Safe Cloud Storage Act
- Bill Number
- S. 3023
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 2
- Policy Area
- Crime and Law Enforcement
- Status
- Passed Senate
- Latest Action
- 2026-05-21: Held at the desk.
- Last Updated
- 2026-06-04T13:04:14Z
AI-Generated Summary
Purpose of the Legislation This Act, titled the Safe Cloud Storage Act, amends the PROTECT Our Children Act of 2008 to allow Federal, State, and local law enforcement and prosecutorial agencies to contract with cloud service providers for storing digital evidence involving child exploitation cases. It establishes limited liability protections for approved providers to facilitate secure, modern storage methods.
Key Provisions
- Definitions: Clarifies terms such as "approved vendor" (a cloud provider meeting security rules and contracted by an agency), "child pornography," "intimate visual depiction of a minor," "covered agency," and related concepts like "State" and "local."
- Limited Liability: Grants approved vendors protection from civil claims or criminal charges for contract performance, except in cases of intentional misconduct, negligence, actual malice, reckless disregard, or actions unrelated to the storage duties.
- Cybersecurity Requirements: Mandates compliance with the National Institute of Standards and Technology Cybersecurity Framework, end-to-end encryption, minimized employee access with logging, independent annual audits, and prompt fixes for issues.
- Evidence Storage and Retention: Requires agencies to follow Federal Bureau of Investigation security policies, retain evidence per applicable laws or for the statute of limitations period, and ensure data remains in the United States except with agency consent for investigations.
- Additional Rules: Requires vendors to notify the Department of Justice of contracts, report breaches or non-payments, and maintain evidence integrity until lawful transfer.
Significant Changes to Existing Law The bill adds a new Section 202 to Title II of the PROTECT Our Children Act of 2008. This introduces cloud storage options for sensitive materials and creates liability limits for private vendors, which were not previously outlined in this framework. It also includes specific data location and notification procedures absent from prior provisions.
Potential Impacts
- On Government Agencies: Enables law enforcement to use secure cloud services for evidence management, potentially improving efficiency while requiring compliance with retention and security rules.
- On Citizens: Supports better preservation of evidence in cases involving minors, with safeguards to prevent unauthorized access.
- On International Relations: Limits data transfers outside the United States to investigative needs only, with agency approval, to maintain control over sensitive materials.
Main Stakeholders Affected
- Federal, State, and local law enforcement and prosecutorial agencies that contract for storage.
- Cloud service providers seeking approved vendor status and liability protections.
- The Department of Justice, including its Criminal Division and Child Exploitation and Obscenity Section, for oversight and notifications.
- Victims and courts, through preserved evidence access and constitutional compliance requirements.
Notable Legal, Constitutional, or Political Implications The Act includes a rule of construction that preserves agencies' obligations under the Constitution, statutes, court orders, and victim requests. It emphasizes security audits and access controls to address data protection concerns while focusing on child exploitation evidence handling.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (9)
Sen. Klobuchar, Amy [D-MN], Sen. Cornyn, John [R-TX], Sen. Blumenthal, Richard [D-CT], Sen. Britt, Katie Boyd [R-AL], Sen. Coons, Christopher A. [D-DE], Sen. Lee, Mike [R-UT], Sen. Moody, Ashley [R-FL], Sen. Warnock, Raphael G. [D-GA], Sen. Wyden, Ron [D-OR]
Recent Actions
- 2026-05-21: Held at the desk.
- 2026-05-21: Received in the House.
- 2026-05-21: Message on Senate action sent to the House.
- 2026-05-20: Passed Senate with an amendment by Unanimous Consent. (text of amendment in the nature of a substitute: CR S2427-2428)
- 2026-05-20: Passed/agreed to in Senate: Passed Senate with an amendment by Unanimous Consent.
- 2026-05-20: The committee substitute withdrawn by Unanimous Consent.
- 2026-05-20: Measure laid before Senate by unanimous consent. (consideration: CR S2426-2428)
- 2026-02-24: Placed on Senate Legislative Calendar under General Orders. Calendar No. 345.
- 2026-02-24: Committee on the Judiciary. Reported by Senator Grassley with an amendment in the nature of a substitute. Without written report.
- 2026-02-24: Committee on the Judiciary. Reported by Senator Grassley with an amendment in the nature of a substitute. Without written report.
- 2026-02-05: Committee on the Judiciary. Ordered to be reported with an amendment in the nature of a substitute favorably.
- 2025-10-21: Read twice and referred to the Committee on the Judiciary.
- 2025-10-21: Introduced in Senate
Bill Versions
- Safe Cloud Storage Act — issued 2026-05-20 — PDF (12 pages)
- Safe Cloud Storage Act — issued 2025-10-21 — PDF (7 pages)
- Safe Cloud Storage Act — issued 2026-02-24 — PDF (16 pages)