Safe Cloud Storage Act
Summary
What This Bill Does
The Safe Cloud Storage Act amends the PROTECT Our Children Act to let federal, state, and local law enforcement or prosecutorial agencies contract with approved cloud service providers to store and process digital child pornography, child obscenity, and intimate visual depictions of minors. It gives approved vendors limited civil and criminal liability when they perform covered storage and forensic-support duties, but keeps liability for intentional misconduct, negligent conduct, actual malice, reckless disregard, or acts outside the contract purpose.
Who Benefits and How
Law enforcement and prosecutorial agencies benefit because they can use qualified cloud storage, maintenance, technical assistance, analytical tools, and forensic processing support for sensitive evidence. Approved cloud service providers and digital forensic vendors benefit from a clearer contracting market and liability protection when they meet the bill's requirements. Child exploitation victims benefit indirectly if agencies can preserve and process evidence more reliably without forcing every agency to build its own storage infrastructure.
Who Bears the Burden and How
Approved vendors must meet NIST Cybersecurity Framework standards, limit employee access, use end-to-end encryption or an equivalent standard, undergo annual independent cybersecurity audits, fix audit findings, maintain employee access lists, and permanently delete material when the contracting agency directs deletion. Covered agencies must audit or arrange annual audits of stored evidence, give annual deletion instructions, and report annually to Congress through the Attorney General on how the storage framework is being used. Vendors lose liability protection if they misuse the material or act outside the authorized law-enforcement support role.
Key Provisions
- Creates an approved-vendor category for cloud service providers retained by covered law enforcement or prosecutorial agencies.
- Provides approved vendors with limited protection from covered civil claims or criminal charges for contractual evidence-storage and support duties.
- Limits that protection when a vendor engages in intentional misconduct, negligence, actual malice, reckless disregard, or unauthorized purposes.
- Requires NIST-aligned cybersecurity, employee access minimization, end-to-end encryption or equivalent safeguards, and annual independent audits.
- Requires covered agencies to audit stored material, issue annual deletion instructions, and direct vendors to permanently delete material when appropriate.
- Requires the Attorney General to submit annual reports to Congress on vendor use and stored evidence categories.
Evidence Chain:
This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers with clause-level evidence links.
At a Glance
What This Bill Does
Creates a federal framework for approved cloud service providers to store child exploitation evidence and intimate visual depictions of minors for law enforcement, while giving qualified vendors limited liability and imposing cybersecurity, access, audit, and deletion duties.
Key Policy Areas
Criminal Justice, Technology, Cybersecurity
Primary Purpose
Creates a federal framework for approved cloud service providers to store child exploitation evidence and intimate visual depictions of minors for law enforcement, while giving qualified vendors limited liability and imposing cybersecurity, access, audit, and deletion duties.
Policy Domains
Section 2 - Approved cloud storage for child exploitation evidence
Identified Gains
- Federal law enforcement agencies investigating child exploitation
- State law enforcement agencies investigating child exploitation
- Local prosecutorial agencies
- Approved cloud service providers
- Child exploitation victims
Identified Costs
- Approved cloud service providers
- Department of Justice
- Covered law enforcement agencies
- National Institute of Standards and Technology audit standard users
Sponsors
Legislative Progress
Passed SenateHeld at the desk.
Message on Senate action sent to the House.
Received in the House.
Passed Senate with an amendment by Unanimous Consent. (text of …
Passed Senate with an amendment by Unanimous Consent.
Passed/agreed to in Senate: Passed Senate with an amendment by …
The committee substitute withdrawn by Unanimous Consent.
Measure laid before Senate by unanimous consent. (consideration: CR S2426-2428)
Reported by Mr. Grassley, with an amendment
Committee on the Judiciary. Reported by Senator Grassley with an …
Stakeholder Effects
cui bono?How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.
Approved cloud service providers storing child exploitation evidence
Approved cloud service providers storing child exploitation evidence faces effects in multiple directions
Federal, state, and local law enforcement agencies investigating child exploitation
Bill Structure & Actor Mappings
Who is "The Secretary" in each section?
- "covered_agency"
- → Federal, State, or local law enforcement or prosecutorial agency
- "attorney_general"
- → Attorney General
Key Definitions
Terms defined in this bill
A federal, state, or local law enforcement or prosecutorial agency.
A cloud service provider that meets the bill's security requirements and is contractually retained by a covered agency for evidence storage, access, maintenance, technical assistance, and forensic processing support.
An intimate visual depiction, including a digital forgery, of an identifiable minor as referenced in the Communications Act.
We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.
Learn more about our methodology