Short title

This Act may be cited as the

Anti-CCP Espionage via Social Media Act of 2021

or the

ACES Act of 2021

Findings

Congress makes the following findings:(1)TikTok engages in political censorship, including related to awareness of Uighur Muslim internment camps in China.(2)The U.S. government fined TikTok $5.7 million for illegally collecting children’s data.(3)TikTok’s Chinese parent company ByteDance has agreed to pay $92 million in a settlement to U.S. users who are part of a class-action lawsuit alleging that the video-sharing app failed to get their consent to collect data in violation of a strict Illinois biometric privacy law.(4)Chinese companies, such as TikTok, have no meaningful ability to tell the Chinese Communist Party no if officials request user data.(5)The presence of Chinese surveillance in applications such as TikTok raises U.S. national security concerns.

Statement of policy

It is the policy of the United States to secure the information and communications technology and services supply chain and to counter the threat posed by mobile applications and software services developed and owned by foreign adversaries, specifically the People's Republic of China and the Chinese Communist Party, which continue to threaten the national security, foreign policy, and economy of the United States.

Codification of the Executive Order addressing the threat posed by tiktok

(a)Executive Order 13942 of August 6, 2020 as in effect as of January 19, 2021, shall remain in effect and continue to apply.(b)Notwithstanding section 203(b) of the International Emergency Economic Powers Act, the President shall have the authority to implement Executive Order 13942.

Divestment of assets by ByteDance

(a)

In general

ByteDance shall divest itself of—(1)any tangible or intangible assets or property, wherever located, used to enable or support ByteDance's operation of the TikTok application in the United States, as determined by CFIUS; and(2)any data obtained or derived from TikTok application or Musical.ly application users in the United States.(b)

Deadline

(1)

In general

Subject to paragraph (2), ByteDance shall complete the divestment of assets required under subsection (a) before the end of the 90-day period beginning on the date of enactment of this Act.(2)

Extensions

CFIUS may provide one or more 30-day extensions with respect to the deadline described under paragraph (1), but under no circumstances may such extensions extend the deadline beyond the end of the 12-month period beginning on the date of enactment of this Act.(3)

Progress report

Not later than the end of the 45-day period beginning on the date of enactment of this Act, ByteDance shall provide evidence to the President that ByteDance is in the process of divesting itself of all assets described under subsection (a).(c)

Certifications and audits

(1)

Weekly certification

Until ByteDance provides the certification under paragraph (2)(A), ByteDance and TikTok shall certify to CFIUS on a weekly basis that they are in compliance with this Act and ByteDance shall include a description of efforts to make divestment required under this section and a timeline for projected completion of remaining actions necessary to complete such divestment.(2)

Data destruction certification and audit

After the deadline described under subsection (b)(1)—(A)ByteDance shall certify in writing to CFIUS that ByteDance has destroyed all data that ByteDance is required to divest pursuant to this section, including all copies of such data wherever located; and(B)CFIUS may audit ByteDance, on such terms as CFIUS determines appropriate, in order to ensure that such destruction of data is complete.(d)

Limitation on divestments

(1)

In general

In carrying out a divestment required under this section, ByteDance may not complete a sale or transfer to any third party—(A)until ByteDance notifies CFIUS in writing of the intended recipient or buyer; and(B)unless 10 business days have passed from such notification and CFIUS has not issued an objection to ByteDance.(2)

CFIUS considerations

Among the factors CFIUS may consider in reviewing a proposed sale or transfer described under paragraph (1) are—(A)whether the buyer or transferee—(i)is a U.S. citizen or is owned by U.S. citizens;(ii)has or has had a direct or indirect contractual, financial, familial, employment, or other close and continuous relationship with ByteDance, or its officers, employees, or shareholders; and(iii)can demonstrate a willingness and ability to support compliance with this Act; and(B)whether the proposed sale or transfer would threaten to impair the national security of the United States or undermine the purpose of this Act, and whether the sale effectuates, to CFIUS’s satisfaction and in CFIUS’s discretion, a complete divestment of all tangible or intangible assets or property, wherever located, used to enable or support the operation of the TikTok application in the United States.(e)

CFIUS verification measures

(1)

In general

Without limitation on the exercise of authority by any agency under other provisions of law, and until such time as the divestment required under this section is completed and verified to the satisfaction of CFIUS, CFIUS is authorized to implement measures CFIUS determines necessary and appropriate to verify compliance with this section and to ensure that the operations of the TikTok application are carried out in such a manner as to ensure protection of the national security interests of the United States. Such measures may include, on reasonable notice to ByteDance and TikTok Inc., employees of the United States Government, as designated by CFIUS, shall be permitted access, for purposes of verifying compliance with this section, to all premises and facilities of ByteDance and TikTok Inc., and any of their respective subsidiaries, operated in furtherance of the TikTok application located in the United States—(A)to inspect and copy any books, ledgers, accounts, correspondence, memoranda, and other records and documents in the possession or under the control of ByteDance or TikTok Inc., or any of their respective subsidiaries, that concern any matter relating to this section;(B)to inspect or audit any information systems, networks, hardware, software, data, communications, or property in the possession or under the control of ByteDance or TikTok Inc., or any of their respective subsidiaries; and(C)to interview officers, employees, or agents of ByteDance or TikTok Inc., or any of their respective subsidiaries, concerning any matter relating to this section.(2)

Deadline for verification

CFIUS shall conclude all verification procedures described under this subsection within 90 days after the certification of divestment is provided to CFIUS pursuant to subsection (c)(1).

Prohibited transactions

(a)

In general

A transaction is prohibited if the transaction is by any person, or with respect to any property, subject to the jurisdiction of the United States, with ByteDance Ltd. (a.k.a. Zı`jie´ Tia`odo`ng), Beijing, China, or its subsidiaries, including TikTok Inc., in which any such company has any interest, involving the following:(1)Any provision of services, occurring after the end of the 45-day period beginning on the date of enactment of this Act, to distribute or maintain the TikTok mobile application, constituent code, or application updates through an online mobile application store, or any online marketplace where mobile users within the land or maritime borders of the United States and its territories may download or update applications for use on their mobile devices.(2)Any provision of internet hosting services, occurring after the end of the 45-day period beginning on the date of enactment of this Act, enabling the functioning or optimization of the TikTok mobile application within the land and maritime borders of the United States and its territories.(3)Any provision of content delivery network services, occurring after the end of the 45-day period beginning on the date of enactment of this Act, enabling the functioning or optimization of the TikTok mobile application within the land and maritime borders of the United States and its territories.(4)Any provision of directly contracted or arranged internet transit or peering services, occurring after the end of the 45-day period beginning on the date of enactment of this Act, enabling the functioning or optimization of the TikTok mobile application within the land and maritime borders of the United States and its territories.(5)Any utilization, occurring after the end of the 45-day period beginning on the date of enactment of this Act, of the TikTok mobile application’s constituent code, functions, or services in the functioning of software or services developed or accessible within the land and maritime borders of the United States and its territories.(b)

Exceptions

The prohibition under subsection (a) shall not apply to the following:(1)Any transaction that is not a business-to-business transactions.(2)The payment of wages, salaries, and benefit packages to employees or contractors.(3)The exchange between or among TikTok mobile application users of personal or business information using the TikTok mobile application.(4)Activities related to mobile applications intended for distribution, installation or use outside of the United States by any person, including to any person subject to U.S. jurisdiction, and all ancillary activities, including activities performed by any U.S. person, which are ordinarily incident to, and necessary for, the distribution, installation, and use of mobile applications outside of the United States.(5)The storing of TikTok mobile application user data in the United States.(6)Any transactions necessary to effectuate the divestment required by this section.(c)

Waiver

A person may submit a request to CFIUS for a waiver of the requirements under subsection (a).

Enforcement

(a)

Prohibition on evasion and circumvention

Any transaction or other device entered into or employed for the purpose of, or with the effect of, evading or circumventing this Act is prohibited.(b)

Injunction

Whenever it appears to the Attorney General that any person is engaged in, or is about to engage in, any act that constitutes, or would constitute, a violation of this Act, the Attorney General may initiate civil action in a district court of the United States to enjoin such violation.(c)

Penalties

(1)

Material misstatement or omission

Any person who submits a report with a material misstatement or omission or makes a false certification under this Act may be liable to the United States for a civil penalty not to exceed $250,000 per violation. The amount of the penalty imposed for a violation shall be based on the nature of the violation.(2)

Violations

(A)

In general

Any person who fails to comply with the requirements of this Act may be liable to the United States for a civil penalty not to exceed the greater of $250,000 or the value of the transaction.(B)

Amount

The amount of a penalty imposed for a violation shall be based on the nature of the violation.(3)

Determination and notice of penalty

A determination to impose penalties under paragraph (1) or (2) shall be made by CFIUS. Notice of the penalty, including a written explanation of the conduct to be penalized and the amount of the penalty, shall be sent to the subject person electronically and by U.S. mail or courier service. Notice shall be deemed to have been effected by the earlier of the date of electronic transmission and the date of receipt of U.S. mail or courier service.(4)

Petition for reconsideration

Upon receiving notice of a penalty to be imposed under paragraph (1) or (2), the subject person may, within 15 business days of receipt of such notice, submit a petition for reconsideration to the Staff Chairperson, including a defense, justification, or explanation for the conduct to be penalized. CFIUS shall review the petition and issue any final penalty determination within 15 business days of receipt of the petition. The Staff Chairperson and the subject person may extend either such period through written agreement. CFIUS and the subject person may reach an agreement on an appropriate remedy at any time before CFIUS issues any final penalty determination.(5)

Recovery of penalties

The penalties authorized in paragraphs (1) and (2) may be recovered in a civil action brought by the United States in Federal district court.(6)

Application of False Statements Accountability Act of 1996

Section 2 of the False Statements Accountability Act of 1996 (18 U.S.C. 1001) shall apply to all information provided to CFIUS or the President under this Act.(7)

Effect on other penalties

The penalties available under this subsection are without prejudice to other penalties, civil or criminal, available under law.(8)

Penalties as debt due to the U.S. Government

The imposition of a civil monetary penalty under this subsection creates a debt due to the U.S. Government. The Department of the Treasury may take action to collect the penalty assessed if not paid within the time prescribed by CFIUS and notified to the applicable party or parties. In addition or instead, the matter may be referred to the Department of Justice for appropriate action to recover the penalty.(9)

Definitions

In this subsection:(A)

Staff Chairperson

The term Staff Chairperson means the Department of the Treasury official so designated by the Secretary of the Treasury or by the Secretary's designee.(B)

Subject person

In this subsection, the term subject person means the person or persons who may be liable to the United States for a civil penalty.

National Security review of business relationships with ByteDance

(a)

National security investigations

(1)

In general

CFIUS shall—(A)review the relationship of each covered United States business with ByteDance to determine the effects of such relationship on the national security of the United States; and(B)issue a report to the President containing the findings of such review.(2)

Presidential authority

After reviewing a report issued under paragraph (1) with respect to a relationship, the President may take such action for such time as the President considers appropriate to suspend or prohibit the relationship if the relationship threatens to impair the national security of the United States.(3)

Procedures

To the extent practicable, CFIUS and the President shall carry out a review of a relationship under this subsection in the same manner as a covered transaction is reviewed under section 721 of the Defense Production Act of 1950 (50 U.S.C. 4565).

Report on national security threat of mobile applications utilized by the People’s Republic of China and Chinese Communist Party

(a)

Reporting requirement

Not later than 180 days after the enactment of this Act, and annually thereafter, the Secretary of State and the Attorney General, in consultation with the Director of National Intelligence, shall submit to the appropriate congressional committees a report describing—(1)the scope of efforts by the People’s Republic of China and Chinese Communist Party to utilize mobile applications to perform espionage on U.S. citizens, and business and organizations located in the United States;(2)the means and objectives of the People’s Republic of China and Chinese Communist Party in utilizing mobile applications to perform espionage and spread disinformation in the United States; and(3)a detailed strategy regarding how the Secretary of State and the Attorney General intend to counter espionage and disinformation efforts conducted by the People’s Republic of China and the Chinese Communist Party using mobile applications.(b)

Form

The report required by subsection (a) shall be submitted in unclassified form, but may include a classified annex if necessary. The unclassified portion of such report shall be made available on a publicly available internet website of the Federal Government.(c)

Appropriate congressional committees defined

In this section, the term appropriate congressional committees means—(1)the Committee on Armed Services, the Committee on Foreign Affairs, the Committee on Financial Services, and the Committee on the Judiciary of the House of Representatives; and(2)the Committee on Armed Services, the Committee on Foreign Relations, the Committee on Banking, Housing, and Urban Affairs, and the Committee on the Judiciary of the Senate.

10.

Definitions

In this Act:(1)

CFIUS

The term CFIUS means the Committee on Foreign Investment in the United States.(2)

Covered United States business

The term covered United States business means a person (other than an individual) engaged in interstate commerce in the United States who—(A)is partnering or contracting with ByteDance with respect to technology platforms, applications, or other ventures; or(B)is a shareholder of ByteDance.