S. 3023: Safe Cloud Storage Act
Sponsor
Marsha Blackburn
Republican · TN
Bill Progress
Latest Action · Feb 24, 2026
Placed on Senate floor schedule under General Orders. Calendar No. 345.
Cloud vendors get legal cover to store child abuse evidence
Why it matters
Child exploitation cases now generate enormous volumes of digital evidence, and investigators increasingly need outside cloud vendors to store it. But simply possessing that material is a federal crime, which leaves vendors exposed to lawsuits and prosecution for helping. S. 3023 carves out limited legal immunity so approved vendors will take the work, in exchange for strict security rules.
The Safe Cloud Storage Act targets a specific bottleneck. Child sexual abuse evidence is digital, massive, and sensitive, and many agencies no longer have the capacity to store and analyze it in-house. They need outside vendors. But because possessing this material is itself a crime, those vendors face real legal risk just for doing the job.
The bill gives approved vendors limited protection from civil suits and criminal charges when they store or process this evidence under contract for a law enforcement or prosecutorial agency. The shield is narrow on purpose. It falls away if a vendor acts intentionally, negligently, with malice, with reckless disregard, or for any reason unrelated to supporting the investigation.
In exchange, vendors take on real obligations. They have to secure the material to the NIST cybersecurity standard, encrypt it end-to-end, sharply limit which employees can ever access it, and pass an independent security audit every year. The data has to stay inside the United States, and vendors have to notify the Justice Department within 30 days of signing a contract.
The text on this page is the Senate Judiciary Committee's reported version, rewritten as a substitute amendment. Supporters say it modernizes how the most harmful evidence in the justice system gets handled. The open questions are whether the immunity is drawn tightly enough and whether annual audits are sufficient oversight for private companies holding this kind of material.
S. 3023 Bill Summary
What S. 3023 actually does.
Approved vendors can store abuse evidence without facing prosecution
Blocks most civil claims and criminal charges against an approved vendor for storing or processing child sexual abuse evidence under contract for law enforcement.
The shield drops if a vendor crosses the line
Immunity does not apply if a vendor acts intentionally, negligently, with actual malice, with reckless disregard, or for any purpose unrelated to its contract work.
Strict security rules for the stored material
Vendors must meet the NIST Cybersecurity Framework, use end-to-end encryption or an equivalent, minimize how many employees can access the files, and access them only with the agency's consent.
An independent security audit every year
Each vendor must pass an outside cybersecurity audit annually to confirm the evidence is properly secured, and must promptly fix anything the audit flags.
Evidence has to be kept long enough to outlast the case
Agencies using cloud storage must retain evidence under existing rules, or — if none apply — at least through the statute of limitations and any sentence, including post-conviction review.
Data stays in the U.S., and DOJ gets notified
Stored material must remain inside the United States. Vendors file a notice with the Justice Department within 30 days of a contract, and must preserve evidence if a contract breaks down until custody is lawfully transferred.
Who benefits from S. 3023?
Investigators drowning in digital evidence
Federal, state, and local agencies working child exploitation cases get a clearer, lower-risk way to bring in the cloud and forensic vendors they increasingly depend on.
Prosecutors building these cases
Stronger storage and custody rules mean fewer disputes over how evidence was held — and less risk of a case unraveling over a chain-of-custody problem.
Cloud and forensic vendors
Limited legal immunity removes a major deterrent, making it viable for companies to take government contracts they would otherwise avoid.
Survivors whose cases hinge on this evidence
Better preservation of digital evidence can keep investigations moving and reduce delays in cases that turn on that material.
Who is affected by S. 3023?
Private vendors taking the contracts
They gain protection but pick up real duties: annual audits, tight access controls, encryption standards, DOJ notifications, and an obligation to preserve evidence if a contract collapses.
Police and prosecutor offices
Agencies using cloud storage may have to update contracts, retention policies, and evidence-handling practices to meet the bill's standards.
The Justice Department and state attorneys general
They receive vendor contract notices and breach notifications, adding oversight responsibilities and potential custody obligations.
Defendants and defense attorneys
How evidence is stored, accessed, and transferred could surface in cases — particularly in disputes over chain of custody, access logs, or retention.
S3023 Legislative Journey
Committee Action
Feb 24, 2026
Committee on the Judiciary. Reported by Senator Grassley with an amendment in the nature of a substitute. Without written report.
Passed Committee
Feb 5, 2026
Committee on the Judiciary. Ordered to be reported with an amendment in the nature of a substitute favorably.
Committee Action
Oct 21, 2025
Read twice and referred to the Committee on the Judiciary.
About the Sponsor
Marsha Blackburn
Republican, TN · 23 years in Congress
Committees: Joint Economic Committee, Veterans' Affairs, Commerce, Science, and Transportation
View full profile →
Cosponsors (7)
This bill has 7 cosponsors: 3 Democrats, 4 Republicans, reflecting bipartisan support. Cosponsors represent 7 states: Alabama, Connecticut, Delaware, and 4 more.
Committee Sponsors
Judiciary Committee
7 of 22 committee members cosponsored
8 Republicans across this committee haven't cosponsored yet. Mobilize their constituents
What laws does S. 3023 change?
1 changes
Sections Amended
Section 1(b) of PROTECT Our Children Act of 2008 (Public Law 110-401; 122 Stat. 4229)
inserting after the item relating to section 201 the following: ``Sec
S. 3023 Quick Facts
- Committee
- Judiciary
- Chamber
- Senate
- Policy
- Crime and Law Enforcement
- Introduced
- Oct 21, 2025
Placed on Senate floor schedule under General Orders. Calendar No. 345.
Feb 24, 2026
Official Sources
Official congressional page for the Safe Cloud Storage Act, with status, text, sponsors, and actions.
The statute S. 3023 amends; it inserts the new vendor-liability and storage provisions into Title II of this Act.
The security standard approved vendors must meet to store child sexual abuse evidence under the bill.
The bill requires agencies to retain cloud-stored evidence in compliance with the FBI CJIS security policy.
The federal definition S. 3023 references to scope the material covered by the vendor liability shield.
The committee that reported S. 3023 with a substitute amendment before it was placed on the Senate calendar.
S. 3023 Common Questions
Can a cloud company be prosecuted for storing child abuse evidence for police?
Generally no. The Safe Cloud Storage Act shields approved vendors from most federal and state civil claims and criminal charges when they store or process this evidence under contract for a law enforcement agency.
When does a vendor lose that legal protection?
The shield drops if a vendor acts intentionally, negligently, with actual malice, with reckless disregard for a serious risk of harm, or for any reason unrelated to its contract. Misconduct still gets you sued or charged.
What security do vendors have to meet under the Safe Cloud Storage Act?
Vendors must secure the material to the NIST Cybersecurity Framework, use end-to-end encryption or an equivalent, sharply limit which employees can access the files, log that access, and pass an independent cybersecurity audit every year.
Does the abuse evidence have to stay in the United States?
Yes. The bill requires that cloud storage and analysis of this material remain inside the U.S. There's no carve-out for offshore data centers under S. 3023.
How long must the evidence be kept?
Agencies follow whatever retention rules already apply to them. If none exist, the evidence must be kept at least through the statute of limitations and any sentence, including the post-conviction review period.
Which agencies can use these approved vendors?
Federal, state, and local law enforcement or prosecutorial agencies based in the U.S. can contract with an approved vendor to store and process this evidence under S. 3023.
What happens to the evidence if a storage contract falls apart?
The vendor has to notify the Justice Department, or the relevant state attorney general, within 30 days — and keep preserving the evidence until custody is lawfully transferred to another agency. It can't just delete or abandon it.
Who introduced the Safe Cloud Storage Act and where does it stand?
Senator Marsha Blackburn introduced S. 3023 with a bipartisan group of seven cosponsors. The Senate Judiciary Committee reported it out, and it now sits on the Senate calendar awaiting a floor vote.
Based on S. 3023 bill text
S. 3023 Bill Text
“To limit liability for certain entities storing child sexual abuse material for law enforcement agencies, and for other purposes.”
Source: U.S. Government Publishing Office
Get notified when S. 3023 moves
Committee votes, floor action, cosponsor changes — straight to your inbox.
Bill alerts + Legisletter's monthly briefing. Unsubscribe anytime.
Crime and Law Enforcement Bills
9 related bills we're tracking
Combating Organized Retail Crime Act of 2025
Placed on the Union Calendar, Calendar No. 402.
Jan 30, 2026
Assault Weapons Ban of 2025
Referred to the House Committee on the Judiciary.
Apr 30, 2025
Closing the Bump Stock Loophole Act of 2025
Referred to the Committee on the Judiciary, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Apr 9, 2025
Office of Gun Violence Prevention Act of 2025
Referred to the House Committee on the Judiciary.
Feb 13, 2025
Equal Access to Justice for Victims of Gun Violence Act of 2025
Referred to the House Committee on the Judiciary.
Jun 4, 2025
Protect and Serve Act of 2025
Referred to the House Committee on the Judiciary.
Feb 25, 2025
Federal Extreme Risk Protection Order Act of 2026
Referred to the House Committee on the Judiciary.
Feb 17, 2026
Combating Illicit Xylazine Act
Referred to the Committee on Energy and Commerce, and in addition to the Committee on the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Feb 12, 2025
Gun Owner Registration Information Protection Act
Referred to the House Committee on the Judiciary.
Feb 25, 2026
Trending Right Now
Bills gaining momentum across Congress
AADAPT Act
Ordered to be Reported by the Yeas and Nays: 48 - 0.
May 21, 2026
Buying American Cotton Act of 2026
Referred to the House Committee on Ways and Means.
Jan 22, 2026
West Bank Violence Prevention Act of 2025
Referred to the Committee on Foreign Affairs, and in addition to the Committee on the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Apr 28, 2025
Tracking Crime and Law Enforcement in Congress? Monitor bills, track cosponsor momentum, and launch advocacy campaigns — all from one advocacy platform.