What you need to know about the TikTok ban

On Wednesday, the House of Representatives overwhelmingly approved legislation that would require TikTok’s Chinese parent company, ByteDance Ltd., to sell TikTok within 180 days of its enactment or risk having the app banned in the U.S. Lawmakers state the action was driven by the threat it poses to national security.  The vote passed in the House 352-65.


H.R.7521, entitled the “Protecting Americans from Foreign Adversary Controlled Applications Act”, was introduced by Rep. Mike Gallagher (R-WI) and Rep. Raja Krishnamoorthi (D-IL) on March 5, 2024. The Act’s overarching purpose is to protect U.S. national security from the threat of apps, such as TikTok, that are owned, provided, serviced, or developed by “foreign adversary[ies,]” including ByteDance Ltd. or entities controlled by ByteDance Ltd.

Key Definitions
Covered Entity

A “covered entity” includes an entity that operates, directly or indirectly—whether through a parent company, subsidiary, or affiliate—a website, desktop application, mobile application, or other technology application that:

  • allows a user to create an account or profile to generate, share, and view text, images, videos, real-time communications, or similar content;
  • has more than 1,000,000 monthly active users;
  • enables 1 or more users to generate or distribute content that can be viewed by other users; and
  • enables 1 or more users to view content generated by other users.
Foreign Adversary Country

“Foreign adversary country” is defined as a country specified in 10 U.S.C. § 4872(d)(2), which includes North Korea, China, Russia, and Iran.

Controlled by a Foreign Adversary

With respect to a “covered entity," the Act defines “controlled by a foreign adversary” as an entity that is:

  • domiciled, headquartered, or has its principal place of business in, or is organized under the laws of a foreign adversary country;
  • either directly or indirectly, at least 20% owned by a foreign entity; or
  • subject to the direction or control of a foreign entity.
Foreign Adversary Controlled Application

Notably, the Act specifically targets ByteDance Ltd. and Tiktok. The term “foreign adversary controlled application” means a website, desktop application, mobile application, or other technology application, that is operated, either directly or indirectly by:

  • ByteDance, Ltd.;
  • TikTok;
  • a subsidiary of or a successor to either ByteDance, Ltd. or TikTok that is controlled by a foreign adversary;
  • an entity owned or controlled, either directly or indirectly, by ByteDance, Ltd. or TikTok; or
  • a covered entity that is controlled by a foreign adversary and is determined by the President to pose a significant threat to U.S. national security.

Entities are afforded a right of action under the Act to challenge any action, finding, or determination under the Act. The U.S. Court of Appeals for the District of Columbia Circuit shall have exclusive jurisdiction over any challenge. Petitioners must bring an action challenging the Act no later than 165 days after its enactment. For challenges to any action, finding, or determination under the Act, petitioners must bring an action no later than 90 days after action, finding, or determination.


Violating entities are subject to civil penalties. The Act also grants the Attorney General the authority to investigate violations and bring federal actions for relief, including civil penalties and declaratory and injunctive relief.

What Does This Mean?

With over 170 million Americans on TikTok, U.S. lawmakers are concerned about Chinese access to, and the surveillance of, U.S. data. According to Rep. Krishnamoorthi, the Act would protect U.S. social media users by “driving the divestment of foreign adversary-controlled apps” to ensure protection from “the digital surveillance and influence operations of regimes that could weaponize their personal data against them.”

If enacted, H.R.7521 would incentivize ByteDance Ltd. to divest TikTok within the prescribed 180-day window, meaning TikTok would no longer be a Chinese controlled entity. If an entity that distributes, maintains, or updates foreign adversary controlled applications, such as ByteDance Ltd., does not comply with the Act, then the entity’s application will be prohibited from the U.S., including app stores and internet hosting services, and the entity could face civil penalties.

Additionally, by definition, the Act establishes a process for the President to designate prescribed applications as threats to national security. For the President to declare an entity a threat to national security, the President must issue: (1) a public notice proposing such determination and (2) a public report to Congress, not less than 30 days before such determination that details the specific national security concerns.


H.R.7521 now heads to the Senate, where its outcome is unclear. TikTok is lobbying against the legislation, urging users to speak out against the bill. President Biden indicated that, if the bill reaches his desk, then he will sign it into law. If enacted, the Act could also have international implications, incentivizing other counties to enact similar restrictions.

For a full copy of H.R.7521, please click here.

If you have questions about your company’s compliance with cyber regulations, concerns about vulnerability to a ransomware attack or other breach, or if you want to learn more about proactive cybersecurity defense, contact a member of McDonald Hopkins’ national data privacy and cybersecurity team.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.