Restricting TikTok (Part II): Legislative Proposals and Considerations for Congress

This Legal Sidebar is the second installment in a two-part series on U.S. efforts to regulate the video-sharing application (app) TikTok. The first installment provided legal background on executive branch-led efforts to restrict TikTok's U.S. presence and operations. This Sidebar analyzes proposals to create new authorities to restrict TikTok and examines constitutional and other legal issues for Congress to consider.

Legislative Proposals

Against the backdrop of executive branch efforts discussed in Part I of this series, the 118th Congress is considering legislative proposals that would address TikTok's alleged national security risks. On March 13, 2024, the House passed the Protecting Americans from Foreign Adversary Controlled Applications Act (H.R. 7521), which would prohibit app stores and internet hosting services from supporting TikTok unless it undergoes a qualified divestment that removes it from "foreign adversary" control. A number of other bills have also been introduced that would authorize or require the executive branch to restrict transactions involving TikTok. These bills are discussed further below, and several distinctions among them are outlined in Table 1.

H.R. 7521

H.R. 7521 would prohibit app stores and internet hosting services from enabling the distribution, maintenance, or updating of "foreign adversary controlled applications." The bill would also require foreign adversary controlled applications to provide, upon request, U.S. users with all the data related to their accounts (including their posts, photos, and videos) in a "machine readable format." A company that violates either restriction could be fined in an amount based in part on the number of users affected by the violation.

The bill defines foreign adversary controlled application to include TikTok and any other subsidiary of ByteDance, Ltd. (TikTok's parent company). The definition also includes any other website, app, or augmented or immersive technology that (1) meets certain definitional requirements (e.g., allows uses to share content with each other and has more than 1 million monthly active users); (2) is owned by a company located in or a company for which persons owning at least a 20 percent stake are located in a foreign adversary controlled country listed in 10 U.S.C. § 4872(d)(2); and (3) has been determined by the President to present a significant national security threat.

H.R. 7521's restrictions would not apply to TikTok or any other foreign adversary controlled application if they complete a "qualified divestiture," which is any transaction that, per a presidential determination, ends the application's control by, and coordination with, a foreign adversary. The bill would give TikTok and any other foreign adversary controlled application 180 days to complete a qualified divestiture before the bill's restrictions apply. (For applications operated by TikTok or other subsidiaries of ByteDance, the qualified divestment period would follow the bill's date of enactment. If the President determines that another application qualifies as a foreign adversary controlled application, the 180-day period would be tied to the date of the applicable presidential determination.) Even after this 180-day period ends, the bill's restrictions would cease to apply once a qualified divesture has been completed. H.R. 7521 would be enforced by the Attorney General, who would be authorized to bring actions for civil penalties in a federal district court. H.R. 7521 would require that any legal challenges to the law, or the President's determinations under the law, be brought in the U.S. Court of Appeals for the D.C. Circuit.

Other Bills That Would Authorize or Require TikTok Restrictions

In addition to H.R. 7521, a number of other bills have been introduced in the 118th Congress that seek to address national security concerns related to TikTok. While each bill has unique provisions, general trends across multiple bills include the following features.

Removing IEEPA Exceptions: One common element in many TikTok-related bills is to eliminate exceptions to the President's statutory powers under the International Emergency Economic Powers Act (IEEPA). These proposed provisions seek to address the legal grounds discussed in Part I on which two courts enjoined the Trump Administration's August 2020 executive order (2020 Order) that would have imposed a nationwide ban of TikTok. Examples of legislation in this category include the No TikTok on United States Devices Act (H.R. 503/S. 85) and the Averting the National Threat of Internet Surveillance, Oppressive Censorship and Influence, and the Algorithmic Learning by the Chinese Communist Party Act (ANTI-SOCIAL CCP Act, H.R. 1081/S. 347).

Removing IEEPA Exceptions and Adding New Authorities: Some bills that would eliminate IEEPA exceptions would also provide the executive branch new authorities and obligations beyond IEEPA. The Protecting Personal Data from Foreign Adversaries Act (H.R. 57), for example, would authorize the President to invoke IEEPA and impose visa restrictions in response to certain foreign entities' misuse of social media apps. The Stopping Attempts by Foreign Entities to Target Youths on Social Media Act of 2023 (SAFETY on Social Media Act of 2023, S. 872) would authorize IEEPA actions, mandate visa restrictions on foreign persons employed by designated companies, and require U.S. nationals employed by designated companies to register as foreign agents under the Foreign Agents Registration Act. The Deterring America's Technological Adversaries Act (DATA Act, H.R. 1153) would allow the President to use IEEPA authorities while also giving the Secretary of the Treasury new powers to prohibit transactions with parties that knowingly provide sensitive personal data of persons subject to U.S. jurisdiction to companies subject to the People's Republic of China's (PRC's) ownership, control, jurisdiction, or influence.

Non-IEEPA-Based Review Systems: Some legislation would create new systems, not linked to IEEPA, to review transactions for national security risks. For example, the SAFETY on Social Media Act of 2023 would require the Federal Communications Commission (FCC) to issue rules that prohibit certain platforms designated by the President from being carried in app stores and rules that require internet service providers to block designated entities from receiving internet services. The Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act (RESTRICT Act, S. 686) would authorize two new non-IEEPA-based national security review programs. The RESTRICT Act invokes elements of two existing review systems discussed in Part I of this Sidebar: the Information and Communications Technology and Services (ICTS) supply chain rule (Supply Chain Rule) and the Committee on Foreign Investment in the United States (CFIUS). Unlike the Supply Chain Rule, the bill's proposed process to review ICTS transactions would not depend on IEEPA for its underlying authority, and therefore would not be subject to IEEPA's exceptions. The RESTRICT Act would also create a new CFIUS-like process for the executive branch to review foreign adversaries' holdings (i.e., investments) in ICTS companies. Biden Administration officials have expressed support for the bill.

Other Frameworks: In addition to bills authorizing actions that could restrict the availability of TikTok, legislation expanding data privacy frameworks could impose limitations on what TikTok could do with personal data. Other legislative proposals in the 118th Congress would create new restrictions on cross-border transfer of personal data by subjecting some categories of personal data to export controls. Another set of bills would require companies to provide notices to U.S. users if the companies' apps are banned from U.S. government devices, have certain connections to the PRC or Chinese Communist Party (CCP), or allow the PRC or CCP to access Americans' user data.

Considerations for Congress

Any time Congress considers legislation that could allow the United States to regulate private commercial transactions on national security grounds, a variety of constitutional and legal considerations, examined in a separate CRS Legal Sidebar, may be relevant. Given TikTok's popularity and role as a platform that facilitates personal expression and exchange of information, several issues are especially salient.

First Amendment

Regulating mediums of expression can trigger the First Amendment's protections for speech and association. In the litigation challenging the Trump Administration's restrictions on TikTok and in the separate case challenging similar restrictions on the WeChat app, which are discussed in Part I, the plaintiffs alleged the executive branch violated the First Amendment by shutting down these platforms for speech. State laws limiting TikTok use or operations have also been subject to First Amendment challenges, and in November 2023, a federal trial court entered a preliminary injunction preventing a Montana ban on the app from taking effect, citing the First Amendment among other grounds. (That Montana ruling has been appealed to the U.S. Court of Appeals for the Ninth Circuit.)

Laws that affect nonexpressive conduct rather than speech may avoid constitutional scrutiny, but First Amendment protections will be triggered if a law targets expressive conduct or "has the inevitable effect of singling out those engaged in expressive activity." If a regulation specifically targets a medium of communication as opposed to generally regulating a variety of businesses, it might trigger heightened constitutional scrutiny. Accordingly, the Montana court concluded that the state's law targeted expressive activity by banning a means of expression. Even if a regulation is aimed at a platform's nonexpressive conduct, First Amendment concerns can arise if that law is applied to speech. For instance, the Berman Amendment added the informational materials exception to IEEPA in response to executive branch seizures of magazines and books that Congress said were protected by the First Amendment.

While foreign corporations outside U.S. territory do not benefit from First Amendment rights, separately incorporated organizations within the United States may enjoy First Amendment protections. Further, the Supreme Court has long recognized that U.S. citizens have a right to receive information and ideas from abroad. TikTok and WeChat users in the United States also challenged the Trump Administration restrictions by raising their own rights to receive and share content.

Assuming that a particular regulation broadly affects all speech on the regulated platform and does not target particular viewpoints or types of content, a court would likely review any First Amendment claims under an analysis known as intermediate scrutiny. This constitutional standard applies to regulations that are content-neutral, or only incidentally restrict speech in the course of permissibly regulating conduct. The standard generally requires the government to show the regulation "furthers an important or substantial governmental interest" that is "unrelated to the suppression of free expression," and that "the incidental restriction on alleged First Amendment freedoms is no greater than is essential to the furtherance of that interest." Courts might also ask whether a regulation "leave[s] open ample alternative channels for communication" of the affected speech. (It is also possible certain types of regulations might be challenged as prior restraints on speech, triggering additional constitutional considerations. In addition, a higher constitutional standard might apply if there is evidence the government targeted a platform because of its viewpoint or the type of speech it hosts, or if the law is otherwise content-based.)

The courts reviewing the WeChat ban and the Montana state law both held that the restrictions likely failed intermediate scrutiny. The WeChat ruling acknowledged the government's significant interests in national security—an area where courts have sometimes been more deferential to the political branches. Nonetheless, that court concluded the restrictions were not appropriately tailored to this interest, noting "obvious alternatives to a complete ban, such as barring WeChat from government devices . . . or taking other steps to address data security." The Montana court similarly ruled that the state's law burdened substantially more speech than necessary, saying the state's "single investigation into TikTok" did not warrant a complete ban. Courts applying intermediate scrutiny must look closely at the government's evidence to ensure "that the recited harms are real, not merely conjectural, and that the regulation will in fact alleviate these harms in a direct and material way." This inquiry is heavily dependent on context, and Congress might consider whether to include evidence demonstrating these elements in the legislative record.

Due Process

Congress may also consider whether TikTok-related bills afford sufficient safeguards to comply with procedural due process standards. When a person is deprived of a protected property right, the Fifth Amendment's Due Process Clause requires the United States to provide notice of the government action and a meaningful opportunity to contest it. Due process protections apply to foreign individuals and entities that enter U.S. territory and establish substantial connections with the United States. In one relevant example, a federal court of appeals held that, before the President could order a PRC-based company to divest an acquisition under the CFIUS process, the government needed to provide the affected company with the unclassified information on which it based its decision and the chance to respond. Due process standards may be different when Congress directly affects property rights through a legislative determination rather than through a judicial or administrative process. For legislative determinations, the legislative process may provide "all the process that is due" unless the law is palpably arbitrary.

Takings Clause

Litigants have sometimes argued that U.S. restrictions on cross-border transactions and investments violate the Fifth Amendment's Takings Clause, which prohibits the United States from taking private property for public use without just compensation. The Takings Clause applies to the actual acquisition of property and to regulatory actions that so severely restrict a property owner's rights that they rise to the level of a regulatory taking. In the context of foreign actors asserting constitutional rights, the Takings Clause protects foreign individuals and entities with substantial connections to the United States, including those whose property in the United States is taken by the federal government. Although Takings Clause challenges to IEEPA-based actions have been largely unsuccessful, some plaintiffs continue to raise them. In TikTok's challenge to the 2020 Order, for example, the company argued that President Trump's discussion of securing a payment to the Department of the Treasury if TikTok were to be sold to an American company amounted to an attempt to secure an unconstitutional taking. This issue did not ultimately feature in the court's opinion, as the court based its decision on IEEPA interpretation issues.

Bill of Attainder

The Bill of Attainder Clause has also been a topic of discussion in TikTok-related legislation. This clause prohibits Congress from using legislation to determine guilt and inflict punishment without a judicial trial. As explored in a CRS In Focus, there are several unresolved questions about whether the clause applies to modern economic restrictions on foreign corporations. In two recent judicial challenges, courts held that legislation restricting transactions with PRC-based Huawei and Russia-based Kaspersky Lab did not violate the Bill of Attainder Clause because the laws sought to protect U.S. security, not punish a private actor. Proposals that would provide for a judicial trial or agency action before imposing applicable sanctions, such as H.R. 7521, would not violate the Bill of Attainder Clause.

Other Legal Considerations

Apart from constitutional considerations, Congress may consider procedural and statutory issues that could affect how proposed TikTok restrictions operate. A selection of these issues, which are also examined in Table 1, are discussed below.

Judicial Review: Congress could consider legislative mechanisms to limit or streamline judicial review of challenges to any new transaction-restriction authorities it enacts. Some existing statutes limit judicial review of similar restrictions by exempting the decision to impose restrictions from the Administrative Procedure Act (APA) or from judicial review in general. Some laws require legal challenges to be brought before a specific court—usually, the U.S. Court of Appeals for the D.C. Circuit (D.C. Circuit) because of its familiarity with special procedures in cases involving classified information. Among TikTok-related bills, the RESTRICT Act would limit judicial review to actions that are "unconstitutional or in patent violation of a clear and mandatory statutory command" and give the D.C. Circuit exclusive jurisdiction over those cases. H.R. 7521 would grant the D.C. Circuit "exclusive jurisdiction over any challenge to this Act or any action, finding, or determination under this Act" and impose a short statute of limitations for bringing such challenges.

Classified and Other Sensitive Information: In anticipating judicial challenges, Congress may consider prescribing how courts handle classified and other legally protected information during litigation. The CFIUS statute is one example of streamlined procedures. It provides that, if a court determines that classified or other protected information that is in the administrative record is necessary to resolve a legal challenge, that information must be submitted ex parte and in camera (i.e., only the court may view it) and maintained under seal so that it cannot be made public. The CFIUS statute also exempts the United States from statutory requirements to provide notice to U.S. persons when using information obtained under the Foreign Intelligence Surveillance Act of 1978 (FISA).

Confidentiality and Freedom of Information Act: When Congress creates new processes to review private commercial transactions, it may seek to balance public interest in the process with the private entities' desire for confidentiality. Some existing national security review systems prohibit the government from disclosing parties' private information gathered during the review process unless an exception applies. CFIUS's legal authorities provide even stricter confidentiality by stating that materials submitted during its review process are exempt from the Freedom of Information Act (FOIA) absent an exception. Among the bills in Table 1, the DATA Act places certain special confidentiality requirements on Congress, and the RESTRICT Act generally incorporates CFIUS's confidentiality rubric and FOIA exemption.

Naming TikTok: Another topic of discussion is whether legislation should identify TikTok by name. Whether TikTok is identified in a bill's text could be relevant in a Bill of Attainder challenge as part of a broader argument that the government targeted the company for punishment. The scope of coverage could also be relevant for First Amendment purposes to determine whether the law singles out expressive activity or disfavored speakers. In addition, the issue might feature in the due process context if Congress were to make a legislative determination that TikTok presents a national security threat. Some proposals in the 118th Congress expressly include TikTok among a defined set of entities with whom transactions would be restricted. Other bills name TikTok, but do not mandate that the bill's restrictions apply to it. Instead, these proposals would require a presidential determination on whether the bill's provisions apply to the company. A third set would create transaction-review frameworks that the executive branch could interpret to include TikTok, but that do not name the company in the legislative text. H.R. 7521 specifically names TikTok and also authorizes the President to determine that additional applications should be subject to the bill's restrictions.

Congressional Oversight: Congress may consider options to ensure that it is informed about executive branch actions in implementing any legislation that passes and can exercise effective oversight. For example, the No TikTok on American Devices Act would require the executive branch to provide a classified briefing on its implementation of the bill. Another example is the DATA Act, which would require the President to share information about the bill's implementation with designated congressional committees. The DATA Act also proposes to facilitate greater congressional involvement by requiring the President to respond to the designated committees' requests for determinations on whether specific individuals or entities are subject to the bill's sanctions and restrictions.