to, and where the compliance gaps are most likely to be found — particularly for Web3 businesses that use stablecoins operationally rather than issuing them directly.
What the GENIUS Act Actually Requires at the Legislation Level
The GENIUS Act establishes a federal framework for “payment stablecoins” — defined as digital assets issued by an entity that is required to redeem them for a fixed value. The definitional boundary matters: stablecoins that do not meet the “payment stablecoin” definition as written — algorithmic stablecoins, yield-bearing tokens, or tokens whose value floats — are not directly covered by the GENIUS Act framework, though they may be subject to other securities regulation.
The legislation’s core requirements at the statutory level include 1:1 reserve backing with cash or short-term Treasuries, monthly reserve disclosure, legal protections for stablecoin holders in the event of issuer insolvency, and a framework for both domestic and foreign issuers to operate in the US market. Foreign issuers may offer stablecoins in the US subject to Treasury’s determination that their home-country regulatory regime is comparable to the GENIUS Act framework.
Critically, the GENIUS Act explicitly states that permitted payment stablecoins are not securities under federal securities law. This removes the most significant source of regulatory uncertainty that had frozen institutional stablecoin issuance since the SEC’s 2023 enforcement campaign. For institutional players — banks, trust companies, non-bank entities with federal approval — the legal path to stablecoin issuance is now defined at statute level.
What is not defined at statute level — and this is the core of the July 18 deadline — are the operational specifics. The legislation directs regulators to issue rules on issuer licensing, capital requirements, custody standards, AML/BSA compliance, and a range of other technical requirements. Those rules become effective July 18, 2026. Until they are issued, compliant stablecoin issuance under the GENIUS Act framework cannot begin in earnest.
What the July 18 Regulations Will Govern
Based on the legislative text and regulatory comment processes that have been underway since the GENIUS Act’s enactment, the July 18 regulations are expected to address several key areas where current operational practice falls short of the forthcoming requirements.
Issuer licensing and eligibility. The GENIUS Act creates tiered licensing categories: federally chartered banks and credit unions may issue stablecoins under their existing charters; non-bank entities must obtain federal approval from the Office of the Comptroller of the Currency or equivalent; state-chartered entities may operate under state licensing regimes that meet federal minimum standards. The specific requirements for each tier — capital thresholds, operational standards, examination schedules — are what the July 18 regulations will specify. Non-bank entities that have been operating stablecoin programs informally — and several have — need federal approval under the forthcoming rules before continuing.
Reserve composition and custody standards. The 1:1 reserve requirement is clear in the statute; the permitted reserve composition and custody arrangements are not. Are overnight repo agreements permissible as primary reserve instruments? Which custodians are approved? What haircuts apply to assets other than cash? These questions have significant operational implications for issuers. Circle’s USDC, which holds reserves primarily in cash and short-duration Treasuries at approved financial institutions, is likely positioned well — but the exact custody standards will determine whether its current arrangements require any modification.
AML and Bank Secrecy Act compliance. The GENIUS Act subjects stablecoin issuers to Bank Secrecy Act obligations — the same framework that applies to banks and money services businesses. For issuers that have been operating without full BSA compliance programs, this is not a minor adjustment. It requires a BSA Officer designation, a written compliance program, customer due diligence procedures, suspicious activity reporting, and ongoing monitoring. FinCEN’s $3.5 million penalty against Paxful in 2025 for willful BSA violations — and the DOJ’s $500 million fine against OKX for similar failures — are data points on what inadequate AML infrastructure costs.
Foreign issuer equivalency determinations. Treasury must determine which foreign regulatory regimes are sufficiently comparable to the GENIUS Act framework to allow foreign-issued stablecoins to operate in the US market. Tether’s USDT, issued in the British Virgin Islands, is the most commercially significant case. As of the time of writing, Treasury has not made a USDT equivalency determination. Whether USDT can legally serve as payment infrastructure for US businesses under the GENIUS Act framework — its current widespread use — depends on a regulatory determination that has not yet been issued.
Who Is Actually Affected
The GENIUS Act compliance question is often framed as a stablecoin issuer problem. It is also a stablecoin user problem — and the user population is vastly larger than the issuer population.
Any Web3 business that uses stablecoins as a settlement layer, as treasury management, as payment rails, or as collateral in DeFi protocols is operationally dependent on the regulatory status of the stablecoins it uses. If Tether’s USDT does not receive a Treasury equivalency determination, and your protocol relies on USDT as primary collateral, you have a counterparty regulatory risk that has nothing to do with your own compliance posture. If a stablecoin you use ceases US operations because its issuer cannot meet licensing requirements, the operational disruption lands on you regardless of your own regulatory preparedness.
The forward-looking diligence question for Web3 operators is therefore not only “are we compliant?” but “are the stablecoin issuers we depend on going to be compliant, and what is our contingency if they are not?” This is the kind of forward-modelled regulatory exposure that distinguishes operators doing serious risk management from those reading press releases about their infrastructure providers.
The specific stablecoins to evaluate against the July 18 framework are USDT (foreign issuer, equivalency determination pending), USDC (Circle, domestically issued, well-positioned for compliance), PYUSD (PayPal, bank-partnered, likely to meet licensing requirements), and DAI/USDS (algorithmically overcollateralised, outside the “payment stablecoin” definition, regulatory status under GENIUS Act framework less clear).
Where Compliance Programs Are Most Likely to Have Gaps
Having reviewed publicly available information about stablecoin operator compliance programs and the enforcement history that preceded the GENIUS Act, the most likely gap areas are in AML operational infrastructure rather than reserve or disclosure requirements.
Reserve disclosure is visible and verifiable — Circle publishes monthly attestations, BlackRock’s BUIDL holdings are transparent through SEC filings, and the major issuers have established audit relationships. Failing this requirement is difficult to conceal and relatively straightforward to fix for any operator of scale.
AML infrastructure is different. A written BSA compliance program and a compliance officer designation are easy to establish on paper. Whether the on-chain transaction monitoring is actually functioning — whether suspicious activity is being identified and reported rather than just nominally tracked — is where enforcement actions have consistently found the gaps. The DOJ’s case against OKX cited “billions in suspicious transactions” flowing through systems that had nominal AML controls in place. Nominal compliance and functional compliance are not the same thing, and regulators in 2026 are explicitly assessing whether monitoring controls work in practice, not just whether they are documented.
For Web3 operators whose primary compliance risk is as a stablecoin user rather than issuer, the gap is more likely to be in counterparty documentation — knowing which regulatory category your stablecoin infrastructure falls into, having a contingency plan if that category changes, and being able to demonstrate to partners and regulators that you have done the evaluation. The enforcement standing problem that hobbled GDPR compliance — having a policy document but no operational programme — is precisely the failure mode to avoid here.
The Timeline Reality
Sixty-one days is not long for compliance programme development. If the July 18 regulations require BSA Officer designation, written AML programme, and customer due diligence procedures, a stablecoin issuer or high-volume stablecoin-dependent operator that does not already have these elements in place has a tight timeline to implement them before enforcement risk begins.
The realistic expectation is that the regulations will include some implementation runway beyond the July 18 effective date — a phased compliance schedule that distinguishes between requirements that must be met immediately and requirements that must be met within 12 or 18 months. This is standard regulatory practice for complex operational requirements. But the expectation of a runway should not be used as a reason to delay engagement with the requirements.
Regulatory risk in the current environment is not primarily prosecution risk for operators who are making genuine good-faith compliance efforts with documented progress. It is the risk of being operationally disrupted by a regulatory development — an equivalency determination that does not go your way, an issuer that fails licensing requirements, a specific product that gets reclassified — that you did not model because you were waiting to see what the regulations actually said.
Reading the July 18 regulations when they are published, understanding which elements of your operation they affect directly and which they affect through your counterparties, and having a documented response plan is the minimum standard of operational seriousness the GENIUS Act era requires. That is a different frame from asking whether you are “compliant” — the question is whether you understand your exposure. The operating cost of staying ahead of regulatory change is a fixed cost of operating in this category professionally.
FAQ
What is the GENIUS Act? The Guiding and Establishing National Innovation for US Stablecoins Act — federal legislation establishing the first regulatory framework for payment stablecoins in the United States. Passed 68-30 in the Senate and 308-122 in the House in 2025. Stablecoins covered by the Act are explicitly not securities under federal law.
What happens on July 18, 2026? Federal and state regulators are required to issue additional regulations specifying issuer licensing requirements, capital standards, custody requirements, AML/BSA compliance obligations, and related operational rules. These regulations become the operational compliance framework for the GENIUS Act’s statutory requirements.
Does the GENIUS Act apply to stablecoin users or only issuers? Directly, it applies to issuers. Practically, it affects users through their dependence on issuer compliance — if an issuer cannot meet licensing requirements, stablecoins issued by that entity may not be legally operable in the US market. Tether’s USDT status under the GENIUS Act is the most commercially significant unresolved question for users.
Is USDT compliant with the GENIUS Act? Not yet determined. Tether is a foreign issuer and requires a Treasury equivalency determination to continue legally serving US businesses under the GENIUS Act framework. As of May 2026, that determination has not been issued. This is a material counterparty regulatory risk for operators depending on USDT as primary infrastructure.
What compliance steps should stablecoin-dependent Web3 businesses take now? Identify every stablecoin product your operation uses or depends on, assess each against the GENIUS Act licensing and equivalency framework, document your exposure if any fail to qualify, and develop contingency plans for stablecoin substitution. Additionally, if you process stablecoin flows above BSA thresholds, assess whether you have independent BSA compliance obligations as a money services business.
