TikTok Ownership Transfer to US-Controlled Entity with Oracle as Security Partner
ByteDance has agreed to transfer majority ownership of TikTok to a group of US-based investors and allies, including Oracle, Silver Lake, and MGX, following prolonged negotiations and legal pressure from US lawmakers. Under the terms of the deal, US entities will control 80.1% of TikTok, while ByteDance retains a 19.9% stake and one board seat. Oracle will serve as a "trusted security partner," responsible for safeguarding US user data and ensuring that China-based ByteDance has no access to sensitive information or influence over the algorithm for US users.
The agreement establishes TikTok's US operations as an independent entity with authority over data protection, algorithm security, content moderation, and software assurance. All US data will be stored in a secure cloud environment managed by Oracle. ByteDance will continue to manage global product interoperability and certain commercial activities, but the new structure is designed to address national security concerns about potential Chinese government access to US user data and content manipulation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Oracle-led group signs landmark deal for TikTok US operations
TikTok reached a landmark agreement to transfer control of its US operations to an Oracle-led group in response to ongoing US regulatory and national security scrutiny. Under the arrangement, Oracle will serve as a trusted security partner and US user data will be stored in a secure US-based cloud environment under US entity oversight.
ByteDance confirms TikTok will be controlled by US owners
On December 19, 2025, ByteDance confirmed an agreement to give US owners majority control of TikTok after about a year of stalled negotiations. The deal leaves ByteDance with a minority stake and one board seat.
Terms of TikTok US control deal were reported in September
Terms for a restructuring deal that would give US owners majority control of TikTok were previously reported in September 2025, outlining a framework for US investors and partners to take control while licensing the app's algorithm from ByteDance.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
TikTok U.S. Joint Venture and Proposed Security Standards for Foreign-Owned Apps
TikTok announced the creation of **TikTok USDS Joint Venture LLC** to keep operating in the U.S. under a September 2025 executive order. Under the arrangement, **ByteDance would reduce its ownership to 19.9%**, with majority ownership shifting to majority-American investors; TikTok said the new entity will implement national-security safeguards including U.S.-based data protections and controls around the recommendation algorithm. The company stated that U.S. user data and algorithm security will be supported via **Oracle’s U.S. cloud environment**, and that the joint venture will run a cybersecurity and privacy program aligned to frameworks such as **NIST CSF**, `NIST 800-53`, and **ISO 27001**, with third-party auditing/certification; TikTok said similar safeguards would extend to other U.S.-available apps such as **CapCut** and **Lemon8**. Separately, a policy commentary argued that the TikTok controversy highlights the lack of consistent U.S. standards governing **foreign-owned apps**—particularly around **data ownership/access** and **algorithmic oversight**—and called for clearer, enforceable requirements (e.g., upfront disclosure of who owns collected data and how users can opt out). While it does not add new incident details about TikTok’s joint venture, it frames the broader national-security and consumer-protection rationale for establishing uniform rules for foreign-based software providers operating in the U.S., citing TikTok and other China-linked apps as examples.
Mar 21, 2026
Regulatory Actions Target TikTok in the EU and US
The **European Commission** issued preliminary findings alleging TikTok’s product design violates the EU **Digital Services Act (DSA)**, arguing that features such as *infinite scroll*, *autoplay*, *push notifications*, and highly personalized recommendations can drive addictive use patterns and that protections for **minors** (including parental controls and screen-time tools) are insufficient. TikTok rejected the characterization and said it will contest the findings; potential outcomes include mandated changes to algorithms/interface design and fines of up to **6% of global annual revenue** if violations are confirmed. In the **United States**, TikTok’s continued operation has been tied to a divest-or-ban framework requiring **ByteDance** to divest its U.S. business or face removal from app stores and blocking by service providers, driven by longstanding concerns about data access and Chinese legal jurisdiction. The reference describes repeated deadline extensions via executive orders after an initial shutdown period, ongoing negotiations/interest from potential investors, and reporting that TikTok has explored a separate U.S.-specific app (“**M2**”) amid uncertainty over the platform’s final outcome in the U.S. market.
Mar 21, 2026
TikTok Service Disruption Linked to US Data Center Power Outage
TikTok experienced a widespread service disruption in which users reported broken or “glitchy” behavior, including an uncustomized *For You* feed, repeated or irrelevant content, and failures to upload videos. TikTok attributed the incident to a **power outage at a US data center**, stating it was working with its data center partner to stabilize service; user reports spiked on outage-tracking services during the event. Reporting also tied the outage to TikTok’s early period under **new US ownership/structure**, with commentary that the transition may introduce additional technical instability as the app’s algorithm and infrastructure are adjusted. Separately, TikTok’s updated US terms and privacy policy were reported to allow potentially expanded collection of user data (including **precise location** if permitted) and broader retention/linkage of **AI interaction metadata**, raising privacy and governance questions alongside reliability concerns during the transition.
Mar 21, 2026