[Senate Report 119-57]
[From the U.S. Government Publishing Office]
Calendar No. 144
119th Congress } { Report
SENATE
1st Session } { 119-57
_______________________________________________________________________
MITIGATING AUTOMATED INTERNET
NETWORKS FOR EVENT TICKETING ACT
__________
R E P O R T
of the
COMMITTEE ON COMMERCE, SCIENCE, AND
TRANSPORTATION
on
S. 196
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
September 2, 2025.--Ordered to be printed
------
U.S. GOVERNMENT PUBLISHING OFFICE
59-010 WASHINGTON : 2025
SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
one hundred nineteenth congress
first session
TED CRUZ, Texas, Chairman
JOHN THUNE, South Dakota MARIA CANTWELL, Washington
ROGER F. WICKER, Mississippi AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska BRIAN SCHATZ, Hawaii
JERRY MORAN, Kansas EDWARD J. MARKEY, Massachusetts
DAN SULLIVAN, Alaska GARY C. PETERS, Michigan
MARSHA BLACKBURN, Tennessee TAMMY BALDWIN, Wisconsin
TODD YOUNG, Indiana TAMMY DUCKWORTH, Illinois
TED BUDD, North Carolina JACKY ROSEN, Nevada
ERIC SCHMITT, Missouri BEN RAY LUJAN, New Mexico
JOHN CURTIS, Utah JOHN W. HICKENLOOPER, Colorado
BERNIE MORENO, Ohio JOHN FETTERMAN, Pennsylvania
TIM SHEEHY, Montana ANDY KIM, New Jersey
SHELLEY MOORE CAPITO, West Virginia LISA BLUNT ROCHESTER, Delaware
CYNTHIA M. LUMMIS, Wyoming
Brad Grantz, Majority Staff Director
Lila Harper Helms, Democratic Staff Director
Calendar No. 144
119th Congress } { Report
SENATE
1st Session } { 119-57
=======================================================================
MITIGATING AUTOMATED INTERNET NETWORKS FOR
EVENT TICKETING ACT
----------------
September 2, 2025.--Ordered to be printed
----------------
Mr. Cruz, from the Committee on Commerce, Science, and Transportation,
submitted the following
R E P O R T
[To accompany S. 196]
[Including cost estimate of the Congressional Budget Office]
The Committee on Commerce, Science, and Transportation, to
which was referred the bill (S. 196) to improve online ticket
sales and protect consumers, and for other purposes, having
considered the same, reports favorably thereon with an
amendment, in the nature of a substitute, and recommends that
the bill, as amended, do pass.
Purpose of the Bill
The purpose of S. 196 is to strengthen the Better Online
Ticket Sales (BOTS) Act of 2016\1\ to expressly prohibit the
use of applications that perform automated tasks to purchase
online tickets and to require that online ticket issuers
establish, implement, and maintain security measures to enforce
their posted ticket purchasing limits and purchasing order
rules against applications, including software applications,
that attempt to circumvent the online ticket issuer's security
measures.
---------------------------------------------------------------------------
\1\Public Law 114-274.
---------------------------------------------------------------------------
Background and Needs
Ticket bots--software that automates the purchase of online
event tickets--allow the online purchase of tickets faster than
human users. Bots are often programmed to circumvent the limits
imposed by online ticket platforms against how many tickets one
person can buy. Because of their speed and ability to purchase
a large number of tickets, ticket bots have an advantage over
human buyers. A person using a bot will often buy large
quantities of tickets and then sell them at inflated prices on
the secondary market. Consumers should not have to compete for
tickets with automated bots that cheat the system.
In 2016, Congress passed the BOTS Act to prohibit
circumventing a ticket issuer's security measures or purchasing
rules. Since the BOTS Act was signed into law, online ticket
sellers have still experienced challenges defending against the
use of automated bots and consumers have still had to compete
with bots to buy tickets for events.
One example was the chaos that ensued in November 2022 as
fans vied for tickets to attend Taylor Swift's Eras Tour.
Although Ticketmaster, the official online ticket platform, had
established a Verified Fan program to attempt to keep bots out
of the ticket sale queue, its website experienced unprecedented
traffic, which led to extremely long waits, technical glitches,
and site crashes. Ticketmaster later canceled the announced
general sale due to ``massive demand.''\2\
---------------------------------------------------------------------------
\2\Kari Bendlin, ``Taylor Swift's Eras Tour: A Timeline of the
Ticketmaster Fiasco,'' People, March 29, 2023, https://people.com/
music/taylor-swift-eras-tour-ticketmaster-timeline/.
---------------------------------------------------------------------------
Summary of Provisions
S. 196 would do the following:
Update the BOTS Act to expressly prohibit a person
from using an application, including a software
application, that automates tasks to purchase event
tickets from an online ticket issuer and circumvents
any access control system, security measure, or other
technological controls used to enforce online ticket
purchasing rules.
Require online ticket issuers to have an access
control system, security measure, or other
technological controls in place to enforce posted event
ticket purchasing limits or to maintain the integrity
of the posted online ticket purchasing order rules.
Require online ticket issuers to regularly evaluate
and adjust access control systems, security measures,
or other technological controls in light of any
material changes in technology, internal or external
threats to system security, and the changing business
arrangements or operations of the online ticket issuer.
Require online ticket issuers to report incidents of
circumvention to the Federal Trade Commission (FTC or
Commission) no later than 30 days after discovering the
circumvention.
Require online ticket issuers to take reasonable
steps to improve their access control systems, security
measures, or other technological controls or measures
to address any known or reasonably foreseeable risks
connected to incidents of circumvention.
Require law enforcement coordination and data
sharing among the Commission, Federal Bureau of
Investigation, Department of Justice, and other
relevant State or local law enforcement officials with
respect to known instances of cyberattacks on security
measures, access controls systems, or other
technological controls.
Legislative History
S. 196 was introduced on January 22, 2025, by Senator
Blackburn (for herself and Senator Lujan) and was referred to
the Committee on Commerce, Science, and Transportation of the
Senate. On April 30, 2025, the Committee met in open Executive
Session and, by voice vote, ordered S. 196 reported favorably
with an amendment (in the nature of a substitute).
H.R. 2713, a House bill identical to S. 196, was introduced
on April 8, 2025, by Representative Harshbarger (for herself
and Representative Carter (LA)) and was referred to the
Committee on Energy and Commerce of the House of
Representatives.
Estimated Costs
In accordance with paragraph 11(a) of rule XXVI of the
Standing Rules of the Senate and section 403 of the
Congressional Budget Act of 1974, the Committee provides the
following cost estimate, prepared by the Congressional Budget
Office:
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
S. 196 would prohibit individuals from using automated
software to purchase event tickets from an online website or
service and require the Federal Trade Commission (FTC) to
enforce that prohibition. In addition, the bill would direct
online ticket issuers to establish, maintain, and improve
security measures to enforce limits on ticket purchasing.
Ticket issuers would be required to report to the FTC if
purchasers circumvented those measures. The bill would require
the FTC to issue guidance to online ticket issuers on how to
comply with the security standards set by the bill. S. 196 also
would require the FTC to coordinate with the Department of
Justice about any known instances of cyberattacks on security
measures used to enforce limits on ticket purchasing. Finally,
the FTC would be required to report to the Congress on the
status of any enforcement actions.
Using information from the FTC and based on the cost of
similar requirements, CBO estimates that implementing S. 196
would cost $4 million over the 2025-2030 period. Any related
spending would be subject to the availability of appropriated
funds.
S. 196 would authorize the FTC to collect civil monetary
penalties from businesses that violate the new provisions.
Civil monetary penalties generally are remitted to the Treasury
and recorded as revenues. Whether the FTC would pursue civil
penalties or some other remedy for violations is unclear. In
any event, CBO expects that companies would generally comply
with the new requirements and that any additional revenues
collected over the 2025-2030 period would be insignificant.
S. 196 would impose a private-sector mandate, as defined in
the Unfunded Mandates Reform Act (UMRA), on online ticket
issuers by requiring them to implement security measures to
enforce ticket purchasing rules and to report to the FTC if any
of those measures are circumvented. Because much of the ticket
issuing industry already maintains such security measures, CBO
estimates that the cost to comply with this mandate will be
well below the threshold established in UMRA for private-sector
mandates ($206 million in 2025, adjusted annually for
inflation).
S. 196 contains no intergovernmental mandates as defined in
UMRA.
The CBO staff contacts for this estimate are David Hughes
(for federal costs) and Rachel Austin (for mandates). The
estimate was reviewed by Christina Hawley Anthony, Deputy
Director of Budget Analysis.
Phillip L. Swagel,
Director, Congressional Budget Office.
Regulatory Impact Statement
In accordance with paragraph 11(b) of rule XXVI of the
Standing Rules of the Senate, the Committee provides the
following evaluation of the regulatory impact of the
legislation, as reported:
number of persons covered
S. 196 would cover the following persons and entities as
well as any employees retained by such entities:
Any person who violates the prohibited conduct
specified in subsection (a) of the BOTS Act of 2016.
Online ticket issuers.
The Federal Trade Commission.
State attorneys general.
The Federal Bureau of Investigation.
The Department of Justice.
Relevant State or local law enforcement officials.
economic impact
By updating the BOTS Act to expressly prohibit the use of
automated bots to circumvent online ticket issuers' security or
other measures meant to enforce posted event ticket purchasing
limits or posted online ticket purchasing order rules, as well
as requiring that online ticket issuers establish, implement,
and maintain security measures to enforce their posted ticket
purchasing limits and purchasing order rules, S. 196 would
benefit consumers who could otherwise miss out on an event or
be forced to buy a higher priced resale ticket. While S. 196
would impose additional reporting and technological
requirements on ticket issuers, the bill is expected to save
consumers time spent attempting to purchase tickets.
privacy
S. 196 is not anticipated to impact the personal privacy of
individuals.
paperwork
The legislation would not increase paperwork requirements
for private individuals or businesses although ticket issuers
would have to report a circumvention of protections against
bots within 30 days to the FTC. S. 196 would require one report
from the FTC to the Committee on Commerce, Science, and
Transportation of the Senate and the Committee on Energy and
Commerce of the House of Representatives no later than 1 year
after enactment. The report would outline the status of any
enforcement action taken pursuant to this Act and any
identified limitations to the Commission's ability to pursue
incidents of circumvention.
Congressionally Directed Spending
In compliance with paragraph 4(b) of rule XLIV of the
Standing Rules of the Senate, the Committee provides that no
provisions contained in the bill, as reported, meet the
definition of congressionally directed spending items under the
rule.
Section-by-Section Analysis
Section 1. Short title.
This section would provide that the bill may be cited as
the ``Mitigating Automated Internet Networks for Event
Ticketing Act'' or the ``MAIN Event Ticketing Act''.
Section 2. Strengthening the BOTS Act.
This section would amend the BOTS Act to prohibit a person
from using an application, including a software application,
that performs automated tasks to purchase event tickets from a
website or online service used by a ticket issuer through
circumventing an access control system, security measure, or
other technological control or measure to enforce posted online
ticket purchasing rules.
This section would require each online ticket issuer to
establish, implement, and maintain an access control system,
security measure, or other technological controls to enforce
and maintain the integrity of posted online ticket purchasing
rules.
It would additionally require an online ticket issuer to
regularly evaluate and adjust the access control system,
security measure, or other technological controls in light of
any material changes in technology, internal or external
threats to system security, and the changing business
arrangements or operations of the online ticket issuer.
This section would require an online ticket issuer to
report to the FTC any known incidents of circumvention no later
than 30 days after the circumvention incident is discovered.
The FTC would be directed to share with State attorneys general
any reports received under this section from online ticket
issuers and any submitted consumer complaints related to this
subsection.
This section would require an online ticket issuer to take
reasonable steps to improve its access control system, security
measure, or other technological controls to address any known
or reasonably foreseeable risks connected to incidents of
circumvention.
This section would require the Federal Bureau of
Investigation, the Department of Justice, and other relevant
State or local law enforcement to coordinate with the
Commission to share information about known instances of
cyberattacks on any security measures, access control systems,
or other technological controls used on websites of ticket
issuers to enforce posted event ticket purchasing limits or to
maintain the integrity of posted online ticket purchasing
rules.
This section would require the Commission to report to
relevant congressional committees on the status of enforcement
actions taken pursuant to this Act, and any limitations in the
FTC's ability to pursue incidents of circumvention no later
than 1 year after enactment.
Lastly, this section would define the terms
``circumvention'', ``cyberattack'', and ``online ticket
issuer''.
Changes in Existing Law
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, changes in existing law made by
the bill, as reported, are shown as follows (existing law
proposed to be omitted is enclosed in black brackets, new
material is printed in italic, existing law in which no change
is proposed is shown in roman):
BETTER ONLINE TICKET SALES ACT OF 2016
* * * * * * *
[15 U.S.C. 45c; Pub. L. 114-274]
SEC. 2. UNFAIR AND DECEPTIVE ACTS AND PRACTICES RELATING TO
CIRCUMVENTION OF TICKET ACCESS CONTROL MEASURES.
(a) Conduct Prohibited.--
(1) In general.--Except as provided in paragraph
(2), it shall be unlawful for any person--
(A) to circumvent a security measure,
access control system, or other technological
control or measure on an Internet website or
online service that is used by the online
ticket issuer to enforce posted event ticket
purchasing limits or to maintain the integrity
of posted online ticket purchasing order
rules[; or];
(B) to sell or offer to sell any event
ticket in interstate commerce obtained in
violation of subparagraph (A) if the person
selling or offering to sell the ticket either--
(i) participated directly in or had
the ability to control the conduct in
violation of subparagraph (A); or
(ii) knew or should have known that
the event ticket was acquired in
violation of subparagraph (A)[.]; or
(C) to use or cause to be used an
application, including a software application,
that performs automated tasks to purchase event
tickets from an Internet website or online
service used by an online ticket issuer through
the circumvention of an access control system,
security measure, or other technological
control or measure used by such Internet
website or online service to enforce posted
online ticket purchasing order rules of the
Internet website or online service.
(2) Exception.--It shall not be unlawful under this
section for a person to create or use any computer
software or system--
(A) to investigate, or further the
enforcement or defense, of any alleged
violation of this section or other statute or
regulation; or
(B) to engage in research necessary to
identify and analyze flaws and vulnerabilities
of measures, systems, or controls described in
paragraph (1)(A), if these research activities
are conducted to advance the state of knowledge
in the field of computer system security or to
assist in the development of computer security
product.
(b) Requiring Online Ticket Issuers to Enforce Site
Policies.--
(1) Requirement to enforce and update site
policies.--Each online ticket issuer shall--
(A) establish, implement, and maintain an
access control system, security measure, or
other technological control or measure to
enforce posted event ticket purchasing limits
and to maintain the integrity of posted online
ticket purchasing order rules; and
(B) regularly evaluate and make
adjustments, as necessary, to such an access
control system, security measure, or other
technological control or measure in light of
any material changes in technology, internal or
external threats to system security, and the
changing business arrangements or operations of
the ticket issuer.
(2) Requirement to report incidents of
circumvention; consumer complaints.--
(A) In general.--Each online ticket issuer
shall report to the Commission any incidents of
circumvention of which the ticket issuer has
actual knowledge not later than 30 days after
the incident of circumvention is discovered by
the online ticket issuer.
(B) Electronic submission.--The Commission
may establish a reporting mechanism to provide
for the electronic submission of reports
required by subparagraph (A).
(C) Coordination with state attorneys
general.--The Commission shall share with State
attorneys general, as appropriate--
(i) any report received from online
ticket issuers under subparagraph (A);
and
(ii) consumer complaints related to
any violation of this subsection that
are submitted through the Commission's
website.
(3) Requirement to address known causes of
circumvention.--Each online ticket issuer shall take
reasonable steps to improve its access control systems,
security measures, and other technological controls or
measures to address any known or reasonably foreseeable
risks connected to incidents of circumvention.
(4) Commission guidance.--Not later than 1 year
after the date of enactment of the Mitigating Automated
Internet Networks for Event Ticketing Act, the
Commission shall publish guidance for online ticket
issuers regarding compliance with the requirements of
this subsection.
[(b)](c) Enforcement by the Federal Trade Commission.--
(1) Unfair or deceptive acts or practices.--A
violation of [subsection (a)] subsection (a) or (b)
shall be treated as a violation of a rule defining an
unfair or a deceptive act or practice under section
18(a)(1)(B) of the Federal Trade Commission Act (15
U.S.C. 57a(a)(1)(B)).
(2) Powers of commission.--
(A) In general.--The Commission shall
enforce this section in the same manner, by the
same means, and with the same jurisdiction,
powers, and duties as though all applicable
terms and provisions of the Federal Trade
Commission Act (15 U.S.C. 41 et seq.) were
incorporated into and made a part of this
section.
(B) Privileges and immunities.--Any person
who violates [subsection (a)] subsection (a) or
(b) shall be subject to the penalties and
entitled to the privileges and immunities
provided in the Federal Trade Commission Act
(15 U.S.C. 41 et seq.).
(C) Authority preserved.--Nothing in this
section shall be construed to limit the
authority of the Federal Trade Commission under
any other provision of law.
(3) Limitation on commission guidance.--
(A) In general.--No guidance issued by the
Commission with respect to this Act shall
confer any rights on any person, State, or
locality, nor shall operate to bind the
Commission or any person to the approach
recommended in such guidance.
(B) Specific allegations.--In any
enforcement action brought pursuant to this
Act, the Commission--
(i) shall allege a specific
violation of a provision of this Act;
and
(ii) may not base an enforcement
action on, or execute a consent order
based on, practices that are alleged to
be inconsistent with any such guidance,
unless the practices allegedly violate
this Act.
[(c)](d) Enforcement by States.--
(1) In general.--In any case in which the attorney
general of a State has reason to believe that an
interest of the residents of the State has been or is
threatened or adversely affected by the engagement of
any person subject to [subsection (a)] subsection (a)
or (b) in a practice that violates such subsection, the
attorney general of the State may, as parens patriae,
bring a civil action on behalf of the residents of the
State in an appropriate district court of the United
States--
(A) to enjoin further violation of such
subsection by such person;
(B) to compel compliance with such
subsection; and
(C) to obtain damages, restitution, or
other compensation on behalf of such residents.
(2) Rights of federal trade commission.--
(A) Notice to federal trade commission.--
(i) In general.--Except as provided
in clause (iii), the attorney general
of a State shall notify the Commission
in writing that the attorney general
intends to bring a civil action under
paragraph (1) not later than 10 days
before initiating the civil action.
(ii) Contents.--The notification
required by clause (i) with respect to
a civil action shall include a copy of
the complaint to be filed to initiate
the civil action.
(iii) Exception.--If it is not
feasible for the attorney general of a
State to provide the notification
required by clause (i) before
initiating a civil action under
paragraph (1), the attorney general
shall notify the Commission immediately
upon instituting the civil action.
(B) Intervention by federal trade
commission.-- The Commission may--
(i) intervene in any civil action
brought by the attorney general of a
State under paragraph (1); and
(ii) upon intervening--
(I) be heard on all matters
arising in the civil action;
and
(II) file petitions for
appeal of a decision in the
civil action.
(3) Investigatory powers.--Nothing in this
subsection may be construed to prevent the attorney
general of a State from exercising the powers conferred
on the attorney general by the laws of the State to
conduct investigations, to administer oaths or
affirmations, or to compel the attendance of witnesses
or the production of documentary or other evidence.
(4) Preemptive action by federal trade
commission.-- If the Commission institutes a civil
action or an administrative action with respect to a
violation of [subsection (a)] subsection (a) or (b),
the attorney general of a State may not, during the
pendency of such action, bring a civil action under
paragraph (1) against any defendant named in the
complaint of the Commission for the violation with
respect to which the Commission instituted such action.
(5) Venue; service of process.--
(A) Venue.--Any action brought under
paragraph (1) may be brought in--
(i) the district court of the
United States that meets applicable
requirements relating to venue under
section 1391 of title 28, United States
Code; or
(ii) another court of competent
jurisdiction.
(B) Service of process.--In an action
brought under paragraph (1), process may be
served in any district in which the defendant--
(i) is an inhabitant; or
(ii) may be found.
(6) Actions by other state officials.--
(A) In general.--In addition to civil
actions brought by attorneys general under
paragraph (1), any other consumer protection
officer of a State who is authorized by the
State to do so may bring a civil action under
paragraph (1), subject to the same requirements
and limitations that apply under this
subsection to civil actions brought by
attorneys general.
(B) Savings provision.--Nothing in this
subsection may be construed to prohibit an
authorized official of a State from initiating
or continuing any proceeding in a court of the
State for a violation of any civil or criminal
law of the State.
(e) Law Enforcement Coordination.--
(1) In general.--The Federal Bureau of
Investigation, the Attorney General, and other relevant
State or local law enforcement officials shall
coordinate as appropriate with the Commission to share
information about any known instance of a cyberattack
on a security measure, access control system, or other
technological control or measure on an Internet website
or online service that is used by an online ticket
issuer to enforce posted event ticket purchasing limits
or to maintain the integrity of posted online ticket
purchasing order rules. Such coordination may include
providing information about ongoing investigations, but
may exclude classified information or information that
could compromise a law enforcement or national security
effort, as appropriate.
(2) Cyberattack defined.--In this paragraph, the
term ``cyberattack'' means an attack, via cyberspace,
targeting an enterprise's use of cyberspace for the
purpose of--
(A) disrupting, disabling, destroying, or
maliciously controlling a computing environment
or computing infrastructure; or
(B) destroying the integrity of data or
stealing controlled information.
(f) Congressional Report.--Not later than 1 year after the
date of enactment of this paragraph, the Commission shall
report to Committee on Commerce, Science, and Transportation of
the Senate and the Committee on Energy and Commerce of the
House of Representatives on the status of any enforcement
action taken pursuant to this Act, as well as any identified
limitations to the Commission's ability to pursue incidents of
circumvention described in subsection (a)(1)(A).
[15 U.S.C. 45c note]
SEC. 3. DEFINITIONS.
In this Act:
(1) Commission.--The term ``Commission'' means the
Federal Trade Commission.
(2) Event.--The term ``event'' means any concert,
theatrical performance, sporting event, show, or
similarly scheduled activity, taking place in a venue
with a seating or attendance capacity exceeding 200
persons that--
(A) is open to the general public; and
(B) is promoted, advertised, or marketed in
interstate commerce or for which event tickets
are generally sold or distributed in interstate
commerce.
(3) Event ticket.--The term ``event ticket'' means
any physical, electronic, or other form of a
certificate, document, voucher, token, or other
evidence indicating that the bearer, possessor, or
person entitled to possession through purchase or
otherwise has--
(A) a right, privilege, or license to enter
an event venue or occupy a particular seat or
area in an event venue with respect to one or
more events; or
(B) an entitlement to purchase such a
right, privilege, or license with respect to
one or more future events.
(4) Circumvention.--The term ``circumvention''
means the act of avoiding, bypassing, removing,
deactivating, or otherwise impairing an access control
system, security measure, safeguard, or other
technological control or measure described in section
2.
(5) Online ticket issuer.--The term ``online ticket
issuer'' means a ticket issuer that owns or operates an
Internet website or online service that, in the regular
course of trade or business of the issuer, facilitates
or executes the sale of event tickets to the general
public.
* * * * * * *
[all]