[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4927 Introduced in House (IH)]

<DOC>






118th CONGRESS
  1st Session
                                H. R. 4927

To require ByteDance to divest itself of certain assets, and to require 
  the Committee on Foreign Investment in the United States to review 
  certain business relationships between ByteDance and United States 
                  businesses, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             July 26, 2023

   Mrs. McClain (for herself, Mr. Babin, Mr. Bergman, Mr. Higgins of 
  Louisiana, Mr. Baird, Mr. Fallon, Mrs. Miller of Illinois, and Mr. 
   Norman) introduced the following bill; which was referred to the 
 Committee on Financial Services, and in addition to the Committees on 
     Foreign Affairs, and Energy and Commerce, for a period to be 
subsequently determined by the Speaker, in each case for consideration 
  of such provisions as fall within the jurisdiction of the committee 
                               concerned

_______________________________________________________________________

                                 A BILL


 
To require ByteDance to divest itself of certain assets, and to require 
  the Committee on Foreign Investment in the United States to review 
  certain business relationships between ByteDance and United States 
                  businesses, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Anti-CCP Espionage via Social Media 
Act of 2023'' or the ``ACES Act of 2023''.

SEC. 2. FINDINGS.

    Congress makes the following findings:
            (1) TikTok engages in political censorship, including 
        related to awareness of Uighur Muslim internment camps in 
        China.
            (2) The U.S. government fined TikTok $5.7 million for 
        illegally collecting children's data.
            (3) TikTok's Chinese parent company ByteDance has agreed to 
        pay $92 million in a settlement to U.S. users who are part of a 
        class-action lawsuit alleging that the video-sharing app failed 
        to get their consent to collect data in violation of a strict 
        Illinois biometric privacy law.
            (4) Chinese companies, such as TikTok, have no meaningful 
        ability to tell the Chinese Communist Party ``no'' if officials 
        request user data.
            (5) The presence of Chinese surveillance in applications 
        such as TikTok raises U.S. national security concerns.

SEC. 3. STATEMENT OF POLICY.

    It is the policy of the United States to secure the information and 
communications technology and services supply chain and to counter the 
threat posed by mobile applications and software services developed and 
owned by foreign adversaries, specifically the People's Republic of 
China and the Chinese Communist Party, which continue to threaten the 
national security, foreign policy, and economy of the United States.

SEC. 4. CODIFICATION OF THE EXECUTIVE ORDER ADDRESSING THE THREAT POSED 
              BY TIKTOK.

    (a) Executive Order 13942 of August 6, 2020 as in effect as of 
January 19, 2021, shall remain in effect and continue to apply.
    (b) Notwithstanding section 203(b) of the International Emergency 
Economic Powers Act, the President shall have the authority to 
implement Executive Order 13942.

SEC. 5. DIVESTMENT OF ASSETS BY BYTEDANCE.

    (a) In General.--ByteDance shall divest itself of--
            (1) any tangible or intangible assets or property, wherever 
        located, used to enable or support ByteDance's operation of the 
        TikTok application in the United States, as determined by 
        CFIUS; and
            (2) any data obtained or derived from TikTok application or 
        Musical.ly application users in the United States.
    (b) Deadline.--
            (1) In general.--Subject to paragraph (2), ByteDance shall 
        complete the divestment of assets required under subsection (a) 
        before the end of the 90-day period beginning on the date of 
        enactment of this Act.
            (2) Extensions.--CFIUS may provide one or more 30-day 
        extensions with respect to the deadline described under 
        paragraph (1), but under no circumstances may such extensions 
        extend the deadline beyond the end of the 12-month period 
        beginning on the date of enactment of this Act.
            (3) Progress report.--Not later than the end of the 45-day 
        period beginning on the date of enactment of this Act, 
        ByteDance shall provide evidence to the President that 
        ByteDance is in the process of divesting itself of all assets 
        described under subsection (a).
    (c) Certifications and Audits.--
            (1) Weekly certification.--Until ByteDance provides the 
        certification under paragraph (2)(A), ByteDance and TikTok 
        shall certify to CFIUS on a weekly basis that they are in 
        compliance with this Act and ByteDance shall include a 
        description of efforts to make divestment required under this 
        section and a timeline for projected completion of remaining 
        actions necessary to complete such divestment.
            (2) Data destruction certification and audit.--After the 
        deadline described under subsection (b)(1)--
                    (A) ByteDance shall certify in writing to CFIUS 
                that ByteDance has destroyed all data that ByteDance is 
                required to divest pursuant to this section, including 
                all copies of such data wherever located; and
                    (B) CFIUS may audit ByteDance, on such terms as 
                CFIUS determines appropriate, in order to ensure that 
                such destruction of data is complete.
    (d) Limitation on Divestments.--
            (1) In general.--In carrying out a divestment required 
        under this section, ByteDance may not complete a sale or 
        transfer to any third party--
                    (A) until ByteDance notifies CFIUS in writing of 
                the intended recipient or buyer; and
                    (B) unless 10 business days have passed from such 
                notification and CFIUS has not issued an objection to 
                ByteDance.
            (2) CFIUS considerations.--Among the factors CFIUS may 
        consider in reviewing a proposed sale or transfer described 
        under paragraph (1) are--
                    (A) whether the buyer or transferee--
                            (i) is a U.S. citizen or is owned by U.S. 
                        citizens;
                            (ii) has or has had a direct or indirect 
                        contractual, financial, familial, employment, 
                        or other close and continuous relationship with 
                        ByteDance, or its officers, employees, or 
                        shareholders; and
                            (iii) can demonstrate a willingness and 
                        ability to support compliance with this Act; 
                        and
                    (B) whether the proposed sale or transfer would 
                threaten to impair the national security of the United 
                States or undermine the purpose of this Act, and 
                whether the sale effectuates, to CFIUS's satisfaction 
                and in CFIUS's discretion, a complete divestment of all 
                tangible or intangible assets or property, wherever 
                located, used to enable or support the operation of the 
                TikTok application in the United States.
    (e) CFIUS Verification Measures.--
            (1) In general.--Without limitation on the exercise of 
        authority by any agency under other provisions of law, and 
        until such time as the divestment required under this section 
        is completed and verified to the satisfaction of CFIUS, CFIUS 
        is authorized to implement measures CFIUS determines necessary 
        and appropriate to verify compliance with this section and to 
        ensure that the operations of the TikTok application are 
        carried out in such a manner as to ensure protection of the 
        national security interests of the United States. Such measures 
        may include, on reasonable notice to ByteDance and TikTok Inc., 
        employees of the United States Government, as designated by 
        CFIUS, shall be permitted access, for purposes of verifying 
        compliance with this section, to all premises and facilities of 
        ByteDance and TikTok Inc., and any of their respective 
        subsidiaries, operated in furtherance of the TikTok application 
        located in the United States--
                    (A) to inspect and copy any books, ledgers, 
                accounts, correspondence, memoranda, and other records 
                and documents in the possession or under the control of 
                ByteDance or TikTok Inc., or any of their respective 
                subsidiaries, that concern any matter relating to this 
                section;
                    (B) to inspect or audit any information systems, 
                networks, hardware, software, data, communications, or 
                property in the possession or under the control of 
                ByteDance or TikTok Inc., or any of their respective 
                subsidiaries; and
                    (C) to interview officers, employees, or agents of 
                ByteDance or TikTok Inc., or any of their respective 
                subsidiaries, concerning any matter relating to this 
                section.
            (2) Deadline for verification.--CFIUS shall conclude all 
        verification procedures described under this subsection within 
        90 days after the certification of divestment is provided to 
        CFIUS pursuant to subsection (c)(1).

SEC. 6. PROHIBITED TRANSACTIONS.

    (a) In General.--A transaction is prohibited if the transaction is 
by any person, or with respect to any property, subject to the 
jurisdiction of the United States, with ByteDance Ltd. (a.k.a. Z(`jie' 
Tia`odo`ng), Beijing, China, or its subsidiaries, including TikTok 
Inc., in which any such company has any interest, involving the 
following:
            (1) Any provision of services, occurring after the end of 
        the 45-day period beginning on the date of enactment of this 
        Act, to distribute or maintain the TikTok mobile application, 
        constituent code, or application updates through an online 
        mobile application store, or any online marketplace where 
        mobile users within the land or maritime borders of the United 
        States and its territories may download or update applications 
        for use on their mobile devices.
            (2) Any provision of internet hosting services, occurring 
        after the end of the 45-day period beginning on the date of 
        enactment of this Act, enabling the functioning or optimization 
        of the TikTok mobile application within the land and maritime 
        borders of the United States and its territories.
            (3) Any provision of content delivery network services, 
        occurring after the end of the 45-day period beginning on the 
        date of enactment of this Act, enabling the functioning or 
        optimization of the TikTok mobile application within the land 
        and maritime borders of the United States and its territories.
            (4) Any provision of directly contracted or arranged 
        internet transit or peering services, occurring after the end 
        of the 45-day period beginning on the date of enactment of this 
        Act, enabling the functioning or optimization of the TikTok 
        mobile application within the land and maritime borders of the 
        United States and its territories.
            (5) Any utilization, occurring after the end of the 45-day 
        period beginning on the date of enactment of this Act, of the 
        TikTok mobile application's constituent code, functions, or 
        services in the functioning of software or services developed 
        or accessible within the land and maritime borders of the 
        United States and its territories.
    (b) Exceptions.--The prohibition under subsection (a) shall not 
apply to the following:
            (1) Any transaction that is not a business-to-business 
        transaction.
            (2) The payment of wages, salaries, and benefit packages to 
        employees or contractors.
            (3) The exchange between or among TikTok mobile application 
        users of personal or business information using the TikTok 
        mobile application.
            (4) Activities related to mobile applications intended for 
        distribution, installation or use outside of the United States 
        by any person, including to any person subject to U.S. 
        jurisdiction, and all ancillary activities, including 
        activities performed by any U.S. person, which are ordinarily 
        incident to, and necessary for, the distribution, installation, 
        and use of mobile applications outside of the United States.
            (5) The storing of TikTok mobile application user data in 
        the United States.
            (6) Any transactions necessary to effectuate the divestment 
        required by this section.
    (c) Waiver.--A person may submit a request to CFIUS for a waiver of 
the requirements under subsection (a).

SEC. 7. ENFORCEMENT.

    (a) Prohibition on Evasion and Circumvention.--Any transaction or 
other device entered into or employed for the purpose of, or with the 
effect of, evading or circumventing this Act is prohibited.
    (b) Injunction.--Whenever it appears to the Attorney General that 
any person is engaged in, or is about to engage in, any act that 
constitutes, or would constitute, a violation of this Act, the Attorney 
General may initiate civil action in a district court of the United 
States to enjoin such violation.
    (c) Penalties.--
            (1) Material misstatement or omission.--Any person who 
        submits a report with a material misstatement or omission or 
        makes a false certification under this Act may be liable to the 
        United States for a civil penalty not to exceed $250,000 per 
        violation. The amount of the penalty imposed for a violation 
        shall be based on the nature of the violation.
            (2) Violations.--
                    (A) In general.--Any person who fails to comply 
                with the requirements of this Act may be liable to the 
                United States for a civil penalty not to exceed the 
                greater of $250,000 or the value of the transaction.
                    (B) Amount.--The amount of a penalty imposed for a 
                violation shall be based on the nature of the 
                violation.
            (3) Determination and notice of penalty.--A determination 
        to impose penalties under paragraph (1) or (2) shall be made by 
        CFIUS. Notice of the penalty, including a written explanation 
        of the conduct to be penalized and the amount of the penalty, 
        shall be sent to the subject person electronically and by U.S. 
        mail or courier service. Notice shall be deemed to have been 
        effected by the earlier of the date of electronic transmission 
        and the date of receipt of U.S. mail or courier service.
            (4) Petition for reconsideration.--Upon receiving notice of 
        a penalty to be imposed under paragraph (1) or (2), the subject 
        person may, within 15 business days of receipt of such notice, 
        submit a petition for reconsideration to the Staff Chairperson, 
        including a defense, justification, or explanation for the 
        conduct to be penalized. CFIUS shall review the petition and 
        issue any final penalty determination within 15 business days 
        of receipt of the petition. The Staff Chairperson and the 
        subject person may extend either such period through written 
        agreement. CFIUS and the subject person may reach an agreement 
        on an appropriate remedy at any time before CFIUS issues any 
        final penalty determination.
            (5) Recovery of penalties.--The penalties authorized in 
        paragraphs (1) and (2) may be recovered in a civil action 
        brought by the United States in Federal district court.
            (6) Application of false statements accountability act of 
        1996.--Section 2 of the False Statements Accountability Act of 
        1996 (18 U.S.C. 1001) shall apply to all information provided 
        to CFIUS or the President under this Act.
            (7) Effect on other penalties.--The penalties available 
        under this subsection are without prejudice to other penalties, 
        civil or criminal, available under law.
            (8) Penalties as debt due to the u.s. government.--The 
        imposition of a civil monetary penalty under this subsection 
        creates a debt due to the U.S. Government. The Department of 
        the Treasury may take action to collect the penalty assessed if 
        not paid within the time prescribed by CFIUS and notified to 
        the applicable party or parties. In addition or instead, the 
        matter may be referred to the Department of Justice for 
        appropriate action to recover the penalty.
            (9) Definitions.--In this subsection:
                    (A) Staff chairperson.--The term ``Staff 
                Chairperson'' means the Department of the Treasury 
                official so designated by the Secretary of the Treasury 
                or by the Secretary's designee.
                    (B) Subject person.--In this subsection, the term 
                ``subject person'' means the person or persons who may 
                be liable to the United States for a civil penalty.

SEC. 8. NATIONAL SECURITY REVIEW OF BUSINESS RELATIONSHIPS WITH 
              BYTEDANCE.

    (a) National Security Investigations.--
            (1) In general.--CFIUS shall--
                    (A) review the relationship of each covered United 
                States business with ByteDance to determine the effects 
                of such relationship on the national security of the 
                United States; and
                    (B) issue a report to the President containing the 
                findings of such review.
            (2) Presidential authority.--After reviewing a report 
        issued under paragraph (1) with respect to a relationship, the 
        President may take such action for such time as the President 
        considers appropriate to suspend or prohibit the relationship 
        if the relationship threatens to impair the national security 
        of the United States.
            (3) Procedures.--To the extent practicable, CFIUS and the 
        President shall carry out a review of a relationship under this 
        subsection in the same manner as a covered transaction is 
        reviewed under section 721 of the Defense Production Act of 
        1950 (50 U.S.C. 4565).

SEC. 9. REPORT ON NATIONAL SECURITY THREAT OF MOBILE APPLICATIONS 
              UTILIZED BY THE PEOPLE'S REPUBLIC OF CHINA AND CHINESE 
              COMMUNIST PARTY.

    (a) Reporting Requirement.--Not later than 180 days after the 
enactment of this Act, and annually thereafter, the Secretary of State 
and the Attorney General, in consultation with the Director of National 
Intelligence, shall submit to the appropriate congressional committees 
a report describing--
            (1) the scope of efforts by the People's Republic of China 
        and Chinese Communist Party to utilize mobile applications to 
        perform espionage on U.S. citizens, and business and 
        organizations located in the United States;
            (2) the means and objectives of the People's Republic of 
        China and Chinese Communist Party in utilizing mobile 
        applications to perform espionage and spread disinformation in 
        the United States; and
            (3) a detailed strategy regarding how the Secretary of 
        State and the Attorney General intend to counter espionage and 
        disinformation efforts conducted by the People's Republic of 
        China and the Chinese Communist Party using mobile 
        applications.
    (b) Form.--The report required by subsection (a) shall be submitted 
in unclassified form, but may include a classified annex if necessary. 
The unclassified portion of such report shall be made available on a 
publicly available internet website of the Federal Government.
    (c) Appropriate Congressional Committees Defined.--In this section, 
the term ``appropriate congressional committees'' means--
            (1) the Committee on Armed Services, the Committee on 
        Foreign Affairs, the Committee on Financial Services, and the 
        Committee on the Judiciary of the House of Representatives; and
            (2) the Committee on Armed Services, the Committee on 
        Foreign Relations, the Committee on Banking, Housing, and Urban 
        Affairs, and the Committee on the Judiciary of the Senate.

SEC. 10. DEFINITIONS.

    In this Act:
            (1) CFIUS.--The term ``CFIUS'' means the Committee on 
        Foreign Investment in the United States.
            (2) Covered united states business.--The term ``covered 
        United States business'' means a person (other than an 
        individual) engaged in interstate commerce in the United States 
        who--
                    (A) is partnering or contracting with ByteDance 
                with respect to technology platforms, applications, or 
                other ventures; or
                    (B) is a shareholder of ByteDance.
                                 <all>