S3023-119

Passed Senate

Safe Cloud Storage Act

119th Congress Introduced Oct 21, 2025

Summary

What This Bill Does

The Safe Cloud Storage Act amends the PROTECT Our Children Act to let federal, state, and local law enforcement or prosecutorial agencies contract with approved cloud service providers to store and process digital child pornography, child obscenity, and intimate visual depictions of minors. It gives approved vendors limited civil and criminal liability when they perform covered storage and forensic-support duties, but keeps liability for intentional misconduct, negligent conduct, actual malice, reckless disregard, or acts outside the contract purpose.

Who Benefits and How

Law enforcement and prosecutorial agencies benefit because they can use qualified cloud storage, maintenance, technical assistance, analytical tools, and forensic processing support for sensitive evidence. Approved cloud service providers and digital forensic vendors benefit from a clearer contracting market and liability protection when they meet the bill's requirements. Child exploitation victims benefit indirectly if agencies can preserve and process evidence more reliably without forcing every agency to build its own storage infrastructure.

Who Bears the Burden and How

Approved vendors must meet NIST Cybersecurity Framework standards, limit employee access, use end-to-end encryption or an equivalent standard, undergo annual independent cybersecurity audits, fix audit findings, maintain employee access lists, and permanently delete material when the contracting agency directs deletion. Covered agencies must audit or arrange annual audits of stored evidence, give annual deletion instructions, and report annually to Congress through the Attorney General on how the storage framework is being used. Vendors lose liability protection if they misuse the material or act outside the authorized law-enforcement support role.

Key Provisions

  • Creates an approved-vendor category for cloud service providers retained by covered law enforcement or prosecutorial agencies.
  • Provides approved vendors with limited protection from covered civil claims or criminal charges for contractual evidence-storage and support duties.
  • Limits that protection when a vendor engages in intentional misconduct, negligence, actual malice, reckless disregard, or unauthorized purposes.
  • Requires NIST-aligned cybersecurity, employee access minimization, end-to-end encryption or equivalent safeguards, and annual independent audits.
  • Requires covered agencies to audit stored material, issue annual deletion instructions, and direct vendors to permanently delete material when appropriate.
  • Requires the Attorney General to submit annual reports to Congress on vendor use and stored evidence categories.

Evidence Chain:

This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers with clause-level evidence links.

At a Glance

What This Bill Does

Creates a federal framework for approved cloud service providers to store child exploitation evidence and intimate visual depictions of minors for law enforcement, while giving qualified vendors limited liability and imposing cybersecurity, access, audit, and deletion duties.

Key Policy Areas

Criminal Justice, Technology, Cybersecurity

Primary Purpose

Creates a federal framework for approved cloud service providers to store child exploitation evidence and intimate visual depictions of minors for law enforcement, while giving qualified vendors limited liability and imposing cybersecurity, access, audit, and deletion duties.

Policy Domains

Criminal Justice Technology Cybersecurity

Section 2 - Approved cloud storage for child exploitation evidence

Identified Gains
  • Federal law enforcement agencies investigating child exploitation
  • State law enforcement agencies investigating child exploitation
  • Local prosecutorial agencies
  • Approved cloud service providers
  • Child exploitation victims
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: es
Child exploitation victims: ,
Local prosecutorial agencies: , , ,
Approved cloud service providers: , , ,
State law enforcement agencies investigating child exploitation: , , ,
Federal law enforcement agencies investigating child exploitation: , , ,
Identified Costs
  • Approved cloud service providers
  • Department of Justice
  • Covered law enforcement agencies
  • National Institute of Standards and Technology audit standard users
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: es
Department of Justice: ,
Approved cloud service providers: ,
Covered law enforcement agencies: ,
National Institute of Standards and Technology audit standard users: ,

Legislative Progress

Passed Senate
Introduced Committee Passed
May 21, 2026

Held at the desk.

May 21, 2026

Message on Senate action sent to the House.

May 21, 2026

Received in the House.

May 20, 2026

Passed Senate with an amendment by Unanimous Consent. (text of …

May 20, 2026

Passed Senate with an amendment by Unanimous Consent.

May 20, 2026

Passed/agreed to in Senate: Passed Senate with an amendment by …

May 20, 2026

The committee substitute withdrawn by Unanimous Consent.

May 20, 2026

Measure laid before Senate by unanimous consent. (consideration: CR S2426-2428)

Feb 24, 2026

Reported by Mr. Grassley, with an amendment

Feb 24, 2026

Committee on the Judiciary. Reported by Senator Grassley with an …

Stakeholder Effects

cui bono?

How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.

Cloud Computing
20 mentions across 10 clauses
+10 positive -10 negative

Approved cloud service providers storing child exploitation evidence

Approved cloud service providers storing child exploitation evidence faces effects in multiple directions

Government
5 mentions across 5 clauses
-5 negative

Department of Justice

Law Enforcement
5 mentions across 5 clauses
+5 positive

Federal, state, and local law enforcement agencies investigating child exploitation

Individual And Family Services
5 mentions across 5 clauses
+5 positive

Child exploitation victims

5/6
sections analyzed
Full impact breakdown

Bill Structure & Actor Mappings

Who is "The Secretary" in each section?

Domains
Criminal Justice Technology Cybersecurity
Actor Mappings
"covered_agency"
→ Federal, State, or local law enforcement or prosecutorial agency
"attorney_general"
→ Attorney General

Key Definitions

Terms defined in this bill

3 terms
"covered agency" §202-covered-agency

A federal, state, or local law enforcement or prosecutorial agency.

"approved vendor" §202-approved-vendor

A cloud service provider that meets the bill's security requirements and is contractually retained by a covered agency for evidence storage, access, maintenance, technical assistance, and forensic processing support.

"intimate visual depiction of a minor" §202-intimate-visual-depiction

An intimate visual depiction, including a digital forgery, of an identifiable minor as referenced in the Communications Act.

We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.

Learn more about our methodology