Sponsors (8)
Want to know what is actually in this bill?
This is not an official government website.
Copyright © 2026 PLEJ LC. All rights reserved.
Creates a new authority allowing federal law enforcement to hire private, "approved vendors" to store and analyze child sexual abuse material (CSAM) in cloud services, and gives those vendors limited legal immunity for actions taken under the contract. It requires vendors to meet strict cybersecurity and evidence-retention rules (including FBI CJIS and NIST standards), keep the material stored in the United States, preserve and notify authorities when contracts end or are breached, and preserves the right to sue for intentional misconduct or negligence outside contracted duties.
Adds a new Section 202 titled "Modernizing law enforcement's ability to store child pornography and child obscenity and limited liability for approved vendors." This section is inserted after section 201 of Title II of the PROTECT Our Children Act of 2008.
Defines "approved vendor" as an organization, corporation, or entity that (A) offers digital storage services (including cloud storage) and analytical/forensic tool processing support, and (B) is contractually retained and designated by a U.S.-based law enforcement or prosecutorial agency to (i) store digital child pornography or child obscenity, (ii) make such material available to the contracting or designated agencies upon request, and (iii) provide maintenance, technical and analytical assistance, and forensic tool processing support upon request.
Defines "child pornography" by reference to the meaning given in 18 U.S.C. 2256.
Provides that, except as provided in the listed exceptions, no civil claim or criminal charge may be brought in any Federal or State court against an approved vendor for the vendor's performance of any contractual obligation or service described in the approved-vendor definition.
Creates exceptions to the limited liability: a civil claim or criminal charge may be brought against an approved vendor if the vendor (A) engaged in intentional misconduct or negligent conduct; or (B) acted or failed to act with actual malice, with reckless disregard to a substantial risk of causing injury without legal justification, or for a purpose unrelated to performing the contracted responsibilities.
Who is affected and how:
Federal law enforcement agencies: Gain a statutory pathway to outsource cloud storage and technical analysis of CSAM to vetted private vendors, which can speed investigations and expand analytic capacity but requires procurement, oversight, and management of vendor compliance.
Private technology and cloud vendors (approved vendor candidates): Face new market opportunities to contract with law enforcement but must meet stringent cybersecurity, data‑retention, and U.S. data‑location requirements (including CJIS and NIST). They also receive limited liability protection for duties performed under contract but remain exposed to legal claims for intentional or negligent wrongdoing outside contract scope.
Platform operators and cloud-service providers: May be indirectly affected because evidence custody and technical workflows could shift to contracted vendors; providers hosting content for third parties will need to coordinate with law enforcement and approved vendors and may face increased expectations for data access and chain-of-custody support.
Children and victims of CSAM: Likely to benefit from potentially faster, specialized analysis and preservation of evidence that supports identification and prosecution of offenders, but outcomes depend on secure handling and strong oversight to prevent additional harm or data breaches.
Civil liberties, privacy, and advocacy groups: May be concerned about delegation of sensitive material to private firms, expanded handling of CSAM outside traditional government evidence systems, and the scope of immunity; they may push for strict oversight, transparency, and narrow immunity exceptions.
Courts and litigants: Will see a narrower set of claims against vendors for conduct within contract scope, but claims alleging intentional misconduct or negligence outside the contract remain available. The law could influence litigation strategy and evidentiary practices.
Risks and practical considerations:
Overall, the provision centralizes a contract-based approach to handling CSAM with private vendors under defined security and liability rules, expanding law enforcement tools while raising oversight and civil‑liberties issues that agencies and courts will need to manage.
Read twice and referred to the Committee on the Judiciary.
Introduced October 21, 2025 by Marsha Blackburn · Last progress October 21, 2025
Placed on Senate Legislative Calendar under General Orders. Calendar No. 345.
Committee on the Judiciary. Reported by Senator Grassley with an amendment in the nature of a substitute. Without written report.
Committee on the Judiciary. Ordered to be reported with an amendment in the nature of a substitute favorably.
Read twice and referred to the Committee on the Judiciary.