TikTok U.S. Joint Venture and Proposed Security Standards for Foreign-Owned Apps
TikTok announced the creation of TikTok USDS Joint Venture LLC to keep operating in the U.S. under a September 2025 executive order. Under the arrangement, ByteDance would reduce its ownership to 19.9%, with majority ownership shifting to majority-American investors; TikTok said the new entity will implement national-security safeguards including U.S.-based data protections and controls around the recommendation algorithm. The company stated that U.S. user data and algorithm security will be supported via Oracle’s U.S. cloud environment, and that the joint venture will run a cybersecurity and privacy program aligned to frameworks such as NIST CSF, NIST 800-53, and ISO 27001, with third-party auditing/certification; TikTok said similar safeguards would extend to other U.S.-available apps such as CapCut and Lemon8.
Separately, a policy commentary argued that the TikTok controversy highlights the lack of consistent U.S. standards governing foreign-owned apps—particularly around data ownership/access and algorithmic oversight—and called for clearer, enforceable requirements (e.g., upfront disclosure of who owns collected data and how users can opt out). While it does not add new incident details about TikTok’s joint venture, it frames the broader national-security and consumer-protection rationale for establishing uniform rules for foreign-based software providers operating in the U.S., citing TikTok and other China-linked apps as examples.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
TikTok discloses governance and leadership for the new U.S. entity
TikTok said the new U.S. joint venture would be overseen by a seven-member board and named Adam Presser as CEO and Will Farrell as chief security officer, while assigning the entity responsibility for U.S. data protection, algorithmic compliance, and content moderation for TikTok, CapCut, and Lemon8.
TikTok details Oracle-hosted safeguards and compliance program for U.S. operations
Alongside the joint venture announcement, TikTok said U.S. user data and recommendation systems would be protected in Oracle's U.S. cloud under a privacy and cybersecurity program aligned with NIST CSF, NIST SP 800-53, ISO 27001, and CISA restricted-transaction requirements, with third-party audits and certifications.
TikTok forms TikTok USDS Joint Venture LLC and completes U.S. divestiture
TikTok announced it completed a divestiture of its U.S. business by creating TikTok USDS Joint Venture LLC, with ByteDance reduced to a 19.9% stake and majority ownership transferred to non-Chinese investors. The new structure was designed to satisfy U.S. national security requirements while allowing TikTok to continue U.S. operations.
TikTok says U.S. ownership deal has closed to avoid a ban
By January 22, 2026, TikTok said a deal for U.S. ownership had closed, valuing the transaction at about $14 billion and allowing the company to avoid a U.S. ban.
Nextgov calls for broader standards for foreign-owned apps beyond TikTok
A Nextgov analysis argued that the TikTok controversy and similar concerns around other foreign-linked apps showed the U.S. lacks clear, enforceable rules on data ownership, access, and algorithmic safety, and urged creation of consistent standards for foreign-owned software providers.
Trump signs executive order setting conditions for TikTok to keep operating in the U.S.
In September 2025, President Donald Trump signed an executive order establishing terms under which TikTok could continue operating in the United States while addressing national security concerns tied to ByteDance's ownership.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
TikTok’s Great Escape: Divestiture Closes as New USDS Entity Takes Control
securityonline.info
Open sourceTikTok deal is done; Trump wants praise while users fear MAGA tweaks - Ars Technica
arstechnica.com
Open sourceTikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order
thehackernews.com
Open sourceTikTok lands $14B deal to avoid US ban - POLITICO
politico.com
Open sourceLong before TikTok, the clock Was ticking on standards for foreign-owned apps - Nextgov/FCW
nextgov.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
TikTok Ownership Transfer to US-Controlled Entity with Oracle as Security Partner
ByteDance has agreed to transfer majority ownership of TikTok to a group of US-based investors and allies, including Oracle, Silver Lake, and MGX, following prolonged negotiations and legal pressure from US lawmakers. Under the terms of the deal, US entities will control 80.1% of TikTok, while ByteDance retains a 19.9% stake and one board seat. Oracle will serve as a "trusted security partner," responsible for safeguarding US user data and ensuring that China-based ByteDance has no access to sensitive information or influence over the algorithm for US users. The agreement establishes TikTok's US operations as an independent entity with authority over data protection, algorithm security, content moderation, and software assurance. All US data will be stored in a secure cloud environment managed by Oracle. ByteDance will continue to manage global product interoperability and certain commercial activities, but the new structure is designed to address national security concerns about potential Chinese government access to US user data and content manipulation.
Mar 21, 2026
Regulatory Actions Target TikTok in the EU and US
The **European Commission** issued preliminary findings alleging TikTok’s product design violates the EU **Digital Services Act (DSA)**, arguing that features such as *infinite scroll*, *autoplay*, *push notifications*, and highly personalized recommendations can drive addictive use patterns and that protections for **minors** (including parental controls and screen-time tools) are insufficient. TikTok rejected the characterization and said it will contest the findings; potential outcomes include mandated changes to algorithms/interface design and fines of up to **6% of global annual revenue** if violations are confirmed. In the **United States**, TikTok’s continued operation has been tied to a divest-or-ban framework requiring **ByteDance** to divest its U.S. business or face removal from app stores and blocking by service providers, driven by longstanding concerns about data access and Chinese legal jurisdiction. The reference describes repeated deadline extensions via executive orders after an initial shutdown period, ongoing negotiations/interest from potential investors, and reporting that TikTok has explored a separate U.S.-specific app (“**M2**”) amid uncertainty over the platform’s final outcome in the U.S. market.
Mar 21, 2026
TikTok Service Disruption Linked to US Data Center Power Outage
TikTok experienced a widespread service disruption in which users reported broken or “glitchy” behavior, including an uncustomized *For You* feed, repeated or irrelevant content, and failures to upload videos. TikTok attributed the incident to a **power outage at a US data center**, stating it was working with its data center partner to stabilize service; user reports spiked on outage-tracking services during the event. Reporting also tied the outage to TikTok’s early period under **new US ownership/structure**, with commentary that the transition may introduce additional technical instability as the app’s algorithm and infrastructure are adjusted. Separately, TikTok’s updated US terms and privacy policy were reported to allow potentially expanded collection of user data (including **precise location** if permitted) and broader retention/linkage of **AI interaction metadata**, raising privacy and governance questions alongside reliability concerns during the transition.
Mar 21, 2026