S. 3023: Safe Cloud Storage Act
Sponsor
Marsha Blackburn
Republican · TN
Bill Progress
Latest Action · Feb 24, 2026
Placed on Senate floor schedule under General Orders. Calendar No. 345.
Why it matters
Law enforcement increasingly relies on digital evidence storage, and this bill aims to make sure child exploitation cases are not slowed by legal risk for companies that store that evidence.
The Safe Cloud Storage Act is designed to solve a practical problem: child sexual abuse material used as evidence is digital, massive, and sensitive, and many law enforcement agencies now need outside cloud and forensic support to store and review it. Companies may hesitate to take on that work because simply possessing or processing this material can create legal exposure. The bill would give approved vendors limited protection from civil lawsuits and criminal charges when they are storing or processing that evidence for law enforcement under contract.
At the same time, the bill is not a blank check. The liability shield would not apply if a vendor acted outside its job, engaged in misconduct, or handled the material for reasons unrelated to supporting an investigation. The bill also points toward stricter security rules, including limits on who can access the material, encryption or similar protections, cybersecurity standards, and outside audits.
The broader message is that Congress wants child exploitation investigators to use modern digital tools without creating a legal trap for the private companies they depend on. Supporters will likely argue this modernizes evidence handling and helps preserve cases. Critics may ask whether the liability protections are too broad, whether oversight is strong enough, and whether private vendors should play such a sensitive role in storing some of the most harmful evidence in the justice system.
The text shown is a Senate-reported version with amendments, and the visible language suggests some terms may have been revised, including replacing references to law enforcement or prosecutorial agencies with a broader term like "covered agency." That means the exact scope of who can use these vendors, and under what conditions, could still matter a lot as the bill moves forward.
What does S. 3023 do?
Legal protection for approved storage vendors
Blocks many civil and criminal cases against approved companies when they store or process child sexual abuse evidence for law enforcement under contract.
Exceptions for misconduct
Allows legal action against a vendor if it acts intentionally, recklessly, negligently, maliciously, or for reasons unrelated to its law enforcement work.
Cybersecurity rules for stored evidence
Requires vendors to secure the material using recognized cybersecurity standards, restrict access, use encryption or similar safeguards, and fix problems found in audits.
Annual independent security audits
Requires outside cybersecurity reviews each year to check whether the vendor is properly protecting the stored evidence.
Evidence retention requirements
Says agencies using cloud storage must keep evidence according to existing legal rules, and if no rule exists, at least long enough to cover statutes of limitation, sentences, and post-conviction review.
Justice Department notification and custody rules
Requires vendors to notify the Justice Department after entering contracts and to preserve evidence if a contract falls apart until it can be legally transferred to another agency.
Who benefits from S. 3023?
Law enforcement agencies
They get clearer authority to use specialized cloud and forensic vendors to store and manage difficult digital evidence in child exploitation cases.
Prosecutors handling child exploitation cases
They may benefit from better evidence preservation, easier access to digital files, and fewer disruptions caused by storage or custody problems.
Approved cloud and forensic vendors
They gain limited legal protection that could make them more willing to contract with government agencies for this high-risk work.
Victims and survivors in criminal cases
They could benefit indirectly if stronger storage systems help preserve evidence, support investigations, and reduce case delays.
Who is affected by S. 3023?
Private tech vendors serving police
They would face new compliance duties, including audits, tighter access controls, reporting requirements, and evidence-preservation obligations.
State and local police departments
They may need to update contracts, storage practices, and evidence-handling policies to meet the bill's standards.
Justice Department and state attorneys general
They would receive notifications about vendor contracts and possible contract breakdowns, adding oversight and potential custody responsibilities.
Defendants and defense attorneys in criminal cases
They could be affected by how digital evidence is stored and transferred, especially if disputes arise over chain of custody, access, or retention.
S. 3023 Common Questions
Can cloud companies be charged for storing child sexual abuse evidence for police?
Generally no. Under the Safe Cloud Storage Act, approved vendors are shielded from many federal and state civil claims and criminal charges when storing or processing this evidence under contract for a covered agency (Section 202(b)).
What cybersecurity standards would cloud vendors have to meet under the Safe Cloud Storage Act?
Vendors must follow the latest NIST Cybersecurity Framework, use end-to-end encryption or equivalent protections, restrict access, keep access logs, and fix audit findings under the Safe Cloud Storage Act (Section 202(c)).
How long would child sexual abuse evidence have to be kept in cloud storage if no retention rule exists?
According to S. 3023 Section 202(d), if no federal, state, or local rule applies, the evidence must be kept at least through the statute of limitations or any sentence imposed, including post-conviction review.
Does the bill require annual independent cybersecurity audits for vendors storing abuse evidence?
Yes. Under the Safe Cloud Storage Act, vendors must undergo an independent annual cybersecurity audit assessing compliance with NIST SP 800-53 Rev. 5 or its successor (Section 202(c)).
Can vendors lose immunity if they mishandle child pornography evidence?
Yes. Immunity does not apply if a vendor acts intentionally or negligently, with actual malice, with reckless disregard, or for a purpose unrelated to its contract under S. 3023 Section 202(b).
Does the Safe Cloud Storage Act require abuse evidence data to stay in the United States?
Yes. Under the Safe Cloud Storage Act, data must remain in the U.S. unless the contracting agency expressly approves transfer outside the country for investigative purposes (Section 202(e)).
How much time would a cloud vendor have to notify DOJ after signing a storage contract?
A vendor must notify the DOJ Criminal Division within 30 days of entering the contract, according to S. 3023 Section 202(e). The notice includes the vendor name, contact, agency name, and period of performance.
Which agencies can use approved vendors under the Safe Cloud Storage Act?
Covered agencies include federal, state, and local law enforcement or prosecutorial agencies under the Safe Cloud Storage Act (Section 202(a)).
Can a vendor employee access child sexual abuse material whenever needed for system support?
No. Under the Safe Cloud Storage Act, access is allowed only with the contracting agency's consent for maintenance, technical assistance, or forensic support, and vendors must minimize and log employee access (Section 202(c)).
What happens to stored evidence if a cloud storage contract is terminated or breached?
Under S. 3023 Section 202(e), the vendor must notify DOJ or the appropriate state attorney general within 30 days and keep preserving the evidence until it is lawfully transferred to another custodian.
Based on S. 3023 bill text
S3023 Legislative Journey
Committee Action
Feb 24, 2026
Committee on the Judiciary. Reported by Senator Grassley with an amendment in the nature of a substitute. Without written report.
Passed Committee
Feb 5, 2026
Committee on the Judiciary. Ordered to be reported with an amendment in the nature of a substitute favorably.
Committee Action
Oct 21, 2025
Read twice and referred to the Committee on the Judiciary.
About the Sponsor
Marsha Blackburn
Republican, TN · 23 years in Congress
Committees: Joint Economic Committee, Veterans' Affairs, Commerce, Science, and Transportation
View full profile →
Cosponsors (7)
This bill has 7 cosponsors: 3 Democrats, 4 Republicans, reflecting bipartisan support. Cosponsors represent 7 states: Alabama, Connecticut, Delaware, and 4 more.
Committee Sponsors
Judiciary Committee
7 of 22 committee members cosponsored
8 Republicans across this committee haven't cosponsored yet. Mobilize their constituents
What laws does S. 3023 change?
2 changes
Sections Amended
Section 1(b) of PROTECT Our Children Act of 2008 (Public Law 110-401; 122 Stat. 4229)
inserting after the item relating to section 201 the following:</DELETED> <DELETED>``Sec
Section 1(b) of PROTECT Our Children Act of 2008 (Public Law 110-401; 122 Stat. 4229)
inserting after the item relating to section 201 the following: ``Sec
S. 3023 Quick Facts
- Committee
- Judiciary
- Chamber
- Senate
- Policy
- Crime and Law Enforcement
- Introduced
- Oct 21, 2025
Placed on Senate floor schedule under General Orders. Calendar No. 345.
Feb 24, 2026
Who is lobbying on S. 3023?
1 organization lobbying on this bill
NATIONAL FRATERNAL ORDER OF POLICE | 4 |
Showing 1-1 of 1 organizations
S. 3023 Bill Text
“To limit liability for certain entities storing child sexual abuse material for law enforcement agencies, and for other purposes.”
Source: U.S. Government Publishing Office
Get notified when S. 3023 moves
Committee votes, floor action, cosponsor changes — straight to your inbox.
Bill alerts + Legisletter's monthly briefing. Unsubscribe anytime.
Crime and Law Enforcement Bills
9 related bills we're tracking
Combating Organized Retail Crime Act of 2025
Placed on the Union Calendar, Calendar No. 402.
Jan 30, 2026
Assault Weapons Ban of 2025
Referred to the House Committee on the Judiciary.
Apr 30, 2025
Closing the Bump Stock Loophole Act of 2025
Referred to the Committee on the Judiciary, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Apr 9, 2025
Office of Gun Violence Prevention Act of 2025
Referred to the House Committee on the Judiciary.
Feb 13, 2025
Equal Access to Justice for Victims of Gun Violence Act of 2025
Referred to the House Committee on the Judiciary.
Jun 4, 2025
Protect and Serve Act of 2025
Referred to the House Committee on the Judiciary.
Feb 25, 2025
Federal Extreme Risk Protection Order Act of 2026
Referred to the House Committee on the Judiciary.
Feb 17, 2026
Combating Illicit Xylazine Act
Referred to the Committee on Energy and Commerce, and in addition to the Committee on the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Feb 12, 2025
Law-Enforcement Innovate to De-Escalate Act
Received in the Senate.
Feb 24, 2026
Trending Right Now
Bills gaining momentum across Congress
ALERT Act
Referred to the Committee on Transportation and Infrastructure, and in addition to the Committee on Armed Services, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Feb 20, 2026
Fair Housing for Survivors Act of 2026
Referred to the House Committee on the Judiciary.
Mar 5, 2026
761st Tank Battalion Congressional Gold Medal Act
Referred to the Committee on Financial Services, and in addition to the Committee on House Administration, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Feb 26, 2025
Tracking Crime and Law Enforcement in Congress? Monitor bills, track cosponsor momentum, and launch advocacy campaigns — all from one advocacy platform.