LegisTrack
Back to all bills
HR 2508119th CongressIn Committee

ENCRYPT Act of 2025

Introduced: Mar 31, 2025
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

The ENCRYPT Act of 2025 would bar states and their subdivisions from imposing requirements that would weaken encryption or enable surveillance through backdoors. Specifically, it prohibits states from mandating or pressuring manufacturers, developers, sellers, or providers to design, alter, or enable security features that allow surveillance or the physical search of a product, or to decrypt information, and it also blocks states from prohibiting the sale or provision of encrypted products or services. The goal is to create a uniform national standard that protects encryption and user privacy by preventing state-level security vulnerabilities mandates or decryption requirements. To define its scope, the bill uses broad definitions: a “covered product or service” includes any hardware, software, electronic device, or online service that travels in interstate commerce and is publicly available; an “online service” covers services over the internet that let users send/receive communications, share data, or use remote processing/storage. The act also expressly covers states, the District of Columbia, territories, possessions, and federally recognized Indian Tribes. In short, it would preempt state laws that attempt to impose encryption backdoors or force decryption, aiming to ensure nationwide consistency in encryption policy.

Key Points

  • 1Prohibits states or their subdivisions from mandating or pressuring manufacturers, developers, sellers, or service providers to design or modify security features to enable state surveillance or physical searches, or to decrypt information.
  • 2Prohibits states from prohibiting the manufacture, sale, lease, or provision of encrypted products or services; effectively blocking state-level bans on encryption.
  • 3Defines “covered product or service” as any hardware, software, device, or online service that engages in interstate commerce and is available to the general public.
  • 4Defines “online service” to include services over the internet that enable communications, data sharing, or remote processing/storage.
  • 5Establishes that the preemption applies to a broad set of actors and products, including those that operate online and travel across state lines or affect interstate commerce, and clarifies the scope includes states, D.C., territories, and federally recognized Indian Tribes.

Impact Areas

Primary group/area affected- Manufacturers, developers, sellers, and providers of covered products and online services (e.g., tech companies, app developers, hardware makers) who would no longer face state-mandated encryption backdoors or decryption requirements.- Consumers and general public who rely on product security and privacy protections, since encryption remains standardized nationwide.Secondary group/area affected- State and local governments, and their law-enforcement and regulatory agencies, which would lose the ability to impose encryption-related vulnerabilities or decryption requirements on products and services sold or used within their jurisdictions.Additional impacts- Interstate commerce and national tech industry policies: the bill creates federal preemption over state-level encryption and surveillance-related mandates, promoting nationwide consistency for security features.- Potential policy tensions with state interests in public safety and criminal investigations, which could lead to discussions about the balance between encryption protections and law-enforcement access at the federal level.- Possible constitutional or statutory questions about the reach of federal preemption over diverse state laws, though the bill itself explicitly asserts preemption in the stated domains.
Generated by gpt-5-nano on Oct 31, 2025