Oracle, Michael Dell, and other investors have formed TikTok USDS Joint Venture LLC to operate TikTok's US operations, complying with national security laws requiring ByteDance to divest control. The arrangement mandates Oracle to host US user data, audit algorithms, and implement strict security protocols.
The TikTok USDS Joint Venture LLC, established on January 23, 2026, represents a critical compliance response to the Protecting Americans from Foreign Adversary Controlled Applications Act enacted by the US Congress in 2024. This law mandated ByteDance—TikTok's China-based parent company—to divest control of its US operations by January 19, 2025, or face a nationwide ban. The joint venture structure satisfies this requirement by placing operational control under US-based entities, with Oracle, Silver Lake, and MGX as managing investors holding 15% each. ByteDance retains a non-controlling 19.9% stake, while Dell Family Office (Michael Dell’s investment firm) holds a minority position.
Oracle assumes three compliance-critical roles under the agreement:
- Data Hosting: All US user data must reside exclusively within Oracle Cloud Infrastructure (OCI) data centers located on American soil, eliminating cross-border data transfers to ByteDance.
- Security Partnership: Oracle serves as the JV’s "trusted security partner," conducting continuous source code audits and vulnerability assessments. This includes validating that no unauthorized data access or algorithmic manipulation occurs.
- Algorithm Governance: TikTok’s content recommendation algorithm undergoes mandatory retraining and testing using US user data within Oracle’s isolated cloud environment. The retrained algorithm must operate independently from ByteDance’s global systems.
The JV’s seven-member board—chaired by TikTok CEO Shou Chew but majority-American per regulatory requirements—oversees these technical transitions. Adam Presser (CEO) and Will Farrell (Chief Security Officer) lead daily operations, with Farrell specifically tasked with enforcing the security protocols defined in Oracle’s partnership.
Commercial activities like advertising, e-commerce, and global creator interoperability fall under the JV’s purview. However, monetization features require explicit approval from Oracle’s security team to ensure data handling aligns with US standards.
Compliance Timeline
- January 19, 2025: Original divestment deadline under the Act.
- Extensions: President Trump granted three deadline waivers citing national security reviews, extending the cutoff to Q1 2026.
- January 23, 2026: JV operationalization date. Oracle’s data migration and algorithm isolation must conclude within 90 days.
Failure to meet these conditions could trigger penalties under the Act, including forced shutdowns or fines exceeding $50,000 per unresolved violation. Entities handling US user data must immediately update data processing agreements to reflect Oracle’s role as the designated cloud provider. Ongoing compliance requires quarterly third-party audits shared with the Committee on Foreign Investment in the United States (CFIUS).
For technical specifications, refer to Oracle’s TikTok Compliance Framework and the Federal Register for the Act’s full text.
Comments
Please log in or register to join the discussion