link to page 7 
Legal Sidebari
Restricting TikTok (Part II): Legislative
Proposals and Considerations for Congress
Updated March 15, 2024
This Legal Sidebar is the second installment in a two-part series on U.S. efforts to regulate the video-
sharing application (app) TikTok. The first installment provided legal background on executive branch-
led efforts to restrict TikTok’s U.S. presence and operations. This Sidebar analyzes proposals to create
new authorities to restrict TikTok and examines constitutional and other legal issues for Congress to
consider.
Legislative Proposals
Against the backdrop of executive branch efforts discussed in Part I of this series, the 118th Congress is
considering legislative proposals that would address TikTok’s alleged national security risks. On March
13, 2024, the House passed the Protecting Americans from Foreign Adversary Controlled Applications
Act (H.R. 7521), which would prohibit app stores and internet hosting services from supporting TikTok
unless it undergoes a qualified divestment that removes it from “foreign adversary” control. A number of
other bills have also been introduced that would authorize or require the executive branch to restrict
transactions involving TikTok. These bills are discussed further below, and several distinctions among
them are outlined in Table 1.
H.R. 7521
H.R. 7521 would prohibit app stores and internet hosting services from enabling the distribution,
maintenance, or updating of “foreign adversary controlled applications.” The bill would also require
foreign adversary controlled applications to provide, upon request, U.S. users with all the data related to
their accounts (including their posts, photos, and videos) in a “machine readable format.” A company that
violates either restriction could be fined in an amount based in part on the number of users affected by the
violation.
The bill defines foreign adversary controlled application to include TikTok and any other subsidiary of
ByteDance, Ltd. (TikTok’s parent company). The definition also includes any other website, app, or
augmented or immersive technology that (1) meets certain definitional requirements (e.g., allows uses to
share content with each other and has more than 1 million monthly active users); (2) is owned by a
Congressional Research Service
https://crsreports.congress.gov
LSB10942
CRS Legal Sidebar
Prepared for Members and
Committees of Congress
Congressional Research Service
2
company located in or a company for which persons owning at least a 20 percent stake are located in a
foreign adversary controlled country listed in 10 U.S.C. § 4872(d)(2); and (3) has been determined by the
President to present a significant national security threat.
H.R. 7521’s restrictions would not apply to TikTok or any other foreign adversary controlled application
if they complete a “qualified divestiture,” which is any transaction that, per a presidential determination,
ends the application’s control by, and coordination with, a foreign adversary. The bill would give TikTok
and any other foreign adversary controlled application 180 days to complete a qualified divestiture before
the bill’s restrictions apply. (For applications operated by TikTok or other subsidiaries of ByteDance, the
qualified divestment period would follow the bill’s date of enactment. If the President determines that
another application qualifies as a foreign adversary controlled application, the 180-day period would be
tied to the date of the applicable presidential determination.) Even after this 180-day period ends, the
bill’s restrictions would cease to apply once a qualified divesture has been completed. H.R. 7521 would
be enforced by the Attorney General, who would be authorized to bring actions for civil penalties in a
federal district court. H.R. 7521 would require that any legal challenges to the law, or the President’s
determinations under the law, be brought in the U.S. Court of Appeals for the D.C. Circuit.
Other Bills That Would Authorize or Require TikTok Restrictions
In addition to H.R. 7521, a number of other bills have been introduced in the 118th Congress that seek to
address national security concerns related to TikTok. While each bill has unique provisions, general trends
across multiple bills include the following features.
Removing IEEPA Exceptions: One common element in many TikTok-related bills is to eliminate
exceptions to the President’s statutory powers under the International Emergency Economic Powers Act
(IEEPA). These proposed provisions seek to address the legal grounds discussed in Part I on which two
courts enjoined the Trump Administration’s August 2020 executive order (2020 Order) that would have
imposed a nationwide ban of TikTok. Examples of legislation in this category include the No TikTok on
United States Devices Act (H.R. 503/S. 85) and the Averting the National Threat of Internet Surveillance,
Oppressive Censorship and Influence, and the Algorithmic Learning by the Chinese Communist Party Act
(ANTI-SOCIAL CCP Act, H.R. 1081/S. 347).
Removing IEEPA Exceptions and Adding New Authorities: Some bills that would eliminate IEEPA
exceptions would also provide the executive branch new authorities and obligations beyond IEEPA. The
Protecting Personal Data from Foreign Adversaries Act (H.R. 57), for example, would authorize the
President to invoke IEEPA and impose visa restrictions in response to certain foreign entities’ misuse of
social media apps. The Stopping Attempts by Foreign Entities to Target Youths on Social Media Act of
2023 (SAFETY on Social Media Act of 2023, S. 872) would authorize IEEPA actions, mandate visa
restrictions on foreign persons employed by designated companies, and require U.S. nationals employed
by designated companies to register as foreign agents under the Foreign Agents Registration Act. The
Deterring America’s Technological Adversaries Act (DATA Act, H.R. 1153) would allow the President to
use IEEPA authorities while also giving the Secretary of the Treasury new powers to prohibit transactions
with parties that knowingly provide sensitive personal data of persons subject to U.S. jurisdiction to
companies subject to the People’s Republic of China’s (PRC’s) ownership, control, jurisdiction, or
influence.
Non-IEEPA-Based Review Systems: Some legislation would create new systems, not linked to IEEPA,
to review transactions for national security risks. For example, the SAFETY on Social Media Act of 2023
would require the Federal Communications Commission (FCC) to issue rules that prohibit certain
platforms designated by the President from being carried in app stores and rules that require internet
service providers to block designated entities from receiving internet services. The Restricting the
Emergence of Security Threats that Risk Information and Communications Technology Act (RESTRICT
Congressional Research Service
3
Act, S. 686) would authorize two new non-IEEPA-based national security review programs. The
RESTRICT Act invokes elements of two existing review systems discussed in Part I of this Sidebar: the
Information and Communications Technology and Services (ICTS) supply chain rule (Supply Chain
Rule) and the Committee on Foreign Investment in the United States (CFIUS). Unlike the Supply Chain
Rule, the bill’s proposed process to review ICTS transactions would not depend on IEEPA for its
underlying authority, and therefore would not be subject to IEEPA’s exceptions. The RESTRICT Act
would also create a new CFIUS-like process for the executive branch to review foreign adversaries’
holdings (i.e., investments) in ICTS companies. Biden Administration officials have expressed support for
the bill.
Other Frameworks: In addition to bills authorizing actions that could restrict the availability of TikTok,
legislation expanding data privacy frameworks could impose limitations on what TikTok could do with
personal data. Other legislative proposals in the 118th Congress would create new restrictions on cross-
border transfer of personal data by subjecting some categories of personal data to export controls. Another
set of bills would require companies to provide notices to U.S. users if the companies’ apps are banned
from U.S. government devices, have certain connections to the PRC or Chinese Communist Party (CCP),
or allow the PRC or CCP to access Americans’ user data.
Considerations for Congress
Any time Congress considers legislation that could allow the United States to regulate private commercial
transactions on national security grounds, a variety of constitutional and legal considerations, examined in
a separate CRS Legal Sidebar, may be relevant. Given TikTok’s popularity and role as a platform that
facilitates personal expression and exchange of information, several issues are especially salient.
First Amendment
Regulating mediums of expression can trigger the First Amendment’s protections for speech and
association. In the litigation challenging the Trump Administration’s restrictions on TikTok and in the
separate case challenging similar restrictions on the WeChat app, which are discussed in Part I, the
plaintiffs alleged the executive branch violated the First Amendment by shutting down these platforms for
speech. State laws limiting TikTok use or operations have also been subject to First Amendment
challenges, and in November 2023, a federal trial court entered a preliminary injunction preventing a
Montana ban on the app from taking effect, citing the First Amendment among other grounds. (That
Montana ruling has been appealed to the U.S. Court of Appeals for the Ninth Circuit.)
Laws that affect nonexpressive conduct rather than speech may avoid constitutional scrutiny, but First
Amendment protections will be triggered if a law targets expressive conduct or “has the inevitable effect
of singling out those engaged in expressive activity.” If a regulation specifically targets a medium of
communication as opposed to generally regulating a variety of businesses, it might trigger heightened
constitutional scrutiny. Accordingly, the Montana court concluded that the state’s law targeted expressive
activity by banning a means of expression. Even if a regulation is aimed at a platform’s nonexpressive
conduct, First Amendment concerns can arise if that law is applied to speech. For instance, the Berman
Amendment added the informational materials exception to IEEPA in response to executive branch
seizures of magazines and books that Congress said were protected by the First Amendment.
While foreign corporations outside U.S. territory do not benefit from First Amendment rights, separately
incorporated organizations within the United States may enjoy First Amendment protections. Further, the
Supreme Court has long recognized that U.S. citizens have a right to receive information and ideas from
abroad. TikTok and WeChat users in the United States also challenged the Trump Administration
restrictions by raising their own rights to receive and share content.
Congressional Research Service
4
Assuming that a particular regulation broadly affects all speech on the regulated platform and does not
target particular viewpoints or types of content, a court would likely review any First Amendment claims
under an analysis known as intermediate scrutiny. This constitutional standard applies to regulations that
are content-neutral, or only incidentally restrict speech in the course of permissibly regulating conduct.
The standard generally requires the government to show the regulation “furthers an important or
substantial governmental interest” that is “unrelated to the suppression of free expression,” and that “the
incidental restriction on alleged First Amendment freedoms is no greater than is essential to the
furtherance of that interest.” Courts might also ask whether a regulation “leave[s] open ample alternative
channels for communication” of the affected speech. (It is also possible certain types of regulations might
be challenged as prior restraints on speech, triggering additional constitutional considerations. In addition,
a higher constitutional standard might apply if there is evidence the government targeted a platform
because of its viewpoint or the type of speech it hosts, or if the law is otherwise content-based.)
The courts reviewing the WeChat ban and the Montana state law both held that the restrictions likely
failed intermediate scrutiny. The WeChat ruling acknowledged the government’s significant interests in
national security—an area where courts have sometimes been more deferential to the political branches.
Nonetheless, that court concluded the restrictions were not appropriately tailored to this interest, noting
“obvious alternatives to a complete ban, such as barring WeChat from government devices . . . or taking
other steps to address data security.” The Montana court similarly ruled that the state’s law burdened
substantially more speech than necessary, saying the state’s “single investigation into TikTok” did not
warrant a complete ban. Courts applying intermediate scrutiny must look closely at the government’s
evidence to ensure “that the recited harms are real, not merely conjectural, and that the regulation will in
fact alleviate these harms in a direct and material way.” This inquiry is heavily dependent on context, and
Congress might consider whether to include evidence demonstrating these elements in the legislative
record.
Due Process
Congress may also consider whether TikTok-related bills afford sufficient safeguards to comply with
procedural due process standards. When a person is deprived of a protected property right, the Fifth
Amendment’s Due Process Clause requires the United States to provide notice of the government action
and a meaningful opportunity to contest it. Due process protections apply to foreign individuals and
entities that enter U.S. territory and establish substantial connections with the United States. In one
relevant example, a federal court of appeals held that, before the President could order a PRC-based
company to divest an acquisition under the CFIUS process, the government needed to provide the
affected company with the unclassified information on which it based its decision and the chance to
respond. Due process standards may be different when Congress directly affects property rights through a
legislative determination rather than through a judicial or administrative process. For legislative
determinations, the legislative process may provide “all the process that is due” unless the law is palpably
arbitrary.
Takings Clause
Litigants have sometimes argued that U.S. restrictions on cross-border transactions and investments
violate the Fifth Amendment’s Takings Clause, which prohibits the United States from taking private
property for public use without just compensation. The Takings Clause applies to the actual acquisition of
property and to regulatory actions that so severely restrict a property owner’s rights that they rise to the
level of a regulatory taking. In the context of foreign actors asserting constitutional rights, the Takings
Clause protects foreign individuals and entities with substantial connections to the United States,
including those whose property in the United States is taken by the federal government. Although Takings
Clause challenges to IEEPA-based actions have been largely unsuccessful, some plaintiffs continue to
link to page 7 link to page 7 Congressional Research Service
5
raise them. In TikTok’s challenge to the 2020 Order, for example, the company argued that President
Trump’s discussion of securing a payment to the Department of the Treasury if TikTok were to be sold to
an American company amounted to an attempt to secure an unconstitutional taking. This issue did not
ultimately feature in the court’s opinion, as the court based its decision on IEEPA interpretation issues.
Bill of Attainder
The Bill of Attainder Clause has also been a topic of discussion in TikTok-related legislation. This clause
prohibits Congress from using legislation to determine guilt and inflict punishment without a judicial trial.
As explored in a CRS In Focus, there are several unresolved questions about whether the clause applies to
modern economic restrictions on foreign corporations. In two recent judicial challenges, courts held that
legislation restricting transactions with PRC-based Huawei and Russia-based Kaspersky Lab did not
violate the Bill of Attainder Clause because the laws sought to protect U.S. security, not punish a private
actor. Proposals that would provide for a judicial trial or agency action before imposing applicable
sanctions, such as H.R. 7521, would not violate the Bill of Attainder Clause.
Other Legal Considerations
Apart from constitutional considerations, Congress may consider procedural and statutory issues that
could affect how proposed TikTok restrictions operate. A selection of these issues, which are also
examined in Table 1, are discussed below.
Judicial Review: Congress could consider legislative mechanisms to limit or streamline judicial review
of challenges to any new transaction-restriction authorities it enacts. Some existing statutes limit judicial
review of similar restrictions by exempting the decision to impose restrictions from the Administrative
Procedure Act (APA) or from judicial review in general. Some laws require legal challenges to be brought
before a specific court—usually, the U.S. Court of Appeals for the D.C. Circuit (D.C. Circuit) because of
its familiarity with special procedures in cases involving classified information. Among TikTok-related
bills, the RESTRICT Act would limit judicial review to actions that are “unconstitutional or in patent
violation of a clear and mandatory statutory command” and give the D.C. Circuit exclusive jurisdiction
over those cases. H.R. 7521 would grant the D.C. Circuit “exclusive jurisdiction over any challenge to
this Act or any action, finding, or determination under this Act” and impose a short statute of limitations
for bringing such challenges.
Classified and Other Sensitive Information: In anticipating judicial challenges, Congress may consider
prescribing how courts handle classified and other legally protected information during litigation. The
CFIUS statute is one example of streamlined procedures. It provides that, if a court determines that
classified or other protected information that is in the administrative record is necessary to resolve a legal
challenge, that information must be submitted ex parte and in camera (i.e., only the court may view it)
and maintained under seal so that it cannot be made public. The CFIUS statute also exempts the United
States from statutory requirements to provide notice to U.S. persons when using information obtained
under the Foreign Intelligence Surveillance Act of 1978 (FISA).
Confidentiality and Freedom of Information Act: When Congress creates new processes to review
private commercial transactions, it may seek to balance public interest in the process with the private
entities’ desire for confidentiality. Some existing national security review systems prohibit the
government from disclosing parties’ private information gathered during the review process unless an
exception applies. CFIUS’s legal authorities provide even stricter confidentiality by stating that materials
submitted during its review process are exempt from the Freedom of Information Act (FOIA) absent an
exception. Among the bills in Table 1, the DATA Act places certain special confidentiality requirements
on Congress, and the RESTRICT Act generally incorporates CFIUS’s confidentiality rubric and FOIA
exemption.
Congressional Research Service
6
Naming TikTok: Another topic of discussion is whether legislation should identify TikTok by name.
Whether TikTok is identified in a bill’s text could be relevant in a Bill of Attainder challenge as part of a
broader argument that the government targeted the company for punishment. The scope of coverage could
also be relevant for First Amendment purposes to determine whether the law singles out expressive
activity or disfavored speakers. In addition, the issue might feature in the due process context if Congress
were to make a legislative determination that TikTok presents a national security threat. Some proposals
in the 118th Congress expressly include TikTok among a defined set of entities with whom transactions
would be restricted. Other bills name TikTok, but do not mandate that the bill’s restrictions apply to it.
Instead, these proposals would require a presidential determination on whether the bill’s provisions apply
to the company. A third set would create transaction-review frameworks that the executive branch could
interpret to include TikTok, but that do not name the company in the legislative text. H.R. 7521
specifically names TikTok and also authorizes the President to determine that additional applications
should be subject to the bill’s restrictions.
Congressional Oversight: Congress may consider options to ensure that it is informed about executive
branch actions in implementing any legislation that passes and can exercise effective oversight. For
example, the No TikTok on American Devices Act would require the executive branch to provide a
classified briefing on its implementation of the bill. Another example is the DATA Act, which would
require the President to share information about the bill’s implementation with designated congressional
committees. The DATA Act also proposes to facilitate greater congressional involvement by requiring the
President to respond to the designated committees’ requests for determinations on whether specific
individuals or entities are subject to the bill’s sanctions and restrictions.
Legal Sidebari
Table 1. Comparison of Select TikTok Bills Introduced in the 118th Congress
H.R. 7521:
Protecting
Americans
H.R. 57:
from Foreign
H.R. 503 / S.
Protecting
H.R. 1081 / S.
S. 872:
Adversary
85: No TikTok
Personal Data
347: ANTI-
SAFETY on
Controlled
on American
from Foreign
H.R. 1153: DATA S. 686: RESTRICT
SOCIAL CCP
Social Media
Applications
Devices Act
Adversaries Act
Act
Act
Act
Act of 2023
Act
Actions
Invoke IEEPA
Invoke IEEPA; visa
Title I: Prohibit
§ 3: Investigate,
Invoke IEEPA
§ 4: Invoke
§ 2(a): Prohibit
Authorized
restrictions
specified
prohibit, regulate, and
IEEPA;
services from
transactions; Title II: mitigate covered
§ 5: ban from
enabling the
Invoke IEEPA
transactions;
app stores and
distribution of
§ 4: compel
prohibit and
foreign
divestment or mitigate
internet
adversary
risk of covered
services;
control ed
holdings
§ 6: visa
applications;
restrictions,
§ 2(b): require
foreign agent
data portability
registration
Exercising
President
President (IEEPA);
Title I: Secretary of § 3: Secretary of
President
§ 4: President,
President
Official or
State Dep’t (visa
the Treasury;
Commerce;
§ 5: FCC;
(identification of
Agency
restrictions)
Title II: President
§ 4: President
§ 6: State Dep’t
foreign
(visas); Justice
adversary
Dep’t
control ed
(registration)
applications);
Justice Dep’t
(enforcement)
CRS Legal Sidebar
Prepared for Members and
Committees of Congress
Congressional Research Service
8
H.R. 7521:
Protecting
Americans
H.R. 57:
from Foreign
H.R. 503 / S.
Protecting
H.R. 1081 / S.
S. 872:
Adversary
85: No TikTok
Personal Data
347: ANTI-
SAFETY on
Controlled
on American
from Foreign
H.R. 1153: DATA S. 686: RESTRICT
SOCIAL CCP
Social Media
Applications
Devices Act
Adversaries Act
Act
Act
Act
Act of 2023
Act
IEEPA
All IEEPA
All IEEPA exceptions
Personal
Not applicable
All IEEPA
All IEEPA
Not applicable
Exceptions
exceptions
removed
communication and
exceptions
exceptions
removed
info. materials
removed
removed
exceptions
removed
Authorizes
No
Yes
No
No
No
Yes
No
Visa
Restrictions
Covered
Transactions by
Transactions using
Title I: Transactions Transactions or
Transactions by
Transactions
Enabling the
Transactions
ByteDance (or its mobile application or
with those that
holdings involving
covered social
with companies
distribution,
successor) or any software programs
knowingly provide
foreign adversaries
media companies
on a
maintenance, or
entity owned by
that: (1) engage in
U.S. persons’
that pose certain
with certain
presidentially
updating of a
ByteDance
theft or unauthorized sensitive personal
undue or
connections to
prepared list of
foreign
involved in
transmission of user
data to certain
unacceptable risks to
countries of
foreign-owned-
adversary
TikTok-related
data to servers in the PRC-connected
U.S. national security
concern
or-control ed
control ed
matters
PRC, and (2) provide
entities; Title II:
or safety of U.S.
untrustworthy
application;
certain PRC-related
seven categories of
persons
applications and requests for
entities access to
sanctionable
social media
user data
user data
conduct
entities
maintained by a
foreign
adversary
control ed
application
Exceptions
Law enforcement Compliance with
Law enforcement
Certain transactions
Intelligence
No
Not applicable
from Review
activities, national U.N. Headquarters
activities, national
authorized under a
activities;
security interests Agreement
security interests
U.S. government-
importation of
and activities, and
and activities,
industrial security
goods
security research
security research
program or that meet
activities
activities,
national security or
compliance with
law enforcement
international
functions
agreements
Congressional Research Service
9
H.R. 7521:
Protecting
Americans
H.R. 57:
from Foreign
H.R. 503 / S.
Protecting
H.R. 1081 / S.
S. 872:
Adversary
85: No TikTok
Personal Data
347: ANTI-
SAFETY on
Controlled
on American
from Foreign
H.R. 1153: DATA S. 686: RESTRICT
SOCIAL CCP
Social Media
Applications
Devices Act
Adversaries Act
Act
Act
Act
Act of 2023
Act
Presidential
No
Case-by-case up to
Case-by-case up to
No
No
No
President can
Waiver
180 days if President
180 days if
determine that
certifies vital to
President certifies
a “qualified
national security
vital to national
divestiture”
security
removes an
application from
foreign
adversary
control
TikTok Named TikTok named as Presidential
Presidential
No
TikTok named as No
TikTok named
a “covered
determination on
determination on
a “deemed
as a “foreign
company”
bil ’s applicability to
bil ’s applicability to
company”
adversary
TikTok is mandatory
TikTok is
control ed
mandatory
application”
Confidentiality
No
No
No congressional
Confidentiality
No
No
No
and FOIA
disclosure of
procedures defined;
Provisions
confidential
FOIA inapplicable
information
Classified Info.
No
No
No
Yes
No
No
No
Procedures
and FISA
Exemptions
Congressional
Requires report
Requires report on
Authorizes
No
No
No
No
Oversight
on national
statute’s applicability
congressional
Provisions
security threat
to TikTok
requests for
posed by TikTok
determinations,
within 120 days;
information, and
briefing on
reports; requires
implementation
report on
within 180 days
applicability to
TikTok
Congressional Research Service
10
H.R. 7521:
Protecting
Americans
H.R. 57:
from Foreign
H.R. 503 / S.
Protecting
H.R. 1081 / S.
S. 872:
Adversary
85: No TikTok
Personal Data
347: ANTI-
SAFETY on
Controlled
on American
from Foreign
H.R. 1153: DATA S. 686: RESTRICT
SOCIAL CCP
Social Media
Applications
Devices Act
Adversaries Act
Act
Act
Act
Act of 2023
Act
Limits on
No
No
No
Unconstitutional
No
No
D.C. Circuit has
Judicial Review
actions or patent
exclusive
violations of law; D.C.
jurisdiction over
Circuit has exclusive
challenges to
jurisdiction
the Act or
determinations
under the Act
Sunset
No
Jan. 1, 2026
Title II terminates
No
No
No
No
five years after
enactment
Source: CRS, based on information in cited bil s, as introduced.
Author Information
Peter J. Benson, Coordinator
Chris D. Linebaugh
Legislative Attorney
Legislative Attorney
Valerie C. Brannon
Stephen P. Mulligan
Legislative Attorney
Legislative Attorney
Joanna R. Lampe
Legislative Attorney
Congressional Research Service
11
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to congressional committees and Members
of Congress. It operates solely at the behest of and under the direction of Congress. Information in a CRS Report should not be relied upon for purposes other
than public understanding of information that has been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as
a work of the United States Government, are not subject to copyright protection in the United States. Any CRS Report may be reproduced and distributed in its
entirety without permission from CRS. However, as a CRS Report may include copyrighted images or material from a third party, you may need to obtain the
permission of the copyright holder if you wish to copy or otherwise use copyrighted material.
LSB10942 · VERSION 3 · UPDATED