LegisTrack
Back to all bills
S 3023119th CongressIn Committee

Safe Cloud Storage Act

Introduced: Oct 21, 2025
Sponsor: Sen. Blackburn, Marsha [R-TN] (R-Tennessee)
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

This bill, formally titled the "Safe Cloud Storage Act," creates a legal framework allowing law enforcement agencies to use third-party cloud storage providers ("approved vendors") to securely store child sexual abuse material (CSAM) as evidence during investigations and prosecutions. It addresses a critical gap where current laws criminalize CSAM possession, making it legally risky for law enforcement to outsource evidence storage to specialized tech vendors despite the operational need for secure, scalable digital evidence management. The bill grants broad civil and criminal liability protection to these vendors *only* when they are formally contracted by law enforcement to store, maintain, and provide access to CSAM evidence, while imposing strict cybersecurity, access control, and auditing requirements. Its purpose is to modernize evidence handling by leveraging private-sector cloud technology without exposing vendors to prosecution for lawful evidence storage, thereby improving investigative efficiency and evidence integrity in child exploitation cases. The bill amends the PROTECT Our Children Act of 2008 to establish clear rules: Vendors must store all data exclusively within the U.S., use NIST cybersecurity standards and end-to-end encryption, limit employee access, undergo annual security audits, and retain evidence per legal requirements. Crucially, liability protection is voided if vendors intentionally access material, act negligently, or breach contractual terms. Law enforcement agencies must also ensure evidence retention complies with FBI standards or applicable statutes. This balances law enforcement’s practical needs with robust safeguards to prevent misuse or leaks of highly sensitive evidence.

Key Points

  • 1Creates "approved vendors" as entities formally contracted by U.S. law enforcement to store CSAM evidence in cloud systems, providing them broad immunity from civil/criminal liability for lawful storage and maintenance activities
  • 2Explicitly voids liability protection if vendors engage in intentional misconduct, negligence, access material without authorization, or act with reckless disregard for security risks
  • 3Mandates strict cybersecurity protocols including NIST Framework compliance, end-to-end encryption, minimal employee access, and annual independent security audits for all stored evidence
  • 4Requires all CSAM evidence to be stored exclusively on U.S.-based servers and mandates vendor notification to the DOJ within 30 days of contracting with law enforcement
  • 5Forces vendors to preserve evidence and notify the DOJ if law enforcement agencies breach contracts (e.g., non-payment), preventing evidence destruction during disputes

Impact Areas

Law enforcement agencies and prosecutors (primary beneficiaries gaining secure, scalable evidence storage solutions)Cloud storage and digital forensics vendors (new legal certainty to offer CSAM evidence services without fear of prosecution)Child sexual abuse investigations (improved evidence integrity, reduced risk of evidence loss/degradation, and potential acceleration of case processing)
Generated by Qwen3 235B A22B (qwen) on Oct 28, 2025