TikTok U.S. Joint Venture and Proposed Security Standards for Foreign-Owned Apps
TikTok announced the creation of TikTok USDS Joint Venture LLC to keep operating in the U.S. under a September 2025 executive order. Under the arrangement, ByteDance would reduce its ownership to 19.9%, with majority ownership shifting to majority-American investors; TikTok said the new entity will implement national-security safeguards including U.S.-based data protections and controls around the recommendation algorithm. The company stated that U.S. user data and algorithm security will be supported via Oracle’s U.S. cloud environment, and that the joint venture will run a cybersecurity and privacy program aligned to frameworks such as NIST CSF, NIST 800-53, and ISO 27001, with third-party auditing/certification; TikTok said similar safeguards would extend to other U.S.-available apps such as CapCut and Lemon8.
Separately, a policy commentary argued that the TikTok controversy highlights the lack of consistent U.S. standards governing foreign-owned apps—particularly around data ownership/access and algorithmic oversight—and called for clearer, enforceable requirements (e.g., upfront disclosure of who owns collected data and how users can opt out). While it does not add new incident details about TikTok’s joint venture, it frames the broader national-security and consumer-protection rationale for establishing uniform rules for foreign-based software providers operating in the U.S., citing TikTok and other China-linked apps as examples.
Timeline
Jan 23, 2026
TikTok discloses governance and leadership for the new U.S. entity
TikTok said the new U.S. joint venture would be overseen by a seven-member board and named Adam Presser as CEO and Will Farrell as chief security officer, while assigning the entity responsibility for U.S. data protection, algorithmic compliance, and content moderation for TikTok, CapCut, and Lemon8.
Jan 23, 2026
TikTok details Oracle-hosted safeguards and compliance program for U.S. operations
Alongside the joint venture announcement, TikTok said U.S. user data and recommendation systems would be protected in Oracle's U.S. cloud under a privacy and cybersecurity program aligned with NIST CSF, NIST SP 800-53, ISO 27001, and CISA restricted-transaction requirements, with third-party audits and certifications.
Jan 23, 2026
TikTok forms TikTok USDS Joint Venture LLC and completes U.S. divestiture
TikTok announced it completed a divestiture of its U.S. business by creating TikTok USDS Joint Venture LLC, with ByteDance reduced to a 19.9% stake and majority ownership transferred to non-Chinese investors. The new structure was designed to satisfy U.S. national security requirements while allowing TikTok to continue U.S. operations.
Jan 22, 2026
TikTok says U.S. ownership deal has closed to avoid a ban
By January 22, 2026, TikTok said a deal for U.S. ownership had closed, valuing the transaction at about $14 billion and allowing the company to avoid a U.S. ban.
Jan 21, 2026
Nextgov calls for broader standards for foreign-owned apps beyond TikTok
A Nextgov analysis argued that the TikTok controversy and similar concerns around other foreign-linked apps showed the U.S. lacks clear, enforceable rules on data ownership, access, and algorithmic safety, and urged creation of consistent standards for foreign-owned software providers.
Sep 1, 2025
Trump signs executive order setting conditions for TikTok to keep operating in the U.S.
In September 2025, President Donald Trump signed an executive order establishing terms under which TikTok could continue operating in the United States while addressing national security concerns tied to ByteDance's ownership.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
TikTok Ownership Transfer to US-Controlled Entity with Oracle as Security Partner
ByteDance has agreed to transfer majority ownership of TikTok to a group of US-based investors and allies, including Oracle, Silver Lake, and MGX, following prolonged negotiations and legal pressure from US lawmakers. Under the terms of the deal, US entities will control 80.1% of TikTok, while ByteDance retains a 19.9% stake and one board seat. Oracle will serve as a "trusted security partner," responsible for safeguarding US user data and ensuring that China-based ByteDance has no access to sensitive information or influence over the algorithm for US users. The agreement establishes TikTok's US operations as an independent entity with authority over data protection, algorithm security, content moderation, and software assurance. All US data will be stored in a secure cloud environment managed by Oracle. ByteDance will continue to manage global product interoperability and certain commercial activities, but the new structure is designed to address national security concerns about potential Chinese government access to US user data and content manipulation.
1 months ago
Regulatory Actions Target TikTok in the EU and US
The **European Commission** issued preliminary findings alleging TikTok’s product design violates the EU **Digital Services Act (DSA)**, arguing that features such as *infinite scroll*, *autoplay*, *push notifications*, and highly personalized recommendations can drive addictive use patterns and that protections for **minors** (including parental controls and screen-time tools) are insufficient. TikTok rejected the characterization and said it will contest the findings; potential outcomes include mandated changes to algorithms/interface design and fines of up to **6% of global annual revenue** if violations are confirmed. In the **United States**, TikTok’s continued operation has been tied to a divest-or-ban framework requiring **ByteDance** to divest its U.S. business or face removal from app stores and blocking by service providers, driven by longstanding concerns about data access and Chinese legal jurisdiction. The reference describes repeated deadline extensions via executive orders after an initial shutdown period, ongoing negotiations/interest from potential investors, and reporting that TikTok has explored a separate U.S.-specific app (“**M2**”) amid uncertainty over the platform’s final outcome in the U.S. market.
1 months ago
TikTok Service Disruption Linked to US Data Center Power Outage
TikTok experienced a widespread service disruption in which users reported broken or “glitchy” behavior, including an uncustomized *For You* feed, repeated or irrelevant content, and failures to upload videos. TikTok attributed the incident to a **power outage at a US data center**, stating it was working with its data center partner to stabilize service; user reports spiked on outage-tracking services during the event. Reporting also tied the outage to TikTok’s early period under **new US ownership/structure**, with commentary that the transition may introduce additional technical instability as the app’s algorithm and infrastructure are adjusted. Separately, TikTok’s updated US terms and privacy policy were reported to allow potentially expanded collection of user data (including **precise location** if permitted) and broader retention/linkage of **AI interaction metadata**, raising privacy and governance questions alongside reliability concerns during the transition.
1 months ago